auth/client/cmd/realms-dump/main.go - infra/luci/luci-go - Git at Google

 // Copyright 2020 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Command realms-dump can dump realm configs served by an Auth Service.
 //
 // This is to aid in developing Realms API and debugging issues. Not intended to
 // be used in any production setting.
 package main

 import (
 	"bytes"
 	"compress/zlib"
 	"context"
 	"encoding/base64"
 	"encoding/json"
 	"flag"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"time"

 	"github.com/dustin/go-humanize"
 	"github.com/golang/protobuf/proto"

 	"go.chromium.org/luci/auth"
 	"go.chromium.org/luci/auth/client/authcli"
 	"go.chromium.org/luci/common/errors"
 	"go.chromium.org/luci/common/logging"
 	"go.chromium.org/luci/common/logging/gologger"
 	"go.chromium.org/luci/hardcoded/chromeinfra"
 	"go.chromium.org/luci/server/auth/service/protocol"
 )

 var (
 	authServiceURL = flag.String("auth-service-url", "https://chrome-infra-auth.appspot.com",
 		"https:// URL of a Auth Service to fetch realms from")
 )

 func main() {
 	ctx := context.Background()
 	ctx = gologger.StdConfig.Use(ctx)
 	if err := run(ctx); err != nil {
 		fmt.Fprintf(os.Stderr, "%s\n", err)
 		os.Exit(1)
 	}
 }

 func run(ctx context.Context) error {
 	authFlags := authcli.Flags{}
 	authFlags.Register(flag.CommandLine, chromeinfra.DefaultAuthOptions())

 	flag.Parse()

 	opts, err := authFlags.Options()
 	if err != nil {
 		return err
 	}
 	authenticator := auth.NewAuthenticator(ctx, auth.SilentLogin, opts)
 	client, err := authenticator.Client()
 	if err != nil {
 		return err
 	}

 	authDB, err := fetchAuthDB(ctx, client, *authServiceURL)
 	if err != nil {
 		return err
 	}

 	logging.Infof(ctx, "Realms proto:")
 	fmt.Printf("%s", proto.MarshalTextString(authDB.Realms))
 	return nil
 }

 func fetchAuthDB(ctx context.Context, client *http.Client, authServiceURL string) (*protocol.AuthDB, error) {
 	req, err := http.NewRequest("GET", authServiceURL+"/auth_service/api/v1/authdb/revisions/latest", nil)
 	if err != nil {
 		return nil, errors.Annotate(err, "failed to prepare the request").Err()
 	}

 	// Grab JSON with base64-encoded deflated AuthDB snapshot.
 	logging.Infof(ctx, "Sending the request to %s...", authServiceURL)
 	resp, err := client.Do(req.WithContext(ctx))
 	if err != nil {
 		return nil, errors.Annotate(err, "failed to send the request to the auth service").Err()
 	}
 	body, err := ioutil.ReadAll(resp.Body)
 	resp.Body.Close()
 	if err != nil {
 		return nil, errors.Annotate(err, "failed to read the response from the auth service").Err()
 	}
 	if resp.StatusCode != 200 {
 		return nil, errors.Reason("unexpected response with code %d from the auth service: %s", resp.StatusCode, body).Err()
 	}

 	// Extract deflated ReplicationPushRequest from it.
 	var out struct {
 		Snapshot struct {
 			Rev          int64  `json:"auth_db_rev"`
 			SHA256       string `json:"sha256"`
 			Created      int64  `json:"created_ts"`
 			DeflatedBody string `json:"deflated_body"`
 		} `json:"snapshot"`
 	}
 	if err := json.Unmarshal(body, &out); err != nil {
 		return nil, errors.Annotate(err, "failed to JSON unmarshal the response").Err()
 	}
 	deflated, err := base64.StdEncoding.DecodeString(out.Snapshot.DeflatedBody)
 	if err != nil {
 		return nil, errors.Annotate(err, "failed to base64-decode").Err()
 	}

 	// Inflate it.
 	reader, err := zlib.NewReader(bytes.NewReader(deflated))
 	if err != nil {
 		return nil, errors.Annotate(err, "failed to start inflating").Err()
 	}
 	inflated := bytes.Buffer{}
 	if _, err := io.Copy(&inflated, reader); err != nil {
 		return nil, errors.Annotate(err, "failed to inflate").Err()
 	}
 	if err := reader.Close(); err != nil {
 		return nil, errors.Annotate(err, "failed to inflate").Err()
 	}

 	// Unmarshal the actual proto message contained there.
 	msg := protocol.ReplicationPushRequest{}
 	if err := proto.Unmarshal(inflated.Bytes(), &msg); err != nil {
 		return nil, errors.Annotate(err, "failed to deserialize AuthDB proto").Err()
 	}

