Merge "veyron2/ipc: modify ListenSpec to accept a slice of addresses."
diff --git a/lib/modules/modules_test.go b/lib/modules/modules_test.go
index 074d39a..c8512eb 100644
--- a/lib/modules/modules_test.go
+++ b/lib/modules/modules_test.go
@@ -430,10 +430,9 @@
sh.Cleanup(nil, nil)
// Test child credentials when VeyronCredentials are set.
- root := tsecurity.NewPrincipal("root")
old := os.Getenv(consts.VeyronCredentials)
defer os.Setenv(consts.VeyronCredentials, old)
- dir := tsecurity.NewVeyronCredentials(root, "os")
+ dir, _ := tsecurity.NewCredentials("os")
defer os.RemoveAll(dir)
if err := os.Setenv(consts.VeyronCredentials, dir); err != nil {
t.Fatal(err)
@@ -442,7 +441,7 @@
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
- if err := validateCredentials(startChildAndGetCredentials(sh, nil), "root/os/child"); err != nil {
+ if err := validateCredentials(startChildAndGetCredentials(sh, nil), "os/child"); err != nil {
t.Fatal(err)
}
sh.Cleanup(nil, nil)
@@ -453,34 +452,34 @@
}
// Test that VeyronCredentials specified on the shell override the OS ones.
- dir = tsecurity.NewVeyronCredentials(root, "shell")
+ dir, _ = tsecurity.NewCredentials("shell")
defer os.RemoveAll(dir)
sh, err = modules.NewShell(nil)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
sh.SetVar(consts.VeyronCredentials, dir)
- if err := validateCredentials(startChildAndGetCredentials(sh, nil), "root/shell/child"); err != nil {
+ if err := validateCredentials(startChildAndGetCredentials(sh, nil), "shell/child"); err != nil {
t.Fatal(err)
}
sh.ClearVar(consts.VeyronCredentials)
if credentials := startChildAndGetCredentials(sh, nil); len(credentials) != 0 {
t.Fatalf("found credentials %v set for child even when shell credentials were cleared", credentials)
}
- anotherDir := tsecurity.NewVeyronCredentials(root, "anotherShell")
+ anotherDir, _ := tsecurity.NewCredentials("anotherShell")
defer os.RemoveAll(anotherDir)
sh.SetVar(consts.VeyronCredentials, anotherDir)
- if err := validateCredentials(startChildAndGetCredentials(sh, nil), "root/anotherShell/child"); err != nil {
+ if err := validateCredentials(startChildAndGetCredentials(sh, nil), "anotherShell/child"); err != nil {
t.Fatal(err)
}
sh.Cleanup(nil, nil)
// Test that VeyronCredentials specified as a parameter overrides the OS and
// shell ones.
- dir = tsecurity.NewVeyronCredentials(root, "param")
+ dir, _ = tsecurity.NewCredentials("param")
defer os.RemoveAll(dir)
env := []string{consts.VeyronCredentials + "=" + dir}
- if err := validateCredentials(startChildAndGetCredentials(sh, env), "root/param"); err != nil {
+ if err := validateCredentials(startChildAndGetCredentials(sh, env), "param"); err != nil {
t.Fatal(err)
}
diff --git a/lib/signals/signals_test.go b/lib/signals/signals_test.go
index 198f830..693e425 100644
--- a/lib/signals/signals_test.go
+++ b/lib/signals/signals_test.go
@@ -350,7 +350,7 @@
// Set the child process up with a blessing from the parent so that
// the default authorization works for RPCs between the two.
- childcreds := security.NewVeyronCredentials(runtime.Principal(), "child")
+ childcreds, _ := security.ForkCredentials(runtime.Principal(), "child")
defer os.RemoveAll(childcreds)
configServer, configServiceName, ch := createConfigServer(t, runtime)
defer configServer.Stop()
diff --git a/lib/testutil/security/util.go b/lib/testutil/security/util.go
index a696269..40a7279 100644
--- a/lib/testutil/security/util.go
+++ b/lib/testutil/security/util.go
@@ -1,5 +1,25 @@
// Package security contains utility testing functions related to
-// security.
