veyron/runtimes/google/rt: Use the new security model by default.
After this change, all servers and clients will use the new security
model. Client binaries compiled before this change will be able
to communicate with server binaries compiled after this change
using the old security model.
The reverse will not be true - client binaries compiled after
this change will use only the new security model to communicate
with server binaries compiled on either side of this change.
Change-Id: Iaf47ba19f5f1bec14fc67ae4865ed1f7b8310899
diff --git a/lib/signals/signals_test.go b/lib/signals/signals_test.go
index bddef80..636bbdb 100644
--- a/lib/signals/signals_test.go
+++ b/lib/signals/signals_test.go
@@ -15,7 +15,6 @@
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/mgmt"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/services/mgmt/appcycle"
@@ -326,7 +325,7 @@
// TestCleanRemoteShutdown verifies that remote shutdown works correctly.
func TestCleanRemoteShutdown(t *testing.T) {
- r := rt.Init(options.ForceNewSecurityModel{})
+ r := rt.Init()
defer r.Cleanup()
sh := modules.NewShell()
diff --git a/runtimes/google/ipc/stream/vif/vif.go b/runtimes/google/ipc/stream/vif/vif.go
index c30a543..4e444f4 100644
--- a/runtimes/google/ipc/stream/vif/vif.go
+++ b/runtimes/google/ipc/stream/vif/vif.go
@@ -177,22 +177,10 @@
return vif, nil
}
-func adjustIPCVersionForOldSecurityModel(in naming.Endpoint, opts []stream.VCOpt) naming.Endpoint {
- out := in
- for _, o := range opts {
- if r, ok := o.(*version.Range); ok {
- out = r.Endpoint(out.Addr().Network(), out.Addr().String(), out.RoutingID())
- vlog.Infof("Adjusted Dialer endpoint from %v to %v for OpenVC message because the old security model is being used", in, out)
- }
- }
- return out
-}
-
// Dial creates a new VC to the provided remote identity, authenticating the VC
// with the provided local identity.
func (vif *VIF) Dial(remoteEP naming.Endpoint, opts ...stream.VCOpt) (stream.VC, error) {
- localEP := adjustIPCVersionForOldSecurityModel(vif.localEP, opts)
- vc, err := vif.newVC(vif.allocVCI(), localEP, remoteEP, true)
+ vc, err := vif.newVC(vif.allocVCI(), vif.localEP, remoteEP, true)
if err != nil {
return nil, err
}
@@ -201,7 +189,7 @@
err = vif.sendOnExpressQ(&message.OpenVC{
VCI: vc.VCI(),
DstEndpoint: remoteEP,
- SrcEndpoint: localEP,
+ SrcEndpoint: vif.localEP,
Counters: counters})
if err != nil {
err = fmt.Errorf("vif.sendOnExpressQ(OpenVC) failed: %v", err)
diff --git a/runtimes/google/ipc/version/version.go b/runtimes/google/ipc/version/version.go
index 33d251f..131e40a 100644
--- a/runtimes/google/ipc/version/version.go
+++ b/runtimes/google/ipc/version/version.go
@@ -14,10 +14,6 @@
Min, Max version.IPCVersion
}
-// TODO(ashankar): Remove when the transition to the new security API is complete.
-func (*Range) IPCClientOpt() {}
-func (*Range) IPCStreamVCOpt() {}
-
var (
// supportedRange represents the range of protocol verions supported by this
// implementation.
diff --git a/runtimes/google/rt/ipc.go b/runtimes/google/rt/ipc.go
index 7b3251c..53ab84f 100644
--- a/runtimes/google/rt/ipc.go
+++ b/runtimes/google/rt/ipc.go
@@ -7,14 +7,12 @@
iipc "veyron.io/veyron/veyron/runtimes/google/ipc"
imanager "veyron.io/veyron/veyron/runtimes/google/ipc/stream/manager"
"veyron.io/veyron/veyron/runtimes/google/ipc/stream/vc"
- iversion "veyron.io/veyron/veyron/runtimes/google/ipc/version"
ivtrace "veyron.io/veyron/veyron/runtimes/google/vtrace"
"veyron.io/veyron/veyron2/context"
"veyron.io/veyron/veyron2/i18n"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/ipc/stream"
- "veyron.io/veyron/veyron2/ipc/version"
"veyron.io/veyron/veyron2/naming"
"veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/security"
@@ -105,9 +103,6 @@
}
// Add the option that provides the local identity to the client.
otherOpts = append(otherOpts, rt.newLocalID(id), vc.LocalPrincipal{rt.principal})
- if !rt.useNewSecurityModelInIPCClients {
- otherOpts = append(otherOpts, &iversion.Range{Min: version.IPCVersion2, Max: version.IPCVersion3})
- }
return iipc.InternalNewClient(sm, ns, otherOpts...)
