"veyron/tools/principal": Part 4: seekblessings Add support for the "seekblessings" command to the principal tool. The command expects the Veyron Identity Server to provide a security.WireBlessings (as opposed to a serialzied PublicID) in exchange for a Macaroon obtained from the OAuth flow described in: https://docs.google.com/a/google.com/document/d/1SRoc2cKE9iE1fWR7aSmMoccZoi4ZE8BQL7sr1LDNVkk/edit Change-Id: I200caa7807531ea5cc21ac534879a7c39927f6a1

commit: 1d46f55a51935a3d7824169693df559ca69d789a [log] [tgz]
author: Ankur <ataly@google.com> Thu Oct 09 12:13:31 2014 -0700
committer: Ankur <ataly@google.com> Thu Oct 09 12:13:32 2014 -0700
tree: 7d124467d54a5da6700efb0c4dcab2ad9c53df94
parent: 1615a7d1dde9ab7492eb4f3104dcfc2258f141f4 [diff] [blame]
diff --git a/tools/principal/main.go b/tools/principal/main.go
index 305d985..a0a61c1 100644
--- a/tools/principal/main.go
+++ b/tools/principal/main.go

@@ -10,10 +10,12 @@
 	"time"
 
 	"veyron.io/veyron/veyron/lib/cmdline"
+	"veyron.io/veyron/veyron/services/identity"
 	"veyron.io/veyron/veyron/services/identity/util"
 
 	"veyron.io/veyron/veyron2/rt"
 	"veyron.io/veyron/veyron2/security"
+	"veyron.io/veyron/veyron2/vdl/vdlutil"
 )
 
 var (
@@ -21,6 +23,11 @@
 	flagBlessFor   time.Duration
 	flagAddForPeer string
 
+	// Flags for the "seekblessing" command
+	flagSeekBlessingFrom string
+	flagSkipSetDefault   bool
+	flagForPeer          string
+
 	cmdDump = &cmdline.Command{
 		Name:  "dump",
 		Short: "Dump out information about the principal",
@@ -215,6 +222,67 @@
 			return nil
 		},
 	}
+
+	cmdSeekBlessings = &cmdline.Command{
+		Name:  "seekblessings",
+		Short: "Seek blessings from a web-based Veyron blesser",
+		Long: `
+Seeks blessings from a web-based Veyron blesser which
+requires the caller to first authenticate with Google using OAuth. Simply
+run the command to see what happens.
+
+The blessings are sought for the principal specified by the environment
+(VEYRON_CREDENTIALS) that this tool is running in.
+
+The blessings obtained are set as default, unless a --skip_set_default flag
+is provided, and are also set for sharing with all peers, unless a more
+specific peer pattern is provided using the --for_peer flag.
+`,
+		Run: func(cmd *cmdline.Command, args []string) error {
+			blessedChan := make(chan string)
+			defer close(blessedChan)
+			macaroonChan, err := getMacaroonForBlessRPC(flagSeekBlessingFrom, blessedChan)
+			if err != nil {
+				return fmt.Errorf("failed to get macaroon from Veyron blesser: %v", err)
+			}
+			macaroon := <-macaroonChan
+			service := <-macaroonChan
+
+			ctx, cancel := rt.R().NewContext().WithTimeout(time.Minute)
+			defer cancel()
+
+			var reply vdlutil.Any
+			blesser, err := identity.BindMacaroonBlesser(service)
+			if err == nil {
+				reply, err = blesser.Bless(ctx, macaroon)
+			}
+			if err != nil {
+				return fmt.Errorf("failed to get blessing from %q: %v", service, err)
+			}
+			wire, ok := reply.(security.WireBlessings)
+			if !ok {
+				return fmt.Errorf("received %T, want security.WireBlessings", reply)
+			}
+			blessings, err := security.NewBlessings(wire)
+			if err != nil {
+				return fmt.Errorf("failed to construct Blessings object from wire data: %v", err)
+			}
+			blessedChan <- fmt.Sprint(blessings)
+			// Wait for getTokenForBlessRPC to clean up:
+			<-macaroonChan
+
+			if !flagSkipSetDefault {
+				if err := rt.R().Principal().BlessingStore().SetDefault(blessings); err != nil {
+					return fmt.Errorf("failed to set blessings %v as default: %v", blessings, err)
+				}
+			}
+			pattern := security.BlessingPattern(flagForPeer)
+			if _, err := rt.R().Principal().BlessingStore().Set(blessings, pattern); err != nil {
+				return fmt.Errorf("failed to set blessings %v for peers %v: %v", blessings, pattern, err)
+			}
+			return dumpBlessings(blessings)
+		},
+	}
 )
 
 func main() {
@@ -225,6 +293,9 @@
 	}
 	rt.Init()
 	cmdBlessSelf.Flags.DurationVar(&flagBlessFor, "for", 0*time.Hour, "Expiry time of Blessing (optional)")
+	cmdSeekBlessings.Flags.StringVar(&flagSeekBlessingFrom, "from", "https://proxy.envyor.com:8125/google", "URL to use to begin the seek blessings process")
+	cmdSeekBlessings.Flags.BoolVar(&flagSkipSetDefault, "skip_set_default", false, "flag to indicate that the blessings obtained from the Veyron blesser must not be set as default on the principals's blessing store")
+	cmdSeekBlessings.Flags.StringVar(&flagForPeer, "for_peer", "...", "pattern to be used while setting the blessings obtained from the Veyron blesser on the principal's blessing store")
 
 	(&cmdline.Command{
 		Name:  "principal",
@@ -235,7 +306,7 @@
 
 All objects are printed using base64-VOM-encoding.
 `,
-		Children: []*cmdline.Command{cmdDump, cmdPrint, cmdBlessSelf, cmdDefault, cmdForPeer, cmdSetDefault, cmdSet},
+		Children: []*cmdline.Command{cmdDump, cmdPrint, cmdBlessSelf, cmdDefault, cmdForPeer, cmdSetDefault, cmdSet, cmdSeekBlessings},
 	}).Main()
 }
commit	1d46f55a51935a3d7824169693df559ca69d789a	[log] [tgz]
author	Ankur <ataly@google.com>	Thu Oct 09 12:13:31 2014 -0700
committer	Ankur <ataly@google.com>	Thu Oct 09 12:13:32 2014 -0700
tree	7d124467d54a5da6700efb0c4dcab2ad9c53df94
parent	1615a7d1dde9ab7492eb4f3104dcfc2258f141f4 [diff] [blame]