Frontend server for interacting with the AutoRoller.
package main
import (
var (
// flags.
configRefreshInterval = flag.Duration("config_refresh", 5*time.Minute, "How often to refresh the roller configs from the database.")
configGerritProject = flag.String("config_gerrit_project", "", "Gerrit project used for editing configs.")
configRepo = flag.String("config_repo", "", "Repo URL where configs are stored.")
configRepoPath = flag.String("config_repo_path", "", "Path within the config repo where configs are stored.")
firestoreInstance = flag.String("firestore_instance", "", "Firestore instance to use, eg. \"production\"")
host = flag.String("host", "localhost", "HTTP service host")
internal = flag.Bool("internal", false, "If true, display the internal rollers.")
local = flag.Bool("local", false, "Running locally if true. As opposed to in production.")
port = flag.String("port", ":8000", "HTTP service port (e.g., ':8000')")
promPort = flag.String("prom_port", ":20000", "Metrics service address (e.g., ':10110')")
resourcesDir = flag.String("resources_dir", "", "The directory to find templates, JS, and CSS files. If blank the current directory will be used.")
hang = flag.Bool("hang", false, "If true, don't spin up the server, just hang without doing anything.")
allowedViewers = []string{
mainTemplate *template.Template = nil
rollerTemplate *template.Template = nil
configTemplate *template.Template = nil
modeHistoryTemplate *template.Template = nil
rollHistoryTemplate *template.Template = nil
strategyHistoryTemplate *template.Template = nil
srv *rpc.AutoRollServer
configEditsInProgress = map[string]*config.Config{}
configGitiles *gitiles.Repo = nil
// gerritOauthConfig is the OAuth 2.0 client configuration used for
// interacting with Gerrit.
gerritOauthConfig = &oauth2.Config{
ClientID: "not-a-valid-client-id",
ClientSecret: "not-a-valid-client-secret",
Scopes: []string{gerrit.AuthScope},
Endpoint: google.Endpoint,
RedirectURL: "http://localhost:8000/oauth2callback/",
func reloadTemplates() {
if *resourcesDir == "" {
wd, err := os.Getwd()
if err != nil {
*resourcesDir = filepath.Join(wd, "dist")
sklog.Infof("Reading resources from %s", *resourcesDir)
mainTemplate = template.Must(template.New("index.html").Funcs(map[string]interface{}{
"marshal": func(data interface{}) template.JS {
b, _ := json.Marshal(data)
return template.JS(b)
filepath.Join(*resourcesDir, "index.html"),
rollerTemplate = template.Must(template.ParseFiles(
filepath.Join(*resourcesDir, "roller.html"),
configTemplate = template.Must(template.ParseFiles(
filepath.Join(*resourcesDir, "config.html"),
modeHistoryTemplate = template.Must(template.ParseFiles(
filepath.Join(*resourcesDir, "mode-history.html"),
rollHistoryTemplate = template.Must(template.ParseFiles(
filepath.Join(*resourcesDir, "roll-history.html"),
strategyHistoryTemplate = template.Must(template.ParseFiles(
filepath.Join(*resourcesDir, "strategy-history.html"),
func getRoller(w http.ResponseWriter, r *http.Request) *config.Config {
name, ok := mux.Vars(r)["roller"]
if !ok {
http.Error(w, "Unable to find roller name in request path.", http.StatusBadRequest)
return nil
roller, err := srv.GetRoller(name)
if err != nil {
http.Error(w, "No such roller", http.StatusNotFound)
return nil
return roller.Cfg
func rollerHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
cfg := getRoller(w, r)
if cfg == nil {
return // Errors are handled by getRoller.
page := struct {
ChildName string
ParentName string
Roller string
ChildName: cfg.ChildDisplayName,
ParentName: cfg.ParentDisplayName,
Roller: cfg.RollerName,
if err := rollerTemplate.Execute(w, page); err != nil {
httputils.ReportError(w, err, "Failed to expand template.", http.StatusInternalServerError)
func modeHistoryHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
cfg := getRoller(w, r)
if cfg == nil {
return // Errors are handled by getRoller.
page := struct {
ChildName string
ParentName string
Roller string
ChildName: cfg.ChildDisplayName,
ParentName: cfg.ParentDisplayName,
Roller: cfg.RollerName,
if err := modeHistoryTemplate.Execute(w, page); err != nil {
httputils.ReportError(w, err, "Failed to expand template.", http.StatusInternalServerError)
func rollHistoryHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
cfg := getRoller(w, r)
if cfg == nil {
return // Errors are handled by getRoller.
page := struct {
ChildName string
ParentName string
Roller string
ChildName: cfg.ChildDisplayName,
ParentName: cfg.ParentDisplayName,
Roller: cfg.RollerName,
if err := rollHistoryTemplate.Execute(w, page); err != nil {
httputils.ReportError(w, err, "Failed to expand template.", http.StatusInternalServerError)
func strategyHistoryHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
cfg := getRoller(w, r)
if cfg == nil {
return // Errors are handled by getRoller.
