| // Copyright 2015 The Vanadium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package applife_test |
| |
| import ( |
| "crypto/md5" |
| "encoding/base64" |
| "fmt" |
| "io/ioutil" |
| "os" |
| "path/filepath" |
| "regexp" |
| "strings" |
| "syscall" |
| "testing" |
| "time" |
| |
| "v.io/v23" |
| "v.io/v23/context" |
| "v.io/v23/naming" |
| "v.io/v23/security" |
| "v.io/v23/services/application" |
| "v.io/v23/services/device" |
| "v.io/x/ref" |
| "v.io/x/ref/lib/mgmt" |
| vsecurity "v.io/x/ref/lib/security" |
| "v.io/x/ref/services/device/internal/errors" |
| "v.io/x/ref/services/device/internal/impl" |
| "v.io/x/ref/services/device/internal/impl/utiltest" |
| "v.io/x/ref/services/internal/servicetest" |
| "v.io/x/ref/test/testutil" |
| ) |
| |
| func instanceDirForApp(root, appID, instanceID string) string { |
| applicationDirName := func(title string) string { |
| h := md5.New() |
| h.Write([]byte(title)) |
| hash := strings.TrimRight(base64.URLEncoding.EncodeToString(h.Sum(nil)), "=") |
| return "app-" + hash |
| } |
| components := strings.Split(appID, "/") |
| appTitle, installationID := components[0], components[1] |
| return filepath.Join(root, applicationDirName(appTitle), "installation-"+installationID, "instances", "instance-"+instanceID) |
| } |
| |
| func verifyAppWorkspace(t *testing.T, root, appID, instanceID string) { |
| // HACK ALERT: for now, we peek inside the device manager's directory |
| // structure (which ought to be opaque) to check for what the app has |
| // written to its local root. |
| // |
| // TODO(caprita): add support to device manager to browse logs/app local |
| // root. |
| rootDir := filepath.Join(instanceDirForApp(root, appID, instanceID), "root") |
| testFile := filepath.Join(rootDir, "testfile") |
| if read, err := ioutil.ReadFile(testFile); err != nil { |
| t.Fatalf("Failed to read %v: %v", testFile, err) |
| } else if want, got := "goodbye world", string(read); want != got { |
| t.Fatalf("Expected to read %v, got %v instead", want, got) |
| } |
| // END HACK |
| } |
| |
| // TestLifeOfAnApp installs an app, instantiates, runs, kills, and deletes |
| // several instances, and performs updates. |
| func TestLifeOfAnApp(t *testing.T) { |
| ctx, shutdown := utiltest.V23Init() |
| defer shutdown() |
| |
| // Get app publisher context (used later to publish apps) |
| var pubCtx *context.T |
| var err error |
| if pubCtx, err = setupPublishingCredentials(ctx); err != nil { |
| t.Fatal(err) |
| } |
| |
| sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil) |
| defer deferFn() |
| |
| // Set up mock application and binary repositories. |
| envelope, cleanup := utiltest.StartMockRepos(t, ctx) |
| defer cleanup() |
| |
| root, cleanup := servicetest.SetupRootDir(t, "devicemanager") |
| defer cleanup() |
| if err := impl.SaveCreatorInfo(root); err != nil { |
| t.Fatal(err) |
| } |
| |
| // Create a script wrapping the test target that implements suidhelper. |
| helperPath := utiltest.GenerateSuidHelperScript(t, root) |
| |
| // Set up the device manager. Since we won't do device manager updates, |
| // don't worry about its application envelope and current link. |
| dmh := servicetest.RunCommand(t, sh, nil, utiltest.DeviceManager, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link") |
| servicetest.ReadPID(t, dmh) |
| utiltest.ClaimDevice(t, ctx, "claimable", "dm", "mydevice", utiltest.NoPairingToken) |
| |
| // Create the local server that the app uses to let us know it's ready. |
| pingCh, cleanup := utiltest.SetupPingServer(t, ctx) |
| defer cleanup() |
| |
| utiltest.Resolve(t, ctx, "pingserver", 1, true) |
| |
