Merge "vdl/java: fix array length visibility of non-public classes"
diff --git a/cmd/gclogs/doc.go b/cmd/gclogs/doc.go
index b46e899..eddfe2f 100644
--- a/cmd/gclogs/doc.go
+++ b/cmd/gclogs/doc.go
@@ -74,33 +74,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.acl.file=map[]
- specify an acl file as <name>:<aclfile>
- -veyron.acl.literal=
- explicitly specify the runtime acl as a JSON-encoded access.Permissions.
- Overrides all --veyron.acl.file flags.
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
*/
diff --git a/cmd/gclogs/main.go b/cmd/gclogs/main.go
index b8e066f..9c62ff3 100644
--- a/cmd/gclogs/main.go
+++ b/cmd/gclogs/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go . -help
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go . -help
package main
diff --git a/cmd/mgmt/dummy.go b/cmd/mgmt/dummy.go
deleted file mode 100644
index 9476b6f..0000000
--- a/cmd/mgmt/dummy.go
+++ /dev/null
@@ -1,5 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package mgmt
diff --git a/cmd/mounttable/doc.go b/cmd/mounttable/doc.go
index 64fc04b..51b8ac1 100644
--- a/cmd/mounttable/doc.go
+++ b/cmd/mounttable/doc.go
@@ -56,28 +56,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/cmd/mounttable/main.go b/cmd/mounttable/main.go
index 3af5487..e33dc99 100644
--- a/cmd/mounttable/main.go
+++ b/cmd/mounttable/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/cmd/namespace/doc.go b/cmd/namespace/doc.go
index c87d044..729d6c4 100644
--- a/cmd/namespace/doc.go
+++ b/cmd/namespace/doc.go
@@ -62,28 +62,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/cmd/namespace/main.go b/cmd/namespace/main.go
index 3af5487..e33dc99 100644
--- a/cmd/namespace/main.go
+++ b/cmd/namespace/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/cmd/principal/doc.go b/cmd/principal/doc.go
index 65c1932..5a534c3 100644
--- a/cmd/principal/doc.go
+++ b/cmd/principal/doc.go
@@ -74,33 +74,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.acl.file=map[]
- specify an acl file as <name>:<aclfile>
- -veyron.acl.literal=
- explicitly specify the runtime acl as a JSON-encoded access.Permissions.
- Overrides all --veyron.acl.file flags.
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/cmd/principal/main.go b/cmd/principal/main.go
index 67fb4e1..a5b2305 100644
--- a/cmd/principal/main.go
+++ b/cmd/principal/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
@@ -27,8 +27,8 @@
"v.io/v23/security"
"v.io/v23/vom"
"v.io/x/lib/cmdline"
+ vsecurity "v.io/x/ref/lib/security"
_ "v.io/x/ref/profiles/static"
- vsecurity "v.io/x/ref/security"
)
var (
@@ -262,7 +262,7 @@
// Send blessings to a "server" started by a "recvblessings" command, either
// with the --remote-arg-file flag, or with --remote-key and --remote-token flags.
if len(remoteKey) > 0 {
- granter := &granter{p, with, extension, caveats, remoteKey}
+ granter := &granter{with, extension, caveats, remoteKey}
return blessOverNetwork(ctx, tobless, granter, remoteToken)
}
@@ -1017,14 +1017,16 @@
func (allowAnyone) Authorize(*context.T) error { return nil }
type granter struct {
- p security.Principal
with security.Blessings
extension string
caveats []security.Caveat
serverKey string
}
-func (g *granter) Grant(server security.Blessings) (security.Blessings, error) {
+func (g *granter) Grant(ctx *context.T) (security.Blessings, error) {
+ call := security.GetCall(ctx)
+ server := call.RemoteBlessings()
+ p := call.LocalPrincipal()
if got := fmt.Sprintf("%v", server.PublicKey()); got != g.serverKey {
// If the granter returns an error, the RPC framework should
// abort the RPC before sending the request to the server.
@@ -1032,7 +1034,7 @@
// imposter server.
return security.Blessings{}, fmt.Errorf("key mismatch: Remote end has public key %v, want %v", got, g.serverKey)
}
- return g.p.Bless(server.PublicKey(), g.with, g.extension, g.caveats[0], g.caveats[1:]...)
+ return p.Bless(server.PublicKey(), g.with, g.extension, g.caveats[0], g.caveats[1:]...)
}
func (*granter) RPCCallOpt() {}
diff --git a/cmd/principal/principal_v23_test.go b/cmd/principal/principal_v23_test.go
index 655fec8..952bec0 100644
--- a/cmd/principal/principal_v23_test.go
+++ b/cmd/principal/principal_v23_test.go
@@ -382,7 +382,7 @@
func V23TestForkWithoutVDLPATH(t *v23tests.T) {
var (
parent = t.NewTempDir()
- bin = t.BuildGoPkg("v.io/x/ref/cmd/principal").WithEnv("VANADIUM_ROOT=''", "VDLPATH=''")
+ bin = t.BuildGoPkg("v.io/x/ref/cmd/principal").WithEnv("V23_ROOT=''", "VDLPATH=''")
)
if err := bin.Start("create", parent, "parent").Wait(os.Stdout, os.Stderr); err != nil {
t.Fatalf("create %q failed: %v", parent, err)
@@ -536,7 +536,7 @@
bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
// The second argument and the "want" line below were generated by:
// import "encoding/base64"
- // import "v.io/x/ref/security"
+ // import "v.io/x/ref/lib/security"
//
// key, _, _ := security.NewPrincipalKey()
// der, _ := key.MarshalBinary()
diff --git a/cmd/servicerunner/main.go b/cmd/servicerunner/main.go
index 3df6a21..fb6abaa 100644
--- a/cmd/servicerunner/main.go
+++ b/cmd/servicerunner/main.go
@@ -20,8 +20,8 @@
"v.io/x/ref/envvar"
"v.io/x/ref/lib/signals"
"v.io/x/ref/profiles"
- identityd "v.io/x/ref/services/identity/modules"
- mounttable "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/identity/identitylib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test/expect"
"v.io/x/ref/test/modules"
)
@@ -45,9 +45,9 @@
if err != nil {
return fmt.Errorf("root failed: %v", err)
}
- mt, err := mounttable.NewMountTableDispatcher("")
+ mt, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
- return fmt.Errorf("mounttable.NewMountTableDispatcher failed: %s", err)
+ return fmt.Errorf("mounttablelib.NewMountTableDispatcher failed: %s", err)
}
eps, err := server.Listen(lspec)
if err != nil {
@@ -123,11 +123,11 @@
defer proxyShutdown()
vars["PROXY_NAME"] = proxyEndpoint.Name()
- h, err = sh.Start(WSPRCommand, nil, "--v23.tcp.protocol=ws", "--v23.tcp.address=127.0.0.1:0", "--v23.proxy=test/proxy", "--identd=test/identd")
+ h, err = sh.Start(WSPRDCommand, nil, "--v23.tcp.protocol=ws", "--v23.tcp.address=127.0.0.1:0", "--v23.proxy=test/proxy", "--identd=test/identd")
panicOnError(err)
panicOnError(updateVars(h, vars, "WSPR_ADDR"))
- h, err = sh.Start(identityd.TestIdentitydCommand, nil, "--v23.tcp.protocol=ws", "--v23.tcp.address=127.0.0.1:0", "--v23.proxy=test/proxy", "--http-addr=localhost:0")
+ h, err = sh.Start(identitylib.TestIdentitydCommand, nil, "--v23.tcp.protocol=ws", "--v23.tcp.address=127.0.0.1:0", "--v23.proxy=test/proxy", "--http-addr=localhost:0")
panicOnError(err)
panicOnError(updateVars(h, vars, "TEST_IDENTITYD_NAME", "TEST_IDENTITYD_HTTP_ADDR"))
diff --git a/cmd/servicerunner/servicerunner b/cmd/servicerunner/servicerunner
deleted file mode 100755
index 938287a..0000000
--- a/cmd/servicerunner/servicerunner
+++ /dev/null
Binary files differ
diff --git a/cmd/servicerunner/wspr.go b/cmd/servicerunner/wspr.go
index 9bc3acb..a972136 100644
--- a/cmd/servicerunner/wspr.go
+++ b/cmd/servicerunner/wspr.go
@@ -11,7 +11,7 @@
"v.io/v23"
- "v.io/x/ref/services/wsprd/wspr"
+ "v.io/x/ref/services/wspr/wsprlib"
"v.io/x/ref/test/modules"
)
@@ -20,10 +20,10 @@
identd *string = flag.CommandLine.String("identd", "", "identd server name. Must be set.")