page := struct {
ChildName string
ParentName string
Roller string
ChildName: cfg.ChildDisplayName,
ParentName: cfg.ParentDisplayName,
Roller: cfg.RollerName,
if err := strategyHistoryTemplate.Execute(w, page); err != nil {
httputils.ReportError(w, err, "Failed to expand template.", http.StatusInternalServerError)
func mainHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html")
if err := mainTemplate.Execute(w, nil); err != nil {
httputils.ReportError(w, errors.New("Failed to expand template."), fmt.Sprintf("Failed to expand template: %s", err), http.StatusInternalServerError)
func configHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost {
// Parse and validate the config.
configJson := r.FormValue("configJson")
var cfg config.Config
if err := protojson.Unmarshal([]byte(configJson), &cfg); err != nil {
httputils.ReportError(w, err, "Failed to parse config as JSON", http.StatusBadRequest)
if err := cfg.Validate(); err != nil {
httputils.ReportError(w, err, err.Error(), http.StatusBadRequest)
// We're going to redirect for the OAuth2 flow. Store the config in
// memory.
// TODO(borenet): What happens if we scale Kubernetes up to multiple
// frontend pods and the user redirects back to a different instance?
var sessionID string
for {
sessionID = uuid.New().String()
if _, ok := configEditsInProgress[sessionID]; !ok {
configEditsInProgress[sessionID] = &cfg
time.AfterFunc(time.Hour, func() {
delete(configEditsInProgress, sessionID)
// Redirect for OAuth2.
opts := []oauth2.AuthCodeOption{oauth2.AccessTypeOnline, oauth2.SetAuthURLParam("approval_prompt", "auto")}
redirectURL := gerritOauthConfig.AuthCodeURL(sessionID, opts...)
http.Redirect(w, r, redirectURL, http.StatusFound)
} else {
w.Header().Set("Content-Type", "text/html")
if err := configTemplate.Execute(w, nil); err != nil {
httputils.ReportError(w, errors.New("Failed to expand template."), fmt.Sprintf("Failed to expand template: %s", err), http.StatusInternalServerError)
func configJSONHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
cfg := getRoller(w, r)
if cfg == nil {
return // Errors are handled by getRoller.
b, err := protojson.Marshal(cfg)
if err != nil {
httputils.ReportError(w, err, "Failed to encode response.", http.StatusInternalServerError)
if _, err := w.Write(b); err != nil {
httputils.ReportError(w, err, "Failed to write response.", http.StatusInternalServerError)
func submitConfigUpdate(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
sessionID := r.FormValue("state")
cfg, ok := configEditsInProgress[sessionID]
if !ok {
msg := "Unable to find config"
httputils.ReportError(w, errors.New(msg), msg, http.StatusBadRequest)
content, err := prototext.MarshalOptions{
Indent: " ",
if err != nil {
httputils.ReportError(w, err, "Failed to encode config to proto.", http.StatusInternalServerError)
code := r.FormValue("code")
token, err := gerritOauthConfig.Exchange(ctx, code)
if err != nil {
httputils.ReportError(w, err, "Failed to authenticate.", http.StatusInternalServerError)
ts := gerritOauthConfig.TokenSource(ctx, token)
client := httputils.DefaultClientConfig().WithTokenSource(ts).Client()
g, err := gerrit.NewGerrit(gerrit.GerritSkiaURL, client)
if err != nil {
httputils.ReportError(w, err, "Failed to initialize Gerrit API.", http.StatusInternalServerError)
baseCommit, err := configGitiles.ResolveRef(ctx, git.MainBranch)
if err != nil {
httputils.ReportError(w, err, "Failed to find base commit.", http.StatusInternalServerError)
configFile := cfg.RollerName + ".cfg"
if *configRepoPath != "" {
configFile = path.Join(*configRepoPath, configFile)
// TODO(borenet): Handle custom commit messages.
ci, err := gerrit.CreateAndEditChange(ctx, g, *configGerritProject, git.MainBranch, "Update AutoRoller Config", baseCommit, func(ctx context.Context, g gerrit.GerritInterface, ci *gerrit.ChangeInfo) error {
return g.EditFile(ctx, ci, configFile, string(content))
if err != nil {
httputils.ReportError(w, err, "Failed to create change.", http.StatusInternalServerError)
redirectURL := g.Url(ci.Issue)
http.Redirect(w, r, redirectURL, http.StatusFound)
func oAuth2CallbackHandler(w http.ResponseWriter, r *http.Request) {
// We share the same OAuth2 redirect URL between the normal login flow and
// the Gerrit auth flow used for editing roller configs. Use the presence
// of the state variable in the configEditsInProgress map to distinguish
// between the two.
state := r.FormValue("state")
if _, ok := configEditsInProgress[state]; ok {
submitConfigUpdate(w, r)
} else {
login.OAuth2CallbackHandler(w, r)
// addCorsMiddleware wraps the specified HTTP handler with a handler that applies the
// CORS specification on the request, and adds relevant CORS headers as necessary.
