commit 19431a72ad72edbb62065d65d02072b033c8e0f2
author Bogdan Caprita <caprita@google.com> Mon Jun 06 17:11:44 2016 -0700
committer Bogdan Caprita <caprita@google.com> Mon Jun 06 17:11:44 2016 -0700
tree b2bb42cd1e80e6f43c3a92a38c7b9677d730f332
parent e4755c7fd32d9dff4cd4e73d2854a8835887e7ad

TBR: syncbased: when creating initial db, add the blessing in the db id to the acl

Change-Id: I6189ae031ac23d394e396575b870e1635d05fef7

services/syncbase/server/service.go

diff --git a/services/syncbase/server/service.go b/services/syncbase/server/service.go
index 4f7328a..b25d1bd 100644
--- a/services/syncbase/server/service.go
+++ b/services/syncbase/server/service.go
@@ -205,6 +205,8 @@
 		// for a fully initialized service. Fix this with a separate marker.
 		ctx.Infof("Creating initial database: %v", opts.InitialDB)
 		dbPerms := pubutil.FilterTags(sd.GetPerms(), wire.AllDatabaseTags...)
+		allButAdmin := []access.Tag{access.Read, access.Write, access.Resolve}
+		dbPerms.Add(security.BlessingPattern(opts.InitialDB.Blessing), access.TagStrings(allButAdmin...)...)
 		if err := s.createDatabase(ctx, nil, opts.InitialDB, dbPerms, nil); err != nil {
 			return nil, err
 		}

services/syncbase/syncbased/doc.go

diff --git a/services/syncbase/syncbased/doc.go b/services/syncbase/syncbased/doc.go
index 9237fcf..665582c 100644
--- a/services/syncbase/syncbased/doc.go
+++ b/services/syncbase/syncbased/doc.go
@@ -24,8 +24,9 @@
  -initial-db=
    If specified, a new database with the given id is created when setting up a
    brand new storage instance. Permissions for the database will be the service
-   permissions. Format must conform to v.io/services/syncbase.Id.String:
-   blessing,name
+   permissions; additionally, the blessing specified in the database id will
+   have Read, Write, and Resolve. Format must conform to
+   v.io/services/syncbase.Id.String: blessing,name
  -name=
    Name to mount at.
  -root-dir=

services/syncbase/syncbaselib/opts.go

diff --git a/services/syncbase/syncbaselib/opts.go b/services/syncbase/syncbaselib/opts.go
index 1626851..c475d2d 100644
--- a/services/syncbase/syncbaselib/opts.go
+++ b/services/syncbase/syncbaselib/opts.go
@@ -27,5 +27,5 @@
 	f.BoolVar(&o.SkipPublishInNh, "skip-publish-in-nh", false, "Whether to skip publishing in the neighborhood.")
 	f.BoolVar(&o.DevMode, "dev", false, "Whether to run in development mode; required for RPCs such as Service.DevModeUpdateVClock.")
 	f.StringVar(&o.CpuProfile, "cpuprofile", "", "If specified, write the cpu profile to the given filename.")
-	f.StringVar(&o.InitialDB, "initial-db", "", "If specified, a new database with the given id is created when setting up a brand new storage instance. Permissions for the database will be the service permissions. Format must conform to v.io/services/syncbase.Id.String: blessing,name")
+	f.StringVar(&o.InitialDB, "initial-db", "", "If specified, a new database with the given id is created when setting up a brand new storage instance. Permissions for the database will be the service permissions; additionally, the blessing specified in the database id will have Read, Write, and Resolve. Format must conform to v.io/services/syncbase.Id.String: blessing,name")
 }