}
diff --git a/runtimes/google/rt/ipc_test.go b/runtimes/google/rt/ipc_test.go
index 01cbd00..4c6cc6c 100644
--- a/runtimes/google/rt/ipc_test.go
+++ b/runtimes/google/rt/ipc_test.go
@@ -7,7 +7,6 @@
"veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/security"
@@ -25,7 +24,7 @@
}
func newRT() veyron2.Runtime {
- r, err := rt.New(options.ForceNewSecurityModel{})
+ r, err := rt.New()
if err != nil {
panic(err)
}
diff --git a/runtimes/google/rt/mgmt_test.go b/runtimes/google/rt/mgmt_test.go
index 6cc07b5..4b3b757 100644
--- a/runtimes/google/rt/mgmt_test.go
+++ b/runtimes/google/rt/mgmt_test.go
@@ -284,7 +284,7 @@
// refer to the global rt.R() function), but we take care to make sure
// that the "google" runtime we are trying to test in this package is
// the one being used.
- r, _ := rt.New(profileOpt, options.GoogleRuntime, options.ForceNewSecurityModel{})
+ r, _ := rt.New(profileOpt, options.GoogleRuntime)
childcreds := security.NewVeyronCredentials(r.Principal(), appCmd)
configServer, configServiceName, ch := createConfigServer(t, r)
diff --git a/runtimes/google/rt/rt.go b/runtimes/google/rt/rt.go
index 7c8c85a..d106b7f 100644
--- a/runtimes/google/rt/rt.go
+++ b/runtimes/google/rt/rt.go
@@ -43,10 +43,6 @@
nServers int // GUARDED_BY(mu)
cleaningUp bool // GUARDED_BY(mu)
- // TODO(ashankar,ataly): Variables to help with the transition between the
- // old and new security model. Will be removed once the transition is complete.
- useNewSecurityModelInIPCClients bool
-
lang i18n.LangID // Language, from environment variables.
program string // Program name, from os.Args[0].
}
@@ -77,7 +73,7 @@
return nil, fmt.Errorf("%q is the wrong name for this runtime", v)
}
case options.ForceNewSecurityModel:
- rt.useNewSecurityModelInIPCClients = true
+ // noop
default:
return nil, fmt.Errorf("option has wrong type %T", o)
}
diff --git a/runtimes/google/rt/sectransition/sectransition.go b/runtimes/google/rt/sectransition/sectransition.go
deleted file mode 100644
index 54c0677..0000000
--- a/runtimes/google/rt/sectransition/sectransition.go
+++ /dev/null
@@ -1,73 +0,0 @@
-// This package provides a shell test during the security model transition.
-package main
-
-import (
- "flag"
- "fmt"
- "time"
-
- "veyron.io/veyron/veyron/lib/signals"
- "veyron.io/veyron/veyron/profiles"
-
- "veyron.io/veyron/veyron2/ipc"
- "veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/rt"
- "veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/vlog"
-)
-
-var runServer = flag.Bool("server", false, "If true, start a server. If false, start a client")
-
-type service struct{}
-
-func (service) Ping(call ipc.ServerCall) (string, error) {
- return fmt.Sprintf("ClientBlessings: %v\nClientPublicID: %v", call.RemoteBlessings(), call.RemoteID()), nil
-}
-
-type authorizer struct{}
-
-func (authorizer) Authorize(security.Context) error { return nil }
-
-func main() {
- r := rt.Init()
- defer r.Cleanup()
-
- if *runServer {
- startServer(r.NewServer())
- } else if len(flag.Args()) != 1 {
- vlog.Fatalf("Expected exactly 1 argument, got %d (%v)", len(flag.Args()), flag.Args())
- } else {
- ctx, _ := r.NewContext().WithDeadline(time.Now().Add(10 * time.Second))
- startClient(r.Client().StartCall(ctx, flag.Arg(0), "Ping", nil))
- }
-}
-
-func startServer(server ipc.Server, err error) {
- if err != nil {
- vlog.Fatal(err)
- }
- defer server.Stop()
-
- ep, err := server.Listen(profiles.LocalListenSpec)
- if err != nil {
- vlog.Fatal(err)
- }
- fmt.Println("SERVER:", naming.JoinAddressName(ep.String(), ""))
- server.Serve("", ipc.LeafDispatcher(service{}, authorizer{}))
- <-signals.ShutdownOnSignals()
-}
-
-func startClient(call ipc.Call, err error) {
- if err != nil {
- vlog.Fatal(err)
- }
- var result string
- var apperr error
- if err = call.Finish(&result, &apperr); err != nil {
- vlog.Fatalf("ipc.Call.Finish error: %v", err)
- }
- if apperr != nil {
- vlog.Fatalf("Application error: %v", apperr)
- }
- fmt.Println(result)
-}
diff --git a/runtimes/google/rt/sectransition/test.sh b/runtimes/google/rt/sectransition/test.sh
deleted file mode 100755
index 242da08..0000000
--- a/runtimes/google/rt/sectransition/test.sh
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/bin/bash
-
-# Test compatibility of clients and servers using a combination of the old
-# and new security models (triggered by environment variables).
