"veyron2/security": Move Authorizer implementation
This CL moves the ACL based Authorizer implementations to
"veyron2/security". As a result examples and services dont
have to include "veyron/runtime/..."
Change-Id: I5554d0d478ab03e36e3d64f059021c068ba2562e
diff --git a/examples/fortune/fortune/main.go b/examples/fortune/fortune/main.go
index 05021bf..f1b2805 100644
--- a/examples/fortune/fortune/main.go
+++ b/examples/fortune/fortune/main.go
@@ -14,8 +14,8 @@
)
var (
- address = flag.String("address", "", "the address/endpoint of the fortune server")
- newFortune = flag.String("new_fortune", "", "an optional, new fortune to add to the server's set")
+ address = flag.String("address", "", "the address/endpoint of the fortune server")
+ newFortune = flag.String("new_fortune", "", "an optional, new fortune to add to the server's set")
serverPattern = flag.String("server_pattern", "*", "server_pattern is an optional pattern for the expected identity of the server. It is provided as an option to all RPCs made by the client. The server's identity must match this pattern otherwise the client would abort the call (see veyron2/security.PublicID.Match). For e.g., the pattern \"veyron/fooService\" only matches servers that either have the identity \"veyron/fooService\" or the identity \"veyron\". On the other hand the pattern \"veyron/*\" matches all servers whose identities have the root name \"veyron\". If the flag is absent then the default pattern \"*\" matches all identities.")
)
diff --git a/examples/fortune/fortuned/main.go b/examples/fortune/fortuned/main.go
index a629251..1e3d338 100644
--- a/examples/fortune/fortuned/main.go
+++ b/examples/fortune/fortuned/main.go
@@ -14,8 +14,6 @@
"veyron2/security"
"veyron/examples/fortune"
-
- isecurity "veyron/runtimes/google/security"
)
var acl = flag.String("acl", "", "acl is an optional JSON-encoded security.ACL. The ACL is used to construct an authorizer for the fortune server. The behavior of the authorizer can be changed at runtime by simply changing the ACL stored in the file. If the flag is absent then a nil authorizer is constructed which results in default authorization for the server. Default authorization (provided by the Veyron framework) only permits clients that have either blessed the server or have been blessed by the server.")
@@ -62,7 +60,7 @@
// no ACL is provided then a nil Authorizer is used.
var authorizer security.Authorizer
if len(*acl) != 0 {
- authorizer = isecurity.NewFileACLAuthorizer(*acl)
+ authorizer = security.NewFileACLAuthorizer(*acl)
}
// Create the fortune server stub.
diff --git a/examples/tunnel/tunneld/main.go b/examples/tunnel/tunneld/main.go
index 44aaf0e..456d6a7 100644
--- a/examples/tunnel/tunneld/main.go
+++ b/examples/tunnel/tunneld/main.go
@@ -11,7 +11,6 @@
"veyron/examples/tunnel"
"veyron/examples/tunnel/tunneld/impl"
"veyron/lib/signals"
- isecurity "veyron/runtimes/google/security"
"veyron2/ipc"
"veyron2/rt"
"veyron2/security"
@@ -48,7 +47,7 @@
for _, p := range principals {
ACL[security.PrincipalPattern(p)] = security.LabelSet(security.AdminLabel)
}
- return isecurity.NewACLAuthorizer(ACL)
+ return security.NewACLAuthorizer(ACL)
}
func main() {
diff --git a/runtimes/google/ipc/full_test.go b/runtimes/google/ipc/full_test.go
index 42f0a90..7b6ac46 100644
--- a/runtimes/google/ipc/full_test.go
+++ b/runtimes/google/ipc/full_test.go
@@ -109,7 +109,7 @@
"server/*": security.LabelSet(security.AdminLabel),
"client": security.LabelSet(security.AdminLabel),
}
- return ipc.ReflectInvoker(t.server), isecurity.NewACLAuthorizer(acl), nil
+ return ipc.ReflectInvoker(t.server), security.NewACLAuthorizer(acl), nil
}
return ipc.ReflectInvoker(t.server), testServerAuthorizer{}, nil
}
@@ -429,7 +429,6 @@
const (
expiredIDErr = "forbids credential from being used at this time"
- nilAuthErr = "no matching principal pattern found"
aclAuthErr = "no matching ACL entry found"
)
invalidMethodErr := func(method string) string {
@@ -453,8 +452,8 @@
{blessedByServerOnlyEcho, "mountpoint/server/suffix", "Closure", nil, nil, invalidMethodErr("Closure")},
// Only clients with a trusted name that matches either the server's identity or an identity blessed
// by the server are authorized by the (default) nilAuth authorizer.
