New issue
Advanced search Search tips

Issue 731843 link

Starred by 1 user
Status: Fixed
Owner:
vadimsh@chromium.org
Closed: Aug 2017
Cc:
vadimsh@chromium.org
no...@chromium.org
mar...@chromium.org
Components:
EstimatedDays: 5
NextAction: ----
OS: ----
Pri: 1
Type: Feature

Blocking:
issue 712444
issue 731847
issue 731849
issue 731852
issue 731853
issue 731854



Sign in to add a comment

Add service account support in luci-token-server

Project Member Reported by efoo@chromium.org, Jun 9 2017 
LUCI Milestone Planning task for swarming service accounts to add service account support in luci-token-server. 

End goal is to be able to declare a service account in a builder and read an access token in a recipe.

vadimsh CC'ed to fill in the implementation details

Comment 1 by efoo@chromium.org, Jun 9 2017

Blocking: 731849

Comment 2 Deleted

Comment 3 Deleted

Comment 4 by efoo@chromium.org, Jun 9 2017

Blockedon: 731853

Comment 5 by efoo@chromium.org, Jun 9 2017

Blocking: 731853

Comment 6 by efoo@chromium.org, Jun 9 2017

Blockedon: -731853

Comment 7 by efoo@chromium.org, Jun 9 2017

Blockedon: -731852

Comment 8 by efoo@chromium.org, Jun 9 2017

Blocking: 731852

Comment 9 by efoo@chromium.org, Jun 9 2017

Blocking: 731849

Comment 10 by efoo@chromium.org, Jun 9 2017

Blocking: 731854

Comment 11 by efoo@chromium.org, Jun 9 2017

Blocking: 712444

Comment 12 by efoo@chromium.org, Jun 20 2017

Labels: LUCI-M2-S4 LUCI-M2-Dev2

Comment 13 by efoo@chromium.org, Jun 29 2017

Labels: LUCI-M2-S5

Comment 14 by efoo@chromium.org, Jul 18 2017

Labels: LUCI-M2-S6

Comment 15 by vadimsh@chromium.org, Jul 28 2017

Blocking: 731847
Project Member

Comment 16 by bugdroid1@chromium.org, Jul 28 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/external/github.com/luci/luci-go.git/+/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2

commit 8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2
Author: vadimsh <vadimsh@chromium.org>
Date: Fri Jul 28 23:26:29 2017

token-server: Add protos for new API for generating service account tokens.

Add initial boilerplate for implementation. Nothing structurally new here, this
CL repeats existing patterns in the code. Use this opportunity for minimal
cleanup of various comments in proto.

R=iannucci@chromium.org, nodir@chromium.org, smut@google.com
BUG= 731843 

Review-Url: https://codereview.chromium.org/2785973002

[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/server/auth/delegation.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/server/auth/delegation_test.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/admin/v1/admin.pb.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/admin/v1/admin.proto
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/admin/v1/adminserver_dec.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/admin/v1/config.pb.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/admin/v1/config.proto
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/admin/v1/pb.discovery.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/machine_token.pb.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/minter/v1/pb.discovery.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/minter/v1/token_minter.pb.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/minter/v1/token_minter.proto
[add] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/oauth_token_grant.pb.go
[add] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/oauth_token_grant.proto
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/api/token_file.pb.go
[add] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/appengine/impl/serviceaccounts/rpc_import_service_accounts_configs.go
[add] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/appengine/impl/serviceaccounts/rpc_inspect_oauth_token_grant.go
[add] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go
[add] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/appengine/impl/services/admin/adminsrv/service.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/appengine/impl/services/minter/tokenminter/service.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/client/tokenclient.go
[modify] https://crrev.com/8fbab6da1f9e6c96cdcea4159a3b8e11f9ccace2/tokenserver/client/tokenclient_test.go
Project Member

Comment 18 by bugdroid1@chromium.org, Aug 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/external/github.com/luci/luci-go.git/+/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8

commit 944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8
Author: vadimsh <vadimsh@chromium.org>
Date: Fri Aug 04 23:31:07 2017

tokenserver: Boilerplate for loading and serving service_accounts.cfg.

