Merge "ref: change binaryd flags from underscores to hyphens."
diff --git a/cmd/mgmt/shell_test.sh b/cmd/mgmt/shell_test.sh
index 9a3be6b..35ca71e 100755
--- a/cmd/mgmt/shell_test.sh
+++ b/cmd/mgmt/shell_test.sh
@@ -243,7 +243,7 @@
local -r PRINCIPAL_BIN="$(shell_test::build_go_binary 'v.io/x/ref/cmd/principal')"
local -r FORKCRED=$(shell::tmp_dir)
"${PRINCIPAL_BIN}" create --overwrite=true "${FORKCRED}" self >/dev/null || shell_test::fail "line ${LINENO}: create failed"
- "${PRINCIPAL_BIN}" --v23.credentials="$1" bless --require_caveats=false "${FORKCRED}" "$2" >blessing || shell_test::fail "line ${LINENO}: bless failed"
+ "${PRINCIPAL_BIN}" --v23.credentials="$1" bless --require-caveats=false "${FORKCRED}" "$2" >blessing || shell_test::fail "line ${LINENO}: bless failed"
"${PRINCIPAL_BIN}" --v23.credentials="${FORKCRED}" store setdefault blessing || shell_test::fail "line ${LINENO}: store setdefault failed"
"${PRINCIPAL_BIN}" --v23.credentials="${FORKCRED}" store set blessing ... || shell_test::fail "line ${LINENO}: store set failed"
echo "${FORKCRED}"
diff --git a/cmd/principal/doc.go b/cmd/principal/doc.go
index 54099fd..65c1932 100644
--- a/cmd/principal/doc.go
+++ b/cmd/principal/doc.go
@@ -151,7 +151,7 @@
Duration of blessing validity (zero implies no expiration caveat)
-overwrite=false
If true, any existing principal data in the directory will be overwritten
- -require_caveats=true
+ -require-caveats=true
If false, allow blessing without any caveats. This is typically not advised
as the principal wielding the blessing will be almost as powerful as its
blesser
@@ -167,26 +167,26 @@
The blessings are sought for the principal specified by the environment that
this tool is running in.
-The blessings obtained are set as default, unless the --set_default flag is set
+The blessings obtained are set as default, unless the --set-default flag is set
to true, and are also set for sharing with all peers, unless a more specific
-peer pattern is provided using the --for_peer flag.
+peer pattern is provided using the --for-peer flag.
Usage:
principal seekblessings [flags]
The principal seekblessings flags are:
- -add_to_roots=true
+ -add-to-roots=true
If true, the root certificate of the blessing will be added to the
principal's set of recognized root certificates
-browser=true
If false, the seekblessings command will not open the browser and only print
the url to visit.
- -for_peer=...
+ -for-peer=...
If non-empty, the blessings obtained will be marked for peers matching this
pattern in the store
-from=https://dev.v.io/auth/google
URL to use to begin the seek blessings process
- -set_default=true
+ -set-default=true
If true, the blessings obtained will be set as the default blessing in the
store
@@ -198,9 +198,9 @@
another invocation of this tool (remote process) and prints out the command to
be run as the remote principal.
-The received blessings are set as default, unless the --set_default flag is set
+The received blessings are set as default, unless the --set-default flag is set
to true, and are also set for sharing with all peers, unless a more specific
-peer pattern is provided using the --for_peer flag.
+peer pattern is provided using the --for-peer flag.
TODO(ashankar,cnicolaou): Make this next paragraph possible! Requires the
ability to obtain the proxied endpoint.
@@ -211,33 +211,33 @@
principal --v23.proxy=proxy recvblessings
The command to be run at the sender is of the form:
- principal bless --remote_key=KEY --remote_token=TOKEN ADDRESS EXTENSION
+ principal bless --remote-key=KEY --remote-token=TOKEN ADDRESS EXTENSION
-The --remote_key flag is used to by the sender to "authenticate" the receiver,
+The --remote-key flag is used to by the sender to "authenticate" the receiver,
ensuring it blesses the intended recipient and not any attacker that may have
taken over the address.
-The --remote_token flag is used by the sender to authenticate itself to the
+The --remote-token flag is used by the sender to authenticate itself to the
receiver. This helps ensure that the receiver rejects blessings from senders who
just happened to guess the network address of the 'recvblessings' invocation.
-If the --remote_arg_file flag is provided to recvblessings, the remote key,
+If the --remote-arg-file flag is provided to recvblessings, the remote key,
remote token and object address of this principal will be written to the
specified location. This file can be supplied to bless:
- principal bless --remote_arg_file FILE EXTENSION
+ principal bless --remote-arg-file FILE EXTENSION
Usage:
principal recvblessings [flags]
The principal recvblessings flags are:
- -for_peer=...
+ -for-peer=...
If non-empty, the blessings received will be marked for peers matching this
pattern in the store
- -remote_arg_file=
+ -remote-arg-file=
If non-empty, the remote key, remote token, and principal will be written to
the specified file in a JSON object. This can be provided to 'principal bless
- --remote_arg_file FILE EXTENSION'.
- -set_default=true
+ --remote-arg-file FILE EXTENSION'.
+ -set-default=true
If true, the blessings received will be set as the default blessing in the
store
@@ -294,12 +294,12 @@
V23_CREDENTIALS=<path to alice> principal bless <path to bob> friend
and this will dump the blessing to STDOUT.
-With the --remote_key and --remote_token flags, this command can be used to
+With the --remote-key and --remote-token flags, this command can be used to
bless a principal on a remote machine as well. In this case, the blessing is not
dumped to STDOUT but sent to the remote end. Use 'principal help recvblessings'
for more details on that.
-When --remote_arg_file is specified, only the blessing extension is required, as
+When --remote-arg-file is specified, only the blessing extension is required, as
all other arguments will be extracted from the specified file.
Usage:
@@ -311,9 +311,9 @@
containing any other blessings of that
principal,
OR (c) The object name produced by the 'recvblessings' command of this tool
- running on behalf of another principal (if the --remote_key and
- --remote_token flags are specified).
-OR (d) None (if the --remote_arg_file flag is specified, only <extension> should
+ running on behalf of another principal (if the --remote-key and
+ --remote-token flags are specified).
+OR (d) None (if the --remote-arg-file flag is specified, only <extension> should
be provided
to bless).
@@ -324,16 +324,16 @@
"package/path".CaveatName:VDLExpressionParam to attach to this blessing
-for=0
Duration of blessing validity (zero implies no expiration caveat)
- -remote_arg_file=
+ -remote-arg-file=
File containing bless arguments written by 'principal recvblessings
- -remote_arg_file FILE EXTENSION' command. This can be provided to bless in
- place of --remote_key, --remote_token, and <principal>.
- -remote_key=
+ -remote-arg-file FILE EXTENSION' command. This can be provided to bless in
+ place of --remote-key, --remote-token, and <principal>.
+ -remote-key=
Public key of the remote principal to bless (obtained from the
'recvblessings' command run by the remote principal
- -remote_token=
+ -remote-token=
Token provided by principal running the 'recvblessings' command
- -require_caveats=true
+ -require-caveats=true
If false, allow blessing without any caveats. This is typically not advised
as the principal wielding the blessing will be almost as powerful as its
blesser
@@ -369,7 +369,7 @@
tool. - is used for STDIN.
The principal set default flags are:
- -add_to_roots=true
+ -add-to-roots=true
If true, the root certificate of the blessing will be added to the
principal's set of recognized root certificates
@@ -397,7 +397,7 @@
can be shared with.
The principal set forpeer flags are:
- -add_to_roots=true
+ -add-to-roots=true
If true, the root certificate of the blessing will be added to the
principal's set of recognized root certificates
diff --git a/cmd/principal/main.go b/cmd/principal/main.go
index 3e67cb7..67fb4e1 100644
--- a/cmd/principal/main.go
+++ b/cmd/principal/main.go
@@ -65,7 +65,7 @@
flagRecvBlessingsSetDefault bool
flagRecvBlessingsForPeer string
- errNoCaveats = fmt.Errorf("no caveats provided: it is generally dangerous to bless another principal without any caveats as that gives them almost unrestricted access to the blesser's credentials. If you really want to do this, set --require_caveats=false")
+ errNoCaveats = fmt.Errorf("no caveats provided: it is generally dangerous to bless another principal without any caveats as that gives them almost unrestricted access to the blesser's credentials. If you really want to do this, set --require-caveats=false")
cmdDump = &cmdline.Command{
Name: "dump",
Short: "Dump out information about the principal",
@@ -192,12 +192,12 @@
V23_CREDENTIALS=<path to alice> principal bless <path to bob> friend
and this will dump the blessing to STDOUT.
-With the --remote_key and --remote_token flags, this command can be used to
+With the --remote-key and --remote-token flags, this command can be used to
bless a principal on a remote machine as well. In this case, the blessing is
not dumped to STDOUT but sent to the remote end. Use 'principal help
recvblessings' for more details on that.
-When --remote_arg_file is specified, only the blessing extension is required, as all other
+When --remote-arg-file is specified, only the blessing extension is required, as all other
arguments will be extracted from the specified file.
`,
ArgsName: "[<principal to bless>] <extension>",
@@ -210,10 +210,10 @@
principal,
OR
(c) The object name produced by the 'recvblessings' command of this tool
- running on behalf of another principal (if the --remote_key and
- --remote_token flags are specified).
