go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/authdb/erroring.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/authdb/erroring.go (about)

     1  // Copyright 2016 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authdb
    16  
    17  import (
    18  	"context"
    19  	"net"
    20  
    21  	"go.chromium.org/luci/auth/identity"
    22  	"go.chromium.org/luci/common/logging"
    23  
    24  	"go.chromium.org/luci/server/auth/realms"
    25  	"go.chromium.org/luci/server/auth/service/protocol"
    26  	"go.chromium.org/luci/server/auth/signing"
    27  )
    28  
    29  // ErroringDB implements DB by forbidding all access and returning errors.
    30  type ErroringDB struct {
    31  	Error error // returned by all calls
    32  }
    33  
    34  // IsAllowedOAuthClientID returns true if given OAuth2 client_id can be used
    35  // to authenticate access for given email.
    36  func (db ErroringDB) IsAllowedOAuthClientID(ctx context.Context, email, clientID string) (bool, error) {
    37  	logging.Errorf(ctx, "%s", db.Error)
    38  	return false, db.Error
    39  }
    40  
    41  // IsInternalService returns true if the given hostname belongs to a service
    42  // that is a part of the current LUCI deployment.
    43  func (db ErroringDB) IsInternalService(ctx context.Context, hostname string) (bool, error) {
    44  	logging.Errorf(ctx, "%s", db.Error)
    45  	return false, db.Error
    46  }
    47  
    48  // IsMember returns true if the given identity belongs to any of the groups.
    49  func (db ErroringDB) IsMember(ctx context.Context, id identity.Identity, groups []string) (bool, error) {
    50  	logging.Errorf(ctx, "%s", db.Error)
    51  	return false, db.Error
    52  }
    53  
    54  // CheckMembership returns groups from the given list the identity belongs to.
    55  func (db ErroringDB) CheckMembership(ctx context.Context, id identity.Identity, groups []string) ([]string, error) {
    56  	logging.Errorf(ctx, "%s", db.Error)
    57  	return nil, db.Error
    58  }
    59  
    60  // HasPermission returns true if the identity has the given permission in any
    61  // of the realms.
    62  func (db ErroringDB) HasPermission(ctx context.Context, id identity.Identity, perm realms.Permission, realm string, attrs realms.Attrs) (bool, error) {
    63  	logging.Errorf(ctx, "%s", db.Error)
    64  	return false, db.Error
    65  }
    66  
    67  // QueryRealms returns a list of realms where the identity has the given
    68  // permission.
    69  func (db ErroringDB) QueryRealms(ctx context.Context, id identity.Identity, perm realms.Permission, project string, attrs realms.Attrs) ([]string, error) {
    70  	logging.Errorf(ctx, "%s", db.Error)
    71  	return nil, db.Error
    72  }
    73  
    74  // FilterKnownGroups filters the list of groups keeping only ones that exist.
    75  func (db ErroringDB) FilterKnownGroups(ctx context.Context, groups []string) ([]string, error) {
    76  	logging.Errorf(ctx, "%s", db.Error)
    77  	return nil, db.Error
    78  }
    79  
    80  // GetCertificates returns a bundle with certificates of a trusted signer.
    81  func (db ErroringDB) GetCertificates(ctx context.Context, id identity.Identity) (*signing.PublicCertificates, error) {
    82  	logging.Errorf(ctx, "%s", db.Error)
    83  	return nil, db.Error
    84  }
    85  
    86  // GetAllowlistForIdentity returns name of the IP allowlist to use to check
    87  // IP of requests from the given `ident`.
    88  func (db ErroringDB) GetAllowlistForIdentity(ctx context.Context, ident identity.Identity) (string, error) {
    89  	logging.Errorf(ctx, "%s", db.Error)
    90  	return "", db.Error
    91  }
    92  
    93  // IsAllowedIP returns true if IP address belongs to given named IP allowlist.
    94  func (db ErroringDB) IsAllowedIP(ctx context.Context, ip net.IP, allowlist string) (bool, error) {
    95  	logging.Errorf(ctx, "%s", db.Error)
    96  	return false, db.Error
    97  }
    98  
    99  // GetAuthServiceURL returns root URL ("https://<host>") of the auth service.
   100  func (db ErroringDB) GetAuthServiceURL(ctx context.Context) (string, error) {
   101  	logging.Errorf(ctx, "%s", db.Error)
   102  	return "", db.Error
   103  }
   104  
   105  // GetTokenServiceURL returns root URL ("https://<host>") of the token service.
   106  func (db ErroringDB) GetTokenServiceURL(ctx context.Context) (string, error) {
   107  	logging.Errorf(ctx, "%s", db.Error)
   108  	return "", db.Error
   109  }
   110  
   111  // GetRealmData returns data attached to a realm.
   112  func (db ErroringDB) GetRealmData(ctx context.Context, realm string) (*protocol.RealmData, error) {
   113  	logging.Errorf(ctx, "%s", db.Error)
   114  	return nil, db.Error
   115  }