+// veyron2/security.
+//
+// Suggested Usage:
+//
+// Create a new in-memory principal with an empty BlessingStore.
+// p := NewPrincipal()
+//
+// Create a new in-memory principal with self-signed blessing for "alice".
+// p := NewPrincipal("alice")
+//
+// Create a VeyronCredentials directory with a new persistent principal that has a
+// self-signed blessing for "alice" -- this directory can be set as the value
+// of the VEYRON_CREDENTIALS environment variable or the --veyron.credentials flag
+// used to initialize a runtime. All updates to the principal's state get subsequently
+// persisted to the directory. Both the directory and a handle to the created principal
+// are returned.
+// dir, p := NewCredentials("alice") // principal p has blessing "alice"
+//
+// Create a VeyronCredentials directory with a new persistent principal that is
+// blessed by the principal p under the extension "friend"
+// forkdir, forkp := ForkCredentials(p, "friend") // principal forkp has blessing "alice/friend"
package security
import (
@@ -12,31 +32,85 @@
"veyron.io/veyron/veyron2/services/security/access"
)
-// NewVeyronCredentials generates a directory with a new principal
-// that can be used as a value for the VEYRON_CREDENTIALS environment
-// variable to initialize a Runtime.
-//
-// The principal created uses a blessing from 'parent', with the extension
-// 'name' as its default blessing.
-//
-// It returns the path to the directory created.
-func NewVeyronCredentials(parent security.Principal, name string) string {
+func newCredentials() (string, security.Principal) {
dir, err := ioutil.TempDir("", "veyron_credentials")
if err != nil {
panic(err)
}
- p, err := vsecurity.LoadPersistentPrincipal(dir, nil)
- if err != nil {
- if p, err = vsecurity.CreatePersistentPrincipal(dir, nil); err != nil {
- panic(err)
- }
- }
- blessings, err := parent.Bless(p.PublicKey(), parent.BlessingStore().Default(), name, security.UnconstrainedUse())
+ p, err := vsecurity.CreatePersistentPrincipal(dir, nil)
if err != nil {
panic(err)
}
- SetDefaultBlessings(p, blessings)
- return dir
+ return dir, p
+}
+
+func selfBlessings(p security.Principal, names ...string) security.Blessings {
+ var blessings security.Blessings
+ for _, name := range names {
+ b, err := p.BlessSelf(name)
+ if err != nil {
+ panic(err)
+ }
+ if blessings, err = security.UnionOfBlessings(blessings, b); err != nil {
+ panic(err)
+ }
+ }
+ return blessings
+}
+
+// NewCredentials generates a directory with a new principal with
+// self-signed blessings.
+//
+// In particular, the principal is initialized with self-signed
+// blessings for the provided 'names', marked as default and shareable
+// with all peers on the principal's blessing store.
+//
+// It returns the path to the directory created and the principal.
+// The directory can be used as a value for the VEYRON_CREDENTIALS
+// environment variable (or the --veyron.credentials flag) used to
+// initialize a Runtime.
+func NewCredentials(requiredName string, otherNames ...string) (string, security.Principal) {
+ dir, p := newCredentials()
+ if def := selfBlessings(p, append([]string{requiredName}, otherNames...)...); def != nil {
+ SetDefaultBlessings(p, def)
+ }
+ return dir, p
+}
+
+// ForkCredentials generates a directory with a new principal whose
+// blessings are provided by the 'parent'.
+//
+// In particular, the principal is initialized with blessings from
+// 'parent' under the provided 'extensions', and marked as default and
+// shareable with all peers on the principal's blessing store.
+//
+// It returns the path to the directory created and the principal.
+// The directory can be used as a value for the VEYRON_CREDENTIALS
+// environment variable (or the --veyron.credentials flag) used to
+// initialize a Runtime.