-
-. "${VEYRON_ROOT}/scripts/lib/shell_test.sh"
-
-readonly WORKDIR="${shell_test_WORK_DIR}"
-
-build() {
- SECTRANSITION_BIN="$(shell_test::build_go_binary 'veyron.io/veyron/veyron/runtimes/google/rt/sectransition')"
- IDENTITY_BIN="$(shell_test::build_go_binary 'veyron.io/veyron/veyron/tools/identity')"
-}
-
-startserver() {
- # The server has access to both the old and new security model.
- export VEYRON_IDENTITY="${WORKDIR}/old"
- export VEYRON_CREDENTIALS="${WORKDIR}/new"
- shell::run_server "${shell_test_DEFAULT_SERVER_TIMEOUT}" "${SERVERLOG}" /dev/null \
- "${SECTRANSITION_BIN}" --server --logtostderr &> /dev/null \
- || shell_test::fail "line ${LINENO}: failed to start sectransaction"
- shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" "${SERVERLOG}" "SERVER" \
- || shell_test::fail "line ${LINENO}: failed to read expected output from log file"
- local -r EP=$(grep "SERVER: " "${SERVERLOG}" | sed -e 's/SERVER: //') \
- || shell_test::fail "line ${LINENO}: failed to identify the endpoint"
- echo "${EP}"
-}
-
-runclient() {
- "${SECTRANSITION_BIN}" "${EP}" &>"${CLIENTLOG}"
-}
-
-oldmodel() {
- awk '/ClientPublicID:/ {print $2}' "${CLIENTLOG}"
-}
-
-newmodel() {
- awk '/ClientBlessings:/ {print $2}' "${CLIENTLOG}"
-}
-
-main() {
- cd "${WORKDIR}"
- build
-
- # Generate an identity (old security model) that may be used by the client.
- local -r OLD="${WORKDIR}/old"
- "${IDENTITY_BIN}" generate "old" > "${OLD}"
-
- local -r SERVERLOG="${WORKDIR}/server.log"
- local -r CLIENTLOG="${WORKDIR}/client.log"
- local -r EP=$(startserver)
-
- # No environment variables set: PublicIDs from the old model should be exchanged.
- unset VEYRON_IDENTITY
- unset VEYRON_CREDENTIALS
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo " No environment variables: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID not set when neither environment variable is set"
- fi
- if [[ $(newmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should not be set when neither environment variable is set (was $(newmodel))"
- fi
-
-
- # Old model envvar is set: not the new one: PublicIDs from the old model should be exchanged.
- export VEYRON_IDENTITY="${WORKDIR}/old"
- unset VEYRON_CREDENTIALS
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo " VEYRON_IDENTITY: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID not set when only VEYRON_IDENTITY is set"
- fi
- if [[ $(newmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should not be set when only VEYRON_IDENTITY is set (was $(newmodel))"
- fi
-
- # New model envvar is set: Blessings should be exchanged.
- unset VEYRON_IDENTITY
- export VEYRON_CREDENTIALS="${WORKDIR}/new"
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo " VEYRON_CREDENTIALS: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID should not be exchanged when VEYRON_CREDENTIALS is set (was $(oldmodel))"
- fi
- if [[ $(newmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should be exchanged when VEYRON_CREDENTIALS is set (was $(newmodel))"
- fi
-
- # Both environment variables are set: Blessings should be exchanged.