It closely resembles handling of delegation.cfg config file. In particular,
it reuses most of the logic through policy.Policy class.

R=smut@google.com
BUG= 731843 

Review-Url: https://codereview.chromium.org/2993023002

[modify] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/backend/main.go
[add] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/impl/serviceaccounts/config.go
[add] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/impl/serviceaccounts/config_test.go
[add] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/impl/serviceaccounts/config_validation.go
[add] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/impl/serviceaccounts/config_validation_test.go
[modify] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/impl/serviceaccounts/rpc_import_service_accounts_configs.go
[add] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/impl/serviceaccounts/rpc_import_service_accounts_configs_test.go
[modify] https://crrev.com/944bd62ef8c6c11817b6cb7fccd1a84f5f8af7e8/tokenserver/appengine/impl/services/admin/adminsrv/service.go
Project Member

Comment 22 by bugdroid1@chromium.org, Aug 5 2017 

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/infradata/config/+/8ea811f0713c989ccacebea29f607487129f0cbd

commit 8ea811f0713c989ccacebea29f607487129f0cbd
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Sat Aug 05 00:09:00 2017
Project Member

Comment 24 by bugdroid1@chromium.org, Aug 7 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/external/github.com/luci/luci-go.git/+/d009bb905fb8f3f9d23f477c91039b055c0cf857

commit d009bb905fb8f3f9d23f477c91039b055c0cf857
Author: vadimsh <vadimsh@chromium.org>
Date: Mon Aug 07 22:59:23 2017

tokenserver: Extract rules check into a separate function.

It will be reused by MintOAuthTokenViaGrant to recheck the rules when the grant
token is exercised.

Also start using it in InspectOAuthTokenGrant, to make this check more useful.

R=smut@google.com
BUG= 731843 

Review-Url: https://codereview.chromium.org/2993763002

[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/api/admin/v1/admin.pb.go
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/api/admin/v1/admin.proto
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/api/admin/v1/pb.discovery.go
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/appengine/impl/serviceaccounts/config.go
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/appengine/impl/serviceaccounts/config_test.go
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/appengine/impl/serviceaccounts/rpc_inspect_oauth_token_grant.go
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/appengine/impl/serviceaccounts/rpc_inspect_oauth_token_grant_test.go
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go
[modify] https://crrev.com/d009bb905fb8f3f9d23f477c91039b055c0cf857/tokenserver/appengine/impl/services/admin/adminsrv/service.go
Project Member

Comment 25 by bugdroid1@chromium.org, Aug 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/35da694d98e8a7ff8ee2576fae3e394d2dd82ae1

commit 35da694d98e8a7ff8ee2576fae3e394d2dd82ae1
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Thu Aug 10 22:38:58 2017

tokenserver: Implement MintOAuthTokenViaGrant RPC.

This allows to exchange an "oauth token grant" generated by MintOAuthTokenGrant
for an OAuth access token for corresponding service account, if rules still
allow it.

R=smut@google.com
BUG= 731843 

Change-Id: I92fc46eb0d09d2ab1c4f02b0130045cc0392b9f8
Reviewed-on: https://chromium-review.googlesource.com/611136
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: smut <smut@google.com>

[modify] https://crrev.com/35da694d98e8a7ff8ee2576fae3e394d2dd82ae1/tokenserver/appengine/impl/serviceaccounts/config.go
[modify] https://crrev.com/35da694d98e8a7ff8ee2576fae3e394d2dd82ae1/tokenserver/appengine/impl/serviceaccounts/config_test.go
[modify] https://crrev.com/35da694d98e8a7ff8ee2576fae3e394d2dd82ae1/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant_test.go
[modify] https://crrev.com/35da694d98e8a7ff8ee2576fae3e394d2dd82ae1/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant.go
[add] https://crrev.com/35da694d98e8a7ff8ee2576fae3e394d2dd82ae1/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant_test.go
[modify] https://crrev.com/35da694d98e8a7ff8ee2576fae3e394d2dd82ae1/tokenserver/appengine/impl/services/minter/tokenminter/service.go
Project Member

Comment 26 by bugdroid1@chromium.org, Aug 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/0a74f8a6e3fb4f0c95350d1cef0b86099e3cd21f

commit 0a74f8a6e3fb4f0c95350d1cef0b86099e3cd21f
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Thu Aug 10 23:18:38 2017

tokenserver: Disable usage of delegation tokens for OAuth token grants.

