"x/ref": Use security.[Local/Remote]BlessingNames
CL 8243 depecrated security.BlessingNames and instead
introduced security.[Local/Remote]BlessingNames. This CL
updates the x/ref repo in accordance to this change.
Change-Id: I20e1b691f9941be6a8693e924a47948ec46a1331
diff --git a/examples/rps/rpsbot/impl.go b/examples/rps/rpsbot/impl.go
index 3db881d..a767dfc 100644
--- a/examples/rps/rpsbot/impl.go
+++ b/examples/rps/rpsbot/impl.go
@@ -37,10 +37,10 @@
func (r *RPS) CreateGame(call rpc.ServerCall, opts rps.GameOptions) (rps.GameId, error) {
if vlog.V(1) {
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
vlog.Infof("CreateGame %+v from %v", opts, b)
}
- names, _ := security.BlessingNames(call.Context(), security.CallSideLocal)
+ names := security.LocalBlessingNames(call.Context())
if len(names) == 0 {
return rps.GameId{}, errors.New("no names provided for context")
}
@@ -48,7 +48,7 @@
}
func (r *RPS) Play(call rps.JudgePlayServerCall, id rps.GameId) (rps.PlayResult, error) {
- names, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ names, _ := security.RemoteBlessingNames(call.Context())
vlog.VI(1).Infof("Play %+v from %v", id, names)
if len(names) == 0 {
return rps.PlayResult{}, errors.New("no names provided for context")
@@ -57,14 +57,14 @@
}
func (r *RPS) Challenge(call rpc.ServerCall, address string, id rps.GameId, opts rps.GameOptions) error {
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
vlog.VI(1).Infof("Challenge (%q, %+v, %+v) from %v", address, id, opts, b)
newctx, _ := vtrace.SetNewTrace(r.ctx)
return r.player.challenge(newctx, address, id, opts)
}
func (r *RPS) Record(call rpc.ServerCall, score rps.ScoreCard) error {
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
vlog.VI(1).Infof("Record (%+v) from %v", score, b)
return r.scoreKeeper.Record(call, score)
}
diff --git a/examples/rps/rpsbot/scorekeeper.go b/examples/rps/rpsbot/scorekeeper.go
index 1f7e7d7..4c08366 100644
--- a/examples/rps/rpsbot/scorekeeper.go
+++ b/examples/rps/rpsbot/scorekeeper.go
@@ -25,7 +25,7 @@
}
func (k *ScoreKeeper) Record(call rpc.ServerCall, score rps.ScoreCard) error {
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
vlog.VI(1).Infof("Received ScoreCard from %v:", b)
vlog.VI(1).Info(common.FormatScoreCard(score))
k.numRecords.Incr(1)
diff --git a/examples/rps/rpsplayer/main.go b/examples/rps/rpsplayer/main.go
index de34412..5872963 100644
--- a/examples/rps/rpsplayer/main.go
+++ b/examples/rps/rpsplayer/main.go
@@ -73,7 +73,7 @@
}
func (i *impl) Challenge(call rpc.ServerCall, address string, id rps.GameId, opts rps.GameOptions) error {
- remote, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ remote, _ := security.RemoteBlessingNames(call.Context())
vlog.VI(1).Infof("Challenge (%q, %+v) from %v", address, id, remote)
// When setDecline(true) returns, future challenges will be declined.