- {clientID, "mountpoint/server/nilAuth", "Echo", v{"foo"}, v{""}, nilAuthErr},
- {blessedByClient, "mountpoint/server/nilAuth", "Echo", v{"foo"}, v{""}, nilAuthErr},
+ {clientID, "mountpoint/server/nilAuth", "Echo", v{"foo"}, v{""}, aclAuthErr},
+ {blessedByClient, "mountpoint/server/nilAuth", "Echo", v{"foo"}, v{""}, aclAuthErr},
{serverID, "mountpoint/server/nilAuth", "Echo", v{"foo"}, v{`method:"Echo",suffix:"nilAuth",arg:"foo"`}, ""},
{serverID, "mountpoint/server/nilAuth", "Closure", nil, nil, ""},
{blessedByServerOnlyEcho, "mountpoint/server/nilAuth", "Echo", v{"foo"}, v{`method:"Echo",suffix:"nilAuth",arg:"foo"`}, ""},
diff --git a/runtimes/google/ipc/server.go b/runtimes/google/ipc/server.go
index ee097c3..ca493b4 100644
--- a/runtimes/google/ipc/server.go
+++ b/runtimes/google/ipc/server.go
@@ -9,6 +9,7 @@
inaming "veyron/runtimes/google/naming"
isecurity "veyron/runtimes/google/security"
+ "veyron/runtimes/google/security/wire"
"veyron2/ipc"
"veyron2/ipc/stream"
@@ -267,6 +268,19 @@
return v
}
+func defaultACL(id security.PublicID) security.ACL {
+ if id == nil {
+ return nil
+ }
+ acl := make(security.ACL)
+ for _, n := range id.Names() {
+ if !strings.HasPrefix(n, wire.UntrustedIDProviderPrefix) {
+ acl[security.PrincipalPattern(n+wire.ChainSeparator+security.AllPrincipals)] = security.AllLabels
+ }
+ }
+ return acl
+}
+
func (fs *flowServer) serve() error {
defer fs.flow.Close()
results, err := fs.processRequest()
@@ -399,10 +413,9 @@
}
// Since the provided authorizer is nil we create a default IDAuthorizer
// for the local identity of the flow. This authorizer only authorizes
- // remote identities whose name matches a trusted name of either the local
- // identity (i.e., server's identity) or an identity blessed by the local
- // identity. (See isecurity.NewIDAuthorizer)
- return isecurity.NewIDAuthorizer(fs.flow.LocalID()).Authorize(fs)
+ // remote identities that have either been blessed by the local identity
+ // or have blessed the local identity. (See security.NewACLAuthorizer)
+ return security.NewACLAuthorizer(defaultACL(fs.flow.LocalID())).Authorize(fs)
}
// setDeadline sets a deadline on the flow. The flow will be cancelled if it
diff --git a/runtimes/google/security/authorizer.go b/runtimes/google/security/authorizer.go
deleted file mode 100644
index 11e89d2..0000000
--- a/runtimes/google/security/authorizer.go
+++ /dev/null
@@ -1,190 +0,0 @@
-package security
-
-// This file provides an implementation of security.Authorizer.
-//
-// Definitions
-//
-// Trusted name: A trusted name is a name associated with a PublicID
-// that does not begin with the wire.UntrustedIDProviderPrefix
-// (see veyron/runtimes/google/security/wire.go).
-//
-// Self-RPC: An RPC request is said to be a "self-RPC" if the identities
-// at the local and remote ends have a common trusted name.
-// Ex: a client with name "veyron/alice" RPCing to a service with names
-// "veyron/alice" and "google/alice".