)
-const WSPRCommand = "wsprd"
+const WSPRDCommand = "wsprd"
func init() {
- modules.RegisterChild(WSPRCommand, modules.Usage(flag.CommandLine), startWSPR)
+ modules.RegisterChild(WSPRDCommand, modules.Usage(flag.CommandLine), startWSPR)
}
func startWSPR(stdin io.Reader, stdout, stderr io.Writer, env map[string]string, args ...string) error {
@@ -31,7 +31,7 @@
defer shutdown()
l := v23.GetListenSpec(ctx)
- proxy := wspr.NewWSPR(ctx, *port, &l, *identd, nil)
+ proxy := wsprlib.NewWSPR(ctx, *port, &l, *identd, nil)
defer proxy.Shutdown()
addr := proxy.Listen()
diff --git a/cmd/uniqueid/doc.go b/cmd/uniqueid/doc.go
index 6c4c7a5..1b6e4df 100644
--- a/cmd/uniqueid/doc.go
+++ b/cmd/uniqueid/doc.go
@@ -60,33 +60,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.acl.file=map[]
- specify an acl file as <name>:<aclfile>
- -veyron.acl.literal=
- explicitly specify the runtime acl as a JSON-encoded access.Permissions.
- Overrides all --veyron.acl.file flags.
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/cmd/uniqueid/main.go b/cmd/uniqueid/main.go
index 3f8a16a..e072764 100644
--- a/cmd/uniqueid/main.go
+++ b/cmd/uniqueid/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/cmd/mgmt/vbash b/cmd/vbash
similarity index 95%
rename from cmd/mgmt/vbash
rename to cmd/vbash
index e2c7bbf..33029ac 100755
--- a/cmd/mgmt/vbash
+++ b/cmd/vbash
@@ -32,7 +32,7 @@
set -e
-readonly BIN_PACKAGES=(v.io/x/ref/cmd/principal v.io/x/ref/security/agent/agentd)
+readonly BIN_PACKAGES=(v.io/x/ref/cmd/principal v.io/x/ref/services/agent/agentd)
BIN_NAMES=(${BIN_PACKAGES[@]})
for (( i=0; i<${#BIN_PACKAGES[@]}; i++ )); do
BIN_NAMES[$i]=$(basename "${BIN_PACKAGES[$i]}")
@@ -69,7 +69,7 @@
# Globals:
# BIN_NAMES
# BIN_PACKAGES
-# VANADIUM_ROOT
+# V23_ROOT
# Arguments:
# destination for binaries
# source of binaries
@@ -88,11 +88,11 @@
# If source is not specified, try to build latest version of the binaries and copy
# them from the repository.
if [[ -z "${BIN_SOURCE}" ]]; then
- if [[ -z "${VANADIUM_ROOT}" ]]; then
- echo 'WARNING: VANADIUM_ROOT is not specified, cannot build fresh binaries'
+ if [[ -z "${V23_ROOT}" ]]; then
+ echo 'WARNING: V23_ROOT is not specified, cannot build fresh binaries'
return
fi
- local -r REPO_BIN_DIR="${VANADIUM_ROOT}/release/go/bin"
+ local -r REPO_BIN_DIR="${V23_ROOT}/release/go/bin"
echo "Building and Fetching binaries:${bin_names_str} from build repository: ${REPO_BIN_DIR} ..."
for package in "${BIN_PACKAGES[@]}"; do
local bin_name=$(basename "${package}")
diff --git a/cmd/vdl/doc.go b/cmd/vdl/doc.go
index b580843..2b34150 100644
--- a/cmd/vdl/doc.go
+++ b/cmd/vdl/doc.go
@@ -267,8 +267,8 @@
Setting VDLROOT is optional.
-If VDLROOT is empty, we try to construct it out of the VANADIUM_ROOT environment
-variable. It is an error if both VDLROOT and VANADIUM_ROOT are empty.
+If VDLROOT is empty, we try to construct it out of the V23_ROOT environment
+variable. It is an error if both VDLROOT and V23_ROOT are empty.
Vdl Vdl.Config - help topic
diff --git a/cmd/vdl/main.go b/cmd/vdl/main.go
index 0defd24..fb695a3 100644
--- a/cmd/vdl/main.go
+++ b/cmd/vdl/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
@@ -145,8 +145,8 @@
Setting VDLROOT is optional.
-If VDLROOT is empty, we try to construct it out of the VANADIUM_ROOT environment
-variable. It is an error if both VDLROOT and VANADIUM_ROOT are empty.
+If VDLROOT is empty, we try to construct it out of the V23_ROOT environment
+variable. It is an error if both VDLROOT and V23_ROOT are empty.
`,
}
diff --git a/cmd/vom/doc.go b/cmd/vom/doc.go
index bcc38a3..7c24a80 100644
--- a/cmd/vom/doc.go
+++ b/cmd/vom/doc.go
@@ -59,33 +59,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.acl.file=map[]
- specify an acl file as <name>:<aclfile>
- -veyron.acl.literal=
- explicitly specify the runtime acl as a JSON-encoded access.Permissions.
- Overrides all --veyron.acl.file flags.
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/cmd/vom/vom.go b/cmd/vom/vom.go
index 2e2d2ce..7a99a60 100644
--- a/cmd/vom/vom.go
+++ b/cmd/vom/vom.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/cmd/vomtestgen/doc.go b/cmd/vomtestgen/doc.go
index 3fc4f34..67e37b3 100644
--- a/cmd/vomtestgen/doc.go
+++ b/cmd/vomtestgen/doc.go
@@ -73,33 +73,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.acl.file=map[]
- specify an acl file as <name>:<aclfile>
- -veyron.acl.literal=
- explicitly specify the runtime acl as a JSON-encoded access.Permissions.
- Overrides all --veyron.acl.file flags.
