services/security/role: Add role server
This change adds the new role server and adds an option to vrun to run
commands using role blessings.
Each role has its own configuration file. The config file specifies a
list of members, i.e. who's allowed to use the role, in the form of a
set of blessing patterns. It also specifies 3 attributes that affect how
the role blessings are created:
- Audit (bool): indicates that blessings will have a third-party
caveat that will allow auditting of all uses.
- Expiry (time.Duration string): the blessings will have an expiry
caveat with expiry = now + value. An empty value removes the caveat.
- Extend (bool): indicates that the blessing names will be extended
with the full blessing name of the caller.
The blessing names that the role server returns look like:
<server's blessing name> / <role> [ / <caller's blessing name> ]
There are two main use-cases for roles:
- To use with access control, similar to a group membership. In this
case, the service will use "root/roleserver/role" as blessing
pattern, and the role config will have Extend=true.
- To claim/bless a device or an application. Here, we need
Extend=false, and no expiry (or a long one).
Note: The auditting / third-party caveat part is incomplete and will
require some changes in the security API to implement properly.
Change-Id: I1bc792c8c2e9e7522d8847580e7639a7f60f9f39
16 files changed