| // Create an envelope for a first version of the app. |
| e, err := utiltest.SignedEnvelopeFromShell(pubCtx, sh, []string{utiltest.TestEnvVarName + "=env-val-envelope"}, utiltest.App, "google naps", 0, 0, fmt.Sprintf("--%s=flag-val-envelope", utiltest.TestFlagName), "appV1") |
| if err != nil { |
| t.Fatalf("Unable to get signed envelope: %v", err) |
| } |
| *envelope = e |
| |
| // Install the app. The config-specified flag value for testFlagName |
| // should override the value specified in the envelope above, and the |
| // config-specified value for origin should override the value in the |
| // Install rpc argument. |
| mtName, ok := sh.GetVar(ref.EnvNamespacePrefix) |
| if !ok { |
| t.Fatalf("failed to get namespace root var from shell") |
| } |
| // This rooted name should be equivalent to the relative name "ar", but |
| // we want to test that the config override for origin works. |
| rootedAppRepoName := naming.Join(mtName, "ar") |
| appID := utiltest.InstallApp(t, ctx, device.Config{utiltest.TestFlagName: "flag-val-install", mgmt.AppOriginConfigKey: rootedAppRepoName}) |
| v1 := utiltest.VerifyState(t, ctx, device.InstallationStateActive, appID) |
| installationDebug := utiltest.Debug(t, ctx, appID) |
| // We spot-check a couple pieces of information we expect in the debug |
| // output. |
| // TODO(caprita): Is there a way to verify more without adding brittle |
| // logic that assumes too much about the format? This may be one |
| // argument in favor of making the output of Debug a struct instead of |
| // free-form string. |
| if !strings.Contains(installationDebug, fmt.Sprintf("Origin: %v", rootedAppRepoName)) { |
| t.Fatalf("debug response doesn't contain expected info: %v", installationDebug) |
| } |
| if !strings.Contains(installationDebug, "Config: map[random_test_flag:flag-val-install]") { |
| t.Fatalf("debug response doesn't contain expected info: %v", installationDebug) |
| } |
| |
| // Start requires the caller to bless the app instance. |
| expectedErr := "bless failed" |
| if _, err := utiltest.LaunchAppImpl(t, ctx, appID, ""); err == nil || err.Error() != expectedErr { |
| t.Fatalf("Start(%v) expected to fail with %v, got %v instead", appID, expectedErr, err) |
| } |
| |
| // Start an instance of the app. |
| instance1ID := utiltest.LaunchApp(t, ctx, appID) |
| if v := utiltest.VerifyState(t, ctx, device.InstanceStateRunning, appID, instance1ID); v != v1 { |
| t.Fatalf("Instance version expected to be %v, got %v instead", v1, v) |
| } |
| |
| instanceDebug := utiltest.Debug(t, ctx, appID, instance1ID) |
| |
| // Verify the app's default blessings. |
| if !strings.Contains(instanceDebug, fmt.Sprintf("Default Blessings %s/forapp", v23.GetPrincipal(ctx).BlessingStore().Default().String())) { |
| t.Fatalf("debug response doesn't contain expected info: %v", instanceDebug) |
| } |
| |
| // Verify the "..." blessing, which will include the publisher blessings |
| verifyAppPeerBlessings(t, ctx, pubCtx, instanceDebug, envelope) |
| |
| // Wait until the app pings us that it's ready. |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") |
| |
| v1EP1 := utiltest.Resolve(t, ctx, "appV1", 1, true)[0] |
| |
| // Stop the app instance. |
| utiltest.KillApp(t, ctx, appID, instance1ID) |
| utiltest.VerifyState(t, ctx, device.InstanceStateNotRunning, appID, instance1ID) |
| utiltest.ResolveExpectNotFound(t, ctx, "appV1", true) |
| |
| utiltest.RunApp(t, ctx, appID, instance1ID) |
| utiltest.VerifyState(t, ctx, device.InstanceStateRunning, appID, instance1ID) |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") // Wait until the app pings us that it's ready. |
