"core": Shell tests must use the agent
This CL moves the veyron/tool/mgmt and veyron/services/identity
shell tests so that they only use a principal supplied by the agent
(as opposed to the VEYRON_CREDENTIALS directory).
With this CL, all shell tests in the core package would switch to
using the agent.
Change-Id: I986a646381d2b129698402f7fe82f9730b3b6a0c
diff --git a/services/identity/server/identityd.go b/services/identity/server/identityd.go
index 49e9bdc..c388d60 100644
--- a/services/identity/server/identityd.go
+++ b/services/identity/server/identityd.go
@@ -76,7 +76,10 @@
func (s *identityd) Serve() {
flag.Parse()
- runtime, err := rt.New(options.RuntimePrincipal{providerPrincipal(s.auditor)})
+ p, r := providerPrincipal(s.auditor)
+ defer r.Cleanup()
+
+ runtime, err := rt.New(options.RuntimePrincipal{p})
if err != nil {
vlog.Fatal(err)
}
@@ -226,14 +229,21 @@
}
// providerPrincipal returns the Principal to use for the identity provider (i.e., this program).
-func providerPrincipal(auditor audit.Auditor) security.Principal {
+//
+// TODO(ataly, suharhs, mattr): HACK!!! This method also returns the runtime that it creates
+// internally to read the principal supplied by the environment. This runtime must be cleaned up
+// whenever identity server is shutdown. The runtime cannot be cleaned up here as the server may
+// be running under an agent in which case cleaning up the runtime closes the connection to the
+// agent. Therefore we return the runtime so that it can be cleaned up eventually. This problem
+// would hopefully go away once we change the runtime to a context.T and have mechanisms for
+// constructing and managing derived context.Ts.
+func providerPrincipal(auditor audit.Auditor) (security.Principal, veyron2.Runtime) {
// TODO(ashankar): Somewhat silly to have to create a runtime, but oh-well.
r, err := rt.New()
if err != nil {
vlog.Fatal(err)
}
- defer r.Cleanup()
- return audit.NewPrincipal(r.Principal(), auditor)
+ return audit.NewPrincipal(r.Principal(), auditor), r
}
func httpaddress() string {
diff --git a/services/identity/test.sh b/services/identity/test.sh
index 5b30587..471e140 100755
--- a/services/identity/test.sh
+++ b/services/identity/test.sh
@@ -4,6 +4,9 @@
source "$(go list -f {{.Dir}} v.io/core/shell/lib)/shell_test.sh"
+# Run the test under the security agent.
+shell_test::enable_agent "$@"
+
readonly WORKDIR="${shell_test_WORK_DIR}"
build() {
@@ -32,14 +35,12 @@
main() {
cd "${WORKDIR}"
build
-
+
shell_test::setup_server_test || shell_test::fail "line ${LINENO} failed to setup server test"
- unset VEYRON_CREDENTIALS
# Start the identityd server in test identity server.
- shell_test::start_server "${IDENTITYD_BIN}" --host=localhost -veyron.tcp.address=127.0.0.1:0
+ shell_test::start_server "${VRUN}" "${IDENTITYD_BIN}" --host=localhost -veyron.tcp.address=127.0.0.1:0
echo Identityd Log File: $START_SERVER_LOG_FILE
- export VEYRON_CREDENTIALS="$(shell::tmp_dir)"
# Test an initial seekblessings call, with a specified VEYRON_CREDENTIALS.
WANT="Received blessings"
diff --git a/tools/mgmt/test.sh b/tools/mgmt/test.sh
index b2d50b2..0198535 100755
--- a/tools/mgmt/test.sh
+++ b/tools/mgmt/test.sh
@@ -4,6 +4,9 @@
source "$(go list -f {{.Dir}} v.io/core/shell/lib)/shell_test.sh"
+# Run the test under the security agent.
+shell_test::enable_agent "$@"
+
readonly WORKDIR="${shell_test_WORK_DIR}"
build() {
@@ -83,15 +86,13 @@
BIN_STAGING_DIR=$(shell::tmp_dir)
cp "${AGENTD_BIN}" "${SUIDHELPER_BIN}" "${DEVICEMANAGER_BIN}" "${BIN_STAGING_DIR}"
shell_test::setup_server_test
- # Unset VEYRON_CREDENTIALS set in setup_server_test.