There's no known usage scenarios when they are needed here. We always want
proxies (~= swarming GAE apps) to use their own credentials directly. By
forbidding calls that use delegation we reduce number of various possibilities
to consider when thinking about potential misuse.

R=smut@google.com
BUG= 731843 

Change-Id: Icc7a6fea0b0aee2f152d4cb25289e335b4f3985b
Reviewed-on: https://chromium-review.googlesource.com/611154
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: smut <smut@google.com>

[modify] https://crrev.com/0a74f8a6e3fb4f0c95350d1cef0b86099e3cd21f/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go
[modify] https://crrev.com/0a74f8a6e3fb4f0c95350d1cef0b86099e3cd21f/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant.go
Project Member

Comment 27 by bugdroid1@chromium.org, Aug 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/54c3d655aad70a72e5f9b9f89eaed14f0df7f194

commit 54c3d655aad70a72e5f9b9f89eaed14f0df7f194
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Thu Aug 10 23:31:18 2017

tokenserver: Log generated OAuth token grants to BigQuery.

R=smut@google.com
BUG= 731843 

Change-Id: I88e7f04ba3fe3c082cabbac7536f75c097cf4c01
Reviewed-on: https://chromium-review.googlesource.com/611157
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: smut <smut@google.com>

[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/backend/main.go
[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/frontend/cron.yaml
[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/frontend/queue.yaml
[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/impl/delegation/bigquery_log.go
[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/impl/machinetoken/bigquery_log.go
[add] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/impl/serviceaccounts/grant_bigquery_log.go
[add] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/impl/serviceaccounts/grant_bigquery_log_test.go
[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go
[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant_test.go
[modify] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/appengine/impl/services/minter/tokenminter/service.go
[add] https://crrev.com/54c3d655aad70a72e5f9b9f89eaed14f0df7f194/tokenserver/bq/tables/oauth_token_grants.schema
Project Member

Comment 28 by bugdroid1@chromium.org, Aug 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/e3e460c881a60bb7754e6db88b86511630b389ea

commit e3e460c881a60bb7754e6db88b86511630b389ea
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Fri Aug 11 01:43:08 2017

tokenserver: Split MintOAuthTokenGrant a little bit.

To be more similar to MintOAuthTokenViaGrant.

R=smut@google.com
BUG= 731843 

Change-Id: I29f11ec15b28f7829293c8e2c1136902550d6008
Reviewed-on: https://chromium-review.googlesource.com/611318
Reviewed-by: smut <smut@google.com>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/e3e460c881a60bb7754e6db88b86511630b389ea/tokenserver/appengine/impl/serviceaccounts/config.go
[modify] https://crrev.com/e3e460c881a60bb7754e6db88b86511630b389ea/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go
Project Member

Comment 29 by bugdroid1@chromium.org, Aug 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/8635490a5c455d62bd4e49073fec70b45d6bb734

commit 8635490a5c455d62bd4e49073fec70b45d6bb734
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Fri Aug 11 01:57:18 2017

auth: Add authdb.Revision(db) helper function that returns auth DB revision.

It pops up quite often to deserve its own function.

R=smut@google.com
BUG= 731843 

Change-Id: I1e399066c7c8c5b08c4036810184af1a68296e67
Reviewed-on: https://chromium-review.googlesource.com/611402
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: smut <smut@google.com>