| oldV1EP1 := v1EP1 |
| if v1EP1 = utiltest.Resolve(t, ctx, "appV1", 1, true)[0]; v1EP1 == oldV1EP1 { |
| t.Fatalf("Expected a new endpoint for the app after kill/run") |
| } |
| |
| // Start a second instance. |
| instance2ID := utiltest.LaunchApp(t, ctx, appID) |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") // Wait until the app pings us that it's ready. |
| |
| // There should be two endpoints mounted as "appV1", one for each |
| // instance of the app. |
| endpoints := utiltest.Resolve(t, ctx, "appV1", 2, true) |
| v1EP2 := endpoints[0] |
| if endpoints[0] == v1EP1 { |
| v1EP2 = endpoints[1] |
| if v1EP2 == v1EP1 { |
| t.Fatalf("Both endpoints are the same") |
| } |
| } else if endpoints[1] != v1EP1 { |
| t.Fatalf("Second endpoint should have been v1EP1: %v, %v", endpoints, v1EP1) |
| } |
| |
| // TODO(caprita): verify various non-standard combinations (kill when |
| // canceled; run while still running). |
| |
| // Kill the first instance. |
| utiltest.KillApp(t, ctx, appID, instance1ID) |
| // Only the second instance should still be running and mounted. |
| // In this case, we don't want to retry since we shouldn't need to. |
| if want, got := v1EP2, utiltest.Resolve(t, ctx, "appV1", 1, false)[0]; want != got { |
| t.Fatalf("Resolve(%v): want: %v, got %v", "appV1", want, got) |
| } |
| |
| // Updating the installation to itself is a no-op. |
| utiltest.UpdateAppExpectError(t, ctx, appID, errors.ErrUpdateNoOp.ID) |
| |
| // Updating the installation should not work with a mismatched title. |
| *envelope = utiltest.EnvelopeFromShell(sh, nil, utiltest.App, "bogus", 0, 0) |
| |
| utiltest.UpdateAppExpectError(t, ctx, appID, errors.ErrAppTitleMismatch.ID) |
| |
| // Create a second version of the app and update the app to it. |
| *envelope = utiltest.EnvelopeFromShell(sh, []string{utiltest.TestEnvVarName + "=env-val-envelope"}, utiltest.App, "google naps", 0, 0, "appV2") |
| |
| utiltest.UpdateApp(t, ctx, appID) |
| |
| v2 := utiltest.VerifyState(t, ctx, device.InstallationStateActive, appID) |
| if v1 == v2 { |
| t.Fatalf("Version did not change for %v: %v", appID, v1) |
| } |
| |
| // Second instance should still be running, don't retry. |
| if want, got := v1EP2, utiltest.Resolve(t, ctx, "appV1", 1, false)[0]; want != got { |
| t.Fatalf("Resolve(%v): want: %v, got %v", "appV1", want, got) |
| } |
| if v := utiltest.VerifyState(t, ctx, device.InstanceStateRunning, appID, instance2ID); v != v1 { |
| t.Fatalf("Instance version expected to be %v, got %v instead", v1, v) |
| } |
| |
| // Resume first instance. |
| utiltest.RunApp(t, ctx, appID, instance1ID) |
| if v := utiltest.VerifyState(t, ctx, device.InstanceStateRunning, appID, instance1ID); v != v1 { |
| t.Fatalf("Instance version expected to be %v, got %v instead", v1, v) |
| } |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") // Wait until the app pings us that it's ready. |
| // Both instances should still be running the first version of the app. |
| // Check that the mounttable contains two endpoints, one of which is |
| // v1EP2. |
| endpoints = utiltest.Resolve(t, ctx, "appV1", 2, true) |
| if endpoints[0] == v1EP2 { |
| if endpoints[1] == v1EP2 { |
| t.Fatalf("Both endpoints are the same") |
| } |
| } else if endpoints[1] != v1EP2 { |
| t.Fatalf("Second endpoint should have been v1EP2: %v, %v", endpoints, v1EP2) |
| } |
| |
| // Trying to update first instance while it's running should fail. |
| utiltest.UpdateInstanceExpectError(t, ctx, appID, instance1ID, errors.ErrInvalidOperation.ID) |
| // Stop first instance and try again. |
| utiltest.KillApp(t, ctx, appID, instance1ID) |