-
-import (
- "encoding/json"
- "errors"
- "io"
- "os"
- "strings"
-
- "veyron/runtimes/google/security/wire"
-
- "veyron2/security"
-)
-
-var (
- errACL = errors.New("no matching ACL entry found")
- errIDAuthorizer = errors.New("no matching principal pattern found")
- errInvalidLabel = errors.New("label is invalid")
- errNilID = errors.New("identity being matched is nil")
- errNilACL = errors.New("ACL is nil")
-)
-
-// aclAuthorizer implements security.Authorizer.
-type aclAuthorizer security.ACL
-
-// Authorize verifies a request iff the identity at the remote end has a name authorized by the
-// aclAuthorizer's ACL for the request's label, or the request corresponds to a self-RPC.
-func (a aclAuthorizer) Authorize(ctx security.Context) error {
- if isSelfRPC(ctx) {
- return nil
- }
- return matchesACL(ctx.RemoteID(), ctx.Label(), security.ACL(a))
-}
-
-// NewACLAuthorizer creates an authorizer from the provided security.ACL. The
-// authorizer authorizes a request iff the identity at the remote end has a name
-// authorized by the provided ACL for the request's label, or the request
-// corresponds to a self-RPC.
-//
-// Remark: During the life cycle of a request, an Authorizer is typically invoked
-// right after validating all caveats on the remote identity and checking the
-// trust-level of its identity provider. If the identity provider's trust-level is
-// "Unknown" then the name of the identity is prepended with "untrusted/" (see the
-// implementation of PublicID.Names). In light of this, it is recommended that the
-// root names of all PrincipalPatterns, except "*", on the provided ACL are
-// trusted for at least some public-key. This is because if this is not the case
-// then the ACL would have superfluous patterns that cannot be matched by any
-// identity.
-func NewACLAuthorizer(acl security.ACL) security.Authorizer { return aclAuthorizer(acl) }
-
-// fileACLAuthorizer implements security.Authorizer.
-type fileACLAuthorizer string
-
-// Authorize reads and decodes the fileACLAuthorizer's ACL file into a security.ACL
-// and then verifies the request according to an aclAuthorizer based on the ACL. If
-// reading or decoding the file fails then no requests are authorized.
-func (a fileACLAuthorizer) Authorize(ctx security.Context) error {
- acl, err := loadACLFromFile(string(a))
- if err != nil {
- return err
- }
- return aclAuthorizer(acl).Authorize(ctx)
-}
-
-// NewFileACLAuthorizer creates an authorizer from the provided path to a file containing
-// a JSON-encoded security.ACL. Each call to "Authorize" involves reading and decoding a
-// security.ACL from the file and then authorizing the request according to the ACL. The
-// authorizer monitors the file so out of band changes to the contents of the file are
-// reflected in the ACL. If reading or decoding the file fails then no requests are authorized.
-//
-// The JSON-encoding of a security.ACL is essentially a JSON object describing a map from
-// security.PrincipalPatterns to encoded security.LabelSets (see security.LabelSet.MarshalJSON).
-// Examples:
-// * `{"*" : "RW"}` encodes an ACL that allows all principals to access all methods with
-// security.ReadLabel or security.WriteLabel.
-// * `{"veyron/alice": "RW", "veyron/bob/*": "R"} encodes an ACL that allows all principals
-// matching "veyron/alice" to access methods with security.ReadLabel or security.WriteLabel,
-// and all principals matching "veyron/bob/*" to access methods with security.ReadLabel.
-// (Also see security.PublicID.Match.)
-//
-// TODO(ataly, ashankar): Instead of reading the file on each call we should use the "inotify"
-// mechanism to watch the file. Eventually we should also support ACLs stored in the Veyron store.
-func NewFileACLAuthorizer(filePath string) security.Authorizer { return fileACLAuthorizer(filePath) }
-
-// idAuthorizer implements security.Authorizer.
-type idAuthorizer []security.PrincipalPattern
-
-// Authorize verifies a request if the identity at the remote end matches one of the patterns
-// specified within the idAuthorizer, or the request corresponds to a self-RPC.
