X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/08078f621c8dbc1ecbd6e030bb0fac848cb6a01c..ad5eb020d76da3ef5927b3d8c364390d42493ddd:/lib/ctrlctx/auth.go

diff --git a/lib/ctrlctx/auth.go b/lib/ctrlctx/auth.go
index f4c472f73f..31746b64cc 100644
--- a/lib/ctrlctx/auth.go
+++ b/lib/ctrlctx/auth.go
@@ -50,6 +50,27 @@ func WrapCallsWithAuth(cluster *arvados.Cluster) func(api.RoutableFunc) api.Rout
 	}
 }
 
+// NewWithToken returns a context with the provided auth token.
+//
+// The incoming context must come from WrapCallsInTransactions or
+// NewWithTransaction.
+//
+// Used for attaching system auth to background threads.
+//
+// Also useful for tests, where context doesn't necessarily come from
+// a router that uses WrapCallsWithAuth.
+//
+// The returned context comes with its own token lookup cache, so
+// NewWithToken is not appropriate to use in a per-request code path.
+func NewWithToken(ctx context.Context, cluster *arvados.Cluster, token string) context.Context {
+	ctx = auth.NewContext(ctx, &auth.Credentials{Tokens: []string{token}})
+	return context.WithValue(ctx, contextKeyAuth, &authcontext{
+		authcache: &authcache{},
+		cluster:   cluster,
+		tokens:    []string{token},
+	})
+}
+
 // CurrentAuth returns the arvados.User whose privileges should be
 // used in the given context, and the arvados.APIClientAuthorization
 // the caller presented in order to authenticate the current request.