| // Only the second instance should still be running and mounted, don't retry. |
| if want, got := v1EP2, utiltest.Resolve(t, ctx, "appV1", 1, false)[0]; want != got { |
| t.Fatalf("Resolve(%v): want: %v, got %v", "appV1", want, got) |
| } |
| // Update succeeds now. |
| utiltest.UpdateInstance(t, ctx, appID, instance1ID) |
| if v := utiltest.VerifyState(t, ctx, device.InstanceStateNotRunning, appID, instance1ID); v != v2 { |
| t.Fatalf("Instance version expected to be %v, got %v instead", v2, v) |
| } |
| // Resume the first instance and verify it's running v2 now. |
| utiltest.RunApp(t, ctx, appID, instance1ID) |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") |
| utiltest.Resolve(t, ctx, "appV1", 1, false) |
| utiltest.Resolve(t, ctx, "appV2", 1, false) |
| |
| // Reverting first instance fails since it's still running. |
| utiltest.RevertAppExpectError(t, ctx, appID+"/"+instance1ID, errors.ErrInvalidOperation.ID) |
| // Stop first instance and try again. |
| utiltest.KillApp(t, ctx, appID, instance1ID) |
| verifyAppWorkspace(t, root, appID, instance1ID) |
| utiltest.ResolveExpectNotFound(t, ctx, "appV2", true) |
| utiltest.RevertApp(t, ctx, appID+"/"+instance1ID) |
| // Resume the first instance and verify it's running v1 now. |
| utiltest.RunApp(t, ctx, appID, instance1ID) |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") |
| utiltest.Resolve(t, ctx, "appV1", 2, false) |
| utiltest.TerminateApp(t, ctx, appID, instance1ID) |
| utiltest.Resolve(t, ctx, "appV1", 1, false) |
| |
| // Start a third instance. |
| instance3ID := utiltest.LaunchApp(t, ctx, appID) |
| if v := utiltest.VerifyState(t, ctx, device.InstanceStateRunning, appID, instance3ID); v != v2 { |
| t.Fatalf("Instance version expected to be %v, got %v instead", v2, v) |
| } |
| // Wait until the app pings us that it's ready. |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") |
| |
| utiltest.Resolve(t, ctx, "appV2", 1, true) |
| |
| // Suspend second instance. |
| utiltest.KillApp(t, ctx, appID, instance2ID) |
| utiltest.ResolveExpectNotFound(t, ctx, "appV1", true) |
| |
| // Reverting second instance is a no-op since it's already running v1. |
| utiltest.RevertAppExpectError(t, ctx, appID+"/"+instance2ID, errors.ErrUpdateNoOp.ID) |
| |
| // Stop third instance. |
| utiltest.TerminateApp(t, ctx, appID, instance3ID) |
| utiltest.ResolveExpectNotFound(t, ctx, "appV2", true) |
| |
| // Revert the app. |
| utiltest.RevertApp(t, ctx, appID) |
| if v := utiltest.VerifyState(t, ctx, device.InstallationStateActive, appID); v != v1 { |
| t.Fatalf("Installation version expected to be %v, got %v instead", v1, v) |
| } |
| |
| // Start a fourth instance. It should be running from version 1. |
| instance4ID := utiltest.LaunchApp(t, ctx, appID) |
| if v := utiltest.VerifyState(t, ctx, device.InstanceStateRunning, appID, instance4ID); v != v1 { |
| t.Fatalf("Instance version expected to be %v, got %v instead", v1, v) |
| } |
| pingCh.VerifyPingArgs(t, utiltest.UserName(t), "flag-val-install", "env-val-envelope") // Wait until the app pings us that it's ready. |
| utiltest.Resolve(t, ctx, "appV1", 1, true) |
| utiltest.TerminateApp(t, ctx, appID, instance4ID) |
| utiltest.ResolveExpectNotFound(t, ctx, "appV1", true) |
| |
| // We are already on the first version, no further revert possible. |
| utiltest.RevertAppExpectError(t, ctx, appID, errors.ErrUpdateNoOp.ID) |
| |
| // Uninstall the app. |
| utiltest.UninstallApp(t, ctx, appID) |
| utiltest.VerifyState(t, ctx, device.InstallationStateUninstalled, appID) |
| |
| // Updating the installation should no longer be allowed. |
