veyron/security: Replaced references to AllPrincipals pattern "*" with
security.AllPrincipals (now "...").
This is needed because of https://veyron-review.googlesource.com/#/c/4163/.
Change-Id: I46233cb33347de3adfc30fffa2b110669ea5f793
diff --git a/examples/bank/bank/main.go b/examples/bank/bank/main.go
index 333163a..c01cad2 100644
--- a/examples/bank/bank/main.go
+++ b/examples/bank/bank/main.go
@@ -24,7 +24,7 @@
var (
// TODO(rthellend): Remove the address flag when the config manager is working.
address = flag.String("address", "", "the address/endpoint of the bank server")
- serverPattern = flag.String("server_pattern", "*", "server_pattern is an optional pattern for the expected identity of the fortune server. Example: the pattern \"myorg/fortune\" matches identities with names \"myorg/fortune\" or \"myorg\". If the flag is absent then the default pattern \"*\" matches all identities.")
+ serverPattern = flag.String("server_pattern", string(security.AllPrincipals), "server_pattern is an optional pattern for the expected identity of the fortune server. Example: the pattern \"myorg/fortune\" matches identities with names \"myorg/fortune\" or \"myorg\". If the flag is absent then the default pattern \"...\" matches all identities.")
accountMountTableName string
)
diff --git a/examples/fortune/fortune/main.go b/examples/fortune/fortune/main.go
index bf53acd..559ef1a 100644
--- a/examples/fortune/fortune/main.go
+++ b/examples/fortune/fortune/main.go
@@ -12,13 +12,14 @@
"veyron2"
"veyron2/naming"
"veyron2/rt"
+ "veyron2/security"
)
var (
// TODO(rthellend): Remove the address flag when the config manager is working.
address = flag.String("address", "", "the address/endpoint of the fortune server")
newFortune = flag.String("new_fortune", "", "an optional, new fortune to add to the server's set")
- serverPattern = flag.String("server_pattern", "*", "server_pattern is an optional pattern for the expected identity of the fortune server. Example: the pattern \"myorg/fortune\" matches identities with names \"myorg/fortune\" or \"myorg\". If the flag is absent then the default pattern \"*\" matches all identities.")
+ serverPattern = flag.String("server_pattern", string(security.AllPrincipals), "server_pattern is an optional pattern for the expected identity of the fortune server. Example: the pattern \"myorg/fortune\" matches identities with names \"myorg/fortune\" or \"myorg\". If the flag is absent then the default pattern \"...\" matches all identities.")
)
func main() {
@@ -36,7 +37,7 @@
}
// Issue a Get() rpc specifying the provided pattern for the server's identity as
- // an option. If no pattern is provided then the default pattern "*" matches all
+ // an option. If no pattern is provided then the default pattern "..." matches all
// identities.
ctx, cancel := runtime.NewContext().WithTimeout(time.Minute)
defer cancel()
diff --git a/runtimes/google/ipc/benchmarks/README.txt b/runtimes/google/ipc/benchmarks/README.txt
index 861911b..3a1ce9d 100644
--- a/runtimes/google/ipc/benchmarks/README.txt
+++ b/runtimes/google/ipc/benchmarks/README.txt
@@ -62,7 +62,7 @@
In this case, we can see the cost of name resolution, creating the VC, etc. in
the first RPC.
-$ $VEYRON_ROOT/veyron/go/bin/bmserver --address=localhost:8888 --acl='{"*":"A"}'
+$ $VEYRON_ROOT/veyron/go/bin/bmserver --address=localhost:8888 --acl='{"...":"A"}'
(In a different shell)
$ $VEYRON_ROOT/veyron/go/bin/bmclient --server=/localhost:8888 --count=10 \
@@ -112,7 +112,7 @@
about 22 ms, and streaming many 1 KB chunks takes about 6.5 ms per chunk.
-$ ./bmserver --address=localhost:8888 --acl='{"*":"A"}'
+$ ./bmserver --address=localhost:8888 --acl='{"...":"A"}'
$ ./bmclient --server=/localhost:8888 --count=10 --payload_size=1000
CallEcho 0 2573406000
diff --git a/runtimes/google/security/publicid_store.go b/runtimes/google/security/publicid_store.go
index 4763555..02a5765 100644
--- a/runtimes/google/security/publicid_store.go
+++ b/runtimes/google/security/publicid_store.go
@@ -229,11 +229,11 @@
// NewPublicIDStore returns a security.PublicIDStore based on params.
// * If params is nil, a new store with an empty set of PublicIDs and the default
-// pattern "*" (matched by all PublicIDs) is returned. The store only lives in
+// pattern "..." (matched by all PublicIDs) is returned. The store only lives in
// memory and is never persisted.
// * If params is non-nil, then a store obtained from the serialized data present
// in params.Dir is returned if the data exists, or else a new store with an
-// empty set of PublicIDs and the default pattern "*" is returned. Any subsequent
+// empty set of PublicIDs and the default pattern "..." is returned. Any subsequent
// modifications to the returned store are always signed (using params.Signer)
// and persisted in params.Dir.
func NewPublicIDStore(params *PublicIDStoreParams) (security.PublicIDStore, error) {
diff --git a/security/acl_authorizer.go b/security/acl_authorizer.go
index 30f000d..bf59751 100644
--- a/security/acl_authorizer.go
+++ b/security/acl_authorizer.go
@@ -64,12 +64,12 @@
// The JSON-encoding of a ACL is essentially a JSON object describing a map from
// BlessingPatterns to encoded LabelSets (see LabelSet.MarshalJSON).
// Examples:
-// * `{"*" : "RW"}` encodes an ACL that allows all principals to access all methods with
+// * `{"..." : "RW"}` encodes an ACL that allows all principals to access all methods with
// ReadLabel or WriteLabel.
-// * `{"veyron/alice": "RW", "veyron/bob/*": "R"} encodes an ACL that allows all principals
-// matching "veyron/alice" to access methods with ReadLabel or WriteLabel,
-// and all principals matching "veyron/bob/*" to access methods with ReadLabel.
-// (Also see PublicID.Match.)
+// * `{"veyron/alice": "RW", "veyron/bob/...": "R"}` encodes an ACL that allows all principals
+// matched by "veyron/alice" to access methods with ReadLabel or WriteLabel, and all
+// principals matched by "veyron/bob/..." to access methods with ReadLabel.
+// (Also see BlessingPattern.MatchedBy)
//
// TODO(ataly, ashankar): Instead of reading the file on each call we should use the "inotify"
// mechanism to watch the file. Eventually we should also support ACLs stored in the Veyron