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
*/
diff --git a/cmd/vomtestgen/main.go b/cmd/vomtestgen/main.go
index fa43955..6305464 100644
--- a/cmd/vomtestgen/main.go
+++ b/cmd/vomtestgen/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go . -help
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go . -help
package main
diff --git a/cmd/vrpc/doc.go b/cmd/vrpc/doc.go
index fe7da61..caf236a 100644
--- a/cmd/vrpc/doc.go
+++ b/cmd/vrpc/doc.go
@@ -56,28 +56,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/cmd/vrpc/vrpc.go b/cmd/vrpc/vrpc.go
index 3a1e2af..a00f86e 100644
--- a/cmd/vrpc/vrpc.go
+++ b/cmd/vrpc/vrpc.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/cmd/vrun/vrun.go b/cmd/vrun/vrun.go
index 4bdafd1..a61e720 100644
--- a/cmd/vrun/vrun.go
+++ b/cmd/vrun/vrun.go
@@ -11,24 +11,23 @@
"syscall"
"time"
- "v.io/x/lib/cmdline"
- "v.io/x/ref/envvar"
- "v.io/x/ref/security/agent"
- "v.io/x/ref/security/agent/keymgr"
- isecurity "v.io/x/ref/services/security"
-
"v.io/v23"
"v.io/v23/context"
"v.io/v23/security"
+ "v.io/x/lib/cmdline"
"v.io/x/lib/vlog"
+ "v.io/x/ref/envvar"
+ "v.io/x/ref/services/agent"
+ "v.io/x/ref/services/agent/keymgr"
+ "v.io/x/ref/services/role"
_ "v.io/x/ref/profiles"
)
var (
durationFlag time.Duration
- name string
- role string
+ nameFlag string
+ roleFlag string
)
var cmdVrun = &cmdline.Command{
@@ -44,8 +43,8 @@
syscall.CloseOnExec(4)
cmdVrun.Flags.DurationVar(&durationFlag, "duration", 1*time.Hour, "Duration for the blessing.")
- cmdVrun.Flags.StringVar(&name, "name", "", "Name to use for the blessing. Uses the command name if unset.")
- cmdVrun.Flags.StringVar(&role, "role", "", "Role object from which to request the blessing. If set, the blessings from this role server are used and --name is ignored. If not set, the default blessings of the calling principal are extended with --name.")
+ cmdVrun.Flags.StringVar(&nameFlag, "name", "", "Name to use for the blessing. Uses the command name if unset.")
+ cmdVrun.Flags.StringVar(&roleFlag, "role", "", "Role object from which to request the blessing. If set, the blessings from this role server are used and --name is ignored. If not set, the default blessings of the calling principal are extended with --name.")
os.Exit(cmdVrun.Main())
}
@@ -61,11 +60,11 @@
if err != nil {
return err
}
- if len(role) == 0 {
- if len(name) == 0 {
- name = filepath.Base(args[0])
+ if len(roleFlag) == 0 {
+ if len(nameFlag) == 0 {
+ nameFlag = filepath.Base(args[0])
}
- if err := bless(ctx, principal, name); err != nil {
+ if err := bless(ctx, principal, nameFlag); err != nil {
return err
}
} else {
@@ -73,14 +72,14 @@
// with RoleSuffix. This is to avoid accidentally granting role
// access to anything else that might have been blessed by the
// same principal.
- if err := bless(ctx, principal, isecurity.RoleSuffix); err != nil {
+ if err := bless(ctx, principal, role.RoleSuffix); err != nil {
return err
}
rCtx, err := v23.SetPrincipal(ctx, principal)
if err != nil {
return err
}
- if err := setupRoleBlessings(rCtx, role); err != nil {
+ if err := setupRoleBlessings(rCtx, roleFlag); err != nil {
return err
}
}
@@ -165,8 +164,8 @@
return principal, conn, nil
}
-func setupRoleBlessings(ctx *context.T, role string) error {
- b, err := isecurity.RoleClient(role).SeekBlessings(ctx)
+func setupRoleBlessings(ctx *context.T, roleStr string) error {
+ b, err := role.RoleClient(roleStr).SeekBlessings(ctx)
if err != nil {
return err
}
diff --git a/cmd/vrun/vrun_v23_test.go b/cmd/vrun/vrun_v23_test.go
index 0af9b25..b064186 100644
--- a/cmd/vrun/vrun_v23_test.go
+++ b/cmd/vrun/vrun_v23_test.go
@@ -11,9 +11,8 @@
"os"
"v.io/v23/security"
-
"v.io/x/ref/envvar"
- vsecurity "v.io/x/ref/security"
+ vsecurity "v.io/x/ref/lib/security"
"v.io/x/ref/test/v23tests"
)
@@ -22,7 +21,7 @@
clientAgent, serverAgent = createClientAndServerAgents(t)
tmpdir = t.NewTempDir()
vrun = t.BuildGoPkg("v.io/x/ref/cmd/vrun").Path()
- pingpong = t.BuildGoPkg("v.io/x/ref/security/agent/pingpong").Path()
+ pingpong = t.BuildGoPkg("v.io/x/ref/services/agent/internal/pingpong").Path()
serverName = serverAgent.Start(pingpong).ExpectVar("NAME")
tests = []struct {
@@ -62,7 +61,7 @@
// The client will have a single blessing "pingpongd/client", blessed by the server.
func createClientAndServerAgents(i *v23tests.T) (client, server *v23tests.Binary) {
var (
- agentd = i.BuildGoPkg("v.io/x/ref/security/agent/agentd")
+ agentd = i.BuildGoPkg("v.io/x/ref/services/agent/agentd")
clientDir = i.NewTempDir()
serverDir = i.NewTempDir()
)
diff --git a/envvar/envvar.go b/envvar/envvar.go
index e53c3ba..6a755a7 100644
--- a/envvar/envvar.go
+++ b/envvar/envvar.go
@@ -18,7 +18,7 @@
// Typically only one of Credentials or AgentEndpoint will be set
// in a process. If both are set, then Credentials takes preference.
//
- // See v.io/x/ref/security.CreatePersistentPrincipal.
+ // See v.io/x/ref/lib/security.CreatePersistentPrincipal.
Credentials = "V23_CREDENTIALS"
// NamespacePrefix is the prefix of all environment variables that define
@@ -62,10 +62,7 @@
func ClearCredentials() error {
for _, v := range []string{
Credentials,
- // Old environment variables, remove when
- // https://github.com/veyron/release-issues/issues/1367
- // is closed.
- "VEYRON_CREDENTIALS",
+ // Remove when https://github.com/veyron/release-issues/issues/1597 is closed.
"VEYRON_AGENT_FD",
} {
if err := os.Unsetenv(v); err != nil {
@@ -74,33 +71,3 @@
}
return nil
}
-
-// Helper function to ease the transition from VEYRON_CREDENTIALS to
-// V23_CREDENTIALS. Remove before release (and after updating all binaries so
-// that they respect V23_CREDENTIALS).
-func DoNotUse_GetCredentials() string {
- if dir := os.Getenv(Credentials); len(dir) > 0 {
- return dir
- }
- return os.Getenv("VEYRON_CREDENTIALS")
-}
-
-// Helper function to ease the transition from NAMESPACE_ROOT to V23_NAMESPACE.