| utiltest.UpdateAppExpectError(t, ctx, appID, errors.ErrInvalidOperation.ID) |
| |
| // Reverting the installation should no longer be allowed. |
| utiltest.RevertAppExpectError(t, ctx, appID, errors.ErrInvalidOperation.ID) |
| |
| // Starting new instances should no longer be allowed. |
| utiltest.LaunchAppExpectError(t, ctx, appID, errors.ErrInvalidOperation.ID) |
| |
| // Make sure that Kill will actually kill an app that doesn't exit |
| // cleanly Do this by installing, instantiating, running, and killing |
| // hangingApp, which sleeps (rather than exits) after being asked to |
| // Stop() |
| *envelope = utiltest.EnvelopeFromShell(sh, nil, utiltest.HangingApp, "hanging ap", 0, 0, "hAppV1") |
| hAppID := utiltest.InstallApp(t, ctx) |
| hInstanceID := utiltest.LaunchApp(t, ctx, hAppID) |
| hangingPid := pingCh.WaitForPingArgs(t).Pid |
| if err := syscall.Kill(hangingPid, 0); err != nil && err != syscall.EPERM { |
| t.Fatalf("Pid of hanging app (%v) is not live", hangingPid) |
| } |
| utiltest.KillApp(t, ctx, hAppID, hInstanceID) |
| pidIsAlive := true |
| for i := 0; i < 10 && pidIsAlive; i++ { |
| if err := syscall.Kill(hangingPid, 0); err == nil || err == syscall.EPERM { |
| time.Sleep(time.Second) // pid is still alive |
| } else { |
| pidIsAlive = false |
| } |
| } |
| if pidIsAlive { |
| t.Fatalf("Pid of hanging app (%d) has not exited after Stop() call", hangingPid) |
| } |
| |
| // In the first pass, TidyNow (below), finds that everything should be too |
| // young to be tidied becasue TidyNow's first call to MockableNow() |
| // provides the current time. |
| shouldKeepInstances := keepAll(t, root, filepath.Join(root, "app*", "installation*", "instances", "instance*")) |
| shouldKeepInstallations := keepAll(t, root, filepath.Join(root, "app*", "installation*")) |
| shouldKeepLogFiles := keepAll(t, root, filepath.Join(root, "app*", "installation*", "instances", "instance*", "logs", "*")) |
| |
| if err := utiltest.DeviceStub("dm").TidyNow(ctx); err != nil { |
| t.Fatalf("TidyNow failed: %v", err) |
| } |
| |
| verifyTidying(t, root, filepath.Join(root, "app*", "installation*", "instances", "instance*"), shouldKeepInstances) |
| verifyTidying(t, root, filepath.Join(root, "app*", "installation*"), shouldKeepInstallations) |
| verifyTidying(t, root, filepath.Join(root, "app*", "installation*", "instances", "instance*", "logs", "*"), shouldKeepLogFiles) |
| |
| // In the second pass, TidyNow() (below) calls MockableNow() again |
| // which has advanced to tomorrow so it should find that all items have |
| // become old enough to tidy. |
| shouldKeepInstances = determineShouldKeep(t, root, filepath.Join(root, "app*", "installation*", "instances", "instance*"), "Deleted") |
| shouldKeepInstallations = addBackLinks(t, root, determineShouldKeep(t, root, filepath.Join(root, "app*", "installation*"), "Uninstalled")) |
| shouldKeepLogFiles = determineLogFilesToKeep(t, shouldKeepInstances) |
| |
| if err := utiltest.DeviceStub("dm").TidyNow(ctx); err != nil { |
| t.Fatalf("TidyNow failed: %v", err) |
| } |
| |
| verifyTidying(t, root, filepath.Join(root, "app*", "installation*", "instances", "instance*"), shouldKeepInstances) |
| verifyTidying(t, root, filepath.Join(root, "app*", "installation*"), shouldKeepInstallations) |
| verifyTidying(t, root, filepath.Join(root, "app*", "installation*", "instances", "instance*", "logs", "*"), shouldKeepLogFiles) |
| |
| // Cleanly shut down the device manager. |
| defer utiltest.VerifyNoRunningProcesses(t) |
| syscall.Kill(dmh.Pid(), syscall.SIGINT) |
| dmh.Expect("dm terminated") |
| dmh.ExpectEOF() |
| } |
| |