+ running on behalf of another principal (if the --remote-key and
+ --remote-token flags are specified).
OR
-(d) None (if the --remote_arg_file flag is specified, only <extension> should be provided
+(d) None (if the --remote-arg-file flag is specified, only <extension> should be provided
to bless).
<extension> is the string extension that will be applied to create the
@@ -222,9 +222,9 @@
`,
Run: func(cmd *cmdline.Command, args []string) error {
if len(flagRemoteArgFile) > 0 && len(args) != 1 {
- return fmt.Errorf("when --remote_arg_file is provided, only <extension> is expected, provided %d", len(args))
+ return fmt.Errorf("when --remote-arg-file is provided, only <extension> is expected, provided %d", len(args))
} else if len(flagRemoteArgFile) == 0 && len(args) != 2 {
- return fmt.Errorf("require exactly two arguments when --remote_arg_file is not provided, provided %d", len(args))
+ return fmt.Errorf("require exactly two arguments when --remote-arg-file is not provided, provided %d", len(args))
}
ctx, shutdown := v23.Init()
@@ -260,7 +260,7 @@
}
// Send blessings to a "server" started by a "recvblessings" command, either
- // with the --remote_arg_file flag, or with --remote_key and --remote_token flags.
+ // with the --remote-arg-file flag, or with --remote-key and --remote-token flags.
if len(remoteKey) > 0 {
granter := &granter{p, with, extension, caveats, remoteKey}
return blessOverNetwork(ctx, tobless, granter, remoteToken)
@@ -589,9 +589,9 @@
The blessings are sought for the principal specified by the environment that
this tool is running in.
-The blessings obtained are set as default, unless the --set_default flag is
+The blessings obtained are set as default, unless the --set-default flag is
set to true, and are also set for sharing with all peers, unless a more
-specific peer pattern is provided using the --for_peer flag.
+specific peer pattern is provided using the --for-peer flag.
`,
Run: func(cmd *cmdline.Command, args []string) error {
// Initialize the runtime first so that any local errors are reported
@@ -646,9 +646,9 @@
from another invocation of this tool (remote process) and prints out the
command to be run as the remote principal.
-The received blessings are set as default, unless the --set_default flag is
+The received blessings are set as default, unless the --set-default flag is
set to true, and are also set for sharing with all peers, unless a more
-specific peer pattern is provided using the --for_peer flag.
+specific peer pattern is provided using the --for-peer flag.
TODO(ashankar,cnicolaou): Make this next paragraph possible! Requires
the ability to obtain the proxied endpoint.
@@ -659,21 +659,21 @@
principal --v23.proxy=proxy recvblessings
The command to be run at the sender is of the form:
- principal bless --remote_key=KEY --remote_token=TOKEN ADDRESS EXTENSION
+ principal bless --remote-key=KEY --remote-token=TOKEN ADDRESS EXTENSION
-The --remote_key flag is used to by the sender to "authenticate" the receiver,
+The --remote-key flag is used to by the sender to "authenticate" the receiver,
ensuring it blesses the intended recipient and not any attacker that may have
taken over the address.
-The --remote_token flag is used by the sender to authenticate itself to the
+The --remote-token flag is used by the sender to authenticate itself to the
receiver. This helps ensure that the receiver rejects blessings from senders
who just happened to guess the network address of the 'recvblessings'
invocation.
-If the --remote_arg_file flag is provided to recvblessings, the remote key, remote token
+If the --remote-arg-file flag is provided to recvblessings, the remote key, remote token
and object address of this principal will be written to the specified location.
This file can be supplied to bless:
- principal bless --remote_arg_file FILE EXTENSION
+ principal bless --remote-arg-file FILE EXTENSION
`,
Run: func(cmd *cmdline.Command, args []string) error {
@@ -718,9 +718,9 @@
return fmt.Errorf("failed to write recvblessings info to %v: %v", flagRemoteArgFile, err)
}
fmt.Printf("make %q accessible to the blesser, possibly by copying the file over and then run:\n", flagRemoteArgFile)
- fmt.Printf("principal bless --remote_arg_file=%v %v", flagRemoteArgFile, extension)
+ fmt.Printf("principal bless --remote-arg-file=%v %v", flagRemoteArgFile, extension)
} else {
- fmt.Printf("principal bless --remote_key=%v --remote_token=%v %v %v\n", p.PublicKey(), service.token, eps[0].Name(), extension)
+ fmt.Printf("principal bless --remote-key=%v --remote-token=%v %v %v\n", p.PublicKey(), service.token, eps[0].Name(), extension)
}
fmt.Println()
fmt.Println("...waiting for sender..")
@@ -731,10 +731,10 @@
func blessArgs(args []string) (tobless, extension, remoteKey, remoteToken string, err error) {
if len(flagRemoteArgFile) > 0 && (len(flagBlessRemoteKey)+len(flagBlessRemoteToken) > 0) {
- return "", "", "", "", fmt.Errorf("--remote_key and --remote_token cannot be provided with --remote_arg_file")
+ return "", "", "", "", fmt.Errorf("--remote-key and --remote-token cannot be provided with --remote-arg-file")
}
if (len(flagBlessRemoteKey) == 0) != (len(flagBlessRemoteToken) == 0) {
- return "", "", "", "", fmt.Errorf("either both --remote_key and --remote_token should be set, or neither should")
+ return "", "", "", "", fmt.Errorf("either both --remote-key and --remote-token should be set, or neither should")
}
if len(flagRemoteArgFile) == 0 {
@@ -806,32 +806,32 @@
cmdFork.Flags.BoolVar(&flagCreateOverwrite, "overwrite", false, "If true, any existing principal data in the directory will be overwritten")
cmdFork.Flags.Var(&flagForkCaveats, "caveat", flagForkCaveats.usage())
cmdFork.Flags.DurationVar(&flagForkFor, "for", 0, "Duration of blessing validity (zero implies no expiration caveat)")
- cmdFork.Flags.BoolVar(&flagForkRequireCaveats, "require_caveats", true, "If false, allow blessing without any caveats. This is typically not advised as the principal wielding the blessing will be almost as powerful as its blesser")
+ cmdFork.Flags.BoolVar(&flagForkRequireCaveats, "require-caveats", true, "If false, allow blessing without any caveats. This is typically not advised as the principal wielding the blessing will be almost as powerful as its blesser")
cmdFork.Flags.StringVar(&flagForkWith, "with", "", "Path to file containing blessing to extend")
cmdBless.Flags.Var(&flagBlessCaveats, "caveat", flagBlessCaveats.usage())
cmdBless.Flags.DurationVar(&flagBlessFor, "for", 0, "Duration of blessing validity (zero implies no expiration caveat)")
- cmdBless.Flags.BoolVar(&flagBlessRequireCaveats, "require_caveats", true, "If false, allow blessing without any caveats. This is typically not advised as the principal wielding the blessing will be almost as powerful as its blesser")
+ cmdBless.Flags.BoolVar(&flagBlessRequireCaveats, "require-caveats", true, "If false, allow blessing without any caveats. This is typically not advised as the principal wielding the blessing will be almost as powerful as its blesser")
cmdBless.Flags.StringVar(&flagBlessWith, "with", "", "Path to file containing blessing to extend")
- cmdBless.Flags.StringVar(&flagBlessRemoteKey, "remote_key", "", "Public key of the remote principal to bless (obtained from the 'recvblessings' command run by the remote principal")
- cmdBless.Flags.StringVar(&flagBlessRemoteToken, "remote_token", "", "Token provided by principal running the 'recvblessings' command")
- cmdBless.Flags.StringVar(&flagRemoteArgFile, "remote_arg_file", "", "File containing bless arguments written by 'principal recvblessings -remote_arg_file FILE EXTENSION' command. This can be provided to bless in place of --remote_key, --remote_token, and <principal>.")
+ cmdBless.Flags.StringVar(&flagBlessRemoteKey, "remote-key", "", "Public key of the remote principal to bless (obtained from the 'recvblessings' command run by the remote principal")
+ cmdBless.Flags.StringVar(&flagBlessRemoteToken, "remote-token", "", "Token provided by principal running the 'recvblessings' command")
+ cmdBless.Flags.StringVar(&flagRemoteArgFile, "remote-arg-file", "", "File containing bless arguments written by 'principal recvblessings -remote-arg-file FILE EXTENSION' command. This can be provided to bless in place of --remote-key, --remote-token, and <principal>.")
cmdSeekBlessings.Flags.StringVar(&flagSeekBlessingsFrom, "from", "https://dev.v.io/auth/google", "URL to use to begin the seek blessings process")
- cmdSeekBlessings.Flags.BoolVar(&flagSeekBlessingsSetDefault, "set_default", true, "If true, the blessings obtained will be set as the default blessing in the store")
- cmdSeekBlessings.Flags.StringVar(&flagSeekBlessingsForPeer, "for_peer", string(security.AllPrincipals), "If non-empty, the blessings obtained will be marked for peers matching this pattern in the store")
+ cmdSeekBlessings.Flags.BoolVar(&flagSeekBlessingsSetDefault, "set-default", true, "If true, the blessings obtained will be set as the default blessing in the store")
+ cmdSeekBlessings.Flags.StringVar(&flagSeekBlessingsForPeer, "for-peer", string(security.AllPrincipals), "If non-empty, the blessings obtained will be marked for peers matching this pattern in the store")
cmdSeekBlessings.Flags.BoolVar(&flagSeekBlessingsBrowser, "browser", true, "If false, the seekblessings command will not open the browser and only print the url to visit.")