-func (a idAuthorizer) Authorize(ctx security.Context) error {
- if ctx.RemoteID() == nil {
- return errNilID
- }
- if isSelfRPC(ctx) {
- return nil
- }
- for _, p := range a {
- if ctx.RemoteID().Match(p) {
- return nil
- }
- }
- return errIDAuthorizer
-}
-
-// NewIDAuthorizer creates an authorizer from the provided security.PublicID. The resulting
-// authorizer authorizes a request iff one of the following hold: (1) the identity at the
-// remote end has a name matching one of the trusted names of either the provided identity
-// or an identity blessed by the provided identity, OR (2) the request corresponds to a
-// self-RPC.
-func NewIDAuthorizer(id security.PublicID) security.Authorizer {
- if id == nil {
- return idAuthorizer(nil)
- }
- patterns := make([]security.PrincipalPattern, len(id.Names()))
- for i, n := range id.Names() {
- if !strings.HasPrefix(n, wire.UntrustedIDProviderPrefix) {
- patterns[i] = security.PrincipalPattern(n + "/*")
- }
- }
- return idAuthorizer(patterns)
-}
-
-func matchesACL(id security.PublicID, label security.Label, acl security.ACL) error {
- if id == nil {
- return errNilID
- }
- if acl == nil {
- return errNilACL
- }
- for key, labels := range acl {
- if labels.HasLabel(label) && id.Match(key) {
- return nil
- }
- }
- return errACL
-}
-
-// isSelfRPC returns true if the request described by the provided context corresponds
-// to a self-RPC.
-func isSelfRPC(ctx security.Context) bool {
- if ctx.RemoteID() == nil || ctx.LocalID() == nil {
- return false
- }
- remoteNames := map[string]bool{}
- for _, n := range ctx.RemoteID().Names() {
- if !strings.HasPrefix(n, wire.UntrustedIDProviderPrefix) {
- remoteNames[n] = true
- }
- }
- for _, n := range ctx.LocalID().Names() {
- if remoteNames[n] {
- return true
- }
- }
- return false
-}
-
-func loadACLFromFile(filePath string) (security.ACL, error) {
- f, err := os.Open(filePath)
- if err != nil {
- return nil, err
- }
- defer f.Close()
- return loadACL(f)
-}
-
-func loadACL(r io.Reader) (security.ACL, error) {
- var acl security.ACL
- if err := json.NewDecoder(r).Decode(&acl); err != nil {
- return nil, err
- }
- return acl, nil
-}
-
-func saveACL(w io.Writer, acl security.ACL) error {
- return json.NewEncoder(w).Encode(acl)
-}
diff --git a/runtimes/google/security/authorizer_test.go b/runtimes/google/security/authorizer_test.go
deleted file mode 100644
index 06c81fe..0000000
--- a/runtimes/google/security/authorizer_test.go
+++ /dev/null
@@ -1,335 +0,0 @@
-package security
-
-import (
- "io/ioutil"
- "os"
- "runtime"
- "testing"
-
- "veyron2/security"
-)
-
-type authMap map[security.PublicID]security.LabelSet
-
-func saveACLToTempFile(acl security.ACL) string {
- f, err := ioutil.TempFile("", "saved_acl")
- if err != nil {
- panic(err)
- }
- defer f.Close()
- if err := saveACL(f, acl); err != nil {
- defer os.Remove(f.Name())
- panic(err)
- }
- return f.Name()
-}
-
-func updateACLInFile(fileName string, acl security.ACL) {
- f, err := os.OpenFile(fileName, os.O_WRONLY, 0600)
- if err != nil {
- panic(err)
- }
- defer f.Close()
- if err := saveACL(f, acl); err != nil {
- panic(err)
- }
-}
-
-func testSelfRPCs(t *testing.T, authorizer security.Authorizer) {
- _, file, line, _ := runtime.Caller(1)
- var (
- cAlice = newChain("alice")
- cVeyronAlice = bless(cAlice.PublicID(), veyronChain, "alice", nil)
- tAlice = newTree("alice")
- tVeyronAlice = bless(tAlice.PublicID(), veyronTree, "alice", nil)