| func keepAll(t *testing.T, root, globpath string) map[string]bool { |
| paths, err := filepath.Glob(globpath) |
| if err != nil { |
| t.Errorf("keepAll %v", err) |
| } |
| shouldKeep := make(map[string]bool) |
| for _, idir := range paths { |
| shouldKeep[idir] = true |
| } |
| return shouldKeep |
| } |
| |
| func determineShouldKeep(t *testing.T, root, globpath, state string) map[string]bool { |
| paths, err := filepath.Glob(globpath) |
| if err != nil { |
| t.Errorf("determineShouldKeep %v", err) |
| } |
| |
| shouldKeep := make(map[string]bool) |
| for _, idir := range paths { |
| p := filepath.Join(idir, state) |
| _, err := os.Stat(p) |
| if os.IsNotExist(err) { |
| shouldKeep[idir] = true |
| } else if err == nil { |
| shouldKeep[idir] = false |
| } else { |
| t.Errorf("determineShouldKeep Stat(%s) failed: %v", p, err) |
| } |
| } |
| return shouldKeep |
| |
| } |
| |
| func addBackLinks(t *testing.T, root string, installationShouldKeep map[string]bool) map[string]bool { |
| paths, err := filepath.Glob(filepath.Join(root, "app*", "installation*", "instances", "instance*", "installation")) |
| if err != nil { |
| t.Errorf("addBackLinks %v", err) |
| } |
| |
| for _, idir := range paths { |
| pth, err := os.Readlink(idir) |
| if err != nil { |
| t.Errorf("addBackLinks %v", err) |
| continue |
| } |
| if _, ok := installationShouldKeep[pth]; ok { |
| // An instance symlinks to this pth so must be kept. |
| installationShouldKeep[pth] = true |
| } |
| } |
| return installationShouldKeep |
| } |
| |
| // determineLogFilesToKeep produces a map of the log files that |
| // should remain after tidying. It returns a map to be compatible |
| // with the verifyTidying. |
| func determineLogFilesToKeep(t *testing.T, instances map[string]bool) map[string]bool { |
| shouldKeep := make(map[string]bool) |
| for idir, keep := range instances { |
| if !keep { |
| continue |
| } |
| |
| paths, err := filepath.Glob(filepath.Join(idir, "logs", "*")) |
| if err != nil { |
| t.Errorf("determineLogFilesToKeep filepath.Glob(%s) failed: %v", idir, err) |
| return shouldKeep |
| } |
| |
| for _, p := range paths { |
| fi, err := os.Stat(p) |
| if err != nil { |
| t.Errorf("determineLogFilesToKeep os.Stat(%s): %v", p, err) |
| return shouldKeep |
| } |
| |
| if fi.Mode()&os.ModeSymlink == 0 { |
| continue |
| } |
| |
| shouldKeep[p] = true |
| target, err := os.Readlink(p) |
| if err != nil { |
| t.Errorf("determineLogFilesToKeep os.Readlink(%s): %v", p, err) |
| return shouldKeep |
| } |
| shouldKeep[target] = true |
| } |
| } |
| return shouldKeep |
| } |
| |
| func verifyTidying(t *testing.T, root, globpath string, shouldKeep map[string]bool) { |
| paths, err := filepath.Glob(globpath) |
| if err != nil { |
| t.Errorf("verifyTidying %v", err) |
| } |
| |
| // TidyUp adds nothing: pth should be a subset of shouldKeep. |
| for _, pth := range paths { |
| if !shouldKeep[pth] { |
| t.Errorf("TidyUp (%s) wrongly added path: %s", globpath, pth) |
| return |
| } |
| } |
| |
| // Tidy should not leave unkept instances: shouldKeep ^ pth should be entirely true. |
| for _, pth := range paths { |
| if !shouldKeep[pth] { |
| t.Errorf("TidyUp (%s) failed to delete: %s", globpath, pth) |
| return |
| } |
| } |
| |
| // Tidy must not delete any kept instances. |
| for k, v := range shouldKeep { |
| if v { |
| if _, err := os.Stat(k); os.IsNotExist(err) { |
| t.Errorf("TidyUp (%s) deleted an instance it shouldn't have: %s", globpath, k) |
| } |
| } |
| } |
| } |
| |
| // setupPublishingCredentials creates two principals, which, in addition to the one passed in |
| // (which is "the user") allow us to have an "identity provider", and a "publisher". The |