- cmdSeekBlessings.Flags.BoolVar(&flagAddToRoots, "add_to_roots", true, "If true, the root certificate of the blessing will be added to the principal's set of recognized root certificates")
+ cmdSeekBlessings.Flags.BoolVar(&flagAddToRoots, "add-to-roots", true, "If true, the root certificate of the blessing will be added to the principal's set of recognized root certificates")
- cmdSetForPeer.Flags.BoolVar(&flagAddToRoots, "add_to_roots", true, "If true, the root certificate of the blessing will be added to the principal's set of recognized root certificates")
+ cmdSetForPeer.Flags.BoolVar(&flagAddToRoots, "add-to-roots", true, "If true, the root certificate of the blessing will be added to the principal's set of recognized root certificates")
- cmdSetDefault.Flags.BoolVar(&flagAddToRoots, "add_to_roots", true, "If true, the root certificate of the blessing will be added to the principal's set of recognized root certificates")
+ cmdSetDefault.Flags.BoolVar(&flagAddToRoots, "add-to-roots", true, "If true, the root certificate of the blessing will be added to the principal's set of recognized root certificates")
cmdCreate.Flags.BoolVar(&flagCreateOverwrite, "overwrite", false, "If true, any existing principal data in the directory will be overwritten")
- cmdRecvBlessings.Flags.BoolVar(&flagRecvBlessingsSetDefault, "set_default", true, "If true, the blessings received will be set as the default blessing in the store")
- cmdRecvBlessings.Flags.StringVar(&flagRecvBlessingsForPeer, "for_peer", string(security.AllPrincipals), "If non-empty, the blessings received will be marked for peers matching this pattern in the store")
- cmdRecvBlessings.Flags.StringVar(&flagRemoteArgFile, "remote_arg_file", "", "If non-empty, the remote key, remote token, and principal will be written to the specified file in a JSON object. This can be provided to 'principal bless --remote_arg_file FILE EXTENSION'.")
+ cmdRecvBlessings.Flags.BoolVar(&flagRecvBlessingsSetDefault, "set-default", true, "If true, the blessings received will be set as the default blessing in the store")
+ cmdRecvBlessings.Flags.StringVar(&flagRecvBlessingsForPeer, "for-peer", string(security.AllPrincipals), "If non-empty, the blessings received will be marked for peers matching this pattern in the store")
+ cmdRecvBlessings.Flags.StringVar(&flagRemoteArgFile, "remote-arg-file", "", "If non-empty, the remote key, remote token, and principal will be written to the specified file in a JSON object. This can be provided to 'principal bless --remote-arg-file FILE EXTENSION'.")
cmdSet := &cmdline.Command{
Name: "set",
diff --git a/cmd/principal/principal_v23_test.go b/cmd/principal/principal_v23_test.go
index c5381b8..655fec8 100644
--- a/cmd/principal/principal_v23_test.go
+++ b/cmd/principal/principal_v23_test.go
@@ -88,7 +88,7 @@
redirect(t, bin.WithEnv(blessEnv).Start("--v23.credentials="+bobDir, "get", "forpeer", "alice/server"), bobForPeer)
got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", bobForPeer).Output()))
- want := `Blessings : bob#alice/friend
+ want := `Blessings : bob,alice/friend
PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Certificate chains : 2
Chain #0 (1 certificates). Root certificate public key: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
@@ -135,11 +135,11 @@
// For example,
// principal recvblessings
// would typically print something like:
-// principal bless --remote_key=<some_public_key> --remote_token=<some_token> extensionfoo
+// principal bless --remote-key=<some_public_key> --remote-token=<some_token> extensionfoo
// as an example of command line to use to send the blessings over.
//
// In that case, this method would return:
-// { "--remote_key=<some_public_key>", "--remote_token=<some_token>", "extensionfoo"}
+// { "--remote-key=<some_public_key>", "--remote-token=<some_token>", "extensionfoo"}
func blessArgsFromRecvBlessings(inv *v23tests.Invocation) []string {
cmd := inv.ExpectSetEventuallyRE("(^principal bless .*$)")[0][0]
return strings.Split(cmd, " ")[2:]
@@ -165,7 +165,7 @@
var args []string
{
inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings")
- args = append([]string{"bless", "--require_caveats=false"}, blessArgsFromRecvBlessings(inv)...)
+ args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(inv)...)
// Replace the random extension suggested by recvblessings with "friend/carol"
args[len(args)-1] = "friend/carol"
}
@@ -174,29 +174,29 @@
// Run recvblessings on carol, and have alice send blessings over
// (blessings received must be set as shareable with peers matching 'alice/...'.)
{
- inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for_peer=alice", "--set_default=false")
+ inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for-peer=alice", "--set-default=false")
// recvblessings suggests a random extension, find the extension and replace it with friend/carol/foralice.
- args = append([]string{"bless", "--require_caveats=false"}, blessArgsFromRecvBlessings(inv)...)
+ args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(inv)...)
args[len(args)-1] = "friend/carol/foralice"
}
bin.WithEnv(credEnv(aliceDir)).Start(args...).WaitOrDie(os.Stdout, os.Stderr)
- // Run recvblessings on carol with the --remote_arg_file flag, and have bob send blessings over with the --remote_arg_file flag.
+ // Run recvblessings on carol with the --remote-arg-file flag, and have bob send blessings over with the --remote-arg-file flag.
{
- inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for_peer=bob", "--set_default=false", "--remote_arg_file="+bobBlessFile)
+ inv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for-peer=bob", "--set-default=false", "--remote-arg-file="+bobBlessFile)
// recvblessings suggests a random extension, use friend/carol/forbob instead.
- args = append([]string{"bless", "--require_caveats=false"}, blessArgsFromRecvBlessings(inv)...)
+ args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(inv)...)
args[len(args)-1] = "friend/carol/forbob"
}
bin.WithEnv(credEnv(bobDir)).Start(args...).WaitOrDie(os.Stdout, os.Stderr)
- listenerInv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for_peer=alice/...", "--set_default=false", "--vmodule=*=2", "--logtostderr")
+ listenerInv := bin.Start("--v23.credentials="+carolDir, "--v23.tcp.address=127.0.0.1:0", "recvblessings", "--for-peer=alice/...", "--set-default=false", "--vmodule=*=2", "--logtostderr")
- args = append([]string{"bless", "--require_caveats=false"}, blessArgsFromRecvBlessings(listenerInv)...)
+ args = append([]string{"bless", "--require-caveats=false"}, blessArgsFromRecvBlessings(listenerInv)...)
{
- // Mucking around with remote_key should fail.
- cpy := strings.Split(regexp.MustCompile("remote_key=").ReplaceAllString(strings.Join(args, " "), "remote_key=BAD"), " ")
+ // Mucking around with remote-key should fail.
+ cpy := strings.Split(regexp.MustCompile("remote-key=").ReplaceAllString(strings.Join(args, " "), "remote-key=BAD"), " ")
var buf bytes.Buffer
if bin.WithEnv(credEnv(aliceDir)).Start(cpy...).Wait(os.Stdout, &buf) == nil {
t.Fatalf("%v should have failed, but did not", cpy)
@@ -210,7 +210,7 @@
{
var buf bytes.Buffer
// Mucking around with the token should fail.
- cpy := strings.Split(regexp.MustCompile("remote_token=").ReplaceAllString(strings.Join(args, " "), "remote_token=BAD"), " ")
+ cpy := strings.Split(regexp.MustCompile("remote-token=").ReplaceAllString(strings.Join(args, " "), "remote-token=BAD"), " ")
if bin.WithEnv(credEnv(aliceDir)).Start(cpy...).Wait(os.Stdout, &buf) == nil {
t.Fatalf("%v should have failed, but did not", cpy)
}
@@ -412,8 +412,8 @@
} else if got, want := buf.String(), "ERROR: no caveats provided"; !strings.Contains(got, want) {
t.Errorf("fork returned error: %q, expected error to contain %q", got, want)
}
- if err := bin.Start("--v23.credentials", parent, "fork", "--require_caveats=false", child, "child").Wait(os.Stdout, os.Stderr); err != nil {
- t.Errorf("fork --require_caveats=false failed with: %v", err)
+ if err := bin.Start("--v23.credentials", parent, "fork", "--require-caveats=false", child, "child").Wait(os.Stdout, os.Stderr); err != nil {
+ t.Errorf("fork --require-caveats=false failed with: %v", err)
}
}
@@ -442,8 +442,8 @@
}
}
{
- // But succeed if --require_caveats=false is specified
- redirect(t, bin.Start("bless", "--require_caveats=false", bobDir, "friend"), tmpfile)
+ // But succeed if --require-caveats=false is specified
+ redirect(t, bin.Start("bless", "--require-caveats=false", bobDir, "friend"), tmpfile)
got := removeCaveats(removePublicKeys(bin.Start("dumpblessings", tmpfile).Output()))
want := `Blessings : alice/friend
PublicKey : XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
@@ -505,7 +505,7 @@
bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
bin.Start("create", bobDir, "bob").WaitOrDie(os.Stdout, os.Stderr)
// Have bob create a "bob/friend" blessing and have alice recognize that.