- export VEYRON_CREDENTIALS=
# TODO(caprita): Expose an option to turn --single_user off, so we can run
# test.sh by hand and exercise the code that requires root privileges.
# Install and start device manager.
DM_INSTALL_DIR=$(shell::tmp_dir)
- shell_test::start_server "${DMINSTALL_SCRIPT}" --single_user "${DM_INSTALL_DIR}" \
+ shell_test::start_server "${VRUN}" "${DMINSTALL_SCRIPT}" --single_user "${DM_INSTALL_DIR}" \
"${BIN_STAGING_DIR}" -- --veyron.tcp.address=127.0.0.1:0 || shell_test::fail "line ${LINENO} failed to start device manager"
local -r DM_NAME=$(hostname)
DM_EP=$(wait_for_mountentry "${NAMESPACE_BIN}" 5 "${DM_NAME}")
@@ -102,12 +103,16 @@
# Verify that device manager is published under the expected name (hostname).
shell_test::assert_ne "$("${NAMESPACE_BIN}" glob "${DM_NAME}")" "" "${LINENO}"
- # Create the client principal, "alice".
- "${PRINCIPAL_BIN}" create --overwrite=true ./alice alice >/dev/null || \
- shell_test::fail "line ${LINENO}: create alice failed"
-
- # All the commands executed henceforth will run as alice.
- export VEYRON_CREDENTIALS=./alice
+ # Create a self-signed blessing with name "alice" and set it as default and
+ # shareable with all peers on the principal that this process is running
+ # as. This blessing will be used by all commands except those running under
+ # "vrun" which gets a principal forked from the process principal.
+ "${PRINCIPAL_BIN}" blessself alice > alice.bless || \
+ shell_test::fail "line ${LINENO}: blessself alice failed"
+ "${PRINCIPAL_BIN}" store setdefault alice.bless || \
+ shell_test::fail "line ${LINENO}: store setdefault failed"
+ "${PRINCIPAL_BIN}" store set alice.bless ... || \
+ shell_test::fail "line ${LINENO}: store set failed"
# Claim the device as "alice/myworkstation".
"${DEVICE_BIN}" claim "${DM_NAME}/device" myworkstation
@@ -116,9 +121,10 @@
shell_test::assert_eq "$("${DEBUG_BIN}" stats read "${DM_NAME}/__debug/stats/security/principal/blessingstore" | head -1 | sed -e 's/^.*Default blessings: '//)" \
"alice/myworkstation" "${LINENO}"
- # Start a binary server.
+ # Start a binary server under the blessing "alice/myworkstation/binaryd" so that
+ # the device ("alice/myworkstation") can talk to it.
local -r BINARYD_NAME="binaryd"
- shell_test::start_server "${BINARYD_BIN}" --name="${BINARYD_NAME}" \
+ shell_test::start_server "${VRUN}" --name=myworkstation/binaryd "${BINARYD_BIN}" --name="${BINARYD_NAME}" \
--root_dir="$(shell::tmp_dir)/binstore" --veyron.tcp.address=127.0.0.1:0 --http=127.0.0.1:0 \
|| shell_test::fail "line ${LINENO} failed to start binaryd"
@@ -131,9 +137,10 @@
shell_test::assert_eq "$("${NAMESPACE_BIN}" glob "${SAMPLE_APP_BIN_NAME}")" \
"${SAMPLE_APP_BIN_NAME}" "${LINENO}"
- # Start an application server.
+ # Start an application server under the blessing "alice/myworkstation/applicationd" so that
+ # the device ("alice/myworkstation") can talk to it.
local -r APPLICATIOND_NAME="applicationd"
- shell_test::start_server "${APPLICATIOND_BIN}" --name="${APPLICATIOND_NAME}" \
+ shell_test::start_server "${VRUN}" --name=myworkstation/applicationd "${APPLICATIOND_BIN}" --name="${APPLICATIOND_NAME}" \
--store="$(shell::tmp_dir)" --veyron.tcp.address=127.0.0.1:0 \
|| shell_test::fail "line ${LINENO} failed to start applicationd"