-// Once all binaries have been updated to respect V23_NAMESPACE, this function
-// can be removed and calls replaced with:
-// othervars = append(othervars, NamespacePrefix+"="+root)
-func DoNotUse_AppendNamespaceRoot(root string, othervars []string) []string {
- return append(othervars,
- NamespacePrefix+"="+root,
- "NAMESPACE_ROOT="+root)
-}
-
-// Helper function to ease the transition from VEYRON_CREDENTIALS to
-// V23_CREDENTIALS. Once all binaries have been updated to respect
-// V23_CREDENTIALS, this function can be removed and calls replaced with:
-// othervars = append(othervars, Credentials + "="+value
-func DoNotUse_AppendCredentials(value string, othervars []string) []string {
- return append(othervars,
- Credentials+"="+value,
- "VEYRON_CREDENTIALS="+value)
-}
diff --git a/examples/rps/common/common.go b/examples/rps/internal/common.go
similarity index 95%
rename from examples/rps/common/common.go
rename to examples/rps/internal/common.go
index f71a277..d6a875c 100644
--- a/examples/rps/common/common.go
+++ b/examples/rps/internal/common.go
@@ -2,9 +2,9 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package common factors out common utility functions that both the
-// rock paper scissors clients and servers invoke.
-package common
+// Package internal defines common functions used by both rock paper scissors
+// clients and servers.
+package internal
import (
"bytes"
@@ -14,12 +14,11 @@
"os"
"time"
- "v.io/x/ref/examples/rps"
-
"v.io/v23"
"v.io/v23/context"
"v.io/v23/naming"
"v.io/x/lib/vlog"
+ "v.io/x/ref/examples/rps"
)
// CreateName creates a name using the username and hostname.
diff --git a/examples/rps/rpsbot/impl_test.go b/examples/rps/rpsbot/impl_test.go
index 420e0f2..d321a31 100644
--- a/examples/rps/rpsbot/impl_test.go
+++ b/examples/rps/rpsbot/impl_test.go
@@ -22,7 +22,7 @@
"v.io/v23/options"
"v.io/v23/rpc"
"v.io/x/ref/examples/rps"
- mounttable "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test"
"v.io/x/ref/test/modules"
)
@@ -38,9 +38,9 @@
if err != nil {
return fmt.Errorf("root failed: %v", err)
}
- mt, err := mounttable.NewMountTableDispatcher("")
+ mt, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
- return fmt.Errorf("mounttable.NewMountTableDispatcher failed: %s", err)
+ return fmt.Errorf("mounttablelib.NewMountTableDispatcher failed: %s", err)
}
eps, err := server.Listen(lspec)
if err != nil {
diff --git a/examples/rps/rpsbot/judge.go b/examples/rps/rpsbot/judge.go
index af54726..aa68af5 100644
--- a/examples/rps/rpsbot/judge.go
+++ b/examples/rps/rpsbot/judge.go
@@ -14,7 +14,7 @@
"v.io/v23/context"
"v.io/x/lib/vlog"
"v.io/x/ref/examples/rps"
- "v.io/x/ref/examples/rps/common"
+ "v.io/x/ref/examples/rps/internal"
"v.io/x/ref/lib/stats"
"v.io/x/ref/lib/stats/counter"
)
@@ -229,7 +229,7 @@
// Send the score card to the score keepers.
scoreCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
defer cancel()
- keepers, err := common.FindScoreKeepers(scoreCtx)
+ keepers, err := internal.FindScoreKeepers(scoreCtx)
if err != nil || len(keepers) == 0 {
vlog.Infof("No score keepers: %v", err)
return
diff --git a/examples/rps/rpsbot/main.go b/examples/rps/rpsbot/main.go
index 764eaf6..8a0fa15 100644
--- a/examples/rps/rpsbot/main.go
+++ b/examples/rps/rpsbot/main.go
@@ -19,13 +19,12 @@
"v.io/v23"
"v.io/v23/context"
"v.io/x/lib/vlog"
-
- "v.io/x/ref/lib/signals"
- _ "v.io/x/ref/profiles/roaming"
- sflag "v.io/x/ref/security/flag"
-
"v.io/x/ref/examples/rps"
- "v.io/x/ref/examples/rps/common"
+ "v.io/x/ref/examples/rps/internal"
+ "v.io/x/ref/lib/security/securityflag"
+ "v.io/x/ref/lib/signals"
+
+ _ "v.io/x/ref/profiles/roaming"
)
var (
@@ -37,7 +36,7 @@
ctx, shutdown := v23.Init()
defer shutdown()
- auth := sflag.NewAuthorizerOrDie()
+ auth := securityflag.NewAuthorizerOrDie()
server, err := v23.NewServer(ctx)
if err != nil {
vlog.Fatalf("NewServer failed: %v", err)
@@ -52,7 +51,7 @@
vlog.Fatalf("Listen(%v) failed: %v", listenSpec, err)
}
if *name == "" {
- *name = common.CreateName()
+ *name = internal.CreateName()
}
names := []string{
fmt.Sprintf("rps/judge/%s", *name),
diff --git a/examples/rps/rpsbot/player.go b/examples/rps/rpsbot/player.go
index 8d08e10..40a7720 100644
--- a/examples/rps/rpsbot/player.go
+++ b/examples/rps/rpsbot/player.go
@@ -11,7 +11,7 @@
"v.io/v23/context"
"v.io/x/lib/vlog"
"v.io/x/ref/examples/rps"
- "v.io/x/ref/examples/rps/common"
+ "v.io/x/ref/examples/rps/internal"
"v.io/x/ref/lib/stats"
"v.io/x/ref/lib/stats/counter"
)
@@ -44,7 +44,7 @@
}
func (p *Player) InitiateGame(ctx *context.T) error {
- judge, err := common.FindJudge(ctx)
+ judge, err := internal.FindJudge(ctx)
if err != nil {
vlog.Infof("FindJudge: %v", err)
return err
@@ -57,7 +57,7 @@
vlog.VI(1).Infof("Created gameID %q on %q", gameID, judge)
for {
- opponent, err := common.FindPlayer(ctx)
+ opponent, err := internal.FindPlayer(ctx)
if err != nil {
vlog.Infof("FindPlayer: %v", err)
return err
@@ -139,7 +139,7 @@
vlog.VI(1).Infof("Player 1 played %q. Player 2 played %q. Winner: %v %s",
rr.Moves[0], rr.Moves[1], rr.Winner, rr.Comment)
case rps.JudgeActionScore:
- vlog.VI(1).Infof("Score card: %s", common.FormatScoreCard(v.Value))
+ vlog.VI(1).Infof("Score card: %s", internal.FormatScoreCard(v.Value))
default:
vlog.Infof("unexpected message type: %T", in)
}
diff --git a/examples/rps/rpsbot/scorekeeper.go b/examples/rps/rpsbot/scorekeeper.go
index fe67bce..197ebd7 100644
--- a/examples/rps/rpsbot/scorekeeper.go
+++ b/examples/rps/rpsbot/scorekeeper.go
@@ -9,7 +9,7 @@
"v.io/v23/security"
"v.io/x/lib/vlog"
"v.io/x/ref/examples/rps"
- "v.io/x/ref/examples/rps/common"
+ "v.io/x/ref/examples/rps/internal"
"v.io/x/ref/lib/stats"
"v.io/x/ref/lib/stats/counter"
)
@@ -31,7 +31,7 @@
func (k *ScoreKeeper) Record(call rpc.ServerCall, score rps.ScoreCard) error {
b, _ := security.RemoteBlessingNames(call.Context())
vlog.VI(1).Infof("Received ScoreCard from %v:", b)
- vlog.VI(1).Info(common.FormatScoreCard(score))
+ vlog.VI(1).Info(internal.FormatScoreCard(score))
k.numRecords.Incr(1)
return nil
}
diff --git a/examples/rps/rpsplayer/main.go b/examples/rps/rpsplayer/main.go
index 3adea96..56122fb 100644