- redirect(t, bin.Start("--v23.credentials="+bobDir, "bless", "--require_caveats=false", aliceDir, "friend"), blessingFile)
+ redirect(t, bin.Start("--v23.credentials="+bobDir, "bless", "--require-caveats=false", aliceDir, "friend"), blessingFile)
bin.Start("--v23.credentials="+aliceDir, "addtoroots", blessingFile).WaitOrDie(os.Stdout, os.Stderr)
var (
// blessing roots lines that should match the keys
diff --git a/cmd/servicerunner/main.go b/cmd/servicerunner/main.go
index a04cc1c..3df6a21 100644
--- a/cmd/servicerunner/main.go
+++ b/cmd/servicerunner/main.go
@@ -127,7 +127,7 @@
panicOnError(err)
panicOnError(updateVars(h, vars, "WSPR_ADDR"))
- h, err = sh.Start(identityd.TestIdentitydCommand, nil, "--v23.tcp.protocol=ws", "--v23.tcp.address=127.0.0.1:0", "--v23.proxy=test/proxy", "--httpaddr=localhost:0")
+ h, err = sh.Start(identityd.TestIdentitydCommand, nil, "--v23.tcp.protocol=ws", "--v23.tcp.address=127.0.0.1:0", "--v23.proxy=test/proxy", "--http-addr=localhost:0")
panicOnError(err)
panicOnError(updateVars(h, vars, "TEST_IDENTITYD_NAME", "TEST_IDENTITYD_HTTP_ADDR"))
diff --git a/lib/vdl/codegen/java/file_client_interface.go b/lib/vdl/codegen/java/file_client_interface.go
index c71f60e..db4366f 100644
--- a/lib/vdl/codegen/java/file_client_interface.go
+++ b/lib/vdl/codegen/java/file_client_interface.go
@@ -76,7 +76,11 @@
func processClientInterfaceMethod(iface *compile.Interface, method *compile.Method, env *compile.Env) clientInterfaceMethod {
retArgs := make([]clientInterfaceArg, len(method.OutArgs))
for i := 0; i < len(method.OutArgs); i++ {
- retArgs[i].Name = vdlutil.FirstRuneToLower(method.OutArgs[i].Name)
+ if method.OutArgs[i].Name != "" {
+ retArgs[i].Name = vdlutil.FirstRuneToLower(method.OutArgs[i].Name)
+ } else {
+ retArgs[i].Name = fmt.Sprintf("ret%d", i+1)
+ }
retArgs[i].Type = javaType(method.OutArgs[i].Type, false, env)
}
return clientInterfaceMethod{
diff --git a/lib/vdl/codegen/java/file_client_stub.go b/lib/vdl/codegen/java/file_client_stub.go
index a7275a2..61fd6f9 100644
--- a/lib/vdl/codegen/java/file_client_stub.go
+++ b/lib/vdl/codegen/java/file_client_stub.go
@@ -6,6 +6,7 @@
import (
"bytes"
+ "fmt"
"log"
"path"
@@ -198,7 +199,11 @@
func processClientStubMethod(iface *compile.Interface, method *compile.Method, env *compile.Env) clientStubMethod {
outArgs := make([]clientStubMethodOutArg, len(method.OutArgs))
for i := 0; i < len(method.OutArgs); i++ {
- outArgs[i].FieldName = vdlutil.FirstRuneToLower(method.OutArgs[i].Name)
+ if method.OutArgs[i].Name != "" {
+ outArgs[i].FieldName = vdlutil.FirstRuneToLower(method.OutArgs[i].Name)
+ } else {
+ outArgs[i].FieldName = fmt.Sprintf("ret%d", i+1)
+ }
outArgs[i].Type = javaType(method.OutArgs[i].Type, true, env)
}
return clientStubMethod{
diff --git a/profiles/fake/runtime.go b/profiles/fake/runtime.go
index fce2ad3..ceaa6cc 100644
--- a/profiles/fake/runtime.go
+++ b/profiles/fake/runtime.go
@@ -10,6 +10,7 @@
import (
"v.io/v23"
"v.io/v23/context"
+ "v.io/v23/rpc"
"v.io/v23/security"
vsecurity "v.io/x/ref/security"
@@ -71,3 +72,13 @@
}
return bctx
}
+
+func (*Runtime) SetReservedNameDispatcher(ctx *context.T, d rpc.Dispatcher) *context.T {
+ panic("unimplemented")
+ return nil
+}
+
+func (*Runtime) GetReservedNameDispatcher(ctx *context.T) rpc.Dispatcher {
+ panic("unimplmeneted")
+ return nil
+}
diff --git a/profiles/internal/rpc/default_authorizer.go b/profiles/internal/rpc/default_authorizer.go
deleted file mode 100644
index 01349d2..0000000
--- a/profiles/internal/rpc/default_authorizer.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package rpc
-
-import (
- "v.io/v23/context"
- "v.io/v23/security"
-)
-
-// defaultAuthorizer implements a security.Authorizer with an authorization
-// policy that requires one end of the RPC to have a blessing that makes it a
-// delegate of the other.
-type defaultAuthorizer struct{}
-
-func (defaultAuthorizer) Authorize(ctx *context.T) error {
- var (
- localNames = security.LocalBlessingNames(ctx)
- remoteNames, remoteErr = security.RemoteBlessingNames(ctx)
- )
- // Authorize if any element in localNames is a "delegate of" (i.e., has been
- // blessed by) any element in remoteNames, OR vice-versa.
- for _, l := range localNames {
- if security.BlessingPattern(l).MatchedBy(remoteNames...) {
- // l is a delegate of an element in remote.
- return nil
- }
- }
- for _, r := range remoteNames {
- if security.BlessingPattern(r).MatchedBy(localNames...) {
- // r is a delegate of an element in localNames.
- return nil
- }
- }
-
- return NewErrInvalidBlessings(nil, remoteNames, remoteErr, localNames)
-}
diff --git a/profiles/internal/rpc/default_authorizer_test.go b/profiles/internal/rpc/default_authorizer_test.go
deleted file mode 100644
index 04e7b60..0000000
--- a/profiles/internal/rpc/default_authorizer_test.go
+++ /dev/null
@@ -1,143 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package rpc
-
-import (
- "testing"
-
- "v.io/v23/context"
- "v.io/v23/security"
- "v.io/x/ref/test/testutil"
-)
-
-func TestDefaultAuthorizer(t *testing.T) {
- var (
- pali = testutil.NewPrincipal()
- pbob = testutil.NewPrincipal()
- pche = testutil.NewPrincipal()
- pdis = testutil.NewPrincipal() // third-party caveat discharger
-
- che, _ = pche.BlessSelf("che")
- ali, _ = pali.BlessSelf("ali")
- bob, _ = pbob.BlessSelf("bob")
-
- tpcav = mkThirdPartyCaveat(pdis.PublicKey(), "someLocation", security.UnconstrainedUse())
- dis, _ = pdis.MintDischarge(tpcav, security.UnconstrainedUse())
-
- // bless(ali, bob, "friend") will generate a blessing for ali, calling him "bob/friend".
- bless = func(target, extend security.Blessings, extension string, caveats ...security.Caveat) security.Blessings {
- var p security.Principal
- switch extend.PublicKey() {
- case ali.PublicKey():
- p = pali
- case bob.PublicKey():
- p = pbob
- case che.PublicKey():
- p = pche
- default:
- panic(extend)
- }
- if len(caveats) == 0 {
- caveats = []security.Caveat{security.UnconstrainedUse()}
- }
- ret, err := p.Bless(target.PublicKey(), extend, extension, caveats[0], caveats[1:]...)
- if err != nil {
- panic(err)
- }
- return ret
- }
-
- U = func(blessings ...security.Blessings) security.Blessings {
- u, err := security.UnionOfBlessings(blessings...)
- if err != nil {
- panic(err)
- }
- return u
- }
-
- // Shorthands for getting blessings for Ali and Bob.
- A = func(as security.Blessings, extension string, caveats ...security.Caveat) security.Blessings {
- return bless(ali, as, extension, caveats...)
- }
- B = func(as security.Blessings, extension string, caveats ...security.Caveat) security.Blessings {
- return bless(bob, as, extension, caveats...)
- }
-
- authorizer defaultAuthorizer
- )
- // Make ali, bob (the two ends) recognize all three blessings
- for ip, p := range []security.Principal{pali, pbob} {
- for _, b := range []security.Blessings{ali, bob, che} {
- if err := p.AddToRoots(b); err != nil {
- t.Fatalf("%d: %v - %v", ip, b, err)
- }
- }
- }
- // All tests are run as if "ali" is the local end and "bob" is the remote.
