x/ref: Flatten services/security/{discharger,role}
We're moving to a flatter package structure, so we will no longer
have services/mgmt or services/security. This is a mechanical
change along those lines.
services/security/discharger.vdl -> services/discharger
services/security/discharger -> services/discharger/dischargerlib
services/security/role.vdl -> services/role
services/security/roled -> services/role/roled
Change-Id: Ia11539df7c97a01107de87ac05618b5df3295112
diff --git a/cmd/vrun/vrun.go b/cmd/vrun/vrun.go
index 4bdafd1..6fdf2db 100644
--- a/cmd/vrun/vrun.go
+++ b/cmd/vrun/vrun.go
@@ -15,7 +15,7 @@
"v.io/x/ref/envvar"
"v.io/x/ref/security/agent"
"v.io/x/ref/security/agent/keymgr"
- isecurity "v.io/x/ref/services/security"
+ "v.io/x/ref/services/role"
"v.io/v23"
"v.io/v23/context"
@@ -27,8 +27,8 @@
var (
durationFlag time.Duration
- name string
- role string
+ nameFlag string
+ roleFlag string
)
var cmdVrun = &cmdline.Command{
@@ -44,8 +44,8 @@
syscall.CloseOnExec(4)
cmdVrun.Flags.DurationVar(&durationFlag, "duration", 1*time.Hour, "Duration for the blessing.")
- cmdVrun.Flags.StringVar(&name, "name", "", "Name to use for the blessing. Uses the command name if unset.")
- cmdVrun.Flags.StringVar(&role, "role", "", "Role object from which to request the blessing. If set, the blessings from this role server are used and --name is ignored. If not set, the default blessings of the calling principal are extended with --name.")
+ cmdVrun.Flags.StringVar(&nameFlag, "name", "", "Name to use for the blessing. Uses the command name if unset.")
+ cmdVrun.Flags.StringVar(&roleFlag, "role", "", "Role object from which to request the blessing. If set, the blessings from this role server are used and --name is ignored. If not set, the default blessings of the calling principal are extended with --name.")
os.Exit(cmdVrun.Main())
}
@@ -61,11 +61,11 @@
if err != nil {
return err
}
- if len(role) == 0 {
- if len(name) == 0 {
- name = filepath.Base(args[0])
+ if len(roleFlag) == 0 {
+ if len(nameFlag) == 0 {
+ nameFlag = filepath.Base(args[0])
}
- if err := bless(ctx, principal, name); err != nil {
+ if err := bless(ctx, principal, nameFlag); err != nil {
return err
}
} else {
@@ -73,14 +73,14 @@
// with RoleSuffix. This is to avoid accidentally granting role
// access to anything else that might have been blessed by the
// same principal.
- if err := bless(ctx, principal, isecurity.RoleSuffix); err != nil {
+ if err := bless(ctx, principal, role.RoleSuffix); err != nil {
return err
}
rCtx, err := v23.SetPrincipal(ctx, principal)
if err != nil {
return err
}
- if err := setupRoleBlessings(rCtx, role); err != nil {
+ if err := setupRoleBlessings(rCtx, roleFlag); err != nil {
return err
}
}
@@ -165,8 +165,8 @@
return principal, conn, nil
}
-func setupRoleBlessings(ctx *context.T, role string) error {
- b, err := isecurity.RoleClient(role).SeekBlessings(ctx)
+func setupRoleBlessings(ctx *context.T, roleStr string) error {
+ b, err := role.RoleClient(roleStr).SeekBlessings(ctx)
if err != nil {
return err
}
diff --git a/services/security/discharger.vdl b/services/discharger/discharger.vdl
similarity index 97%
rename from services/security/discharger.vdl
rename to services/discharger/discharger.vdl
index 040fe21..7aed262 100644
--- a/services/security/discharger.vdl
+++ b/services/discharger/discharger.vdl
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package security
+package discharger
import "v.io/v23/security"
diff --git a/services/security/discharger.vdl.go b/services/discharger/discharger.vdl.go
similarity index 95%
rename from services/security/discharger.vdl.go
rename to services/discharger/discharger.vdl.go
index 3b0715a..1024842 100644
--- a/services/security/discharger.vdl.go
+++ b/services/discharger/discharger.vdl.go
@@ -5,7 +5,7 @@
// This file was auto-generated by the vanadium vdl tool.
