go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/tokenserver/appengine/impl/services/minter/tokenminter/service.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/tokenserver/appengine/impl/services/minter/tokenminter/service.go (about)

     1  // Copyright 2016 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package tokenminter implements TokenMinter API.
    16  //
    17  // This is main public API of The Token Server.
    18  package tokenminter
    19  
    20  import (
    21  	"go.chromium.org/luci/server/auth"
    22  	"go.chromium.org/luci/server/auth/signing"
    23  
    24  	"go.chromium.org/luci/tokenserver/api/minter/v1"
    25  	"go.chromium.org/luci/tokenserver/appengine/impl/certchecker"
    26  	"go.chromium.org/luci/tokenserver/appengine/impl/delegation"
    27  	"go.chromium.org/luci/tokenserver/appengine/impl/machinetoken"
    28  	"go.chromium.org/luci/tokenserver/appengine/impl/projectscope"
    29  	"go.chromium.org/luci/tokenserver/appengine/impl/serviceaccounts"
    30  	"go.chromium.org/luci/tokenserver/appengine/impl/utils/projectidentity"
    31  )
    32  
    33  // serverImpl implements minter.TokenMinterServer RPC interface.
    34  type serverImpl struct {
    35  	minter.UnsafeTokenMinterServer
    36  
    37  	machinetoken.MintMachineTokenRPC
    38  	delegation.MintDelegationTokenRPC
    39  	projectscope.MintProjectTokenRPC
    40  	serviceaccounts.MintServiceAccountTokenRPC
    41  }
    42  
    43  // NewServer returns prod TokenMinterServer implementation.
    44  //
    45  // It does all authorization checks inside.
    46  func NewServer(signer signing.Signer, prod bool) minter.TokenMinterServer {
    47  	return &serverImpl{
    48  		MintMachineTokenRPC: machinetoken.MintMachineTokenRPC{
    49  			Signer:           signer,
    50  			CheckCertificate: certchecker.CheckCertificate,
    51  			LogToken:         machinetoken.NewTokenLogger(!prod),
    52  		},
    53  		MintDelegationTokenRPC: delegation.MintDelegationTokenRPC{
    54  			Signer:   signer,
    55  			Rules:    delegation.GlobalRulesCache.Rules,
    56  			LogToken: delegation.NewTokenLogger(!prod),
    57  		},
    58  		MintProjectTokenRPC: projectscope.MintProjectTokenRPC{
    59  			Signer:            signer,
    60  			MintAccessToken:   auth.MintAccessTokenForServiceAccount,
    61  			ProjectIdentities: projectidentity.ProjectIdentities,
    62  			LogToken:          projectscope.NewTokenLogger(!prod),
    63  		},
    64  		MintServiceAccountTokenRPC: serviceaccounts.MintServiceAccountTokenRPC{
    65  			Signer:            signer,
    66  			Mapping:           serviceaccounts.GlobalMappingCache.Mapping,
    67  			ProjectIdentities: projectidentity.ProjectIdentities,
    68  			MintAccessToken:   auth.MintAccessTokenForServiceAccount,
    69  			MintIDToken:       auth.MintIDTokenForServiceAccount,
    70  			LogToken:          serviceaccounts.NewTokenLogger(!prod),
    71  		},
    72  	}
    73  }