+func ForkCredentials(parent security.Principal, requiredExtension string, otherExtensions ...string) (string, security.Principal) {
+ dir, err := ioutil.TempDir("", "veyron_credentials")
+ if err != nil {
+ panic(err)
+ }
+ p, err := vsecurity.CreatePersistentPrincipal(dir, nil)
+ if err != nil {
+ panic(err)
+ }
+ var def security.Blessings
+ for _, extension := range append([]string{requiredExtension}, otherExtensions...) {
+ b, err := parent.Bless(p.PublicKey(), parent.BlessingStore().Default(), extension, security.UnconstrainedUse())
+ if err != nil {
+ panic(err)
+ }
+ if def, err = security.UnionOfBlessings(def, b); err != nil {
+ panic(err)
+ }
+ }
+ if def != nil {
+ SetDefaultBlessings(p, def)
+ }
+ return dir, p
}
// NewPrincipal creates a new security.Principal.
@@ -49,17 +123,7 @@
if err != nil {
panic(err)
}
- var def security.Blessings
- for _, blessing := range defaultBlessings {
- b, err := p.BlessSelf(blessing)
- if err != nil {
- panic(err)
- }
- if def, err = security.UnionOfBlessings(def, b); err != nil {
- panic(err)
- }
- }
- if def != nil {
+ if def := selfBlessings(p, defaultBlessings...); def != nil {
SetDefaultBlessings(p, def)
}
return p
diff --git a/lib/testutil/security/util_test.go b/lib/testutil/security/util_test.go
index 8b3070a..67bf51e 100644
--- a/lib/testutil/security/util_test.go
+++ b/lib/testutil/security/util_test.go
@@ -1,8 +1,10 @@
package security
import (
+ "fmt"
"os"
"reflect"
+ "sort"
"testing"
"veyron.io/veyron/veyron2/rt"
@@ -13,24 +15,50 @@
vsecurity "veyron.io/veyron/veyron/security"
)
-func TestNewVeyronCredentials(t *testing.T) {
- r, err := rt.New()
+func unsortedEquals(a, b []string) bool {
+ sort.Strings(a)
+ sort.Strings(b)
+ return reflect.DeepEqual(a, b)
+}
+
+func testCredentials(cred string, wantPrincipal security.Principal, wantBlessings []string) error {
+ pFromCred, err := vsecurity.LoadPersistentPrincipal(cred, nil)
if err != nil {
+ return fmt.Errorf("LoadPersistentPrincipal(%q, nil) failed: %v", cred, err)
+ }
+ if !reflect.DeepEqual(pFromCred, wantPrincipal) {
+ fmt.Errorf("got principal from directory: %v, want: %v", pFromCred, wantPrincipal)
+ }
+
+ // TODO(ashankar,ataly): Extract blessings using the principal.BlessingInfo API
+ // instead of blessings.ForContext.
+ ctx := security.NewContext(&security.ContextParams{
+ LocalPrincipal: pFromCred,
+ })
+ if got := pFromCred.BlessingStore().ForPeer("foo").ForContext(ctx); !unsortedEquals(got, wantBlessings) {
+ return fmt.Errorf("got peer blessings: %v, want: %v", got, wantBlessings)
+ }
+ if got := pFromCred.BlessingStore().Default().ForContext(ctx); !unsortedEquals(got, wantBlessings) {
+ return fmt.Errorf("got default blessings: %v, want: %v", got, wantBlessings)
+ }
+ return nil
+}
+
+func TestCredentials(t *testing.T) {
+ dir, p := NewCredentials("ali", "alice")
+ if err := testCredentials(dir, p, []string{"ali", "alice"}); err != nil {
t.Fatal(err)
}
- defer r.Cleanup()
- parent := r.Principal()
- childdir := NewVeyronCredentials(parent, "child")
- defer os.RemoveAll(childdir)
- if _, err = vsecurity.LoadPersistentPrincipal(childdir, nil); err != nil {
- t.Fatalf("Expected NewVeyronCredentials to have populated the directory %q: %v", childdir, err)
+ forkdir, forkp := ForkCredentials(p, "friend", "enemy")
+ if err := testCredentials(forkdir, forkp, []string{"ali/friend", "alice/friend", "ali/enemy", "alice/enemy"}); err != nil {
+ t.Fatal(err)
}
- // TODO(ashankar,ataly): Figure out what APIs should we use for more detailed testing
- // of the child principal, for example:
- // - Parent should recognize the child's default blessing
- // - Child should recognize the parent's default blessing
- // - Child's blessing name should be that of the parent with "/child" appended.