// Source: discharger.vdl
-package security
+package discharger
import (
// VDL system imports
@@ -21,7 +21,7 @@
var (
// Indicates that the Caveat does not require a discharge
- ErrNotAThirdPartyCaveat = verror.Register("v.io/x/ref/services/security.NotAThirdPartyCaveat", verror.NoRetry, "{1:}{2:} discharges are not required for non-third-party caveats (id: {c.id})")
+ ErrNotAThirdPartyCaveat = verror.Register("v.io/x/ref/services/discharger.NotAThirdPartyCaveat", verror.NoRetry, "{1:}{2:} discharges are not required for non-third-party caveats (id: {c.id})")
)
func init() {
@@ -132,7 +132,7 @@
// descDischarger hides the desc to keep godoc clean.
var descDischarger = rpc.InterfaceDesc{
Name: "Discharger",
- PkgPath: "v.io/x/ref/services/security",
+ PkgPath: "v.io/x/ref/services/discharger",
Doc: "// Discharger is the interface for obtaining discharges for ThirdPartyCaveats.",
Methods: []rpc.MethodDesc{
{
diff --git a/services/security/discharger/discharger.go b/services/discharger/dischargerlib/discharger.go
similarity index 86%
rename from services/security/discharger/discharger.go
rename to services/discharger/dischargerlib/discharger.go
index 30ad199..1c3e405 100644
--- a/services/security/discharger/discharger.go
+++ b/services/discharger/dischargerlib/discharger.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package discharger
+package dischargerlib
import (
"fmt"
@@ -10,7 +10,7 @@
"v.io/v23/rpc"
"v.io/v23/security"
- services "v.io/x/ref/services/security"
+ "v.io/x/ref/services/discharger"
)
// dischargerd issues discharges for all caveats present in the current
@@ -22,7 +22,7 @@
secCall := security.GetCall(ctx)
tp := caveat.ThirdPartyDetails()
if tp == nil {
- return security.Discharge{}, services.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
+ return security.Discharge{}, discharger.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
}
if err := tp.Dischargeable(ctx); err != nil {
return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
@@ -40,6 +40,6 @@
// Discharges are valid for 15 minutes.
// TODO(ashankar,ataly): Parameterize this? Make it easier for clients to add
// caveats on the discharge?
-func NewDischarger() services.DischargerServerMethods {
+func NewDischarger() discharger.DischargerServerMethods {
return dischargerd{}
}
diff --git a/services/identity/internal/revocation/revocation_test.go b/services/identity/internal/revocation/revocation_test.go
index 463f12d..ce54d9b 100644
--- a/services/identity/internal/revocation/revocation_test.go
+++ b/services/identity/internal/revocation/revocation_test.go
@@ -8,8 +8,8 @@
"testing"
_ "v.io/x/ref/profiles"
- services "v.io/x/ref/services/security"
- "v.io/x/ref/services/security/discharger"
+ "v.io/x/ref/services/discharger"
+ "v.io/x/ref/services/discharger/dischargerlib"
"v.io/x/ref/test"
"v.io/v23"
@@ -29,7 +29,7 @@
if err != nil {
t.Fatalf("dischargerServer.Listen failed: %v", err)
}
- dischargerServiceStub := services.DischargerServer(discharger.NewDischarger())
+ dischargerServiceStub := discharger.DischargerServer(dischargerlib.NewDischarger())
if err := dischargerServer.Serve("", dischargerServiceStub, nil); err != nil {
t.Fatalf("dischargerServer.Serve revoker: %s", err)
