blob: 022e64381f45da31a0d0096245fa5fbec875c2cc [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package securityflag implements utilities for creating security objects based
// on flags.
package securityflag
import (
"bytes"
"flag"
"os"
"v.io/v23/security"
"v.io/v23/security/access"
"v.io/v23/verror"
"v.io/x/ref/lib/flags"
)
const pkgPath = "v.io/x/ref/lib/security/securityflag"
var (
errCantOpenPermissionsFile = verror.Register(pkgPath+".errCantOpenPermissionsFile", verror.NoRetry, "{1:}{2:} cannot open argument to --v23.permissions.file {3}{:_}")
)
var authFlags *flags.Flags
func init() {
authFlags = flags.CreateAndRegister(flag.CommandLine, flags.Permissions)
}
// NewAuthorizerOrDie constructs an Authorizer based on the provided
// "--v23.permissions.literal" or "--v23.permissions.file" flags. Otherwise it
// creates a default Authorizer.
func NewAuthorizerOrDie() security.Authorizer {
flags := authFlags.PermissionsFlags()
fname := flags.PermissionsFile("runtime")
literal := flags.PermissionsLiteral()
if fname == "" && literal == "" {
return nil
}
var a security.Authorizer
var err error
if literal == "" {
a, err = access.PermissionsAuthorizerFromFile(fname, access.TypicalTagType())
} else {
var perms access.Permissions
if perms, err = access.ReadPermissions(bytes.NewBufferString(literal)); err == nil {
a = access.TypicalTagTypePermissionsAuthorizer(perms)
}
}
if err != nil {
panic(err)
}
return a
}
// TODO(rjkroege): Refactor these two functions into one by making an Authorizer
// use a Permissions accessor interface.
// PermissionsFromFlag reads the same flags as NewAuthorizerOrDie but produces a
// Permissions for callers that need more control of how Permissions are
// managed.
func PermissionsFromFlag() (access.Permissions, error) {
flags := authFlags.PermissionsFlags()
fname := flags.PermissionsFile("runtime")
literal := flags.PermissionsLiteral()
if fname == "" && literal == "" {
return nil, nil
}
if literal == "" {
file, err := os.Open(fname)
if err != nil {
return nil, verror.New(errCantOpenPermissionsFile, nil, fname)
}
defer file.Close()
return access.ReadPermissions(file)
} else {
return access.ReadPermissions(bytes.NewBufferString(literal))
}
}