+
+ forkforkdir, forkforkp := ForkCredentials(forkp, "spouse")
+ if err := testCredentials(forkforkdir, forkforkp, []string{"ali/friend/spouse", "alice/friend/spouse", "ali/enemy/spouse", "alice/enemy/spouse"}); err != nil {
+ t.Fatal(err)
+ }
}
func TestSaveACLToFile(t *testing.T) {
diff --git a/runtimes/google/rt/mgmt_test.go b/runtimes/google/rt/mgmt_test.go
index a43c2d7..fd59c0a 100644
--- a/runtimes/google/rt/mgmt_test.go
+++ b/runtimes/google/rt/mgmt_test.go
@@ -295,7 +295,7 @@
func setupRemoteAppCycleMgr(t *testing.T) (veyron2.Runtime, modules.Handle, appcycle.AppCycleClientMethods, func()) {
r, _ := rt.New(profileOpt)
- childcreds := security.NewVeyronCredentials(r.Principal(), appCmd)
+ childcreds, _ := security.ForkCredentials(r.Principal(), appCmd)
configServer, configServiceName, ch := createConfigServer(t, r)
sh, err := modules.NewShell(nil)
if err != nil {
diff --git a/services/mgmt/application/applicationd/testdata/integration_test.go b/services/mgmt/application/applicationd/testdata/integration_test.go
index 2c68229..4a66a8e 100644
--- a/services/mgmt/application/applicationd/testdata/integration_test.go
+++ b/services/mgmt/application/applicationd/testdata/integration_test.go
@@ -75,10 +75,9 @@
defer handle.CloseStdin()
// Generate credentials.
- root := security.NewPrincipal("root")
- serverCred := security.NewVeyronCredentials(root, "server")
+ serverCred, serverPrin := security.NewCredentials("server")
defer os.RemoveAll(serverCred)
- clientCred := security.NewVeyronCredentials(root, "server/client")
+ clientCred, _ := security.ForkCredentials(serverPrin, "client")
defer os.RemoveAll(clientCred)
// Start the application repository.
diff --git a/services/mgmt/binary/binaryd/testdata/integration_test.go b/services/mgmt/binary/binaryd/testdata/integration_test.go
index b69c2bf..d28b3cb 100644
--- a/services/mgmt/binary/binaryd/testdata/integration_test.go
+++ b/services/mgmt/binary/binaryd/testdata/integration_test.go
@@ -150,10 +150,9 @@
defer handle.CloseStdin()
// Generate credentials.
- rootPrin := security.NewPrincipal("root")
- serverCred := security.NewVeyronCredentials(rootPrin, "server")
+ serverCred, serverPrin := security.NewCredentials("server")
defer os.RemoveAll(serverCred)
- clientCred := security.NewVeyronCredentials(rootPrin, "server/client")
+ clientCred, _ := security.ForkCredentials(serverPrin, "client")
defer os.RemoveAll(clientCred)
// Start the build server.
diff --git a/services/mgmt/build/buildd/testdata/integration_test.go b/services/mgmt/build/buildd/testdata/integration_test.go
index 304f9a0..68bae88 100644
--- a/services/mgmt/build/buildd/testdata/integration_test.go
+++ b/services/mgmt/build/buildd/testdata/integration_test.go
@@ -68,10 +68,9 @@
defer handle.CloseStdin()
// Generate credentials.
- root := security.NewPrincipal("root")
- serverCred := security.NewVeyronCredentials(root, "server")
+ serverCred, serverPrin := security.NewCredentials("server")
defer os.RemoveAll(serverCred)
- clientCred := security.NewVeyronCredentials(root, "server/client")
+ clientCred, _ := security.ForkCredentials(serverPrin, "client")
defer os.RemoveAll(clientCred)
// Start the build server.
diff --git a/services/mgmt/device/impl/device_service.go b/services/mgmt/device/impl/device_service.go
index 7f72437..332699d 100644
--- a/services/mgmt/device/impl/device_service.go
+++ b/services/mgmt/device/impl/device_service.go
@@ -94,13 +94,8 @@
uat BlessingSystemAssociationStore
}
-func (i *deviceService) Claim(call ipc.ServerContext) error {
- // Get the blessing to be used by the claimant.
