blob: e79ff03e40420675bb43b6894a269f9962c5028f [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"strings"
"v.io/x/ref/services/internal/fs"
"v.io/x/ref/services/internal/pathperms"
"v.io/x/ref/services/repository"
"v.io/v23/context"
"v.io/v23/naming"
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/security/access"
"v.io/v23/services/application"
"v.io/v23/verror"
"v.io/x/lib/vlog"
)
// appRepoService implements the Application repository interface.
type appRepoService struct {
// store is the storage server used for storing application
// metadata.
// All objects share the same Memstore.
store *fs.Memstore
// storeRoot is a name in the directory under which all data will be
// stored.
storeRoot string
// suffix is the name of the application object.
suffix string
}
const pkgPath = "v.io/x/ref/services/application/applicationd/"
var (
ErrInvalidSuffix = verror.Register(pkgPath+".InvalidSuffix", verror.NoRetry, "{1:}{2:} invalid suffix{:_}")
ErrOperationFailed = verror.Register(pkgPath+".OperationFailed", verror.NoRetry, "{1:}{2:} operation failed{:_}")
ErrNotAuthorized = verror.Register(pkgPath+".errNotAuthorized", verror.NoRetry, "{1:}{2:} none of the client's blessings are valid {:_}")
)
// NewApplicationService returns a new Application service implementation.
func NewApplicationService(store *fs.Memstore, storeRoot, suffix string) repository.ApplicationServerMethods {
return &appRepoService{store: store, storeRoot: storeRoot, suffix: suffix}
}
func parse(ctx *context.T, suffix string) (string, string, error) {
tokens := strings.Split(suffix, "/")
switch len(tokens) {
case 2:
return tokens[0], tokens[1], nil
case 1:
return tokens[0], "", nil
default:
return "", "", verror.New(ErrInvalidSuffix, ctx)
}
}
func (i *appRepoService) Match(ctx *context.T, call rpc.ServerCall, profiles []string) (application.Envelope, error) {
vlog.VI(0).Infof("%v.Match(%v)", i.suffix, profiles)
empty := application.Envelope{}
name, version, err := parse(ctx, i.suffix)
if err != nil {
return empty, err
}
if version == "" {
return empty, verror.New(ErrInvalidSuffix, ctx)
}
i.store.Lock()
defer i.store.Unlock()
for _, profile := range profiles {
path := naming.Join("/applications", name, profile, version)
entry, err := i.store.BindObject(path).Get(call)
if err != nil {
continue
}
envelope, ok := entry.Value.(application.Envelope)
if !ok {
continue
}
return envelope, nil
}
return empty, verror.New(verror.ErrNoExist, ctx)
}
func (i *appRepoService) Put(ctx *context.T, call rpc.ServerCall, profiles []string, envelope application.Envelope) error {
vlog.VI(0).Infof("%v.Put(%v, %v)", i.suffix, profiles, envelope)
name, version, err := parse(ctx, i.suffix)
if err != nil {
return err
}
if version == "" {
return verror.New(ErrInvalidSuffix, ctx)
}
i.store.Lock()
defer i.store.Unlock()
// Transaction is rooted at "", so tname == tid.
tname, err := i.store.BindTransactionRoot("").CreateTransaction(call)
if err != nil {
return err
}
// Only add a Permissions value if there is not already one present.
apath := naming.Join("/acls", name, "data")
aobj := i.store.BindObject(apath)
if _, err := aobj.Get(call); verror.ErrorID(err) == fs.ErrNotInMemStore.ID {
rb, _ := security.RemoteBlessingNames(ctx, call.Security())
if len(rb) == 0 {
// None of the client's blessings are valid.
return verror.New(ErrNotAuthorized, ctx)
}
newperms := pathperms.PermissionsForBlessings(rb)
if _, err := aobj.Put(nil, newperms); err != nil {
return err
}
}
for _, profile := range profiles {
path := naming.Join(tname, "/applications", name, profile, version)
object := i.store.BindObject(path)
_, err := object.Put(call, envelope)
if err != nil {
return verror.New(ErrOperationFailed, ctx)
}
}
if err := i.store.BindTransaction(tname).Commit(call); err != nil {
return verror.New(ErrOperationFailed, ctx)
}
return nil
}
func (i *appRepoService) Remove(ctx *context.T, call rpc.ServerCall, profile string) error {
vlog.VI(0).Infof("%v.Remove(%v)", i.suffix, profile)
name, version, err := parse(ctx, i.suffix)
if err != nil {
return err
}
i.store.Lock()
defer i.store.Unlock()
// Transaction is rooted at "", so tname == tid.