// Whether the current challenge should be considered depends on the
diff --git a/examples/rps/rpsscorekeeper/main.go b/examples/rps/rpsscorekeeper/main.go
index 653baca..babd0d9 100644
--- a/examples/rps/rpsscorekeeper/main.go
+++ b/examples/rps/rpsscorekeeper/main.go
@@ -25,7 +25,7 @@
}
func (i *impl) Record(call rpc.ServerCall, score rps.ScoreCard) error {
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
vlog.VI(1).Infof("Record (%+v) from %v", score, b)
i.ch <- score
return nil
diff --git a/examples/tunnel/tunneld/impl.go b/examples/tunnel/tunneld/impl.go
index c8c179b..cf0c4f3 100644
--- a/examples/tunnel/tunneld/impl.go
+++ b/examples/tunnel/tunneld/impl.go
@@ -29,7 +29,7 @@
if err != nil {
return err
}
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
name := fmt.Sprintf("RemoteBlessings:%v LocalAddr:%v RemoteAddr:%v", b, conn.LocalAddr(), conn.RemoteAddr())
vlog.Infof("TUNNEL START: %v", name)
err = tunnelutil.Forward(conn, call.SendStream(), call.RecvStream())
@@ -38,7 +38,7 @@
}
func (t *T) Shell(call tunnel.TunnelShellServerCall, command string, shellOpts tunnel.ShellOpts) (int32, error) {
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
vlog.Infof("SHELL START for %v: %q", b, command)
shell, err := findShell()
if err != nil {
@@ -109,7 +109,7 @@
select {
case runErr := <-runIOManager(stdin, stdout, stderr, ptyFd, call):
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
vlog.Infof("SHELL END for %v: %q (%v)", b, command, runErr)
return harvestExitcode(c.Process, runErr)
case <-call.Context().Done():
diff --git a/profiles/internal/lib/appcycle/appcycle.go b/profiles/internal/lib/appcycle/appcycle.go
index 0a683d4..366a97d 100644
--- a/profiles/internal/lib/appcycle/appcycle.go
+++ b/profiles/internal/lib/appcycle/appcycle.go
@@ -122,7 +122,7 @@
}
func (d *invoker) Stop(call stub.AppCycleStopServerCall) error {
- blessings, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, _ := security.RemoteBlessingNames(call.Context())
vlog.Infof("AppCycle Stop request from %v", blessings)
// The size of the channel should be reasonably sized to expect not to
// miss updates while we're waiting for the stream to unblock.
diff --git a/profiles/internal/rpc/client.go b/profiles/internal/rpc/client.go
index d107af1..84e8166 100644
--- a/profiles/internal/rpc/client.go
+++ b/profiles/internal/rpc/client.go
@@ -376,7 +376,7 @@
status.flow = nil
return
}
- status.blessings, status.rejectedBlessings = security.BlessingNames(ctx, security.CallSideRemote)
+ status.blessings, status.rejectedBlessings = security.RemoteBlessingNames(ctx)
return
}
diff --git a/profiles/internal/rpc/full_test.go b/profiles/internal/rpc/full_test.go
index 2595fee..dcbcfa9 100644
--- a/profiles/internal/rpc/full_test.go
+++ b/profiles/internal/rpc/full_test.go
@@ -102,8 +102,8 @@
}
func (*testServer) EchoBlessings(call rpc.ServerCall) (server, client string, _ error) {
- local, _ := security.BlessingNames(call.Context(), security.CallSideLocal)
- remote, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ local := security.LocalBlessingNames(call.Context())
+ remote, _ := security.RemoteBlessingNames(call.Context())
return fmt.Sprintf("%v", local), fmt.Sprintf("%v", remote), nil
}
diff --git a/profiles/internal/rpc/server_authorizer.go b/profiles/internal/rpc/server_authorizer.go
index f863b3a..4d12a49 100644
--- a/profiles/internal/rpc/server_authorizer.go
+++ b/profiles/internal/rpc/server_authorizer.go
@@ -66,7 +66,7 @@
if call.RemoteBlessings().IsZero() {
return verror.New(errNoBlessings, ctx)
}
- serverBlessings, rejectedBlessings := security.BlessingNames(ctx, security.CallSideRemote)
+ serverBlessings, rejectedBlessings := security.RemoteBlessingNames(ctx)
if !matchedBy(a.patternsFromNameResolution, serverBlessings) {
return verror.New(errAuthNoPatternMatch, ctx, serverBlessings, a.patternsFromNameResolution, rejectedBlessings)
diff --git a/profiles/internal/rt/ipc_test.go b/profiles/internal/rt/ipc_test.go
index e35ee5b..f613e3d 100644
--- a/profiles/internal/rt/ipc_test.go
+++ b/profiles/internal/rt/ipc_test.go
@@ -27,7 +27,7 @@
type testService struct{}
func (testService) EchoBlessings(call rpc.ServerCall) ([]string, error) {
- b, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(call.Context())
return b, nil
}
diff --git a/profiles/internal/rt/rt_test.go b/profiles/internal/rt/rt_test.go