- blessings := call.Blessings()
- if blessings == nil {
- return verror2.Make(ErrInvalidBlessing, call)
- }
- return i.disp.claimDeviceManager(call.LocalPrincipal(), blessings.ForContext(call), blessings)
+func (i *deviceService) Claim(ctx ipc.ServerContext) error {
+ return i.disp.claimDeviceManager(ctx)
}
func (*deviceService) Describe(ipc.ServerContext) (device.Description, error) {
diff --git a/services/mgmt/device/impl/dispatcher.go b/services/mgmt/device/impl/dispatcher.go
index 237a0ca..1e5bcbb 100644
--- a/services/mgmt/device/impl/dispatcher.go
+++ b/services/mgmt/device/impl/dispatcher.go
@@ -158,15 +158,26 @@
return
}
-func (d *dispatcher) claimDeviceManager(principal security.Principal, names []string, proof security.Blessings) error {
- // TODO(gauthamt): Should we start trusting these identity providers?
+func (d *dispatcher) claimDeviceManager(ctx ipc.ServerContext) error {
// TODO(rjkroege): Scrub the state tree of installation and instance ACL files.
+
+ // Get the blessings to be used by the claimant.
+ blessings := ctx.Blessings()
+ if blessings == nil {
+ return verror2.Make(ErrInvalidBlessing, ctx)
+ }
+ principal := ctx.LocalPrincipal()
+ if err := principal.AddToRoots(blessings); err != nil {
+ vlog.Errorf("principal.AddToRoots(%s) failed: %v", blessings, err)
+ return verror2.Make(ErrInvalidBlessing, ctx)
+ }
+ names := blessings.ForContext(ctx)
if len(names) == 0 {
- vlog.Errorf("No names for claimer(%v) are trusted", proof)
+ vlog.Errorf("No names for claimer(%v) are trusted", blessings)
return verror2.Make(ErrOperationFailed, nil)
}
- principal.BlessingStore().Set(proof, security.AllPrincipals)
- principal.BlessingStore().SetDefault(proof)
+ principal.BlessingStore().Set(blessings, security.AllPrincipals)
+ principal.BlessingStore().SetDefault(blessings)
// Create ACLs to transfer devicemanager permissions to the provided identity.
acl := make(access.TaggedACLMap)
for _, n := range names {
@@ -475,4 +486,7 @@
// access.
type allowEveryone struct{}
-func (allowEveryone) Authorize(security.Context) error { return nil }
+func (allowEveryone) Authorize(ctx security.Context) error {
+ vlog.Infof("Device manager is unclaimed. Allow %q.%s() from %q.", ctx.Suffix(), ctx.Method(), ctx.RemoteBlessings())
+ return nil
+}
diff --git a/services/mgmt/device/impl/impl_test.go b/services/mgmt/device/impl/impl_test.go
index 0bd4d5a..6ba121e 100644
--- a/services/mgmt/device/impl/impl_test.go
+++ b/services/mgmt/device/impl/impl_test.go
@@ -31,6 +31,7 @@
"veyron.io/veyron/veyron2/context"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
+ "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/security"
"veyron.io/veyron/veyron2/services/mgmt/application"
@@ -75,14 +76,14 @@
if modules.IsModulesProcess() {
return
}
- initRT()
+ initRT(options.RuntimePrincipal{tsecurity.NewPrincipal("test-principal")})
}
var globalRT veyron2.Runtime
-func initRT() {
+func initRT(opts ...veyron2.ROpt) {
var err error
- if globalRT, err = rt.New(); err != nil {
+ if globalRT, err = rt.New(opts...); err != nil {
panic(err)
}
@@ -494,7 +495,7 @@
func setupPingServer(t *testing.T) (<-chan string, func()) {
server, _ := newServer()
pingCh := make(chan string, 1)
- if err := server.Serve("pingserver", pingServer(pingCh), nil); err != nil {
+ if err := server.Serve("pingserver", pingServer(pingCh), &openAuthorizer{}); err != nil {
t.Fatalf("Serve(%q, <dispatcher>) failed: %v", "pingserver", err)
}
return pingCh, func() {
@@ -726,8 +727,8 @@
dms.ExpectEOF()
}
-func newRuntime(t *testing.T) veyron2.Runtime {
- runtime, err := rt.New()
+func newRuntime(t *testing.T, opts ...veyron2.ROpt) veyron2.Runtime {
+ runtime, err := rt.New(opts...)