tname, err := i.store.BindTransactionRoot("").CreateTransaction(call)
if err != nil {
return err
}
path := naming.Join(tname, "/applications", name, profile)
if version != "" {
path += "/" + version
}
object := i.store.BindObject(path)
found, err := object.Exists(call)
if err != nil {
return verror.New(ErrOperationFailed, ctx)
}
if !found {
return verror.New(verror.ErrNoExist, ctx)
}
if err := object.Remove(call); err != nil {
return verror.New(ErrOperationFailed, ctx)
}
if err := i.store.BindTransaction(tname).Commit(call); err != nil {
return verror.New(ErrOperationFailed, ctx)
}
return nil
}
func (i *appRepoService) allApplications() ([]string, error) {
apps, err := i.store.BindObject("/applications").Children()
if err != nil {
return nil, err
}
return apps, nil
}
func (i *appRepoService) allAppVersions(appName string) ([]string, error) {
profiles, err := i.store.BindObject(naming.Join("/applications", appName)).Children()
if err != nil {
return nil, err
}
uniqueVersions := make(map[string]struct{})
for _, profile := range profiles {
versions, err := i.store.BindObject(naming.Join("/applications", appName, profile)).Children()
if err != nil {
return nil, err
}
for _, v := range versions {
uniqueVersions[v] = struct{}{}
}
}
versions := make([]string, len(uniqueVersions))
index := 0
for v, _ := range uniqueVersions {
versions[index] = v
index++
}
return versions, nil
}
func (i *appRepoService) GlobChildren__(*context.T, rpc.ServerCall) (<-chan string, error) {
vlog.VI(0).Infof("%v.GlobChildren__()", i.suffix)
i.store.Lock()
defer i.store.Unlock()
var elems []string
if i.suffix != "" {
elems = strings.Split(i.suffix, "/")
}
var results []string
var err error
switch len(elems) {
case 0:
results, err = i.allApplications()
if err != nil {
return nil, err
}
case 1:
results, err = i.allAppVersions(elems[0])
if err != nil {
return nil, err
}
case 2:
versions, err := i.allAppVersions(elems[0])
if err != nil {
return nil, err
}
for _, v := range versions {
if v == elems[1] {
return nil, nil
}
}
return nil, verror.New(verror.ErrNoExist, nil)
default:
return nil, verror.New(verror.ErrNoExist, nil)
}
ch := make(chan string, len(results))
for _, r := range results {
ch <- r
}
close(ch)
return ch, nil
}
func (i *appRepoService) GetPermissions(ctx *context.T, call rpc.ServerCall) (perms access.Permissions, version string, err error) {
name, _, err := parse(ctx, i.suffix)
if err != nil {
return nil, "", err
}
i.store.Lock()
defer i.store.Unlock()
path := naming.Join("/acls", name, "data")
perms, version, err = getPermissions(i.store, path)
if verror.ErrorID(err) == verror.ErrNoExist.ID {
return pathperms.NilAuthPermissions(ctx, call.Security()), "", nil
}
return perms, version, err
}
func (i *appRepoService) SetPermissions(ctx *context.T, _ rpc.ServerCall, perms access.Permissions, version string) error {
name, _, err := parse(ctx, i.suffix)
if err != nil {
return err
}
i.store.Lock()
defer i.store.Unlock()
path := naming.Join("/acls", name, "data")
return setPermissions(i.store, path, perms, version)
}
// getPermissions fetches a Permissions out of the Memstore at the provided path.
// path is expected to already have been cleaned by naming.Join or its ilk.
func getPermissions(store *fs.Memstore, path string) (access.Permissions, string, error) {
entry, err := store.BindObject(path).Get(nil)
if verror.ErrorID(err) == fs.ErrNotInMemStore.ID {
// No Permissions exists
return nil, "", verror.New(verror.ErrNoExist, nil)
} else if err != nil {
vlog.Errorf("getPermissions: internal failure in fs.Memstore")
return nil, "", err
}
perms, ok := entry.Value.(access.Permissions)
if !ok {
return nil, "", err
}
version, err := pathperms.ComputeVersion(perms)
if err != nil {
return nil, "", err
}
return perms, version, nil
}
// setPermissions writes a Permissions into the Memstore at the provided path.
// where path is expected to have already been cleaned by naming.Join.
func setPermissions(store *fs.Memstore, path string, perms access.Permissions, version string) error {
if version != "" {
_, oversion, err := getPermissions(store, path)
if verror.ErrorID(err) == verror.ErrNoExist.ID {
oversion = version
} else if err != nil {
return err
}
if oversion != version {
return verror.NewErrBadVersion(nil)
}
}
tname, err := store.BindTransactionRoot("").CreateTransaction(nil)
if err != nil {
return err
}
object := store.BindObject(path)
if _, err := object.Put(nil, perms); err != nil {
return err
}
if err := store.BindTransaction(tname).Commit(nil); err != nil {
return verror.New(ErrOperationFailed, nil)
}
return nil
}