- tBlessedAlice = bless(tVeyronAlice, googleTree, "alice", nil)
- )
- testData := []struct {
- localID, remoteID security.PublicID
- isAuthorized bool
- }{
- {cAlice.PublicID(), cAlice.PublicID(), false},
- {cVeyronAlice, cVeyronAlice, true},
- {tVeyronAlice, tBlessedAlice, true},
- }
- for _, d := range testData {
- ctx := NewContext(ContextArgs{LocalID: d.localID, RemoteID: d.remoteID})
- if got, want := authorizer.Authorize(ctx), d.isAuthorized; (got == nil) != want {
- t.Errorf("%s:%d: %+v.Authorize(%v) returned error: %v, want nil: %v", file, line, authorizer, ctx, got, want)
- }
- }
-}
-
-func testAuthorizations(t *testing.T, authorizer security.Authorizer, authorizations authMap) {
- _, file, line, _ := runtime.Caller(1)
- for user, labels := range authorizations {
- for _, l := range security.ValidLabels {
- ctx := NewContext(ContextArgs{RemoteID: user, Label: l})
- if got, want := authorizer.Authorize(ctx), labels.HasLabel(l); (got == nil) != want {
- t.Errorf("%s:%d: %+v.Authorize(%v) returned error: %v, want error: %v", file, line, authorizer, ctx, got, want)
- }
- }
- }
-}
-
-func testNothingPermitted(t *testing.T, authorizer security.Authorizer) {
- _, file, line, _ := runtime.Caller(1)
- var (
- cRandom = newChain("random").PublicID()
- cAlice = newChain("alice")
- cVeyronAlice = bless(cAlice.PublicID(), veyronChain, "alice", nil)
- cVeyronAliceFriend = bless(cRandom, derive(cVeyronAlice, cAlice), "friend", nil)
- cVeyronBob = bless(cRandom, veyronChain, "bob", nil)
-
- tRandom = newTree("random").PublicID()
- tAlice = newTree("alice")
- // alice#veyron/alice#google/alice
- tBlessedAlice = bless(bless(tAlice.PublicID(), veyronTree, "alice", nil), googleTree, "alice", nil)
- )
- users := []security.PublicID{
- veyronChain.PublicID(),
- veyronTree.PublicID(),
- cRandom,
- cAlice.PublicID(),
- cVeyronAlice,
- cVeyronAliceFriend,
- cVeyronBob,
- tRandom,
- tAlice.PublicID(),
- tBlessedAlice,
- }
- // No principal (whether the identity provider is trusted or not)
- // should have access to any valid or invalid label.
- for _, u := range users {
- for _, l := range security.ValidLabels {
- ctx := NewContext(ContextArgs{RemoteID: u, Label: l})
- if got := authorizer.Authorize(ctx); got == nil {
- t.Errorf("%s:%d: %+v.Authorize(%v) returns nil, want error", file, line, authorizer, ctx)
- }
- }
- invalidLabel := security.Label(3)
- ctx := NewContext(ContextArgs{RemoteID: u, Label: invalidLabel})
- if got := authorizer.Authorize(ctx); got == nil {
- t.Errorf("%s:%d: %+v.Authorize(%v) returns nil, want error", file, line, authorizer, ctx)
- }
- }
-}
-
-func TestACLAuthorizer(t *testing.T) {
- const (
- // Shorthands
- R = security.ReadLabel
- W = security.WriteLabel
- A = security.AdminLabel
- D = security.DebugLabel
- M = security.MonitoringLabel
- )
- // Principals to test
- var (
- // Chain principals
- cVeyron = veyronChain.PublicID()
- pcAlice = newChain("alice")
- cAlice = pcAlice.PublicID()
- cBob = newChain("bob").PublicID()
- cCarol = newChain("carol").PublicID()
-
- // Blessed chain principals
- cVeyronAlice = bless(cAlice, veyronChain, "alice", nil)
- cVeyronBob = bless(cBob, veyronChain, "bob", nil)
- cVeyronCarol = bless(cCarol, veyronChain, "carol", nil)
- cVeyronAliceFriend = bless(cCarol, derive(cVeyronAlice, pcAlice), "friend", nil)
-
- // Tree principals
- ptAlice = newTree("alice")
- tAlice = ptAlice.PublicID()
- tBob = newTree("bob").PublicID()
- tCarol = newTree("carol").PublicID()
-
- // Blessed tree principals.