if err != nil {
t.Fatalf("rt.New() failed: %v", err)
}
@@ -807,9 +808,10 @@
*envelope = envelopeFromShell(sh, nil, appCmd, "google naps", "trapp")
- deviceStub := device.DeviceClient("dm//device")
- selfRT := globalRT
- otherRT := newRuntime(t)
+ deviceStub := device.DeviceClient("dm/device")
+ claimantRT := newRuntime(t, options.RuntimePrincipal{tsecurity.NewPrincipal("claimant")})
+ defer claimantRT.Cleanup()
+ otherRT := newRuntime(t, options.RuntimePrincipal{tsecurity.NewPrincipal("other")})
defer otherRT.Cleanup()
octx := otherRT.NewContext()
@@ -817,16 +819,16 @@
// Devicemanager should have open ACLs before we claim it and so an
// Install from otherRT should succeed.
if err := tryInstall(octx); err != nil {
- t.Fatalf("Failed to install: %s", err)
+ t.Errorf("Failed to install: %s", err)
}
- // Claim the devicemanager with selfRT as <defaultblessing>/mydevice
- if err := deviceStub.Claim(selfRT.NewContext(), &granter{p: selfRT.Principal(), extension: "mydevice"}); err != nil {
+ // Claim the devicemanager with claimantRT as <defaultblessing>/mydevice
+ if err := deviceStub.Claim(claimantRT.NewContext(), &granter{p: claimantRT.Principal(), extension: "mydevice"}); err != nil {
t.Fatal(err)
}
- // Installation should succeed since globalRT (a.k.a. selfRT) is now the
- // "owner" of the devicemanager.
- appID := installApp(t)
+ // Installation should succeed since claimantRT is now the "owner" of
+ // the devicemanager.
+ appID := installApp(t, claimantRT)
// otherRT should be unable to install though, since the ACLs have
// changed now.
@@ -839,7 +841,7 @@
defer cleanup()
// Start an instance of the app.
- instanceID := startApp(t, appID)
+ instanceID := startApp(t, appID, claimantRT)
// Wait until the app pings us that it's ready.
select {
@@ -848,7 +850,7 @@
t.Fatalf("failed to get ping")
}
resolve(t, "trapp", 1)
- suspendApp(t, appID, instanceID)
+ suspendApp(t, appID, instanceID, claimantRT)
// TODO(gauthamt): Test that ACLs persist across devicemanager restarts
}
diff --git a/services/mgmt/device/impl/mock_repo_test.go b/services/mgmt/device/impl/mock_repo_test.go
index 0c34ddc..58438b0 100644
--- a/services/mgmt/device/impl/mock_repo_test.go
+++ b/services/mgmt/device/impl/mock_repo_test.go
@@ -9,6 +9,7 @@
"testing"
"veyron.io/veyron/veyron2/ipc"
+ "veyron.io/veyron/veyron2/security"
"veyron.io/veyron/veyron2/services/mgmt/application"
"veyron.io/veyron/veyron2/services/mgmt/binary"
"veyron.io/veyron/veyron2/services/mgmt/repository"
@@ -36,7 +37,7 @@
server, _ := newServer()
invoker := new(arInvoker)
name := mockApplicationRepoName
- if err := server.Serve(name, repository.ApplicationServer(invoker), nil); err != nil {
+ if err := server.Serve(name, repository.ApplicationServer(invoker), &openAuthorizer{}); err != nil {
vlog.Fatalf("Serve(%v) failed: %v", name, err)
}
return &invoker.envelope, func() {
@@ -46,6 +47,10 @@
}
}
+type openAuthorizer struct{}
+
+func (openAuthorizer) Authorize(security.Context) error { return nil }
+
// arInvoker holds the state of an application repository invocation mock. The
// mock returns the value of the wrapped envelope, which can be subsequently be
// changed at any time. Client is responsible for synchronization if desired.