index 8000b47..3874701 100644
--- a/profiles/internal/rt/rt_test.go
+++ b/profiles/internal/rt/rt_test.go
@@ -98,7 +98,7 @@
ctx, cancel := context.RootContext()
defer cancel()
ctx = security.SetCall(ctx, call)
- blessings, rejected := security.BlessingNames(ctx, security.CallSideRemote)
+ blessings, rejected := security.RemoteBlessingNames(ctx)
if n := len(blessings); n != 1 {
return fmt.Errorf("rt.Principal().BlessingStore().Default() return blessings:%v (rejected:%v), want exactly one recognized blessing", blessings, rejected)
}
@@ -110,7 +110,7 @@
ctx, cancel := context.RootContext()
defer cancel()
ctx = security.SetCall(ctx, call)
- b, _ := security.BlessingNames(ctx, security.CallSideRemote)
+ b, _ := security.RemoteBlessingNames(ctx)
return b[0]
}
diff --git a/security/agent/pingpong/main.go b/security/agent/pingpong/main.go
index e9a4f41..3547245 100644
--- a/security/agent/pingpong/main.go
+++ b/security/agent/pingpong/main.go
@@ -17,8 +17,8 @@
type pongd struct{}
func (f *pongd) Ping(call rpc.ServerCall, message string) (result string, err error) {
- client, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
- server, _ := security.BlessingNames(call.Context(), security.CallSideLocal)
+ client, _ := security.RemoteBlessingNames(call.Context())
+ server := security.LocalBlessingNames(call.Context())
return fmt.Sprintf("pong (client:%v server:%v)", client, server), nil
}
diff --git a/services/mgmt/binary/impl/service.go b/services/mgmt/binary/impl/service.go
index e18290a..4a7dbb1 100644
--- a/services/mgmt/binary/impl/service.go
+++ b/services/mgmt/binary/impl/service.go
@@ -132,7 +132,7 @@
return verror.New(ErrOperationFailed, call.Context())
}
- rb, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ rb, _ := security.RemoteBlessingNames(call.Context())
if len(rb) == 0 {
// None of the client's blessings are valid.
return verror.New(ErrNotAuthorized, call.Context())
@@ -399,7 +399,7 @@
// can be extended to form one of the local blessings.)
tam := make(access.Permissions)
- lb, _ := security.BlessingNames(call.Context(), security.CallSideLocal)
+ lb := security.LocalBlessingNames(call.Context())
for _, p := range prefixPatterns(lb) {
for _, tag := range access.AllTypicalTags() {
tam.Add(p, string(tag))
diff --git a/services/mgmt/device/impl/app_service.go b/services/mgmt/device/impl/app_service.go
index 2d4881a..ad0a09c 100644
--- a/services/mgmt/device/impl/app_service.go
+++ b/services/mgmt/device/impl/app_service.go
@@ -456,7 +456,7 @@
// TODO(caprita,rjkroege): Should the installation AccessLists really be
// seeded with the device AccessList? Instead, might want to hide the deviceAccessList
// from the app?
- blessings, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, _ := security.RemoteBlessingNames(call.Context())
if err := i.initializeSubAccessLists(installationDir, blessings, i.deviceAccessList.Copy()); err != nil {
return "", err
}
@@ -715,7 +715,7 @@
if err := saveInstanceInfo(call.Context(), instanceDir, instanceInfo); err != nil {
return instanceDir, instanceID, err
}
- blessings, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, _ := security.RemoteBlessingNames(call.Context())
aclCopy := i.deviceAccessList.Copy()
if err := i.initializeSubAccessLists(instanceDir, blessings, aclCopy); err != nil {
return instanceDir, instanceID, err
diff --git a/services/mgmt/device/impl/device_service.go b/services/mgmt/device/impl/device_service.go
index 784d029..07b1868 100644
--- a/services/mgmt/device/impl/device_service.go
+++ b/services/mgmt/device/impl/device_service.go
@@ -646,7 +646,7 @@
func (s *deviceService) ListAssociations(call rpc.ServerCall) (associations []device.Association, err error) {
// Temporary code. Dump this.
if vlog.V(2) {
- b, r := security.BlessingNames(call.Context(), security.CallSideRemote)
+ b, r := security.RemoteBlessingNames(call.Context())
vlog.Infof("ListAssociations given blessings: %v\n", b)
if len(r) > 0 {
vlog.Infof("ListAssociations rejected blessings: %v\n", r)
diff --git a/services/mgmt/device/impl/helper_manager.go b/services/mgmt/device/impl/helper_manager.go
index 870be30..0a1a762 100644
--- a/services/mgmt/device/impl/helper_manager.go
+++ b/services/mgmt/device/impl/helper_manager.go
@@ -59,7 +59,7 @@
// TODO(rjkroege): This code assumes a desktop target and will need
// to be reconsidered for embedded contexts.