- tests := []struct {
- local, remote security.Blessings
- call *mockCall
- authorized bool
- }{
- {
- local: ali,
- remote: ali,
- call: &mockCall{},
- authorized: true,
- },
- {
- local: ali,
- remote: bob,
- call: &mockCall{},
- authorized: false,
- },
- {
- // ali talking to ali/friend (invalid caveat)
- local: ali,
- remote: B(ali, "friend", tpcav),
- call: &mockCall{},
- authorized: false,
- },
- {
- // ali talking to ali/friend
- local: ali,
- remote: B(ali, "friend", tpcav),
- call: &mockCall{rd: dis},
- authorized: true,
- },
- {
- // bob/friend talking to bob (local blessing has an invalid caveat, but it is not checked)
- local: A(bob, "friend", tpcav),
- remote: bob,
- call: &mockCall{},
- authorized: true,
- },
- {
- // che/friend talking to che/family
- local: A(che, "friend"),
- remote: B(che, "family"),
- call: &mockCall{},
- authorized: false,
- },
- {
- // {ali, bob/friend, che/friend} talking to {bob/friend/spouse, che/family}
- local: U(ali, A(bob, "friend"), A(che, "friend")),
- remote: U(B(bob, "friend/spouse", tpcav), B(che, "family")),
- call: &mockCall{rd: dis},
- authorized: true,
- },
- }
- ctx, shutdown := initForTest()
- defer shutdown()
- for _, test := range tests {
- test.call.p, test.call.l, test.call.r, test.call.c = pali, test.local, test.remote, ctx
- ctx, cancel := context.RootContext()
- defer cancel()
- err := authorizer.Authorize(security.SetCall(ctx, test.call))
- if (err == nil) != test.authorized {
- t.Errorf("call: %v. Got %v", test.call, err)
- }
- }
-}
diff --git a/profiles/internal/rpc/errors.vdl b/profiles/internal/rpc/errors.vdl
index 2b3d5b3..8f24707 100644
--- a/profiles/internal/rpc/errors.vdl
+++ b/profiles/internal/rpc/errors.vdl
@@ -4,13 +4,7 @@
package rpc
-import "v.io/v23/security"
-
error (
- InvalidBlessings(remote []string, remoteErr []security.RejectedBlessing, local []string) {
- "en":"All valid blessings for this request: {remote} (rejected {remoteErr}) are disallowed by the policy {local})",
- }
-
// Internal errors.
badRequest(err error) {
"en": "failed to decode request: {err}",
diff --git a/profiles/internal/rpc/errors.vdl.go b/profiles/internal/rpc/errors.vdl.go
index 52ab2e4..83c528e 100644
--- a/profiles/internal/rpc/errors.vdl.go
+++ b/profiles/internal/rpc/errors.vdl.go
@@ -12,13 +12,9 @@
"v.io/v23/context"
"v.io/v23/i18n"
"v.io/v23/verror"
-
- // VDL user imports
- "v.io/v23/security"
)
var (
- ErrInvalidBlessings = verror.Register("v.io/x/ref/profiles/internal/rpc.InvalidBlessings", verror.NoRetry, "{1:}{2:} All valid blessings for this request: {3} (rejected {4}) are disallowed by the policy {5})")
// Internal errors.
errBadRequest = verror.Register("v.io/x/ref/profiles/internal/rpc.badRequest", verror.NoRetry, "{1:}{2:} failed to decode request: {3}")
errBadNumInputArgs = verror.Register("v.io/x/ref/profiles/internal/rpc.badNumInputArgs", verror.NoRetry, "{1:}{2:} wrong number of input arguments for {3}.{4} (called with {5} args, want {6})")
@@ -30,7 +26,6 @@
)
func init() {
- i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrInvalidBlessings.ID), "{1:}{2:} All valid blessings for this request: {3} (rejected {4}) are disallowed by the policy {5})")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(errBadRequest.ID), "{1:}{2:} failed to decode request: {3}")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(errBadNumInputArgs.ID), "{1:}{2:} wrong number of input arguments for {3}.{4} (called with {5} args, want {6})")
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(errBadInputArg.ID), "{1:}{2:} failed to decode request {3}.{4} arg #{5}: {6}")
@@ -40,11 +35,6 @@
i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(errBadAuth.ID), "{1:}{2:} not authorized to call {3}.{4}: {5}")
}
-// NewErrInvalidBlessings returns an error with the ErrInvalidBlessings ID.
-func NewErrInvalidBlessings(ctx *context.T, remote []string, remoteErr []security.RejectedBlessing, local []string) error {
- return verror.New(ErrInvalidBlessings, ctx, remote, remoteErr, local)
-}
-
// newErrBadRequest returns an error with the errBadRequest ID.
func newErrBadRequest(ctx *context.T, err error) error {
return verror.New(errBadRequest, ctx, err)
diff --git a/profiles/internal/rpc/server.go b/profiles/internal/rpc/server.go
index 8ed14e8..34e2eab 100644
--- a/profiles/internal/rpc/server.go
+++ b/profiles/internal/rpc/server.go
@@ -1245,7 +1245,7 @@
return nil
}
if auth == nil {
- auth = defaultAuthorizer{}
+ auth = security.DefaultAuthorizer()
}
if err := auth.Authorize(ctx); err != nil {
// TODO(ataly, ashankar): For privacy reasons, should we hide the authorizer error?
diff --git a/profiles/internal/rpc/server_authorizer.go b/profiles/internal/rpc/server_authorizer.go
index 535b8cf..3166d1b 100644
--- a/profiles/internal/rpc/server_authorizer.go
+++ b/profiles/internal/rpc/server_authorizer.go
@@ -94,7 +94,7 @@
// No blessings in the endpoint to set expectations on the
// "identity" of the server. Use the default authorization
// policy.
- if err := (defaultAuthorizer{}).Authorize(ctx); err != nil {
+ if err := security.DefaultAuthorizer().Authorize(ctx); err != nil {
return err
}
}
diff --git a/profiles/internal/rt/runtime.go b/profiles/internal/rt/runtime.go
index beaf61b..3569097 100644
--- a/profiles/internal/rt/runtime.go
+++ b/profiles/internal/rt/runtime.go
@@ -455,3 +455,19 @@
}
return bctx
}
+
+func (*Runtime) SetReservedNameDispatcher(ctx *context.T, d rpc.Dispatcher) *context.T {
+ rnd := &reservedNameDispatcher{dispatcher: d}
+ if oldRnd, ok := ctx.Value(reservedNameKey).(*reservedNameDispatcher); ok {
+ rnd.opts = oldRnd.opts
+ }
+ newctx := context.WithValue(ctx, reservedNameKey, rnd)
+ return newctx
+}
+
+func (*Runtime) GetReservedNameDispatcher(ctx *context.T) rpc.Dispatcher {
+ if d, ok := ctx.Value(reservedNameKey).(*reservedNameDispatcher); ok {
+ return d.dispatcher
+ }
+ return nil
+}
diff --git a/profiles/internal/rt/runtime_test.go b/profiles/internal/rt/runtime_test.go
index ebc5ed4..fd07d04 100644
--- a/profiles/internal/rt/runtime_test.go
+++ b/profiles/internal/rt/runtime_test.go
@@ -10,9 +10,11 @@
"v.io/v23"
"v.io/v23/context"
"v.io/v23/naming"
+ "v.io/x/lib/vlog"
"v.io/x/ref/lib/flags"
"v.io/x/ref/profiles/internal/rt"
+ "v.io/x/ref/services/mgmt/debug"
"v.io/x/ref/test/testutil"
)
@@ -130,3 +132,19 @@
t.Error("Calling GetBackgroundContext a second time should return the same context.")
}
}
+
+func TestReservedNameDispatcher(t *testing.T) {
+ r, ctx, shutdown := InitForTest(t)
+ defer shutdown()
+
+ oldDebugDisp := r.GetReservedNameDispatcher(ctx)
+ newDebugDisp := debug.NewDispatcher(vlog.Log.LogDir, nil)
+
+ nctx := r.SetReservedNameDispatcher(ctx, newDebugDisp)
+ debugDisp := r.GetReservedNameDispatcher(nctx)
+
+ if debugDisp != newDebugDisp || debugDisp == oldDebugDisp {
+ t.Error("SetNewDebugDispatcher didn't update the context properly")
+ }
+
+}
diff --git a/services/identity/identityd/identityd_v23_test.go b/services/identity/identityd/identityd_v23_test.go
index 923d72a..36e9b28 100644
--- a/services/identity/identityd/identityd_v23_test.go
+++ b/services/identity/identityd/identityd_v23_test.go
@@ -20,11 +20,11 @@
const urlRE = "^(https://.*)$"
-func seekBlessings(i *v23tests.T, principal *v23tests.Binary, httpaddr string) {
+func seekBlessings(i *v23tests.T, principal *v23tests.Binary, httpAddr string) {
args := []string{
"seekblessings",
"--browser=false",
- fmt.Sprintf("--from=%s/auth/google", httpaddr),
+ fmt.Sprintf("--from=%s/auth/google", httpAddr),
"-v=3",
}
inv := principal.Start(args...)
@@ -75,19 +75,19 @@
i.Fatal(err)
}
identityd = identityd.WithStartOpts(identityd.StartOpts().WithCustomCredentials(creds))
- httpaddr := identityd.Start(
+ httpAddr := identityd.Start(
"-v23.tcp.address=127.0.0.1:0",
- "-httpaddr=127.0.0.1:0").ExpectVar("HTTP_ADDR")
+ "-http-addr=127.0.0.1:0").ExpectVar("HTTP_ADDR")
// Use the principal tool to seekblessings.
// This tool will not run with any credentials: Its whole purpose is to "seek" them!
principal := i.BuildGoPkg("v.io/x/ref/cmd/principal")
// Test an initial seekblessings call.
