Merge "runtime/internal/rpc/stream/benchmark: Fix VIF benchmarks."
diff --git a/lib/security/securityflag/flag.go b/lib/security/securityflag/flag.go
index dea39a0..022e643 100644
--- a/lib/security/securityflag/flag.go
+++ b/lib/security/securityflag/flag.go
@@ -47,7 +47,7 @@
} else {
var perms access.Permissions
if perms, err = access.ReadPermissions(bytes.NewBufferString(literal)); err == nil {
- a, err = access.PermissionsAuthorizer(perms, access.TypicalTagType())
+ a = access.TypicalTagTypePermissionsAuthorizer(perms)
}
}
if err != nil {
diff --git a/lib/security/securityflag/flag_test.go b/lib/security/securityflag/flag_test.go
index 04ca9ff..6e9fbcc 100644
--- a/lib/security/securityflag/flag_test.go
+++ b/lib/security/securityflag/flag_test.go
@@ -32,26 +32,19 @@
}
expectedAuthorizer = map[string]security.Authorizer{
- "empty": auth(access.PermissionsAuthorizer(perms1, access.TypicalTagType())),
- "perms2": auth(access.PermissionsAuthorizer(perms2, access.TypicalTagType())),
+ "empty": access.TypicalTagTypePermissionsAuthorizer(perms1),
+ "perms2": access.TypicalTagTypePermissionsAuthorizer(perms2),
}
)
-func auth(a security.Authorizer, err error) security.Authorizer {
- if err != nil {
- panic(err)
- }
- return a
-}
-
var permFromFlag = modules.Register(func(env *modules.Env, args ...string) error {
nfargs := flag.CommandLine.Args()
- tam, err := PermissionsFromFlag()
+ perms, err := PermissionsFromFlag()
if err != nil {
fmt.Fprintf(env.Stdout, "PermissionsFromFlag() failed: %v", err)
return nil
}
- got := auth(access.PermissionsAuthorizer(tam, access.TypicalTagType()))
+ got := access.TypicalTagTypePermissionsAuthorizer(perms)
want := expectedAuthorizer[nfargs[0]]
if !reflect.DeepEqual(got, want) {
fmt.Fprintf(env.Stdout, "args %#v\n", args)
diff --git a/runtime/internal/vtrace/vtrace_test.go b/runtime/internal/vtrace/vtrace_test.go
index 7e3ee2e..9971176 100644
--- a/runtime/internal/vtrace/vtrace_test.go
+++ b/runtime/internal/vtrace/vtrace_test.go
@@ -350,10 +350,7 @@
if err != nil {
return nil, nil, err
}
- auth, err := access.PermissionsAuthorizer(perms, access.TypicalTagType())
- if err != nil {
- return nil, nil, err
- }
+ auth := access.TypicalTagTypePermissionsAuthorizer(perms)
return nil, auth, nil
}
diff --git a/services/internal/pathperms/hierarchical_authorizer.go b/services/internal/pathperms/hierarchical_authorizer.go
index 1556eb0..3d6c5f1 100644
--- a/services/internal/pathperms/hierarchical_authorizer.go
+++ b/services/internal/pathperms/hierarchical_authorizer.go
@@ -29,15 +29,6 @@
PermsForPath(path string) (access.Permissions, bool, error)
}
-func mkRootAuth(rootPerms access.Permissions) (security.Authorizer, error) {
- rootAuth, err := access.PermissionsAuthorizer(rootPerms, access.TypicalTagType())
- if err != nil {
- vlog.Errorf("Successfully obtained Permissions from the filesystem but PermissionsAuthorizer couldn't use it: %v", err)
- return nil, err
- }
- return rootAuth, nil
-}
-
// NewHierarchicalAuthorizer creates a new hierarchicalAuthorizer: one
// that implements a "root" like concept: admin rights at the root of
// a server can invoke RPCs regardless of permissions set on child objects.
@@ -60,11 +51,7 @@
// We are at the root so exit early.
if ha.rootDir == ha.childDir {
- a, err := mkRootAuth(rootPerms)
- if err != nil {
- return err
- }
- return adminCheckAuth(ctx, call, a, rootPerms)
+ return adminCheckAuth(ctx, call, access.TypicalTagTypePermissionsAuthorizer(rootPerms), rootPerms)
}
// This is not fatal: the childDir may not exist if we are invoking
@@ -73,19 +60,10 @@
if err != nil {
return err
} else if intentionallyEmpty {
- a, err := mkRootAuth(rootPerms)
- if err != nil {
- return err
- }
- return adminCheckAuth(ctx, call, a, rootPerms)
+ return adminCheckAuth(ctx, call, access.TypicalTagTypePermissionsAuthorizer(rootPerms), rootPerms)
}
- childAuth, err := access.PermissionsAuthorizer(childPerms, access.TypicalTagType())
- if err != nil {
- vlog.Errorf("Successfully obtained a Permissions from the filesystem but PermissionsAuthorizer couldn't use it: %v", err)
- return err
- }
- return adminCheckAuth(ctx, call, childAuth, rootPerms)
+ return adminCheckAuth(ctx, call, access.TypicalTagTypePermissionsAuthorizer(childPerms), rootPerms)
}
func adminCheckAuth(ctx *context.T, call security.Call, auth security.Authorizer, perms access.Permissions) error {