// This is needed for some handlers that do not have this middleware. Eg: the twirp
// handler (
func addCorsMiddleware(handler http.Handler) http.Handler {
corsWrapper := cors.New(cors.Options{
AllowedOrigins: []string{"*"},
Debug: true,
return corsWrapper.Handler(handler)
func runServer(ctx context.Context, serverURL string, srv http.Handler) {
r := mux.NewRouter()
r.HandleFunc("/", mainHandler)
r.PathPrefix("/dist/").Handler(http.StripPrefix("/dist/", http.HandlerFunc(httputils.MakeResourceHandler(*resourcesDir))))
r.HandleFunc("/config", configHandler)
r.HandleFunc(login.DEFAULT_OAUTH2_CALLBACK, oAuth2CallbackHandler)
r.HandleFunc("/logout/", login.LogoutHandler)
r.HandleFunc("/loginstatus/", login.StatusHandler)
rollerRouter := r.PathPrefix("/r/{roller}").Subrouter()
rollerRouter.HandleFunc("", rollerHandler)
rollerRouter.HandleFunc("/config", configJSONHandler)
rollerRouter.HandleFunc("/mode-history", modeHistoryHandler)
rollerRouter.HandleFunc("/roll-history", rollHistoryHandler)
rollerRouter.HandleFunc("/strategy-history", strategyHistoryHandler)
h := httputils.LoggingRequestResponse(r)
h = httputils.XFrameOptionsDeny(h)
if !*local {
if *internal {
h = login.RestrictViewer(h)
h = login.ForceAuth(h, login.DEFAULT_OAUTH2_CALLBACK)
h = httputils.HealthzAndHTTPS(h)
http.Handle("/", h)
sklog.Infof("Ready to serve on %s", serverURL)
sklog.Fatal(http.ListenAndServe(*port, nil))
func main() {
defer common.Defer()
if *hang {
select {}
ctx := context.Background()
ts, err := google.DefaultTokenSource(ctx, auth.ScopeUserinfoEmail, auth.ScopeGerrit, datastore.ScopeDatastore)
if err != nil {
namespace := ds.AUTOROLL_NS
if *internal {
if err := ds.InitWithOpt(common.PROJECT_ID, namespace, option.WithTokenSource(ts)); err != nil {
statusDB, err := status.NewDB(ctx, firestore.FIRESTORE_PROJECT, namespace, *firestoreInstance, ts)
if err != nil {
sklog.Fatalf("Failed to create status DB: %s", err)
configDB, err := db.NewDBWithParams(ctx, firestore.FIRESTORE_PROJECT, namespace, *firestoreInstance, ts)
if err != nil {
rollsDB := recent_rolls.NewDatastoreRollsDB(ctx)
manualRollDB, err := manual.NewDBWithParams(ctx, firestore.FIRESTORE_PROJECT, *firestoreInstance, ts)
if err != nil {
throttleDB := unthrottle.NewDatastore(ctx)
if *configRepo == "" {
sklog.Fatal("--config_repo is required.")
if *configGerritProject == "" {
sklog.Fatal("--config_gerrit_project is required.")
client := httputils.DefaultClientConfig().WithTokenSource(ts).Client()
configGitiles = gitiles.NewRepo(*configRepo, client)
// Read the configs for the rollers.
// TODO(borenet): Use CRIA groups instead of, ie. admins are
// "google/", editors are specified in each roller's
// config file, and viewers are either public or
var viewAllow allowed.Allow
if *internal {
viewAllow = allowed.UnionOf(allowed.NewAllowedFromList(allowedViewers), allowed.Googlers())
editAllow := allowed.Googlers()
adminAllow := allowed.Googlers()
srv, err = rpc.NewAutoRollServer(ctx, statusDB, configDB, rollsDB, manualRollDB, throttleDB, viewAllow, editAllow, adminAllow, *configRefreshInterval)
if err != nil {
serverURL := "https://" + *host
if *local {
serverURL = "http://" + *host + *port
login.InitWithAllow(serverURL+login.DEFAULT_OAUTH2_CALLBACK, adminAllow, editAllow, viewAllow)
// Load the OAuth2 config information.
_, clientID, clientSecret, err := login.TryLoadingFromAllSources(ctx, "")
if err != nil {
sklog.Fatalf("Failed to load OAuth2 configuration: %s", err)
gerritOauthConfig.ClientID = clientID
gerritOauthConfig.ClientSecret = clientSecret
gerritOauthConfig.RedirectURL = serverURL + login.DEFAULT_OAUTH2_CALLBACK
// Create the server.
runServer(ctx, serverURL, srv.GetHandler())