Google Git
Sign in
vanadium / release.go.x.ref / 83cd612cf34d9b445ed7a68201c3c07046aff9cc^! / . / services / security / discharger.vdl.go
commit83cd612cf34d9b445ed7a68201c3c07046aff9cc[log] [tgz]
authorRobin Thellend <rthellend@google.com>Mon Mar 30 10:09:13 2015 -0700
committerRobin Thellend <rthellend@google.com>Mon Mar 30 10:09:15 2015 -0700
tree13f54b69948e3504e724229d879eecfd2b58bb6c
parenta471dc74cc4c74bba57f3c4c03bf2a1041e213be [diff] [blame]
services/security/role: Add role server

This change adds the new role server and adds an option to vrun to run
commands using role blessings.

Each role has its own configuration file. The config file specifies a
list of members, i.e. who's allowed to use the role, in the form of a
set of blessing patterns. It also specifies 3 attributes that affect how
the role blessings are created:
  - Audit (bool): indicates that blessings will have a third-party
    caveat that will allow auditting of all uses.
  - Expiry (time.Duration string): the blessings will have an expiry
    caveat with expiry = now + value. An empty value removes the caveat.
  - Extend (bool): indicates that the blessing names will be extended
    with the full blessing name of the caller.

The blessing names that the role server returns look like:
  <server's blessing name> / <role> [ / <caller's blessing name> ]

There are two main use-cases for roles:
  - To use with access control, similar to a group membership. In this
    case, the service will use "root/roleserver/role" as blessing
    pattern, and the role config will have Extend=true.
  - To claim/bless a device or an application. Here, we need
    Extend=false, and no expiry (or a long one).

Note: The auditting / third-party caveat part is incomplete and will
require some changes in the security API to implement properly.

Change-Id: I1bc792c8c2e9e7522d8847580e7639a7f60f9f39

diff --git a/services/security/discharger.vdl.go b/services/security/discharger.vdl.go
index 825acae..5645357 100644
--- a/services/security/discharger.vdl.go
+++ b/services/security/discharger.vdl.go

@@ -11,12 +11,28 @@
 	// VDL system imports
 	"v.io/v23"
 	"v.io/v23/context"
+	"v.io/v23/i18n"
 	"v.io/v23/rpc"
+	"v.io/v23/verror"
 
 	// VDL user imports
 	"v.io/v23/security"
 )
 
+var (
+	// Indicates that the Caveat does not require a discharge
+	ErrNotAThirdPartyCaveat = verror.Register("v.io/x/ref/services/security.NotAThirdPartyCaveat", verror.NoRetry, "{1:}{2:} discharges are not required for non-third-party caveats (id: {c.id})")
+)
+
+func init() {
+	i18n.Cat().SetWithBase(i18n.LangID("en"), i18n.MsgID(ErrNotAThirdPartyCaveat.ID), "{1:}{2:} discharges are not required for non-third-party caveats (id: {c.id})")
+}
+
+// NewErrNotAThirdPartyCaveat returns an error with the ErrNotAThirdPartyCaveat ID.
+func NewErrNotAThirdPartyCaveat(ctx *context.T, c security.Caveat) error {
+	return verror.New(ErrNotAThirdPartyCaveat, ctx, c)
+}
+
 // DischargerClientMethods is the client interface
 // containing Discharger methods.
 //