}
@@ -48,7 +48,7 @@
dcKey, dc, revoker, closeFunc := revokerSetup(t, ctx)
defer closeFunc()
- discharger := services.DischargerClient(dc)
+ discharger := discharger.DischargerClient(dc)
caveat, err := revoker.NewCaveat(dcKey, dc)
if err != nil {
t.Fatalf("failed to create revocation caveat: %s", err)
diff --git a/services/identity/internal/server/identityd.go b/services/identity/internal/server/identityd.go
index 089a765..733e26d 100644
--- a/services/identity/internal/server/identityd.go
+++ b/services/identity/internal/server/identityd.go
@@ -27,6 +27,8 @@
"v.io/x/ref/lib/signals"
"v.io/x/ref/security/audit"
+ "v.io/x/ref/services/discharger"
+ "v.io/x/ref/services/discharger/dischargerlib"
"v.io/x/ref/services/identity/internal/auditor"
"v.io/x/ref/services/identity/internal/blesser"
"v.io/x/ref/services/identity/internal/caveats"
@@ -35,8 +37,6 @@
"v.io/x/ref/services/identity/internal/revocation"
"v.io/x/ref/services/identity/internal/templates"
"v.io/x/ref/services/identity/internal/util"
- services "v.io/x/ref/services/security"
- "v.io/x/ref/services/security/discharger"
)
const (
@@ -242,7 +242,7 @@
func newDispatcher(macaroonKey []byte, blesserParams blesser.OAuthBlesserParams) rpc.Dispatcher {
d := dispatcher(map[string]interface{}{
macaroonService: blesser.NewMacaroonBlesserServer(macaroonKey),
- dischargerService: services.DischargerServer(discharger.NewDischarger()),
+ dischargerService: discharger.DischargerServer(dischargerlib.NewDischarger()),
oauthBlesserService: blesser.NewOAuthBlesserServer(blesserParams),
})
// Set up the glob invoker.
diff --git a/services/security/role.vdl b/services/role/role.vdl
similarity index 97%
rename from services/security/role.vdl
rename to services/role/role.vdl
index 26e970a..454d0dc 100644
--- a/services/security/role.vdl
+++ b/services/role/role.vdl
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package security
+package role
import "v.io/v23/security"
diff --git a/services/security/role.vdl.go b/services/role/role.vdl.go
similarity index 98%
rename from services/security/role.vdl.go
rename to services/role/role.vdl.go
index e15db68..1b4ab83 100644
--- a/services/security/role.vdl.go
+++ b/services/role/role.vdl.go
@@ -5,7 +5,7 @@
// This file was auto-generated by the vanadium vdl tool.
// Source: role.vdl
-package security
+package role
import (
// VDL system imports
@@ -130,7 +130,7 @@
// descRole hides the desc to keep godoc clean.
var descRole = rpc.InterfaceDesc{
Name: "Role",
- PkgPath: "v.io/x/ref/services/security",
+ PkgPath: "v.io/x/ref/services/role",
Doc: "// Role is an interface to request blessings from a role account server. The\n// returned blessings are bound to the client's public key thereby authorizing\n// the client to acquire the role. The server may tie the returned blessings\n// with the client's presented blessing name in order to maintain audit\n// information in the blessing.\n//\n// In order to avoid granting role blessings to all delegates of a principal,\n// the role server requires that each authorized blessing presented by the\n// client have the string \"_role\" as suffix.",
Methods: []rpc.MethodDesc{
{
diff --git a/services/security/roled/internal/caveats.vdl b/services/role/roled/internal/caveats.vdl