- seekBlessings(i, principal, httpaddr)
+ seekBlessings(i, principal, httpAddr)
// Test that a subsequent call succeeds with the same
// credentials. This means that the blessings and principal from the
// first call works correctly.
// TODO(ashankar): Does anyone recall what was the intent here? Running
// the tool twice doesn't seem to help?
- seekBlessings(i, principal, httpaddr)
+ seekBlessings(i, principal, httpAddr)
}
diff --git a/services/identity/identityd/main.go b/services/identity/identityd/main.go
index 5f14b6d..5b9f07c 100644
--- a/services/identity/identityd/main.go
+++ b/services/identity/identityd/main.go
@@ -29,21 +29,21 @@
var (
// Configuration for various Google OAuth-based clients.
- googleConfigWeb = flag.String("google_config_web", "", "Path to JSON-encoded OAuth client configuration for the web application that renders the audit log for blessings provided by this provider.")
- googleConfigChrome = flag.String("google_config_chrome", "", "Path to the JSON-encoded OAuth client configuration for Chrome browser applications that obtain blessings from this server (via the OAuthBlesser.BlessUsingAccessToken RPC) from this server.")
- googleConfigAndroid = flag.String("google_config_android", "", "Path to the JSON-encoded OAuth client configuration for Android applications that obtain blessings from this server (via the OAuthBlesser.BlessUsingAccessToken RPC) from this server.")
+ googleConfigWeb = flag.String("google-config-web", "", "Path to JSON-encoded OAuth client configuration for the web application that renders the audit log for blessings provided by this provider.")
+ googleConfigChrome = flag.String("google-config-chrome", "", "Path to the JSON-encoded OAuth client configuration for Chrome browser applications that obtain blessings from this server (via the OAuthBlesser.BlessUsingAccessToken RPC) from this server.")
+ googleConfigAndroid = flag.String("google-config-android", "", "Path to the JSON-encoded OAuth client configuration for Android applications that obtain blessings from this server (via the OAuthBlesser.BlessUsingAccessToken RPC) from this server.")
emailClassifier util.EmailClassifier
// Flags controlling the HTTP server
- externalHttpAddr = flag.String("externalhttpaddr", "", "External address on which the HTTP server listens on. If none is provided the server will only listen on -httpaddr.")
- httpaddr = flag.String("httpaddr", "localhost:8125", "Address on which the HTTP server listens on.")
- tlsconfig = flag.String("tlsconfig", "", "Comma-separated list of TLS certificate and private key files, in that order. This must be provided.")
- assetsprefix = flag.String("assetsprefix", "", "host serving the web assets for the identity server")
- mountPrefix = flag.String("mountprefix", "identity", "mount name prefix to use. May be rooted.")
+ externalHttpAddr = flag.String("external-http-addr", "", "External address on which the HTTP server listens on. If none is provided the server will only listen on -http-addr.")
+ httpAddr = flag.String("http-addr", "localhost:8125", "Address on which the HTTP server listens on.")
+ tlsConfig = flag.String("tls-config", "", "Comma-separated list of TLS certificate and private key files, in that order. This must be provided.")
+ assetsPrefix = flag.String("assets-prefix", "", "host serving the web assets for the identity server")
+ mountPrefix = flag.String("mount-prefix", "identity", "mount name prefix to use. May be rooted.")
)
func main() {
- flag.Var(&emailClassifier, "email_classifier", "A comma-separated list of <domain>=<prefix> pairs. For example 'google.com=internal,v.io=trusted'. When specified, then the blessings generated for email address of <domain> will use the extension <prefix>/<email> instead of the default extension of users/<email>.")
+ flag.Var(&emailClassifier, "email-classifier", "A comma-separated list of <domain>=<prefix> pairs. For example 'google.com=internal,v.io=trusted'. When specified, then the blessings generated for email address of <domain> will use the extension <prefix>/<email> instead of the default extension of users/<email>.")
flag.Usage = usage
ctx, shutdown := v23.Init()
defer shutdown()
@@ -78,11 +78,11 @@
reader,
revocationManager,
googleOAuthBlesserParams(googleoauth, revocationManager),
- caveats.NewBrowserCaveatSelector(*assetsprefix),
+ caveats.NewBrowserCaveatSelector(*assetsPrefix),
&emailClassifier,
- *assetsprefix,
+ *assetsPrefix,
*mountPrefix)
- s.Serve(ctx, &listenSpec, *externalHttpAddr, *httpaddr, *tlsconfig)
+ s.Serve(ctx, &listenSpec, *externalHttpAddr, *httpAddr, *tlsConfig)
}
func usage() {
@@ -91,7 +91,7 @@
To generate TLS certificates so the HTTP server can use SSL:
go run $(go list -f {{.Dir}} "crypto/tls")/generate_cert.go --host <IP address>
-To use Google as an OAuth provider the --google_config_* flags must be set to point to
+To use Google as an OAuth provider the --google-config-* flags must be set to point to
the a JSON file obtained after registering the application with the Google Developer Console
at https://cloud.google.com/console
diff --git a/services/identity/identityd/sql.go b/services/identity/identityd/sql.go
index f99879c..b01e47a 100644
--- a/services/identity/identityd/sql.go
+++ b/services/identity/identityd/sql.go
@@ -17,7 +17,7 @@
)
// Flag controlling auditing and revocation of Blessing operations.
-var sqlConf = flag.String("sqlconfig", "", `Path to file containing a json object of the following form:
+var sqlConf = flag.String("sql-config", "", `Path to file containing a json object of the following form:
{
"dataSourceName": "[username[:password]@][protocol[(address)]]/dbname", (the connection string required by go-sql-driver)
"tlsServerName": "serverName", (the domain name of the sql server for ssl)
diff --git a/services/identity/identityd_test/main.go b/services/identity/identityd_test/main.go
index 0e58ec9..9fc860d 100644
--- a/services/identity/identityd_test/main.go
+++ b/services/identity/identityd_test/main.go
@@ -27,11 +27,11 @@
var (
// Flags controlling the HTTP server
- externalHttpAddr = flag.String("externalhttpaddr", "", "External address on which the HTTP server listens on. If none is provided the server will only listen on -httpaddr.")
- httpAddr = flag.String("httpaddr", "localhost:0", "Address on which the HTTP server listens on.")
- tlsconfig = flag.String("tlsconfig", "", "Comma-separated list of TLS certificate and private key files, in that order. This must be provided.")
- assetsprefix = flag.String("assetsprefix", "", "host serving the web assets for the identity server")
- mountPrefix = flag.String("mountprefix", "identity", "mount name prefix to use. May be rooted.")
+ externalHttpAddr = flag.String("external-http-addr", "", "External address on which the HTTP server listens on. If none is provided the server will only listen on -http-addr.")
+ httpAddr = flag.String("http-addr", "localhost:0", "Address on which the HTTP server listens on.")
+ tlsConfig = flag.String("tls-config", "", "Comma-separated list of TLS certificate and private key files, in that order. This must be provided.")
+ assetsPrefix = flag.String("assets-prefix", "", "host serving the web assets for the identity server")
+ mountPrefix = flag.String("mount-prefix", "identity", "mount name prefix to use. May be rooted.")
)
func main() {
@@ -41,8 +41,8 @@
// Duration to use for tls cert and blessing duration.
duration := 365 * 24 * time.Hour
- // If no tlsconfig has been provided, write and use our own.
- if flag.Lookup("tlsconfig").Value.String() == "" {
+ // If no tlsConfig has been provided, write and use our own.