- export VEYRON_IDENTITY="${WORKDIR}/old"
- export VEYRON_CREDENTIALS="${WORKDIR}/new"
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo "VEYRON_IDENTITY & VEYRON_CREDENTIALS: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID should not be exchanged when VEYRON_CREDENTIALS is set (was $(oldmodel))"
- fi
- if [[ $(newmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should be exchanged when VEYRON_CREDENTIALS is set (was $(newmodel))"
- fi
-
- shell_test::pass
-}
-
-main "$@"
\ No newline at end of file
diff --git a/runtimes/google/rt/security.go b/runtimes/google/rt/security.go
index 9295625..0863c04a 100644
--- a/runtimes/google/rt/security.go
+++ b/runtimes/google/rt/security.go
@@ -36,9 +36,6 @@
}
func (rt *vrt) initSecurity() error {
- // Use the new security model in ipc.Client only if it was expicitly specified.
- // At a later date, we will switch to using the new model always.
- rt.useNewSecurityModelInIPCClients = rt.useNewSecurityModelInIPCClients || len(os.Getenv(VeyronCredentialsEnvVar)) > 0
if err := rt.initOldSecurity(); err != nil {
return err
}
@@ -86,16 +83,9 @@
if err := rt.initPublicIDStore(); err != nil {
return err
}
- // Initialize the runtime's PublicIDStore with the runtime's PublicID.
- // TODO(ashankar,ataly): What should be the tag for the PublicID? Below we use
- // security.AllPrincipals but this means that the PublicID *always* gets used
- // for any peer. This may not be desirable.
if err := rt.store.Add(rt.id.PublicID(), security.AllPrincipals); err != nil {
return fmt.Errorf("could not initialize a PublicIDStore for the runtime: %s", err)
}
-
- // Always trust our own identity providers.
- // TODO(ataly, ashankar): We should trust the identity providers of all PublicIDs in the store.
trustIdentityProviders(rt.id)
return nil
}
diff --git a/services/identity/revocation/revoker_test.go b/services/identity/revocation/revoker_test.go
index 1cb86fa..ad4ad7e 100644
--- a/services/identity/revocation/revoker_test.go
+++ b/services/identity/revocation/revoker_test.go
@@ -8,7 +8,6 @@
"veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/security"
@@ -19,7 +18,7 @@
func revokerSetup(t *testing.T) (dischargerKey security.PublicKey, dischargerEndpoint string, revoker *RevocationManager, closeFunc func(), runtime veyron2.Runtime) {
var dir = filepath.Join(os.TempDir(), "revoker_test_dir")
- r := rt.Init(options.ForceNewSecurityModel{})
+ r := rt.Init()
revokerService, err := NewRevocationManager(dir)
if err != nil {
t.Fatalf("NewRevocationManager failed: %v", err)
diff --git a/services/mgmt/node/impl/impl_test.go b/services/mgmt/node/impl/impl_test.go
index e520c98..e71690e 100644
--- a/services/mgmt/node/impl/impl_test.go
+++ b/services/mgmt/node/impl/impl_test.go
@@ -29,7 +29,6 @@
"veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/security"
"veyron.io/veyron/veyron2/services/mgmt/application"
@@ -71,13 +70,11 @@
}
func initRT() {
- rt.Init(options.ForceNewSecurityModel{})
-
+ rt.Init()
// Disable the cache because we will be manipulating/using the namespace
// across multiple processes and want predictable behaviour without
// relying on timeouts.
rt.R().Namespace().CacheCtl(naming.DisableCache(true))
-
}
// TestHelperProcess is the entrypoint for the modules commands in a
@@ -734,7 +731,7 @@
}
func newRuntime(t *testing.T) veyron2.Runtime {
- runtime, err := rt.New(options.ForceNewSecurityModel{})
+ runtime, err := rt.New()
if err != nil {
t.Fatalf("rt.New() failed: %v", err)
}
diff --git a/services/mounttable/lib/mounttable_test.go b/services/mounttable/lib/mounttable_test.go
index 9989fd5..73a6af0 100644
--- a/services/mounttable/lib/mounttable_test.go
+++ b/services/mounttable/lib/mounttable_test.go
@@ -453,12 +453,12 @@
func init() {
testutil.Init()
// Create the runtime for each of the three "processes"
- rootRT = rt.Init(options.ForceNewSecurityModel{})
+ rootRT = rt.Init()
var err error
- if aliceRT, err = rt.New(options.ForceNewSecurityModel{}); err != nil {
+ if aliceRT, err = rt.New(); err != nil {
panic(err)
}
- if bobRT, err = rt.New(options.ForceNewSecurityModel{}); err != nil {
+ if bobRT, err = rt.New(); err != nil {
panic(err)
}