--- a/examples/rps/rpsplayer/main.go
+++ b/examples/rps/rpsplayer/main.go
@@ -22,12 +22,11 @@
"v.io/v23/security"
"v.io/v23/vtrace"
"v.io/x/lib/vlog"
+ "v.io/x/ref/examples/rps"
+ "v.io/x/ref/examples/rps/internal"
+ "v.io/x/ref/lib/security/securityflag"
_ "v.io/x/ref/profiles/roaming"
- sflag "v.io/x/ref/security/flag"
-
- "v.io/x/ref/examples/rps"
- "v.io/x/ref/examples/rps/common"
)
var (
@@ -121,9 +120,9 @@
vlog.Fatalf("Listen(%v) failed: %v", listenSpec, err)
}
if *name == "" {
- *name = common.CreateName()
+ *name = internal.CreateName()
}
- if err := server.Serve(fmt.Sprintf("rps/player/%s", *name), rps.PlayerServer(&impl{ch: ch}), sflag.NewAuthorizerOrDie()); err != nil {
+ if err := server.Serve(fmt.Sprintf("rps/player/%s", *name), rps.PlayerServer(&impl{ch: ch}), securityflag.NewAuthorizerOrDie()); err != nil {
vlog.Fatalf("Serve failed: %v", err)
}
vlog.Infof("Listening on endpoint /%s", ep)
@@ -240,7 +239,7 @@
score := v.Value
fmt.Println()
fmt.Println("==== GAME SUMMARY ====")
- fmt.Print(common.FormatScoreCard(score))
+ fmt.Print(internal.FormatScoreCard(score))
fmt.Println("======================")
if rps.WinnerTag(playerNum) == score.Winner {
fmt.Println("You won! :)")
diff --git a/examples/rps/rpsscorekeeper/main.go b/examples/rps/rpsscorekeeper/main.go
index 14d8a67..329782d 100644
--- a/examples/rps/rpsscorekeeper/main.go
+++ b/examples/rps/rpsscorekeeper/main.go
@@ -16,12 +16,11 @@
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/x/lib/vlog"
+ "v.io/x/ref/examples/rps"
+ "v.io/x/ref/examples/rps/internal"
+ "v.io/x/ref/lib/security/securityflag"
_ "v.io/x/ref/profiles/roaming"
- sflag "v.io/x/ref/security/flag"
-
- "v.io/x/ref/examples/rps"
- "v.io/x/ref/examples/rps/common"
)
type impl struct {
@@ -57,12 +56,12 @@
if err != nil {
vlog.Fatalf("os.Hostname failed: %v", err)
}
- if err := server.Serve(fmt.Sprintf("rps/scorekeeper/%s", hostname), rps.ScoreKeeperServer(rpsService), sflag.NewAuthorizerOrDie()); err != nil {
+ if err := server.Serve(fmt.Sprintf("rps/scorekeeper/%s", hostname), rps.ScoreKeeperServer(rpsService), securityflag.NewAuthorizerOrDie()); err != nil {
vlog.Fatalf("Serve failed: %v", err)
}
vlog.Infof("Listening on endpoint /%s", ep)
for score := range ch {
- fmt.Print("======================\n", common.FormatScoreCard(score))
+ fmt.Print("======================\n", internal.FormatScoreCard(score))
}
}
diff --git a/examples/tunnel/tunnelutil/forward.go b/examples/tunnel/internal/forward.go
similarity index 98%
rename from examples/tunnel/tunnelutil/forward.go
rename to examples/tunnel/internal/forward.go
index 6d98883..d87886a 100644
--- a/examples/tunnel/tunnelutil/forward.go
+++ b/examples/tunnel/internal/forward.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package tunnelutil
+package internal
import (
"fmt"
diff --git a/examples/tunnel/tunnelutil/terminal.go b/examples/tunnel/internal/terminal.go
similarity index 78%
rename from examples/tunnel/tunnelutil/terminal.go
rename to examples/tunnel/internal/terminal.go
index de51af0..db08dba 100644
--- a/examples/tunnel/tunnelutil/terminal.go
+++ b/examples/tunnel/internal/terminal.go
@@ -2,9 +2,9 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package tunnelutil contains a set of common types and functions
-// used by both tunnel service clients and servers.
-package tunnelutil
+// Package internal defines common types and functions used by both tunnel
+// clients and servers.
+package internal
import (
"errors"
@@ -16,7 +16,7 @@
"v.io/x/lib/vlog"
)
-// Used with ioctl TIOCGWINSZ and TIOCSWINSZ.
+// Winsize defines the window size used by ioctl TIOCGWINSZ and TIOCSWINSZ.
type Winsize struct {
Row uint16
Col uint16
@@ -52,6 +52,10 @@
return ws, nil
}
+// EnterRawTerminalMode uses stty to enter the terminal into raw mode; stdin is
+// unbuffered, local echo of input characters is disabled, and special signal
+// characters are disabled. Returns a string which may be passed to
+// RestoreTerminalSettings to restore to the original terminal settings.
func EnterRawTerminalMode() string {
var savedBytes []byte
var err error
@@ -88,6 +92,8 @@
return string(saved)
}
+// RestoreTerminalSettings uses stty to restore the terminal to the original
+// settings, taking the saved settings returned by EnterRawTerminalMode.
func RestoreTerminalSettings(saved string) {
args := []string{
"-F", "/dev/tty",
diff --git a/examples/tunnel/tunneld/impl.go b/examples/tunnel/tunneld/impl.go
index 32f7627..08442c3 100644
--- a/examples/tunnel/tunneld/impl.go
+++ b/examples/tunnel/tunneld/impl.go
@@ -19,7 +19,7 @@
"v.io/v23/security"
"v.io/x/lib/vlog"
"v.io/x/ref/examples/tunnel"
- "v.io/x/ref/examples/tunnel/tunnelutil"
+ "v.io/x/ref/examples/tunnel/internal"
)
// T implements tunnel.TunnelServerMethods
@@ -36,7 +36,7 @@
b, _ := security.RemoteBlessingNames(call.Context())
name := fmt.Sprintf("RemoteBlessings:%v LocalAddr:%v RemoteAddr:%v", b, conn.LocalAddr(), conn.RemoteAddr())
vlog.Infof("TUNNEL START: %v", name)
- err = tunnelutil.Forward(conn, call.SendStream(), call.RecvStream())
+ err = internal.Forward(conn, call.SendStream(), call.RecvStream())
vlog.Infof("TUNNEL END : %v (%v)", name, err)
return err
}
@@ -167,8 +167,8 @@
}
func setWindowSize(fd uintptr, row, col uint16) {
- ws := tunnelutil.Winsize{Row: row, Col: col}
- if err := tunnelutil.SetWindowSize(fd, ws); err != nil {
+ ws := internal.Winsize{Row: row, Col: col}
+ if err := internal.SetWindowSize(fd, ws); err != nil {
vlog.Infof("Failed to set window size: %v", err)
}
}
diff --git a/examples/tunnel/tunneld/main.go b/examples/tunnel/tunneld/main.go
index fb20a8b..55edc16 100644
--- a/examples/tunnel/tunneld/main.go
+++ b/examples/tunnel/tunneld/main.go
@@ -6,47 +6,27 @@
package main
import (
- "errors"
+ "flag"
"fmt"
- "net"
- "os"
- "strings"
"v.io/v23"
"v.io/x/lib/vlog"
-
- "v.io/x/ref/lib/signals"
- _ "v.io/x/ref/profiles/roaming"
- sflag "v.io/x/ref/security/flag"
-
"v.io/x/ref/examples/tunnel"
+ "v.io/x/ref/lib/security/securityflag"
+ "v.io/x/ref/lib/signals"
+
+ _ "v.io/x/ref/profiles/roaming"
)
-// firstHardwareAddrInUse returns the hwaddr of the first network interface
-// that is up, excluding loopback.