+ if flag.Lookup("tls-config").Value.String() == "" {
addr := *externalHttpAddr
if *externalHttpAddr == "" {
addr = *httpAddr
@@ -55,7 +55,7 @@
if err != nil {
vlog.Fatal(err)
}
- if err := flag.Set("tlsconfig", certFile+","+keyFile); err != nil {
+ if err := flag.Set("tls-config", certFile+","+keyFile); err != nil {
vlog.Fatal(err)
}
}
@@ -82,9 +82,9 @@
params,
caveats.NewMockCaveatSelector(),
nil,
- *assetsprefix,
+ *assetsPrefix,
*mountPrefix)
- s.Serve(ctx, &listenSpec, *externalHttpAddr, *httpAddr, *tlsconfig)
+ s.Serve(ctx, &listenSpec, *externalHttpAddr, *httpAddr, *tlsConfig)
}
func usage() {
diff --git a/services/identity/internal/server/identityd.go b/services/identity/internal/server/identityd.go
index 1a8c130..089a765 100644
--- a/services/identity/internal/server/identityd.go
+++ b/services/identity/internal/server/identityd.go
@@ -108,21 +108,21 @@
return 0, nil
}
-func (s *IdentityServer) Serve(ctx *context.T, listenSpec *rpc.ListenSpec, externalHttpAddr, httpaddr, tlsconfig string) {
+func (s *IdentityServer) Serve(ctx *context.T, listenSpec *rpc.ListenSpec, externalHttpAddr, httpAddr, tlsConfig string) {
ctx, err := v23.SetPrincipal(ctx, audit.NewPrincipal(
v23.GetPrincipal(ctx), s.auditor))
if err != nil {
vlog.Panic(err)
}
- httphost, httpport, err := net.SplitHostPort(httpaddr)
+ httphost, httpport, err := net.SplitHostPort(httpAddr)
if err != nil || httpport == "0" {
httpportNum, err := findUnusedPort()
if err != nil {
vlog.Panic(err)
}
- httpaddr = net.JoinHostPort(httphost, strconv.Itoa(httpportNum))
+ httpAddr = net.JoinHostPort(httphost, strconv.Itoa(httpportNum))
}
- rpcServer, _, externalAddr := s.Listen(ctx, listenSpec, externalHttpAddr, httpaddr, tlsconfig)
+ rpcServer, _, externalAddr := s.Listen(ctx, listenSpec, externalHttpAddr, httpAddr, tlsConfig)
fmt.Printf("HTTP_ADDR=%s\n", externalAddr)
if len(s.rootedObjectAddrs) > 0 {
fmt.Printf("NAME=%s\n", s.rootedObjectAddrs[0].Name())
@@ -133,7 +133,7 @@
}
}
-func (s *IdentityServer) Listen(ctx *context.T, listenSpec *rpc.ListenSpec, externalHttpAddr, httpaddr, tlsconfig string) (rpc.Server, []string, string) {
+func (s *IdentityServer) Listen(ctx *context.T, listenSpec *rpc.ListenSpec, externalHttpAddr, httpAddr, tlsConfig string) (rpc.Server, []string, string) {
// Setup handlers
// json-encoded public key and blessing names of this server
@@ -150,7 +150,7 @@
vlog.Fatalf("Failed to setup vanadium services for blessing: %v", err)
}
- externalHttpAddr = httpaddress(externalHttpAddr, httpaddr)
+ externalHttpAddr = httpAddress(externalHttpAddr, httpAddr)
n := "/auth/google/"
h, err := oauth.NewHandler(oauth.HandlerArgs{
@@ -196,7 +196,7 @@
}
})
vlog.Infof("Running HTTP server at: %v", externalHttpAddr)
- go runHTTPSServer(httpaddr, tlsconfig)
+ go runHTTPSServer(httpAddr, tlsConfig)
return rpcServer, published, externalHttpAddr
}
@@ -272,13 +272,13 @@
return inputParams
}
-func runHTTPSServer(addr, tlsconfig string) {
- if len(tlsconfig) == 0 {
- vlog.Fatal("Please set the --tlsconfig flag")
+func runHTTPSServer(addr, tlsConfig string) {
+ if len(tlsConfig) == 0 {
+ vlog.Fatal("Please set the --tls-config flag")
}
- paths := strings.Split(tlsconfig, ",")
+ paths := strings.Split(tlsConfig, ",")
if len(paths) != 2 {
- vlog.Fatalf("Could not parse --tlsconfig. Must have exactly two components, separated by a comma")
+ vlog.Fatalf("Could not parse --tls-config. Must have exactly two components, separated by a comma")
}
vlog.Infof("Starting HTTP server with TLS using certificate [%s] and private key [%s] at https://%s", paths[0], paths[1], addr)
if err := http.ListenAndServeTLS(addr, paths[0], paths[1], nil); err != nil {
@@ -286,10 +286,10 @@
}
}
-func httpaddress(externalHttpAddr, httpaddr string) string {
+func httpAddress(externalHttpAddr, httpAddr string) string {
// If an externalHttpAddr is provided use that.
if externalHttpAddr != "" {
- httpaddr = externalHttpAddr
+ httpAddr = externalHttpAddr
}
- return fmt.Sprintf("https://%v", httpaddr)
+ return fmt.Sprintf("https://%v", httpAddr)
}
diff --git a/services/identity/internal/templates/caveats.go b/services/identity/internal/templates/caveats.go
index 206a87e..466cf7e 100644
--- a/services/identity/internal/templates/caveats.go
+++ b/services/identity/internal/templates/caveats.go
@@ -140,6 +140,11 @@
</div>
</div>
<br/>
+ <div>
+ The blessing name will be visible to any peers that this blessing is shared
+with. Thus, if your email address is in the blessing name, it will be visible
+to peers you share the blessing with.
+ </div>
<div class="grid">
<button class="cell button-passive" type="submit">Bless</button>
<button class="cell button-passive" id="cancel">Cancel</button>
diff --git a/services/identity/modules/test_identityd.go b/services/identity/modules/test_identityd.go
index d8309b1..724445a 100644
--- a/services/identity/modules/test_identityd.go
+++ b/services/identity/modules/test_identityd.go
@@ -25,9 +25,9 @@
)
var (
- externalHttpAddr = flag.String("externalhttpaddr", "", "External address on which the HTTP server listens on. If none is provided the server will only listen on -httpaddr.")
- httpAddr = flag.CommandLine.String("httpaddr", "localhost:0", "Address on which the HTTP server listens on.")
- tlsconfig = flag.CommandLine.String("tlsconfig", "", "Comma-separated list of TLS certificate and private key files. This must be provided.")
+ externalHttpAddr = flag.String("external-http-addr", "", "External address on which the HTTP server listens on. If none is provided the server will only listen on -http-addr.")
+ httpAddr = flag.CommandLine.String("http-addr", "localhost:0", "Address on which the HTTP server listens on.")
+ tlsConfig = flag.CommandLine.String("tls-config", "", "Comma-separated list of TLS certificate and private key files. This must be provided.")
)
const (
@@ -45,8 +45,8 @@
ctx, shutdown := v23.Init()
defer shutdown()
- // If no tlsconfig has been provided, generate new cert and key and use them.
- if flag.CommandLine.Lookup("tlsconfig").Value.String() == "" {
+ // If no tls-config has been provided, generate new cert and key and use them.
+ if flag.CommandLine.Lookup("tls-config").Value.String() == "" {
addr := *externalHttpAddr
if *externalHttpAddr == "" {
addr = *httpAddr
@@ -59,19 +59,19 @@
if err != nil {
return fmt.Errorf("Could not write cert and key: %v", err)
}
- if err := flag.CommandLine.Set("tlsconfig", certFile+","+keyFile); err != nil {
- return fmt.Errorf("Could not set tlsconfig: %v", err)
+ if err := flag.CommandLine.Set("tls-config", certFile+","+keyFile); err != nil {
+ return fmt.Errorf("Could not set tls-config: %v", err)
}
}
- // Pick a free port if httpaddr flag is not set.
+ // Pick a free port if http-addr flag is not set.
// We can't use :0 here, because the identity server calls
// http.ListenAndServeTLS, which blocks, leaving us with no way to tell
// what port the server is running on. Hence, we must pass in an
// actual port so we know where the server is running.
- if flag.CommandLine.Lookup("httpaddr").Value.String() == flag.CommandLine.Lookup("httpaddr").DefValue {
- if err := flag.CommandLine.Set("httpaddr", "localhost:"+freePort()); err != nil {
- return fmt.Errorf("Could not set httpaddr: %v", err)
+ if flag.CommandLine.Lookup("http-addr").Value.String() == flag.CommandLine.Lookup("http-addr").DefValue {
+ if err := flag.CommandLine.Set("http-addr", "localhost:"+freePort()); err != nil {
+ return fmt.Errorf("Could not set http-addr: %v", err)
}
}
@@ -98,7 +98,7 @@
l := v23.GetListenSpec(ctx)
- _, eps, externalHttpAddress := s.Listen(ctx, &l, *externalHttpAddr, *httpAddr, *tlsconfig)
+ _, eps, externalHttpAddress := s.Listen(ctx, &l, *externalHttpAddr, *httpAddr, *tlsConfig)
fmt.Fprintf(stdout, "TEST_IDENTITYD_NAME=%s\n", eps[0])
fmt.Fprintf(stdout, "TEST_IDENTITYD_HTTP_ADDR=%s\n", externalHttpAddress)
diff --git a/services/mgmt/lib/acls/hierarchical_authorizer.go b/services/mgmt/lib/acls/hierarchical_authorizer.go
index 2f4c662..aac66d3 100644
--- a/services/mgmt/lib/acls/hierarchical_authorizer.go
+++ b/services/mgmt/lib/acls/hierarchical_authorizer.go
@@ -55,7 +55,7 @@
return err
} else if intentionallyEmpty {
vlog.VI(2).Infof("TAMForPath(%s) is intentionally empty", ha.rootDir)
- return defaultAuthorizer(ctx)
+ return security.DefaultAuthorizer().Authorize(ctx)
}
// We are at the root so exit early.
@@ -103,30 +103,3 @@
return err
}
-
-// defaultAuthorizer implements an authorization policy that requires one end
-// of the RPC to have a blessing that makes it a delegate of the other.
-// TODO(rjkroege): Remove this and the above when the defaultAuthorizer becomes
-// public.
-func defaultAuthorizer(ctx *context.T) error {
- var (
- localNames = security.LocalBlessingNames(ctx)
- remoteNames, remoteErr = security.RemoteBlessingNames(ctx)
- )
- // Authorize if any element in localNames is a "delegate of" (i.e., has been
- // blessed by) any element in remoteNames, OR vice-versa.
- for _, l := range localNames {
- if security.BlessingPattern(l).MatchedBy(remoteNames...) {
- // l is a delegate of an element in remote.
- return nil
- }
- }
- for _, r := range remoteNames {
- if security.BlessingPattern(r).MatchedBy(localNames...) {
- // r is a delegate of an element in localNames.