| // user and the publisher are both blessed by the identity provider. The return value is |
| // a context that can be used to publish an envelope with a signed binary. |
| func setupPublishingCredentials(ctx *context.T) (*context.T, error) { |
| IDPPrincipal := testutil.NewPrincipal("identitypro") |
| IDPBlessing := IDPPrincipal.BlessingStore().Default() |
| |
| PubPrincipal := testutil.NewPrincipal() |
| UserPrincipal := v23.GetPrincipal(ctx) |
| |
| var b security.Blessings |
| var c security.Caveat |
| var err error |
| if c, err = security.NewExpiryCaveat(time.Now().Add(time.Hour * 24 * 30)); err != nil { |
| return nil, err |
| } |
| if b, err = IDPPrincipal.Bless(UserPrincipal.PublicKey(), IDPBlessing, "u/alice", c); err != nil { |
| return nil, err |
| } |
| if err := vsecurity.SetDefaultBlessings(UserPrincipal, b); err != nil { |
| return nil, err |
| } |
| |
| if b, err = IDPPrincipal.Bless(PubPrincipal.PublicKey(), IDPBlessing, "m/publisher", security.UnconstrainedUse()); err != nil { |
| return nil, err |
| } |
| if err := vsecurity.SetDefaultBlessings(PubPrincipal, b); err != nil { |
| return nil, err |
| } |
| |
| var pubCtx *context.T |
| if pubCtx, err = v23.WithPrincipal(ctx, PubPrincipal); err != nil { |
| return nil, err |
| } |
| |
| return pubCtx, nil |
| } |
| |
| // verifyAppPeerBlessings checks the instanceDebug string to ensure that the app is running with |
| // the expected blessings for peer "..." (i.e. security.AllPrincipals) . |
| // |
| // The app should have one blessing that came from the user, of the form |
| // <base_blessing>/forapp. It should also have one or more publisher blessings, that are the |
| // cross product of the device manager blessings and the publisher blessings in the app |
| // envelope. |
| func verifyAppPeerBlessings(t *testing.T, ctx, pubCtx *context.T, instanceDebug string, e *application.Envelope) { |
| // Extract the blessings from the debug output |
| blessingRE := regexp.MustCompile(`Blessings\s?\n\s?\.\.\.\s*([^\n]+)`) |
| blessingMatches := blessingRE.FindStringSubmatch(instanceDebug) |
| if len(blessingMatches) < 2 { |
| t.Fatalf("Failed to match blessing regex: [%v] [%v]", blessingMatches, instanceDebug) |
| } |
| blessingList := strings.Split(blessingMatches[1], ",") |
| |
| // Compute a map of the blessings we expect to find |
| expBlessings := make(map[string]bool) |
| baseBlessing := v23.GetPrincipal(ctx).BlessingStore().Default().String() |
| expBlessings[baseBlessing+"/forapp"] = false |
| |
| // App blessings should be the cross product of device manager and publisher blessings |
| |
| // dmBlessings below is a slice even though we have just one entry because we'll likely |
| // want it to have more than one in future. (Today, a device manager typically has a |
| // blessing from its claimer, but in many cases there might be other blessings too, such |
| // as one from the manufacturer, or one from the organization that owns the device.) |
| dmBlessings := []string{baseBlessing + "/mydevice"} |
| pubBlessings := strings.Split(e.Publisher.String(), ",") |
| for _, dmb := range dmBlessings { |
| for _, pb := range pubBlessings { |
| expBlessings[dmb+"/a/"+pb] = false |
| } |
| } |
| |
| // Check the list of blessings against the map of expected blessings |
| matched := 0 |
| for _, b := range blessingList { |
| if seen, ok := expBlessings[b]; ok && !seen { |
| expBlessings[b] = true |
| matched++ |
| } |
| } |
| if matched != len(expBlessings) { |
| t.Fatalf("Missing some blessings in set %v. App blessings were: %v", expBlessings, blessingList) |
| } |
| } |