func (i suidHelperState) usernameForPrincipal(call rpc.ServerCall, uat BlessingSystemAssociationStore) string {
- identityNames, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ identityNames, _ := security.RemoteBlessingNames(call.Context())
systemName, present := uat.SystemAccountForBlessings(identityNames)
if present {
diff --git a/services/mgmt/lib/acls/hierarchical_authorizer.go b/services/mgmt/lib/acls/hierarchical_authorizer.go
index 7c0b775..10c3302 100644
--- a/services/mgmt/lib/acls/hierarchical_authorizer.go
+++ b/services/mgmt/lib/acls/hierarchical_authorizer.go
@@ -82,7 +82,7 @@
// Maybe the invoking principal can invoke this method because
// it has root permissions.
- names, _ := security.BlessingNames(ctx, security.CallSideRemote)
+ names, _ := security.RemoteBlessingNames(ctx)
if len(names) > 0 && ha.rootAccessList.Includes(names...) {
return nil
}
diff --git a/services/mounttable/lib/mounttable.go b/services/mounttable/lib/mounttable.go
index a1b6a34..b1c2bd5 100644
--- a/services/mounttable/lib/mounttable.go
+++ b/services/mounttable/lib/mounttable.go
@@ -173,7 +173,7 @@
return nil
}
// Match client's blessings against the AccessLists.
- blessings, invalidB := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, invalidB := security.RemoteBlessingNames(call.Context())
for _, tag := range tags {
if acl, exists := n.acls.GetPermissionsForTag(string(tag)); exists && acl.Includes(blessings...) {
return nil
@@ -206,7 +206,7 @@
return nil
}
// Match client's blessings against the AccessLists.
- blessings, invalidB := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, invalidB := security.RemoteBlessingNames(call.Context())
for _, tag := range tags {
if acl, exists := n.amTemplate[string(tag)]; exists && expand(&acl, name).Includes(blessings...) {
return nil
@@ -225,7 +225,7 @@
return nil
}
acls := cur.acls.Copy()
- blessings, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, _ := security.RemoteBlessingNames(call.Context())
for _, b := range blessings {
acls.Add(security.BlessingPattern(b), string(mounttable.Admin))
}
@@ -423,7 +423,7 @@
// No patterns provided in the request, take the conservative
// approach and assume that the server being mounted will
// present the same blessings as the client calling Mount.
- blessings, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, _ := security.RemoteBlessingNames(call.Context())
for _, b := range blessings {
patterns = append(patterns, security.BlessingPattern(b))
}
diff --git a/services/security/groups/server/group.go b/services/security/groups/server/group.go
index 6b1311d..91960e3 100644
--- a/services/security/groups/server/group.go
+++ b/services/security/groups/server/group.go
@@ -33,7 +33,7 @@
}
if acl == nil {
acl = access.Permissions{}
- blessings, _ := security.BlessingNames(call.Context(), security.CallSideRemote)
+ blessings, _ := security.RemoteBlessingNames(call.Context())
if len(blessings) == 0 {
// The blessings presented by the caller do not give it a name for this
// operation. We could create a world-accessible group, but it seems safer
diff --git a/services/wsprd/principal/principal_test.go b/services/wsprd/principal/principal_test.go
index 76263ea..4e05fee 100644
--- a/services/wsprd/principal/principal_test.go
+++ b/services/wsprd/principal/principal_test.go
@@ -89,7 +89,7 @@
LocalPrincipal: pOrigin,
RemoteBlessings: b,
Method: method}))
- return security.BlessingNames(ctx, security.CallSideRemote)
+ return security.RemoteBlessingNames(ctx)
}
// Validate the blessings in various contexts.
diff --git a/services/wsprd/rpc/server/server.go b/services/wsprd/rpc/server/server.go
index 491f111..43e390b 100644
--- a/services/wsprd/rpc/server/server.go
+++ b/services/wsprd/rpc/server/server.go
@@ -462,8 +462,8 @@
}
ctx := call.Context()
if includeBlessingStrings {
- secCall.LocalBlessingStrings, _ = security.BlessingNames(ctx, security.CallSideLocal)
- secCall.RemoteBlessingStrings, _ = security.BlessingNames(ctx, security.CallSideRemote)
+ secCall.LocalBlessingStrings = security.LocalBlessingNames(ctx)
+ secCall.RemoteBlessingStrings, _ = security.RemoteBlessingNames(ctx)
}
return secCall
}