-func firstHardwareAddrInUse() (string, error) {
- interfaces, err := net.Interfaces()
- if err != nil {
- return "", err
- }
- for _, i := range interfaces {
- if !strings.HasPrefix(i.Name, "lo") && i.Flags&net.FlagUp != 0 {
- name := i.HardwareAddr.String()
- if len(name) == 0 {
- continue
- }
- vlog.Infof("Using %q (from %v)", name, i.Name)
- return name, nil
- }
- }
- return "", errors.New("No usable network interfaces")
-}
+var (
+ name = flag.String("name", "", "name at which to publish the server")
+)
func main() {
ctx, shutdown := v23.Init()
defer shutdown()
- auth := sflag.NewAuthorizerOrDie()
+ auth := securityflag.NewAuthorizerOrDie()
server, err := v23.NewServer(ctx)
if err != nil {
vlog.Fatalf("NewServer failed: %v", err)
@@ -57,35 +37,15 @@
if _, err := server.Listen(listenSpec); err != nil {
vlog.Fatalf("Listen(%v) failed: %v", listenSpec, err)
}
- hwaddr, err := firstHardwareAddrInUse()
- if err != nil {
- vlog.Fatalf("Couldn't find a good hw address: %v", err)
- }
- hostname, err := os.Hostname()
- if err != nil {
- vlog.Fatalf("os.Hostname failed: %v", err)
- }
- names := []string{
- fmt.Sprintf("tunnel/hostname/%s", hostname),
- fmt.Sprintf("tunnel/hwaddr/%s", hwaddr),
- }
- published := false
- if err := server.Serve(names[0], tunnel.TunnelServer(&T{}), auth); err != nil {
- vlog.Infof("Serve(%v) failed: %v", names[0], err)
- }
- published = true
- for _, n := range names[1:] {
- server.AddName(n)
- }
- if !published {
- vlog.Fatalf("Failed to publish with any of %v", names)
+ if err := server.Serve(*name, tunnel.TunnelServer(&T{}), auth); err != nil {
+ vlog.Fatalf("Serve(%v) failed: %v", *name, err)
}
status := server.Status()
vlog.Infof("Listening on: %v", status.Endpoints)
if len(status.Endpoints) > 0 {
fmt.Printf("NAME=%s\n", status.Endpoints[0].Name())
}
- vlog.Infof("Published as %v", names)
+ vlog.Infof("Published as %q", *name)
<-signals.ShutdownOnSignals(ctx)
}
diff --git a/examples/tunnel/tunneld/tunneld_v23_test.go b/examples/tunnel/tunneld/tunneld_v23_test.go
index 62ee886..e153e8a 100644
--- a/examples/tunnel/tunneld/tunneld_v23_test.go
+++ b/examples/tunnel/tunneld/tunneld_v23_test.go
@@ -9,9 +9,7 @@
import (
"bytes"
"io/ioutil"
- "os"
"path/filepath"
- "regexp"
"v.io/x/ref/envvar"
"v.io/x/ref/test/v23tests"
@@ -25,20 +23,14 @@
mounttableBin := t.BuildV23Pkg("v.io/x/ref/cmd/mounttable")
// Start tunneld with a known endpoint.
- tunnelEndpoint := tunneldBin.Start("--v23.tcp.address=127.0.0.1:0").ExpectVar("NAME")
+ tunnelEndpoint := tunneldBin.Start("--v23.tcp.address=127.0.0.1:0", "--name=tunnel/test").ExpectVar("NAME")
// Run remote command with the endpoint.
if want, got := "HELLO ENDPOINT\n", vsh.Start(tunnelEndpoint, "echo", "HELLO", "ENDPOINT").Output(); want != got {
t.Fatalf("unexpected output, got %s, want %s", got, want)
}
- // Run remote command with the object name.
- hostname, err := os.Hostname()
- if err != nil {
- t.Fatalf("Hostname() failed: %v", err)
- }
-
- if want, got := "HELLO NAME\n", vsh.Start("tunnel/hostname/"+hostname, "echo", "HELLO", "NAME").Output(); want != got {
+ if want, got := "HELLO NAME\n", vsh.Start("tunnel/test", "echo", "HELLO", "NAME").Output(); want != got {
t.Fatalf("unexpected output, got %s, want %s", got, want)
}
@@ -66,20 +58,13 @@
// Verify that all published names are there.
root, _ := t.GetVar(envvar.NamespacePrefix)
- inv := mounttableBin.Start("glob", root, "tunnel/*/*")
+ inv := mounttableBin.Start("glob", root, "tunnel/test")
- // Expect two entries: one for the tunnel hostname and one for its hwaddr.
- matches := inv.ExpectSetEventuallyRE(
- "tunnel/hostname/"+regexp.QuoteMeta(hostname)+" (.*) \\(Deadline .*\\)",
- "tunnel/hwaddr/.* (.*) \\(Deadline .*\\)")
+ // Expect one entry: the tunnel name.
+ matches := inv.ExpectSetEventuallyRE("tunnel/test" + " (.*) \\(Deadline .*\\)")
// The full endpoint should be the one we saw originally.
if got, want := matches[0][1], tunnelEndpoint; "/"+got != want {
t.Fatalf("expected tunnel endpoint %s to be %s, but it was not", got, want)
}
-
- // The hwaddr endpoint should be the same as the hostname endpoint.