similarity index 100%
rename from services/security/roled/internal/caveats.vdl
rename to services/role/roled/internal/caveats.vdl
diff --git a/services/security/roled/internal/caveats.vdl.go b/services/role/roled/internal/caveats.vdl.go
similarity index 100%
rename from services/security/roled/internal/caveats.vdl.go
rename to services/role/roled/internal/caveats.vdl.go
diff --git a/services/security/roled/internal/config.vdl b/services/role/roled/internal/config.vdl
similarity index 100%
rename from services/security/roled/internal/config.vdl
rename to services/role/roled/internal/config.vdl
diff --git a/services/security/roled/internal/config.vdl.go b/services/role/roled/internal/config.vdl.go
similarity index 95%
rename from services/security/roled/internal/config.vdl.go
rename to services/role/roled/internal/config.vdl.go
index 6e10437..0928eb7 100644
--- a/services/security/roled/internal/config.vdl.go
+++ b/services/role/roled/internal/config.vdl.go
@@ -40,7 +40,7 @@
}
func (Config) __VDLReflect(struct {
- Name string "v.io/x/ref/services/security/roled/internal.Config"
+ Name string "v.io/x/ref/services/role/roled/internal.Config"
}) {
}
diff --git a/services/security/roled/internal/discharger.go b/services/role/roled/internal/discharger.go
similarity index 84%
rename from services/security/roled/internal/discharger.go
rename to services/role/roled/internal/discharger.go
index 8bcab33..43b2cd9 100644
--- a/services/security/roled/internal/discharger.go
+++ b/services/role/roled/internal/discharger.go
@@ -13,7 +13,7 @@
"v.io/v23/security"
"v.io/v23/verror"
- isecurity "v.io/x/ref/services/security"
+ "v.io/x/ref/services/discharger"
"v.io/x/lib/vlog"
)
@@ -26,12 +26,12 @@
}
-type discharger struct{}
+type dischargerImpl struct{}
-func (discharger) Discharge(call rpc.ServerCall, caveat security.Caveat, impetus security.DischargeImpetus) (security.Discharge, error) {
+func (dischargerImpl) Discharge(call rpc.ServerCall, caveat security.Caveat, impetus security.DischargeImpetus) (security.Discharge, error) {
details := caveat.ThirdPartyDetails()
if details == nil {
- return security.Discharge{}, isecurity.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
+ return security.Discharge{}, discharger.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
}
if err := details.Dischargeable(call.Context()); err != nil {
return security.Discharge{}, err
diff --git a/services/security/roled/internal/dispatcher.go b/services/role/roled/internal/dispatcher.go
similarity index 93%
rename from services/security/roled/internal/dispatcher.go
rename to services/role/roled/internal/dispatcher.go
index 22478b9..7081124 100644
--- a/services/security/roled/internal/dispatcher.go
+++ b/services/role/roled/internal/dispatcher.go
@@ -16,12 +16,13 @@
"v.io/v23/security"
"v.io/v23/verror"
- isecurity "v.io/x/ref/services/security"
+ "v.io/x/ref/services/discharger"
+ "v.io/x/ref/services/role"
"v.io/x/lib/vlog"
)
-const requiredSuffix = security.ChainSeparator + isecurity.RoleSuffix
+const requiredSuffix = security.ChainSeparator + role.RoleSuffix
// NewDispatcher returns a dispatcher object for a role service and its
// associated discharger service.