[modify] https://crrev.com/8635490a5c455d62bd4e49073fec70b45d6bb734/server/auth/authdb/snapshot.go
[modify] https://crrev.com/8635490a5c455d62bd4e49073fec70b45d6bb734/server/auth/authdb/snapshot_test.go
[modify] https://crrev.com/8635490a5c455d62bd4e49073fec70b45d6bb734/tokenserver/appengine/impl/delegation/rpc_mint_delegation_token.go
[modify] https://crrev.com/8635490a5c455d62bd4e49073fec70b45d6bb734/tokenserver/appengine/impl/serviceaccounts/grant_bigquery_log.go
[modify] https://crrev.com/8635490a5c455d62bd4e49073fec70b45d6bb734/tokenserver/appengine/impl/serviceaccounts/grant_bigquery_log_test.go
[modify] https://crrev.com/8635490a5c455d62bd4e49073fec70b45d6bb734/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go
[modify] https://crrev.com/8635490a5c455d62bd4e49073fec70b45d6bb734/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant_test.go
Project Member

Comment 30 by bugdroid1@chromium.org, Aug 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/11a2b13c69ceb0b82c1879b69f318c480ed69682

commit 11a2b13c69ceb0b82c1879b69f318c480ed69682
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Fri Aug 11 22:14:01 2017

tokenserver: Log generated OAuth tokens to BigQuery.

R=smut@google.com
BUG= 731843 

Change-Id: I48546b7a46860670446f81aff47f46f05348ebe5
Reviewed-on: https://chromium-review.googlesource.com/611645
Reviewed-by: smut <smut@google.com>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/backend/main.go
[modify] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/frontend/cron.yaml
[modify] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/frontend/queue.yaml
[add] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/impl/serviceaccounts/oauth_token_bigquery_log.go
[add] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/impl/serviceaccounts/oauth_token_bigquery_log_test.go
[modify] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant_test.go
[modify] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant.go
[modify] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant_test.go
[modify] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/appengine/impl/services/minter/tokenminter/service.go
[add] https://crrev.com/11a2b13c69ceb0b82c1879b69f318c480ed69682/tokenserver/bq/tables/oauth_tokens.schema
Project Member

Comment 31 by bugdroid1@chromium.org, Aug 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/8438d5e517605f3ae74e22387807dffce037d49e

commit 8438d5e517605f3ae74e22387807dffce037d49e
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Aug 16 00:30:20 2017

tokenserver: Allow callers to supply more information for the BigQuery log.

Clients of TokenMinter interface now are allowed to provide a bunch of tags
with arbitrary information that gets logged to BigQuery, so we can later do
filtering based on these tags. This generalizes "request_intent" string.

In particular, Swarming will supply at least "task_id:<...>" tag (perhaps more,
like "bot_id:<...>" or anything else that might be useful), so we can later
query for all OAuth tokens given to some task.

R=smut@google.com
BUG= 731843 

Change-Id: I411f7c8eac0536b75c46d2e54e3123fbe679ef5f
Reviewed-on: https://chromium-review.googlesource.com/612740
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: smut <smut@google.com>

[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/api/minter/v1/pb.discovery.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/api/minter/v1/token_minter.pb.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/api/minter/v1/token_minter.proto
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/grant_bigquery_log.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/grant_bigquery_log_test.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/oauth_token_bigquery_log.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/oauth_token_bigquery_log_test.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant_test.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_via_grant_test.go
[add] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/utils/audit_tags.go
[add] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/appengine/impl/utils/audit_tags_test.go
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/bq/tables/oauth_token_grants.schema
[modify] https://crrev.com/8438d5e517605f3ae74e22387807dffce037d49e/tokenserver/bq/tables/oauth_tokens.schema

Comment 32 by vadimsh@chromium.org, Aug 16 2017

Status: Fixed (was: Assigned)

Comment 33 by efoo@chromium.org, Sep 8 2017

Labels: LUCI-M2-S7

Comment 34 by efoo@chromium.org, Sep 8 2017

Labels: -LUCI-M2-S7 LUCI-M3-S7

Comment 35 by efoo@chromium.org, Nov 8 2017

Labels: -REQBY-LUCI-M4-OpenBeta REQBY-LUCI-M5-GASupport

Comment 36 by efoo@chromium.org, Jan 30 2018

Labels: -LUCI-M1-Dev1 -LUCI-M2-Dev2 -REQBY-LUCI-M5-GASupport LUCI-Blocker-Afterglow LUCI-Dev1 LUCI-Dev2

Sign in to add a comment