- if matches[0][1] != matches[1][1] {
- t.Fatalf("expected hwaddr and hostname tunnel endpoints to match, but they did not (%s != %s)", matches[0][1], matches[1][1])
- }
}
diff --git a/examples/tunnel/vsh/iomanager.go b/examples/tunnel/vsh/iomanager.go
index 47b7501..de41910 100644
--- a/examples/tunnel/vsh/iomanager.go
+++ b/examples/tunnel/vsh/iomanager.go
@@ -14,7 +14,7 @@
"v.io/x/lib/vlog"
"v.io/x/ref/examples/tunnel"
- "v.io/x/ref/examples/tunnel/tunnelutil"
+ "v.io/x/ref/examples/tunnel/internal"
)
func runIOManager(stdin io.Reader, stdout, stderr io.Writer, stream tunnel.TunnelShellClientCall) error {
@@ -125,7 +125,7 @@
func (m *ioManager) handleWindowResize(winch <-chan os.Signal, outchan chan<- tunnel.ClientShellPacket, wg *sync.WaitGroup) {
defer wg.Done()
for _ = range winch {
- ws, err := tunnelutil.GetWindowSize()
+ ws, err := internal.GetWindowSize()
if err != nil {
vlog.Infof("GetWindowSize failed: %v", err)
continue
diff --git a/examples/tunnel/vsh/main.go b/examples/tunnel/vsh/main.go
index 64fdef4..a08c0c3 100644
--- a/examples/tunnel/vsh/main.go
+++ b/examples/tunnel/vsh/main.go
@@ -18,12 +18,11 @@
"v.io/v23"
"v.io/v23/context"
"v.io/x/lib/vlog"
+ "v.io/x/ref/examples/tunnel"
+ "v.io/x/ref/examples/tunnel/internal"
+ "v.io/x/ref/lib/signals"
_ "v.io/x/ref/profiles"
-
- "v.io/x/ref/examples/tunnel"
- "v.io/x/ref/examples/tunnel/tunnelutil"
- "v.io/x/ref/lib/signals"
)
var (
@@ -106,8 +105,8 @@
return 1
}
if opts.UsePty {
- saved := tunnelutil.EnterRawTerminalMode()
- defer tunnelutil.RestoreTerminalSettings(saved)
+ saved := internal.EnterRawTerminalMode()
+ defer internal.RestoreTerminalSettings(saved)
}
runIOManager(os.Stdin, os.Stdout, os.Stderr, stream)
@@ -131,7 +130,7 @@
func shellOptions(cmd string) (opts tunnel.ShellOpts) {
opts.UsePty = (len(cmd) == 0 || *forcePty) && !*disablePty
opts.Environment = environment()
- ws, err := tunnelutil.GetWindowSize()
+ ws, err := internal.GetWindowSize()
if err != nil {
vlog.VI(1).Infof("GetWindowSize failed: %v", err)
} else {
@@ -206,7 +205,7 @@
name := fmt.Sprintf("%v-->%v-->(%v)-->%v", conn.RemoteAddr(), conn.LocalAddr(), oname, raddr)
go func() {
vlog.VI(1).Infof("TUNNEL START: %v", name)
- errf := tunnelutil.Forward(conn, stream.SendStream(), stream.RecvStream())
+ errf := internal.Forward(conn, stream.SendStream(), stream.RecvStream())
err := stream.Finish()
vlog.VI(1).Infof("TUNNEL END : %v (%v, %v)", name, errf, err)
}()
diff --git a/lib/exec/child.go b/lib/exec/child.go
index b80033c..4cb59a0 100644
--- a/lib/exec/child.go
+++ b/lib/exec/child.go
@@ -13,12 +13,11 @@
"unicode/utf8"
"v.io/v23/verror"
- "v.io/x/ref/lib/exec/consts"
)
var (
- ErrNoVersion = verror.Register(pkgPath+".ErrNoVersion", verror.NoRetry, "{1:}{2:} "+consts.ExecVersionVariable+" environment variable missing{:_}")
- ErrUnsupportedVersion = verror.Register(pkgPath+".ErrUnsupportedVersion", verror.NoRetry, "{1:}{2:} Unsupported version of v.io/x/ref/lib/exec request by "+consts.ExecVersionVariable+" environment variable{:_}")
+ ErrNoVersion = verror.Register(pkgPath+".ErrNoVersion", verror.NoRetry, "{1:}{2:} "+ExecVersionVariable+" environment variable missing{:_}")
+ ErrUnsupportedVersion = verror.Register(pkgPath+".ErrUnsupportedVersion", verror.NoRetry, "{1:}{2:} Unsupported version of v.io/x/ref/lib/exec request by "+ExecVersionVariable+" environment variable{:_}")
errDifferentStatusSent = verror.Register(pkgPath+".errDifferentStatusSent", verror.NoRetry, "{1:}{2:} A different status: {3} has already been sent{:_}")
errPartialRead = verror.Register(pkgPath+".PartialRead", verror.NoRetry, "{1:}{2:} partial read{:_}")
@@ -124,11 +123,11 @@
func createChildHandle() (*ChildHandle, error) {
// TODO(cnicolaou): need to use major.minor.build format for
// version #s.
- switch os.Getenv(consts.ExecVersionVariable) {
+ switch os.Getenv(ExecVersionVariable) {
case "":
return nil, verror.New(ErrNoVersion, nil)
case version1:
- os.Setenv(consts.ExecVersionVariable, "")
+ os.Setenv(ExecVersionVariable, "")
default:
return nil, verror.New(ErrUnsupportedVersion, nil)
}
diff --git a/lib/exec/consts.go b/lib/exec/consts.go
new file mode 100644
index 0000000..f275d78
--- /dev/null
+++ b/lib/exec/consts.go
@@ -0,0 +1,14 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package exec
+
+// ExecVersionVariable is the name of the environment variable used by the exec
+// package to communicate the protocol version between the parent and child. It
+// takes care to clear this variable from the child process' environment as soon
+// as it can, however, there may still be some situations where an application
+// may need to test for its presence or ensure that it doesn't appear in a set
+// of environment variables; exposing the name of this variable is intended to
+// support such situations.
+const ExecVersionVariable = "V23_EXEC_VERSION"
diff --git a/lib/exec/consts/consts.go b/lib/exec/consts/consts.go
deleted file mode 100644
index d6a1f1d..0000000
--- a/lib/exec/consts/consts.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package consts defines constants used by the exec library.
-package consts
-
-// The exec package uses this environment variable to communicate
-// the version of the protocol being used between the parent and child.
-// It takes care to clear this variable from the child process'
-// environment as soon as it can, however, there may still be some
-// situations where an application may need to test for its presence
-// or ensure that it doesn't appear in a set of environment variables;
-// exposing the name of this variable is intended to support such
-// situations.
-const ExecVersionVariable = "V23_EXEC_VERSION"
diff --git a/lib/exec/exec_test.go b/lib/exec/exec_test.go
index 0eaf7af..10cdb50 100644
--- a/lib/exec/exec_test.go
+++ b/lib/exec/exec_test.go
@@ -19,7 +19,6 @@
"v.io/v23/verror"
vexec "v.io/x/ref/lib/exec"
- "v.io/x/ref/lib/exec/consts"
// Use mock timekeeper to avoid actually sleeping during the test.
"v.io/x/ref/test/timekeeper"
)
@@ -459,9 +458,9 @@
}
func verifyNoExecVariable() {
- version := os.Getenv(consts.ExecVersionVariable)
+ version := os.Getenv(vexec.ExecVersionVariable)
if len(version) != 0 {
- log.Fatalf("Version variable %q has a value: %s", consts.ExecVersionVariable, version)
+ log.Fatalf("Version variable %q has a value: %s", vexec.ExecVersionVariable, version)
}
}
@@ -475,9 +474,9 @@
}
defer os.Exit(0)
- version := os.Getenv(consts.ExecVersionVariable)
+ version := os.Getenv(vexec.ExecVersionVariable)
if len(version) == 0 {
- log.Fatalf("Version variable %q has no value", consts.ExecVersionVariable)
+ log.Fatalf("Version variable %q has no value", vexec.ExecVersionVariable)
}
// Write errors to stderr or using log. since the parent
diff --git a/lib/exec/noprotocol_test.go b/lib/exec/noprotocol_test.go
index 78564c9..ba0444b 100644
--- a/lib/exec/noprotocol_test.go
+++ b/lib/exec/noprotocol_test.go
@@ -14,7 +14,6 @@
"v.io/v23/verror"
vexec "v.io/x/ref/lib/exec"
- "v.io/x/ref/lib/exec/consts"
)
func TestNoExecProtocol(t *testing.T) {
@@ -27,11 +26,11 @@
if got, want := ph.WaitForReady(time.Minute), vexec.ErrNotUsingProtocol.ID; verror.ErrorID(got) != want {
t.Fatalf("got %v, want %v", got, want)
}
- re := regexp.MustCompile(fmt.Sprintf(".*%s=.*", consts.ExecVersionVariable))
+ re := regexp.MustCompile(fmt.Sprintf(".*%s=.*", vexec.ExecVersionVariable))
scanner := bufio.NewScanner(stdout)
for scanner.Scan() {
if re.MatchString(scanner.Text()) {
- t.Fatalf("%s passed to child", consts.ExecVersionVariable)
+ t.Fatalf("%s passed to child", vexec.ExecVersionVariable)
}
}
}
diff --git a/lib/exec/parent.go b/lib/exec/parent.go
index d011cfb..8431820 100644
--- a/lib/exec/parent.go
+++ b/lib/exec/parent.go
@@ -21,7 +21,6 @@
"v.io/x/lib/vlog"
- "v.io/x/ref/lib/exec/consts"
"v.io/x/ref/lib/timekeeper"
)
@@ -127,12 +126,12 @@
// Start starts the child process, sharing a secret with it and
// setting up a communication channel over which to read its status.