@@ -41,7 +42,7 @@
func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
if len(suffix) == 0 {
- return isecurity.DischargerServer(&discharger{}), &openAuthorizer{}, nil
+ return discharger.DischargerServer(&dischargerImpl{}), &openAuthorizer{}, nil
}
fileName := filepath.Join(d.configRoot, filepath.FromSlash(suffix+".conf"))
if !strings.HasPrefix(fileName, d.configRoot) {
@@ -57,7 +58,7 @@
return nil, nil, verror.Convert(verror.ErrInternal, nil, err)
}
obj := &roleService{role: suffix, config: config, dischargerLocation: d.dischargerLocation}
- return isecurity.RoleServer(obj), &authorizer{config}, nil
+ return role.RoleServer(obj), &authorizer{config}, nil
}
type openAuthorizer struct{}
diff --git a/services/security/roled/internal/doc.go b/services/role/roled/internal/doc.go
similarity index 90%
rename from services/security/roled/internal/doc.go
rename to services/role/roled/internal/doc.go
index 118ee40..f72d7c5 100644
--- a/services/security/roled/internal/doc.go
+++ b/services/role/roled/internal/doc.go
@@ -2,5 +2,5 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package internal implements the role service defined in v.io/x/ref/services/security
+// Package internal implements the role service defined in v.io/x/ref/services/role
package internal
diff --git a/services/security/roled/internal/role.go b/services/role/roled/internal/role.go
similarity index 90%
rename from services/security/roled/internal/role.go
rename to services/role/roled/internal/role.go
index c3e8b24..7b1f129 100644
--- a/services/security/roled/internal/role.go
+++ b/services/role/roled/internal/role.go
@@ -16,11 +16,11 @@
"v.io/x/lib/vlog"
- isecurity "v.io/x/ref/services/security"
+ "v.io/x/ref/services/role"
)
var (
- errNoLocalBlessings = verror.Register("v.io/x/ref/services/security/roled/internal/noLocalBlessings", verror.NoRetry, "{1:}{2:} no local blessings")
+ errNoLocalBlessings = verror.Register("v.io/x/ref/services/role/roled/internal/noLocalBlessings", verror.NoRetry, "{1:}{2:} no local blessings")
)
type roleService struct {
@@ -68,14 +68,14 @@
return results
}
-func extensions(config *Config, role string, blessingNames []string) []string {
+func extensions(config *Config, roleStr string, blessingNames []string) []string {
if !config.Extend {
- return []string{role}
+ return []string{roleStr}
}
var extensions []string
for _, b := range blessingNames {
- b = strings.TrimSuffix(b, security.ChainSeparator+isecurity.RoleSuffix)
- extensions = append(extensions, role+security.ChainSeparator+b)
+ b = strings.TrimSuffix(b, security.ChainSeparator+role.RoleSuffix)
+ extensions = append(extensions, roleStr+security.ChainSeparator+b)
}
return extensions
}
diff --git a/services/security/roled/internal/role_internal_test.go b/services/role/roled/internal/role_internal_test.go
similarity index 100%
rename from services/security/roled/internal/role_internal_test.go
rename to services/role/roled/internal/role_internal_test.go
diff --git a/services/security/roled/internal/role_test.go b/services/role/roled/internal/role_test.go
similarity index 97%
rename from services/security/roled/internal/role_test.go
rename to services/role/roled/internal/role_test.go
index b1f5c43..023e15b 100644
--- a/services/security/roled/internal/role_test.go
+++ b/services/role/roled/internal/role_test.go
@@ -20,8 +20,8 @@
_ "v.io/x/ref/profiles"
vsecurity "v.io/x/ref/security"
- isecurity "v.io/x/ref/services/security"
- irole "v.io/x/ref/services/security/roled/internal"
+ "v.io/x/ref/services/role"
+ irole "v.io/x/ref/services/role/roled/internal"
"v.io/x/ref/test/testutil"
)
@@ -104,7 +104,7 @@
addr := newRoleServer(t, newPrincipalContext(t, ctx, root, "roles"), workdir)
for _, tc := range testcases {
user := v23.GetPrincipal(tc.ctx).BlessingStore().Default()
- c := isecurity.RoleClient(naming.Join(addr, tc.role))
+ c := role.RoleClient(naming.Join(addr, tc.role))
blessings, err := c.SeekBlessings(tc.ctx)
if verror.ErrorID(err) != tc.errID {
t.Errorf("unexpected error ID for (%q, %q). Got %#v, expected %#v", user, tc.role, verror.ErrorID(err), tc.errID)
diff --git a/services/security/roled/main.go b/services/role/roled/main.go
similarity index 95%
rename from services/security/roled/main.go
rename to services/role/roled/main.go
index 38a3a61..655156c 100644
--- a/services/security/roled/main.go
+++ b/services/role/roled/main.go
@@ -14,7 +14,7 @@
"v.io/x/lib/vlog"
"v.io/x/ref/lib/signals"
_ "v.io/x/ref/profiles/static"
- irole "v.io/x/ref/services/security/roled/internal"
+ irole "v.io/x/ref/services/role/roled/internal"
)
var (
