services/identity: Add --mountprefix flag
Add a flag to specify the prefix for the name that identityd published
in the namespace. The default value is "identity", just like the
previously hard-coded value.
I intend to set --mountprefix=/ns.dev.v.io:8101/identity on the
production instance such that the published name does not depend on the
local namespace provided by the device manager.
Change-Id: Icc82fb655fc0947ab406808f5148982864913112
diff --git a/services/identity/identityd/main.go b/services/identity/identityd/main.go
index f87b419..5f14b6d 100644
--- a/services/identity/identityd/main.go
+++ b/services/identity/identityd/main.go
@@ -39,6 +39,7 @@
httpaddr = flag.String("httpaddr", "localhost:8125", "Address on which the HTTP server listens on.")
tlsconfig = flag.String("tlsconfig", "", "Comma-separated list of TLS certificate and private key files, in that order. This must be provided.")
assetsprefix = flag.String("assetsprefix", "", "host serving the web assets for the identity server")
+ mountPrefix = flag.String("mountprefix", "identity", "mount name prefix to use. May be rooted.")
)
func main() {
@@ -79,7 +80,8 @@
googleOAuthBlesserParams(googleoauth, revocationManager),
caveats.NewBrowserCaveatSelector(*assetsprefix),
&emailClassifier,
- *assetsprefix)
+ *assetsprefix,
+ *mountPrefix)
s.Serve(ctx, &listenSpec, *externalHttpAddr, *httpaddr, *tlsconfig)
}
diff --git a/services/identity/identityd_test/main.go b/services/identity/identityd_test/main.go
index 124a816..0e58ec9 100644
--- a/services/identity/identityd_test/main.go
+++ b/services/identity/identityd_test/main.go
@@ -31,6 +31,7 @@
httpAddr = flag.String("httpaddr", "localhost:0", "Address on which the HTTP server listens on.")
tlsconfig = flag.String("tlsconfig", "", "Comma-separated list of TLS certificate and private key files, in that order. This must be provided.")
assetsprefix = flag.String("assetsprefix", "", "host serving the web assets for the identity server")
+ mountPrefix = flag.String("mountprefix", "identity", "mount name prefix to use. May be rooted.")
)
func main() {
@@ -81,7 +82,8 @@
params,
caveats.NewMockCaveatSelector(),
nil,
- *assetsprefix)
+ *assetsprefix,
+ *mountPrefix)
s.Serve(ctx, &listenSpec, *externalHttpAddr, *httpAddr, *tlsconfig)
}
diff --git a/services/identity/internal/server/identityd.go b/services/identity/internal/server/identityd.go
index e0bcf59..1a8c130 100644
--- a/services/identity/internal/server/identityd.go
+++ b/services/identity/internal/server/identityd.go
@@ -61,6 +61,7 @@
emailClassifier *util.EmailClassifier
rootedObjectAddrs []naming.Endpoint
assetsPrefix string
+ mountNamePrefix string
}
// NewIdentityServer returns a IdentityServer that:
@@ -68,7 +69,7 @@
// - auditor and blessingLogReader to audit the root principal and read audit logs
// - revocationManager to store revocation data and grant discharges
// - oauthBlesserParams to configure the identity.OAuthBlesser service
-func NewIdentityServer(oauthProvider oauth.OAuthProvider, auditor audit.Auditor, blessingLogReader auditor.BlessingLogReader, revocationManager revocation.RevocationManager, oauthBlesserParams blesser.OAuthBlesserParams, caveatSelector caveats.CaveatSelector, emailClassifier *util.EmailClassifier, assetsPrefix string) *IdentityServer {
+func NewIdentityServer(oauthProvider oauth.OAuthProvider, auditor audit.Auditor, blessingLogReader auditor.BlessingLogReader, revocationManager revocation.RevocationManager, oauthBlesserParams blesser.OAuthBlesserParams, caveatSelector caveats.CaveatSelector, emailClassifier *util.EmailClassifier, assetsPrefix, mountNamePrefix string) *IdentityServer {
return &IdentityServer{
oauthProvider: oauthProvider,
auditor: auditor,
@@ -78,6 +79,7 @@
caveatSelector: caveatSelector,
emailClassifier: emailClassifier,
assetsPrefix: assetsPrefix,
+ mountNamePrefix: mountNamePrefix,
}
}
@@ -214,17 +216,18 @@
}
principal := v23.GetPrincipal(ctx)
- objectAddr := naming.Join("identity", fmt.Sprintf("%v", principal.BlessingStore().Default()))
- var rootedObjectAddr string
- if eps, err := server.Listen(*listenSpec); err != nil {
+ objectAddr := naming.Join(s.mountNamePrefix, fmt.Sprintf("%v", principal.BlessingStore().Default()))
+ if s.rootedObjectAddrs, err = server.Listen(*listenSpec); err != nil {
defer server.Stop()
return nil, nil, fmt.Errorf("server.Listen(%v) failed: %v", *listenSpec, err)
+ }
+ var rootedObjectAddr string
+ if naming.Rooted(objectAddr) {
+ rootedObjectAddr = objectAddr
} else if nsroots := v23.GetNamespace(ctx).Roots(); len(nsroots) >= 1 {
rootedObjectAddr = naming.Join(nsroots[0], objectAddr)
- s.rootedObjectAddrs = eps
} else {
- rootedObjectAddr = eps[0].Name()
- s.rootedObjectAddrs = eps
+ rootedObjectAddr = s.rootedObjectAddrs[0].Name()
}
dispatcher := newDispatcher(macaroonKey, oauthBlesserParams(s.oauthBlesserParams, rootedObjectAddr))
if err := server.ServeDispatcher(objectAddr, dispatcher); err != nil {
diff --git a/services/identity/modules/test_identityd.go b/services/identity/modules/test_identityd.go
index 9b5ebac..d8309b1 100644
--- a/services/identity/modules/test_identityd.go
+++ b/services/identity/modules/test_identityd.go
@@ -93,7 +93,8 @@
params,
caveats.NewMockCaveatSelector(),
nil,
- "")
+ "",
+ "identity")
l := v23.GetListenSpec(ctx)
