veyron.io/veyron/veyron/tools/principal: Introduce "principal store addtoroots" subcommand.
This CL introduces a "store addtoroots" subcommand to the "principal" command.
Expected use to allow credentials directory A to understand a blessing from
credentials directory B:
principal -veyron.credentials B bless A arbitrary_label_that_is__ignored |
principal -veyron.credentials A store addtoroots -
Several other subcommands call AddToRoots(), but always as a (sometimes
optional) side-effect of some other action. This command does nothing bu the
AddToRoots(), making it possible for two unrelated principals to use the name
of the other in ACLs, without blessing one another.
The implementation is very similar to the "store set" subcommand, which is
immediately above it in the file. The differences are:
- the help text,
- the new subcomment does not all Set(), and
- the call to AddToRoots() is not conditional on the -add_to_roots flag.
Change-Id: I2d23454815dcc319927ebe3912fc3007a7db412f
diff --git a/tools/principal/main.go b/tools/principal/main.go
index ed12032..e90e3df 100644
--- a/tools/principal/main.go
+++ b/tools/principal/main.go
@@ -361,6 +361,49 @@
},
}
+ cmdStoreAddToRoots = &cmdline.Command{
+ Name: "addtoroots",
+ Short: "Add provided blessings to root set",
+ Long: `
+Adds the provided blessings to the set of trusted roots for this principal.
+
+'addtoroots b' adds blessings b to the trusted root set.
+
+For example, to make the principal in credentials directory A trust the
+root of the default blessing in credentials directory B:
+ principal -veyron.credentials=B bless A some_extension |
+ principal -veyron.credentials=A store addtoroots -
+
+The extension 'some_extension' has no effect in the command above.
+`,
+ ArgsName: "<file>",
+ ArgsLong: `
+<file> is the path to a file containing a blessing typically obtained
+from this tool. - is used for STDIN.
+`,
+ Run: func(cmd *cmdline.Command, args []string) error {
+ if len(args) != 1 {
+ return fmt.Errorf("requires exactly one argument <file>, provided %d", len(args))
+ }
+ blessings, err := decodeBlessings(args[0])
+ if err != nil {
+ return fmt.Errorf("failed to decode provided blessings: %v", err)
+ }
+
+ runtime, err := rt.New()
+ if err != nil {
+ panic(err)
+ }
+ defer runtime.Cleanup()
+
+ p := runtime.Principal()
+ if err := p.AddToRoots(blessings); err != nil {
+ return fmt.Errorf("AddToRoots failed: %v", err)
+ }
+ return nil
+ },
+ }
+
cmdStoreSetDefault = &cmdline.Command{
Name: "setdefault",
Short: "Set provided blessings as default",
@@ -632,7 +675,7 @@
All blessings are printed to stdout using base64-VOM-encoding
`,
- Children: []*cmdline.Command{cmdStoreDefault, cmdStoreSetDefault, cmdStoreForPeer, cmdStoreSet},
+ Children: []*cmdline.Command{cmdStoreDefault, cmdStoreSetDefault, cmdStoreForPeer, cmdStoreSet, cmdStoreAddToRoots},
}
(&cmdline.Command{