@@ -68,7 +73,7 @@
func startBinaryRepository() func() {
server, _ := newServer()
name := mockBinaryRepoName
- if err := server.Serve(name, repository.BinaryServer(new(brInvoker)), nil); err != nil {
+ if err := server.Serve(name, repository.BinaryServer(new(brInvoker)), &openAuthorizer{}); err != nil {
vlog.Fatalf("Serve(%q) failed: %v", name, err)
}
return func() {
diff --git a/services/mgmt/device/impl/util_test.go b/services/mgmt/device/impl/util_test.go
index a1948aa..52642ff 100644
--- a/services/mgmt/device/impl/util_test.go
+++ b/services/mgmt/device/impl/util_test.go
@@ -61,7 +61,7 @@
}
func credentialsForChild(blessing string) (string, []string) {
- creds := tsecurity.NewVeyronCredentials(globalRT.Principal(), blessing)
+ creds, _ := tsecurity.ForkCredentials(globalRT.Principal(), blessing)
return creds, []string{consts.VeyronCredentials + "=" + creds}
}
diff --git a/services/mgmt/profile/profiled/testdata/integration_test.go b/services/mgmt/profile/profiled/testdata/integration_test.go
index 7f9dc53..cd1ba22 100644
--- a/services/mgmt/profile/profiled/testdata/integration_test.go
+++ b/services/mgmt/profile/profiled/testdata/integration_test.go
@@ -96,10 +96,9 @@
defer handle.CloseStdin()
// Generate credentials.
- root := security.NewPrincipal("root")
- serverCred := security.NewVeyronCredentials(root, "server")
+ serverCred, serverPrin := security.NewCredentials("server")
defer os.RemoveAll(serverCred)
- clientCred := security.NewVeyronCredentials(root, "server/client")
+ clientCred, _ := security.ForkCredentials(serverPrin, "client")
defer os.RemoveAll(clientCred)
// Start the profile repository.
diff --git a/tools/debug/impl.go b/tools/debug/impl.go
index 6a5a1fa..e998831 100644
--- a/tools/debug/impl.go
+++ b/tools/debug/impl.go
@@ -417,15 +417,15 @@
fmt.Fprintf(&buf, "%T: ", value)
}
if raw {
+ if v, ok := value.(istats.HistogramValue); ok {
+ // Bypass HistogramValue.String()
+ type hist istats.HistogramValue
+ value = hist(v)
+ }
fmt.Fprintf(&buf, "%+v", value)
return buf.String()
}
- switch v := value.(type) {
- case istats.HistogramValue:
- v.Print(&buf)
- default:
- fmt.Fprintf(&buf, "%v", v)
- }
+ fmt.Fprintf(&buf, "%v", value)
return buf.String()
}
diff --git a/tools/debug/test.sh b/tools/debug/test.sh
index f87483a..4641010 100755
--- a/tools/debug/test.sh
+++ b/tools/debug/test.sh
@@ -90,7 +90,7 @@
"${DEBUG_BIN}" stats watch -raw "${EP}/__debug/stats/ipc/server/routing-id/*/methods/ReadLog/latency-ms")
shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" "${TMP}" "ReadLog/latency-ms"
kill "${DEBUG_PID}"
- grep -q "Count: 1 " "${TMP}" || (dumplogs "${TMP}"; shell_test::fail "line ${LINENO}: failed to find expected output")
+ grep -q "Count:1 " "${TMP}" || (dumplogs "${TMP}"; shell_test::fail "line ${LINENO}: failed to find expected output")
# Test pprof.
if ! "${DEBUG_BIN}" pprof run "${EP}/__debug/pprof" heap --text &> "${DBGLOG}"; then