 	// Log some stats.
 	logging.Infof(ctx, "AuthDB rev %d, created %s by the auth service v%s",
 		out.Snapshot.Rev, humanize.Time(time.Unix(0, out.Snapshot.Created*1000)),
 		msg.AuthCodeVersion)
 	logging.Infof(ctx, "Raw response size: %d bytes", len(body))
 	logging.Infof(ctx, "Deflated size:     %d bytes", len(deflated))
 	logging.Infof(ctx, "Inflated size:     %d bytes", inflated.Len())

 	return msg.AuthDb, nil
 }
	// Copyright 2020 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Command realms-dump can dump realm configs served by an Auth Service.
	//
	// This is to aid in developing Realms API and debugging issues. Not intended to
	// be used in any production setting.
	package main

	import (
	"bytes"
	"compress/zlib"
	"context"
	"encoding/base64"
	"encoding/json"
	"flag"
	"fmt"
	"io"
	"io/ioutil"
	"net/http"
	"os"
	"time"

	"github.com/dustin/go-humanize"
	"github.com/golang/protobuf/proto"

	"go.chromium.org/luci/auth"
	"go.chromium.org/luci/auth/client/authcli"
	"go.chromium.org/luci/common/errors"
	"go.chromium.org/luci/common/logging"
	"go.chromium.org/luci/common/logging/gologger"
	"go.chromium.org/luci/hardcoded/chromeinfra"
	"go.chromium.org/luci/server/auth/service/protocol"
	)

	var (
	authServiceURL = flag.String("auth-service-url", "https://chrome-infra-auth.appspot.com",
	"https:// URL of a Auth Service to fetch realms from")
	)

	func main() {
	ctx := context.Background()
	ctx = gologger.StdConfig.Use(ctx)
	if err := run(ctx); err != nil {
	fmt.Fprintf(os.Stderr, "%s\n", err)
	os.Exit(1)
	}
	}

	func run(ctx context.Context) error {
	authFlags := authcli.Flags{}
	authFlags.Register(flag.CommandLine, chromeinfra.DefaultAuthOptions())

	flag.Parse()

	opts, err := authFlags.Options()
	if err != nil {
	return err
	}
	authenticator := auth.NewAuthenticator(ctx, auth.SilentLogin, opts)
	client, err := authenticator.Client()
	if err != nil {
	return err
	}

	authDB, err := fetchAuthDB(ctx, client, *authServiceURL)
	if err != nil {
	return err
	}

	logging.Infof(ctx, "Realms proto:")
	fmt.Printf("%s", proto.MarshalTextString(authDB.Realms))
	return nil
	}

	func fetchAuthDB(ctx context.Context, client http.Client, authServiceURL string) (protocol.AuthDB, error) {
	req, err := http.NewRequest("GET", authServiceURL+"/auth_service/api/v1/authdb/revisions/latest", nil)
	if err != nil {
	return nil, errors.Annotate(err, "failed to prepare the request").Err()
	}

	// Grab JSON with base64-encoded deflated AuthDB snapshot.
	logging.Infof(ctx, "Sending the request to %s...", authServiceURL)
	resp, err := client.Do(req.WithContext(ctx))
	if err != nil {
	return nil, errors.Annotate(err, "failed to send the request to the auth service").Err()
	}
	body, err := ioutil.ReadAll(resp.Body)
	resp.Body.Close()
	if err != nil {
	return nil, errors.Annotate(err, "failed to read the response from the auth service").Err()
	}
	if resp.StatusCode != 200 {
	return nil, errors.Reason("unexpected response with code %d from the auth service: %s", resp.StatusCode, body).Err()
	}

	// Extract deflated ReplicationPushRequest from it.
	var out struct {
	Snapshot struct {
	Rev int64 `json:"auth_db_rev"`
	SHA256 string `json:"sha256"`
	Created int64 `json:"created_ts"`
	DeflatedBody string `json:"deflated_body"`
	} `json:"snapshot"`
	}
	if err := json.Unmarshal(body, &out); err != nil {
	return nil, errors.Annotate(err, "failed to JSON unmarshal the response").Err()
	}
	deflated, err := base64.StdEncoding.DecodeString(out.Snapshot.DeflatedBody)
	if err != nil {
	return nil, errors.Annotate(err, "failed to base64-decode").Err()
	}

	// Inflate it.
	reader, err := zlib.NewReader(bytes.NewReader(deflated))
	if err != nil {
	return nil, errors.Annotate(err, "failed to start inflating").Err()
	}
	inflated := bytes.Buffer{}
	if _, err := io.Copy(&inflated, reader); err != nil {
	return nil, errors.Annotate(err, "failed to inflate").Err()
	}
	if err := reader.Close(); err != nil {
	return nil, errors.Annotate(err, "failed to inflate").Err()
	}

	// Unmarshal the actual proto message contained there.
	msg := protocol.ReplicationPushRequest{}
	if err := proto.Unmarshal(inflated.Bytes(), &msg); err != nil {
	return nil, errors.Annotate(err, "failed to deserialize AuthDB proto").Err()
	}

	// Log some stats.
	logging.Infof(ctx, "AuthDB rev %d, created %s by the auth service v%s",
	out.Snapshot.Rev, humanize.Time(time.Unix(0, out.Snapshot.Created*1000)),
	msg.AuthCodeVersion)
	logging.Infof(ctx, "Raw response size: %d bytes", len(body))
	logging.Infof(ctx, "Deflated size: %d bytes", len(deflated))
	logging.Infof(ctx, "Inflated size: %d bytes", inflated.Len())

	return msg.AuthDb, nil
	}