- tVeyronAlice = bless(tAlice, veyronTree, "alice", nil)
- tBlessedBob = bless(bless(tBob, veyronTree, "bob", nil), googleTree, "bob", nil)
- tVeyronAliceFriend = bless(tCarol, derive(tVeyronAlice, ptAlice), "friend", nil)
- )
- // Convenience function for combining Labels into a LabelSet.
- LS := func(labels ...security.Label) security.LabelSet {
- var ret security.LabelSet
- for _, l := range labels {
- ret = ret | security.LabelSet(l)
- }
- return ret
- }
-
- // ACL for testing
- acl := security.ACL{
- "*": LS(R),
- "alice/*": LS(W, R),
- "veyron/alice/*": LS(W, R),
- "veyron/bob": LS(W),
- "veyron/alice": LS(A, D, M),
- "google/bob/*": LS(D, M),
- }
-
- // Authorizations for the above ACL.
- authorizations := authMap{
- // Self-signed identities (untrusted identity providers) have only what "*" has.
- cAlice: LS(R),
- cBob: LS(R),
- cCarol: LS(R),
- // Self-blessed identities (tree-based ones) will also only match "*".
- tAlice: LS(R),
- tBob: LS(R),
- tCarol: LS(R),
- // Chained identities blessed by trusted providers have more permissions.
- cVeyron: LS(R, W, A, D, M),
- cVeyronAlice: LS(R, W, A, D, M),
- cVeyronBob: LS(R, W),
- cVeyronCarol: LS(R),
- cVeyronAliceFriend: LS(R, W),
- // And tree-identities with multiple blessings will have more permissions too.
- tVeyronAlice: LS(R, W, A, D, M),
- tBlessedBob: LS(R, W, D, M),
- tVeyronAliceFriend: LS(R, W),
- // nil PublicIDs are not authorized.
- nil: LS(),
- }
- // Create an aclAuthorizer based on the ACL and verify the authorizations.
- authorizer := NewACLAuthorizer(acl)
- testAuthorizations(t, authorizer, authorizations)
- testSelfRPCs(t, authorizer)
-
- // Create a fileACLAuthorizer by saving the ACL in a file, and verify the authorizations.
- fileName := saveACLToTempFile(acl)
- defer os.Remove(fileName)
- fileAuthorizer := NewFileACLAuthorizer(fileName)
- testAuthorizations(t, fileAuthorizer, authorizations)
- testSelfRPCs(t, fileAuthorizer)
-
- // Modify the ACL stored in the file and verify that the authorizations appropriately change
- // for the fileACLAuthorizer.
- acl["veyron/bob"] = LS(R, W, A, D, M)
- updateACLInFile(fileName, acl)
-
- authorizations[cVeyronBob] = LS(R, W, A, D, M)
- authorizations[tBlessedBob] = LS(R, W, A, D, M)
- testAuthorizations(t, fileAuthorizer, authorizations)
- testSelfRPCs(t, fileAuthorizer)
-
- // Update the ACL file with invalid contents and verify that no requests are authorized.
- f, err := os.OpenFile(fileName, os.O_WRONLY, 0600)
- if err != nil {
- panic(err)
- }
- f.Write([]byte("invalid ACL"))
- f.Close()
- testNothingPermitted(t, fileAuthorizer)
-
- // Verify that a fileACLAuthorizer based on a nonexistent file does not authorize any
- // requests.
- fileAuthorizer = NewFileACLAuthorizer("fileDoesNotExist")
- testNothingPermitted(t, fileAuthorizer)
-}
-
-func TestNilACLAuthorizer(t *testing.T) {
- authorizer := NewACLAuthorizer(nil)
- testNothingPermitted(t, authorizer)
- testSelfRPCs(t, authorizer)
-}
-
-func TestIDAuthorizer(t *testing.T) {
- // Principals to test
- var (
- // Chain principals
- cVeyron = veyronChain.PublicID()
- pcAlice = newChain("alice")
- cAlice = pcAlice.PublicID()
- cBob = newChain("bob").PublicID()
- cCarol = newChain("carol").PublicID()
-
- // Blessed chain principals
- cVeyronAlice = bless(cAlice, veyronChain, "alice", nil)
- cVeyronBob = bless(cBob, veyronChain, "bob", nil)
- cVeyronAliceFriend = bless(cCarol, derive(cVeyronAlice, pcAlice), "friend", nil)
-
- // Tree principals
- tVeyron = veyronTree.PublicID()
- tGoogle = googleTree.PublicID()
- ptAlice = newTree("alice")
- tAlice = ptAlice.PublicID()
- tBob = newTree("bob").PublicID()
- tCarol = newTree("carol").PublicID()
-
- // Blessed tree principals.
