blob: d4ecb38f0d52af3d8c9786303c06eb1d168a2eef [file] [log] [blame]
// Copyright 2017 The LUCI Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Package chromeinfra contains hardcoded values related to Chrome Infra.
//
// It is supposed to be imported only by leaf 'main' packages of various
// binaries. All non-main packages must not hardcode any environment related
// values and must accept them as parameters passed from 'main'.
package chromeinfra
import (
"fmt"
"os"
"path/filepath"
"sync"
homedir "github.com/mitchellh/go-homedir"
"go.chromium.org/luci/auth"
)
// TODO(vadimsh): Move the rest of hardcoded stuff here:
// * tsmon config file: "/etc/chrome-infra/ts-mon.json"
// * tsmon secrets dir: same as SecretsDir below.
// * tsmon network detection regexp: `^([\w-]*?-[acm]|master)(\d+)a?$`
const (
// BuildbucketHost is the hostname of the Buildbucket service to connect to
// by default.
BuildbucketHost = "cr-buildbucket.appspot.com"
// CIPDServiceURL is URL of a CIPD backend to connect to by default.
CIPDServiceURL = "https://chrome-infra-packages.appspot.com"
// ConfigServiceHost is the default host of LUCI config service.
ConfigServiceHost = "luci-config.appspot.com"
// LogDogHost is the default host of the production LogDog service in Chrome
// Operations.
LogDogHost = "logs.chromium.org"
// LogDogHostAppSpot is the ".appspot.com" host equivalent of LogDogHost.
LogDogHostAppSpot = "luci-logdog.appspot.com"
// LogDogDevHost is the default host of the development LogDog service in
// Chrome Operations.
LogDogDevHost = "luci-logdog-dev.appspot.com"
// MachineDatabaseHost is the URL of the Machine Database.
MachineDatabaseHost = "machine-db.appspot.com"
// MachineDatabaseDevHost is the URL of the Machine Database dev instance.
MachineDatabaseDevHost = "machine-db-dev.appspot.com"
// MiloHost is the hostname of the production Milo service.
MiloHost = "luci-milo.appspot.com"
// MiloDevHost is the hostname of the development Milo service.
MiloDevHost = "luci-milo-dev.appspot.com"
// UFSProdHost is the URL of the ufs service.
UFSProdHost = "ufs.api.cr.dev"
// UFSStagingHost is the URL of the staging ufs service.
UFSStagingHost = "staging.ufs.api.cr.dev"
// ResultDBHost is the hostname of the production ResultDB service.
ResultDBHost = "results.api.cr.dev"
// ResultDBStagingHost is the hostname of the staging ResultDB service.
ResultDBStagingHost = "staging.results.api.cr.dev"
// TestSpannerInstance is the name of the Spanner instance used for testing.
TestSpannerInstance = "projects/chops-spanner-testing/instances/testing"
// TokenServerHost is the default host to use in auth.Options.TokenServerHost.
TokenServerHost = "luci-token-server.appspot.com"
// TokenServerDevHost is the host of the LUCI Token Server dev instance.
TokenServerDevHost = "luci-token-server-dev.appspot.com"
)
// DefaultAuthOptions returns auth.Options struct prefilled with chrome-infra
// defaults.
func DefaultAuthOptions() auth.Options {
// Note that ClientSecret is not really a secret since it's hardcoded into
// the source code (and binaries). It's totally fine, as long as it's callback
// URI is configured to be 'localhost'. If someone decides to reuse such
// ClientSecret they have to run something on user's local machine anyway
// to get the refresh_token.
return auth.Options{
TokenServerHost: TokenServerHost,
ClientID: "446450136466-2hr92jrq8e6i4tnsa56b52vacp7t3936.apps.googleusercontent.com",
ClientSecret: "uBfbay2KCy9t4QveJ-dOqHtp",
SecretsDir: SecretsDir(),
}
}
// SetDefaultAuthOptions sets the chromeinfra defaults on `opts`, returning the
// updated Options.
func SetDefaultAuthOptions(opts auth.Options) auth.Options {
dflts := DefaultAuthOptions()
ret := opts
ret.TokenServerHost = TokenServerHost
ret.ClientID = dflts.ClientID
ret.ClientSecret = dflts.ClientSecret
ret.SecretsDir = dflts.SecretsDir
return ret
}
var secrets struct {
once sync.Once
val string
}
// SecretsDir returns an absolute path to a directory (in $HOME) to keep secret
// files in (e.g. OAuth refresh tokens) or an empty string if $HOME can't be
// determined (happens in some degenerate cases, it just disables auth token
// cache).
func SecretsDir() string {
secrets.once.Do(func() {
home, err := homedir.Dir()
if err != nil {
fmt.Fprintf(os.Stderr, "Can't resolve $HOME: %s", err)
} else {
secrets.val = filepath.Join(home, ".config", "chrome_infra", "auth")
}
})
return secrets.val
}