blob: 37398a2d3081168b5e7c043a467242a586352afb [file] [log] [blame]
// Copyright 2020 The LUCI Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
// Command authdb-dump can dump AuthDB proto served by an Auth Service.
// This is to aid in developing Realms API and debugging issues. Not intended to
// be used in any production setting.
package main
import (
var (
authServiceURL = flag.String("auth-service-url", "",
"https:// URL of a Auth Service to fetch realms from")
outputFile = flag.String("output-proto-file", "",
"If set, write the protocol.AuthDB to this file using wirepb encoding instead of dumping it as text to stdout")
func main() {
ctx := context.Background()
ctx = gologger.StdConfig.Use(ctx)
if err := run(ctx); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
func run(ctx context.Context) error {
authFlags := authcli.Flags{}
authFlags.Register(flag.CommandLine, chromeinfra.DefaultAuthOptions())
opts, err := authFlags.Options()
if err != nil {
return err
authenticator := auth.NewAuthenticator(ctx, auth.SilentLogin, opts)
client, err := authenticator.Client()
if err != nil {
return err
authDB, err := fetchAuthDB(ctx, client, *authServiceURL)
if err != nil {
return err
if *outputFile != "" {
blob, err := proto.Marshal(authDB)
if err != nil {
return err
return os.WriteFile(*outputFile, blob, 0600)
logging.Infof(ctx, "AuthDB proto:")
fmt.Printf("%s", proto.MarshalTextString(authDB))
return nil
func fetchAuthDB(ctx context.Context, client *http.Client, authServiceURL string) (*protocol.AuthDB, error) {
req, err := http.NewRequest("GET", authServiceURL+"/auth_service/api/v1/authdb/revisions/latest", nil)
if err != nil {
return nil, errors.Annotate(err, "failed to prepare the request").Err()
// Grab JSON with base64-encoded deflated AuthDB snapshot.
logging.Infof(ctx, "Sending the request to %s...", authServiceURL)
resp, err := client.Do(req.WithContext(ctx))
if err != nil {
return nil, errors.Annotate(err, "failed to send the request to the auth service").Err()
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, errors.Annotate(err, "failed to read the response from the auth service").Err()
if resp.StatusCode != 200 {
return nil, errors.Reason("unexpected response with code %d from the auth service: %s", resp.StatusCode, body).Err()
// Extract deflated ReplicationPushRequest from it.
var out struct {
Snapshot struct {
Rev int64 `json:"auth_db_rev"`
SHA256 string `json:"sha256"`
Created int64 `json:"created_ts"`
DeflatedBody string `json:"deflated_body"`
} `json:"snapshot"`
if err := json.Unmarshal(body, &out); err != nil {
return nil, errors.Annotate(err, "failed to JSON unmarshal the response").Err()
deflated, err := base64.StdEncoding.DecodeString(out.Snapshot.DeflatedBody)
if err != nil {
return nil, errors.Annotate(err, "failed to base64-decode").Err()
// Inflate it.
reader, err := zlib.NewReader(bytes.NewReader(deflated))
if err != nil {
return nil, errors.Annotate(err, "failed to start inflating").Err()
inflated := bytes.Buffer{}
if _, err := io.Copy(&inflated, reader); err != nil {
return nil, errors.Annotate(err, "failed to inflate").Err()
if err := reader.Close(); err != nil {
return nil, errors.Annotate(err, "failed to inflate").Err()
// Unmarshal the actual proto message contained there.
msg := protocol.ReplicationPushRequest{}
if err := proto.Unmarshal(inflated.Bytes(), &msg); err != nil {
return nil, errors.Annotate(err, "failed to deserialize AuthDB proto").Err()
// Log some stats.
logging.Infof(ctx, "AuthDB rev %d, created %s by the auth service v%s",
out.Snapshot.Rev, humanize.Time(time.Unix(0, out.Snapshot.Created*1000)),
logging.Infof(ctx, "Raw response size: %d bytes", len(body))
logging.Infof(ctx, "Deflated size: %d bytes", len(deflated))
logging.Infof(ctx, "Inflated size: %d bytes", inflated.Len())
return msg.AuthDb, nil