veyron/services/mgmt/node: Add the standard ACL Authorizer.
Add the standard ACL authorizer and --address/--protocol flags. All the
exported methods require Admin privileges.
Fix impl_test to work when VEYRON_IDENTITY and/or MOUNTTABLE_ROOT are
already present in the environment.
Change-Id: I714d33f4c2e5d46e45f044ae4247c9a9a1cfa8e7
diff --git a/services/mgmt/node/impl/dispatcher.go b/services/mgmt/node/impl/dispatcher.go
index 53c606b..5de34ea 100644
--- a/services/mgmt/node/impl/dispatcher.go
+++ b/services/mgmt/node/impl/dispatcher.go
@@ -11,13 +11,15 @@
type dispatcher struct {
envelope *application.Envelope
origin string
+ auth security.Authorizer
}
// NewDispatcher is the dispatcher factory.
-func NewDispatcher(envelope *application.Envelope, origin string) *dispatcher {
+func NewDispatcher(envelope *application.Envelope, origin string, auth security.Authorizer) *dispatcher {
return &dispatcher{
envelope: envelope,
origin: origin,
+ auth: auth,
}
}
@@ -25,5 +27,5 @@
func (d *dispatcher) Lookup(suffix string) (ipc.Invoker, security.Authorizer, error) {
invoker := ipc.ReflectInvoker(node.NewServerNode(NewInvoker(d.envelope, d.origin, suffix)))
- return invoker, nil, nil
+ return invoker, d.auth, nil
}
diff --git a/services/mgmt/node/impl/impl_test.go b/services/mgmt/node/impl/impl_test.go
index a4d350b..a8e04be 100644
--- a/services/mgmt/node/impl/impl_test.go
+++ b/services/mgmt/node/impl/impl_test.go
@@ -6,6 +6,7 @@
"io"
"os"
"strconv"
+ "strings"
"testing"
"veyron/lib/signals"
@@ -116,9 +117,21 @@
blackbox.WaitForEOFOnStdin()
}
+func setEnv(env []string, name, value string) []string {
+ newValue := name + "=" + value
+ for i, v := range env {
+ if strings.HasPrefix(v, name+"=") {
+ env[i] = newValue
+ return env
+ }
+ }
+ return append(env, newValue)
+}
+
func spawnNodeManager(t *testing.T, arAddress, mtAddress string, idFile string) *blackbox.Child {
child := blackbox.HelperCommand(t, "nodeManager", arAddress)
- child.Cmd.Env = append(child.Cmd.Env, fmt.Sprintf("MOUNTTABLE_ROOT=%v", mtAddress), fmt.Sprintf("VEYRON_IDENTITY=%v", idFile))
+ child.Cmd.Env = setEnv(child.Cmd.Env, "MOUNTTABLE_ROOT", mtAddress)
+ child.Cmd.Env = setEnv(child.Cmd.Env, "VEYRON_IDENTITY", idFile)
if err := child.Cmd.Start(); err != nil {
t.Fatalf("Start() failed: %v", err)
}
@@ -208,7 +221,7 @@
if err != nil {
vlog.Fatalf("Listen(%v, %v) failed: %v", protocol, hostname, err)
}
- suffix, dispatcher := "", impl.NewDispatcher(&application.Envelope{}, origin)
+ suffix, dispatcher := "", impl.NewDispatcher(&application.Envelope{}, origin, nil)
if err := server.Register(suffix, dispatcher); err != nil {
vlog.Fatalf("Register(%v, %v) failed: %v", suffix, dispatcher, err)
}
diff --git a/services/mgmt/node/noded/main.go b/services/mgmt/node/noded/main.go
index 7b78cf1..76dce1e 100644
--- a/services/mgmt/node/noded/main.go
+++ b/services/mgmt/node/noded/main.go
@@ -5,15 +5,20 @@
"veyron/lib/exec"
"veyron/lib/signals"
+ vflag "veyron/security/flag"
"veyron/services/mgmt/node/impl"
+
"veyron2/rt"
"veyron2/services/mgmt/application"
"veyron2/vlog"
)
func main() {
- var name, origin string
+ // TODO(rthellend): Remove the address and protocol flags when the config manager is working.
+ var address, protocol, name, origin string
+ flag.StringVar(&address, "address", "localhost:0", "network address to listen on")
flag.StringVar(&name, "name", "", "name to publish the node manager at")
+ flag.StringVar(&protocol, "protocol", "tcp", "network type to listen on")
flag.StringVar(&origin, "origin", "", "node manager application repository")
flag.Parse()
if origin == "" {
@@ -27,15 +32,14 @@
}
defer server.Stop()
envelope := &application.Envelope{}
- dispatcher := impl.NewDispatcher(envelope, origin)
+ dispatcher := impl.NewDispatcher(envelope, origin, vflag.NewAuthorizerOrDie())
suffix := ""
if err := server.Register(suffix, dispatcher); err != nil {
vlog.Fatalf("Register(%v, %v) failed: %v", suffix, dispatcher, err)
}
- protocol, hostname := "tcp", "localhost:0"
- endpoint, err := server.Listen(protocol, hostname)
+ endpoint, err := server.Listen(protocol, address)
if err != nil {
- vlog.Fatalf("Listen(%v, %v) failed: %v", protocol, hostname, err)
+ vlog.Fatalf("Listen(%v, %v) failed: %v", protocol, address, err)
}
vlog.VI(0).Infof("Listening on %v", endpoint)
if len(name) > 0 {