- return nil
- }
- }
-
- return access.NewErrNoPermissions(ctx, remoteNames, remoteErr, "by policy")
-}
diff --git a/services/mounttable/lib/mounttable.go b/services/mounttable/lib/mounttable.go
index e9af895..f4e059f 100644
--- a/services/mounttable/lib/mounttable.go
+++ b/services/mounttable/lib/mounttable.go
@@ -6,7 +6,6 @@
import (
"encoding/json"
- "fmt"
"os"
"reflect"
"strings"
@@ -26,17 +25,27 @@
"v.io/x/lib/vlog"
)
+const pkgPath = "v.io/x/ref/services/mounttable/lib"
+
var (
- errNamingLoop = verror.Register("v.io/x/ref/services/mountable/lib", verror.NoRetry, "Loop in namespace")
- traverseTags = []mounttable.Tag{mounttable.Read, mounttable.Resolve, mounttable.Create, mounttable.Admin}
- createTags = []mounttable.Tag{mounttable.Create, mounttable.Admin}
- removeTags = []mounttable.Tag{mounttable.Admin}
- mountTags = []mounttable.Tag{mounttable.Mount, mounttable.Admin}
- resolveTags = []mounttable.Tag{mounttable.Read, mounttable.Resolve, mounttable.Admin}
- globTags = []mounttable.Tag{mounttable.Read, mounttable.Admin}
- setTags = []mounttable.Tag{mounttable.Admin}
- getTags = []mounttable.Tag{mounttable.Admin, mounttable.Read}
- allTags = []mounttable.Tag{mounttable.Read, mounttable.Resolve, mounttable.Admin, mounttable.Mount, mounttable.Create}
+ errMalformedAddress = verror.Register(pkgPath+".errMalformedAddress", verror.NoRetry, "{1:}{2:} malformed address {3} for mounted server {4}{:_}")
+ errMTDoesntMatch = verror.Register(pkgPath+".errMTDoesntMatch", verror.NoRetry, "{1:}{2:} MT doesn't match{:_}")
+ errLeafDoesntMatch = verror.Register(pkgPath+".errLeafDoesntMatch", verror.NoRetry, "{1:}{2:} Leaf doesn't match{:_}")
+ errCantDeleteRoot = verror.Register(pkgPath+".errCantDeleteRoot", verror.NoRetry, "{1:}{2:} cannot delete root node{:_}")
+ errNotEmpty = verror.Register(pkgPath+".errNotEmpty", verror.NoRetry, "{1:}{2:} cannot delete {3}: has children{:_}")
+ errNamingLoop = verror.Register(pkgPath+".errNamingLoop", verror.NoRetry, "{1:}{2:} Loop in namespace{:_}")
+)
+
+var (
+ traverseTags = []mounttable.Tag{mounttable.Read, mounttable.Resolve, mounttable.Create, mounttable.Admin}
+ createTags = []mounttable.Tag{mounttable.Create, mounttable.Admin}
+ removeTags = []mounttable.Tag{mounttable.Admin}
+ mountTags = []mounttable.Tag{mounttable.Mount, mounttable.Admin}
+ resolveTags = []mounttable.Tag{mounttable.Read, mounttable.Resolve, mounttable.Admin}
+ globTags = []mounttable.Tag{mounttable.Read, mounttable.Admin}
+ setTags = []mounttable.Tag{mounttable.Admin}
+ getTags = []mounttable.Tag{mounttable.Admin, mounttable.Read}
+ allTags = []mounttable.Tag{mounttable.Read, mounttable.Resolve, mounttable.Admin, mounttable.Mount, mounttable.Create}
)
// mountTable represents a namespace. One exists per server instance.
@@ -439,7 +448,7 @@
}
_, err := v23.NewEndpoint(epString)
if err != nil {
- return fmt.Errorf("malformed address %q for mounted server %q", epString, server)
+ return verror.New(errMalformedAddress, call.Context(), epString, server)
}
// Find/create node in namespace and add the mount.
@@ -462,10 +471,10 @@
n.mount = &mount{servers: newServerList(), mt: wantMT, leaf: wantLeaf}
} else {
if wantMT != n.mount.mt {
- return fmt.Errorf("MT doesn't match")
+ return verror.New(errMTDoesntMatch, call.Context())
}
if wantLeaf != n.mount.leaf {
- return fmt.Errorf("Leaf doesn't match")
+ return verror.New(errLeafDoesntMatch, call.Context())
}
}
n.mount.servers.add(server, time.Duration(ttlsecs)*time.Second)
@@ -555,7 +564,7 @@
vlog.VI(2).Infof("*********************Delete %q, %v", ms.name, deleteSubTree)
if len(ms.elems) == 0 {
// We can't delete the root.
- return fmt.Errorf("cannot delete root node")
+ return verror.New(errCantDeleteRoot, call.Context())
}
mt := ms.mt
// Find and lock the parent node.
@@ -569,7 +578,7 @@
defer n.parent.Unlock()
defer n.Unlock()
if !deleteSubTree && len(n.children) > 0 {
- return fmt.Errorf("cannot delete %s: has children", ms.name)
+ return verror.New(errNotEmpty, call.Context(), ms.name)
}
delete(n.parent.children, ms.elems[len(ms.elems)-1])
return nil
diff --git a/services/mounttable/lib/neighborhood.go b/services/mounttable/lib/neighborhood.go
index 034867e..a757414 100644
--- a/services/mounttable/lib/neighborhood.go
+++ b/services/mounttable/lib/neighborhood.go
@@ -5,7 +5,6 @@
package mounttable
import (
- "errors"
"net"
"strconv"
"strings"
@@ -28,6 +27,15 @@
mdns "github.com/presotto/go-mdns-sd"
)
+var (
+ errNoUsefulAddresses = verror.Register(pkgPath+".errNoUsefulAddresses", verror.NoRetry, "{1:}{2:} neighborhood passed no useful addresses{:_}")
+ errCantFindPort = verror.Register(pkgPath+".errCantFindPort", verror.NoRetry, "{1:}{2:} neighborhood couldn't determine a port to use{:_}")
+ errDoesntImplementMount = verror.Register(pkgPath+".errDoesntImplementMount", verror.NoRetry, "{1:}{2:} this server does not implement Mount{:_}")
+ errDoesntImplementUnmount = verror.Register(pkgPath+".errDoesntImplementUnmount", verror.NoRetry, "{1:}{2:} this server does not implement Unmount{:_}")
+ errDoesntImplementDelete = verror.Register(pkgPath+".errDoesntImplementDelete", verror.NoRetry, "{1:}{2:} this server does not implement Delete{:_}")
+ errDoesntImplementSetPermissions = verror.Register(pkgPath+".errDoesntImplementSetPermissions", verror.NoRetry, "{1:}{2:} this server does not implement SetPermissions{:_}")
+)
+
const addressPrefix = "address:"
// neighborhood defines a set of machines on the same multicast media.
@@ -83,10 +91,10 @@
}
}
if txt == nil {
- return nil, errors.New("neighborhood passed no useful addresses")
+ return nil, verror.New(errNoUsefulAddresses, nil)
}
if port == 0 {
- return nil, errors.New("neighborhood couldn't determine a port to use")
+ return nil, verror.New(errCantFindPort, nil)
}
// Start up MDNS, subscribe to the vanadium service, and add us as a vanadium service provider.
@@ -231,18 +239,18 @@
}
// Mount not implemented.
-func (ns *neighborhoodService) Mount(_ rpc.ServerCall, _ string, _ uint32, _ naming.MountFlag) error {
- return errors.New("this server does not implement Mount")
+func (ns *neighborhoodService) Mount(call rpc.ServerCall, _ string, _ uint32, _ naming.MountFlag) error {
+ return verror.New(errDoesntImplementMount, call.Context())
}
// Unmount not implemented.
-func (*neighborhoodService) Unmount(_ rpc.ServerCall, _ string) error {
- return errors.New("this server does not implement Unmount")
+func (*neighborhoodService) Unmount(call rpc.ServerCall, _ string) error {
+ return verror.New(errDoesntImplementUnmount, call.Context())
}
// Delete not implemented.
-func (*neighborhoodService) Delete(_ rpc.ServerCall, _ bool) error {
- return errors.New("this server does not implement Delete")
+func (*neighborhoodService) Delete(call rpc.ServerCall, _ bool) error {
+ return verror.New(errDoesntImplementDelete, call.Context())
}
// Glob__ implements rpc.AllGlobber
@@ -283,7 +291,7 @@
}
func (*neighborhoodService) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
- return errors.New("this server does not implement SetPermissions")
+ return verror.New(errDoesntImplementSetPermissions, call.Context())
}
func (*neighborhoodService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
diff --git a/services/security/roled/main.go b/services/security/roled/main.go
index 997358b..38a3a61 100644
--- a/services/security/roled/main.go
+++ b/services/security/roled/main.go
@@ -18,7 +18,7 @@
)
var (
- configDir = flag.String("config_dir", "", "The directory where the role configuration files are stored.")
+ configDir = flag.String("config-dir", "", "The directory where the role configuration files are stored.")
name = flag.String("name", "", "The name to publish for this service.")
)
@@ -27,7 +27,7 @@
defer shutdown()
if len(*configDir) == 0 {
- fmt.Fprintf(os.Stderr, "--config_dir must be specified\n")
+ fmt.Fprintf(os.Stderr, "--config-dir must be specified\n")
os.Exit(1)
}
if len(*name) == 0 {
