go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/config_service/internal/acl/common.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/config_service/internal/acl/common.go (about)

     1  // Copyright 2023 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package acl
    16  
    17  import (
    18  	"context"
    19  	"fmt"
    20  	"time"
    21  
    22  	cfgcommonpb "go.chromium.org/luci/common/proto/config"
    23  	"go.chromium.org/luci/server/auth/realms"
    24  	"go.chromium.org/luci/server/caching"
    25  
    26  	"go.chromium.org/luci/config_service/internal/common"
    27  )
    28  
    29  var (
    30  	// ReadPermission allows caller to read the config set.
    31  	ReadPermission = realms.RegisterPermission("configs.configSets.read")
    32  	// ReadPermission allows caller to validate the config set.
    33  	ValidatePermission = realms.RegisterPermission("configs.configSets.validate")
    34  	// ReadPermission allows caller to re-import the config set.
    35  	ReimportPermission = realms.RegisterPermission("configs.configSets.reimport")
    36  
    37  	// aclCfgCache holds cache for acl.cfg content.
    38  	aclCfgCache = caching.RegisterCacheSlot()
    39  	// aclCfgCacheExpiration is the expiration time of aclCfgCache entry.
    40  	aclCfgCacheExpiration = 10 * time.Minute
    41  )
    42  
    43  func getACLCfgCached(ctx context.Context) (*cfgcommonpb.AclCfg, error) {
    44  	item, err := aclCfgCache.Fetch(ctx, func(any) (any, time.Duration, error) {
    45  		aclCfg := &cfgcommonpb.AclCfg{}
    46  		if err := common.LoadSelfConfig(ctx, common.ACLRegistryFilePath, aclCfg); err != nil {
    47  			return nil, 0, err
    48  		}
    49  		return aclCfg, aclCfgCacheExpiration, nil
    50  	})
    51  
    52  	if err != nil {
    53  		return nil, fmt.Errorf("failed to load ACL config: %w", err)
    54  	}
    55  	return item.(*cfgcommonpb.AclCfg), nil
    56  }