- tVeyronAlice = bless(tAlice, veyronTree, "alice", nil)
- tBlessedBob = bless(bless(tBob, veyronTree, "bob", nil), googleTree, "bob", nil)
- tGoogleCarol = bless(tCarol, googleTree, "carol", nil)
- tVeyronAliceCarol = bless(tCarol, derive(tVeyronAlice, ptAlice), "friend", nil)
- tVeyronAliceGoogleCarol = bless(tGoogleCarol, derive(tVeyronAlice, ptAlice), "friend", nil)
- )
-
- var noLabels, allLabels security.LabelSet
- for _, l := range security.ValidLabels {
- allLabels |= security.LabelSet(l)
- }
-
- testdata := []struct {
- authorizer security.Authorizer
- authorizations authMap
- }{
- {
- authorizer: NewIDAuthorizer(cVeyronAlice),
- authorizations: authMap{
- cVeyron: allLabels,
- cVeyronAlice: allLabels,
- cVeyronAliceFriend: allLabels,
- tVeyron: allLabels,
- tVeyronAlice: allLabels,
- tVeyronAliceCarol: allLabels,
- tVeyronAliceGoogleCarol: allLabels,
- nil: noLabels,
- cAlice: noLabels,
- cBob: noLabels,
- cCarol: noLabels,
- cVeyronBob: noLabels,
- tGoogle: noLabels,
- tAlice: noLabels,
- tBob: noLabels,
- tCarol: noLabels,
- tBlessedBob: noLabels,
- tGoogleCarol: noLabels,
- },
- },
- {
- authorizer: NewIDAuthorizer(tVeyronAliceGoogleCarol),
- authorizations: authMap{
- cVeyron: allLabels,
- cVeyronAlice: allLabels,
- cVeyronAliceFriend: allLabels,
- tVeyron: allLabels,
- tGoogle: allLabels,
- tVeyronAlice: allLabels,
- tGoogleCarol: allLabels,
- tVeyronAliceCarol: allLabels,
- tVeyronAliceGoogleCarol: allLabels,
- nil: noLabels,
- cAlice: noLabels,
- cBob: noLabels,
- cCarol: noLabels,
- cVeyronBob: noLabels,
- tAlice: noLabels,
- tBob: noLabels,
- tCarol: noLabels,
- tBlessedBob: noLabels,
- },
- },
- }
- for _, d := range testdata {
- testAuthorizations(t, d.authorizer, d.authorizations)
- testSelfRPCs(t, d.authorizer)
- }
-}
-
-func TestNilIDAuthorizer(t *testing.T) {
- authorizer := NewIDAuthorizer(nil)
- testNothingPermitted(t, authorizer)
- testSelfRPCs(t, authorizer)
-}
diff --git a/services/mgmt/application/applicationd/main.go b/services/mgmt/application/applicationd/main.go
index 4f04f07..2c944c7 100644
--- a/services/mgmt/application/applicationd/main.go
+++ b/services/mgmt/application/applicationd/main.go
@@ -4,10 +4,10 @@
"flag"
"veyron/lib/signals"
- "veyron/runtimes/google/security"
"veyron/services/mgmt/application/impl"
"veyron2/rt"
+ "veyron2/security"
"veyron2/vlog"
)
diff --git a/services/mgmt/content/contentd/main.go b/services/mgmt/content/contentd/main.go
index 2168724..4dea545 100644
--- a/services/mgmt/content/contentd/main.go
+++ b/services/mgmt/content/contentd/main.go
@@ -7,10 +7,10 @@
"veyron/lib/signals"
- "veyron/runtimes/google/security"
"veyron/services/mgmt/content/impl"
"veyron2/rt"
+ "veyron2/security"
"veyron2/vlog"
)