func (p *ParentHandle) Start() error {
- // Make sure that there are no instances of the consts.ExecVersionVariable
+ // Make sure that there are no instances of the ExecVersionVariable
// already in the environment (which can happen when a subprocess
// creates a subprocess etc)
nenv := make([]string, 0, len(p.c.Env)+1)
for _, e := range p.c.Env {
- if strings.HasPrefix(e, consts.ExecVersionVariable+"=") {
+ if strings.HasPrefix(e, ExecVersionVariable+"=") {
continue
}
nenv = append(nenv, e)
@@ -142,7 +141,7 @@
return p.c.Start()
}
- p.c.Env = append(nenv, consts.ExecVersionVariable+"="+version1)
+ p.c.Env = append(nenv, ExecVersionVariable+"="+version1)
// Create anonymous pipe for communicating data between the child
// and the parent.
diff --git a/lib/flags/buildinfo/buildinfo.go b/lib/flags/buildinfo/buildinfo.go
deleted file mode 100644
index 133ba1a..0000000
--- a/lib/flags/buildinfo/buildinfo.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package buildinfo
-
-import (
- "encoding/json"
- "runtime"
-)
-
-// These variables are filled in at link time, using:
-// -ldflags "-X v.io/x/ref/lib/flags/buildinfo.<varname> <value>"
-var timestamp, username, platform string
-
-// T describes binary metadata.
-type T struct {
- GoVersion, BuildTimestamp, BuildUser, BuildPlatform string
-}
-
-var info T
-
-func init() {
- info = T{
- GoVersion: runtime.Version(),
- BuildTimestamp: timestamp,
- BuildUser: username,
- BuildPlatform: platform,
- }
-}
-
-// Info returns metadata about the current binary.
-func Info() *T {
- return &info
-}
-
-// String returns the binary metadata as a JSON-encoded string, under the
-// expectation that clients may want to parse it for specific bits of metadata.
-func (t *T) String() string {
- jsonT, err := json.Marshal(t)
- if err != nil {
- return ""
- }
- return string(jsonT)
-}
diff --git a/lib/flags/buildinfo/doc.go b/lib/flags/buildinfo/doc.go
deleted file mode 100644
index 622215e..0000000
--- a/lib/flags/buildinfo/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package buildinfo provides build-time metadata about the binary.
-package buildinfo
diff --git a/lib/flags/flags.go b/lib/flags/flags.go
index f28d1dd..20b0b3b 100644
--- a/lib/flags/flags.go
+++ b/lib/flags/flags.go
@@ -12,8 +12,8 @@
"sync"
"v.io/v23/verror"
+ "v.io/x/lib/buildinfo"
"v.io/x/ref/envvar"
- "v.io/x/ref/lib/flags/buildinfo"
)
const pkgPath = "v.io/x/ref/lib/flags"
@@ -264,7 +264,7 @@
var (
f = &RuntimeFlags{}
_, roots = envvar.NamespaceRoots()
- creds = envvar.DoNotUse_GetCredentials()
+ creds = os.Getenv(envvar.Credentials)
i18nCatalogue = os.Getenv(envvar.I18nCatalogueFiles)
)
if len(roots) == 0 {
@@ -283,17 +283,6 @@
fs.IntVar(&f.Vtrace.CacheSize, "v23.vtrace.cache-size", 1024, "The number of vtrace traces to store in memory.")
fs.StringVar(&f.Vtrace.CollectRegexp, "v23.vtrace.collect-regexp", "", "Spans and annotations that match this regular expression will trigger trace collection.")
- // TODO(ashankar): Older names: To be removed:
- // See: https://github.com/veyron/release-issues/issues/1421
- fs.Var(&f.namespaceRootsFlag, "veyron.namespace.root", "local namespace root; can be repeated to provided multiple roots")
- fs.StringVar(&f.Credentials, "veyron.credentials", creds, "directory to use for storing security credentials")
- fs.StringVar(&f.I18nCatalogue, "vanadium.i18n_catalogue", i18nCatalogue, "18n catalogue files to load, comma separated")
-
- fs.Float64Var(&f.Vtrace.SampleRate, "veyron.vtrace.sample_rate", 0.0, "Rate (from 0.0 to 1.0) to sample vtrace traces.")
- fs.BoolVar(&f.Vtrace.DumpOnShutdown, "veyron.vtrace.dump_on_shutdown", true, "If true, dump all stored traces on runtime shutdown.")
- fs.IntVar(&f.Vtrace.CacheSize, "veyron.vtrace.cache_size", 1024, "The number of vtrace traces to store in memory.")
- fs.StringVar(&f.Vtrace.CollectRegexp, "veyron.vtrace.collect_regexp", "", "Spans and annotations that match this regular expression will trigger trace collection.")
-
return f
}
@@ -301,10 +290,6 @@
f := &AccessListFlags{}
fs.Var(&f.fileFlag, "v23.permissions.file", "specify an acl file as <name>:<aclfile>")
fs.StringVar(&f.literal, "v23.permissions.literal", "", "explicitly specify the runtime acl as a JSON-encoded access.Permissions. Overrides all --v23.permissions.file flags.")
- // TODO(ashankar): Older names: To be removed:
- // See: https://github.com/veyron/release-issues/issues/1421
- fs.Var(&f.fileFlag, "veyron.acl.file", "specify an acl file as <name>:<aclfile>")
- fs.StringVar(&f.literal, "veyron.acl.literal", "", "explicitly specify the runtime acl as a JSON-encoded access.Permissions. Overrides all --veyron.acl.file flags.")
return f
}
@@ -354,11 +339,6 @@
fs.Var(&f.addresses, "v23.tcp.address", "address to listen on")
fs.StringVar(&f.ListenProxy, "v23.proxy", "", "object name of proxy service to use to export services across network boundaries")
- // TODO(ashankar): Older names: To be removed:
- // See: https://github.com/veyron/release-issues/issues/1421
- fs.Var(&f.protocol, "veyron.tcp.protocol", "protocol to listen with")
- fs.Var(&f.addresses, "veyron.tcp.address", "address to listen on")
- fs.StringVar(&f.ListenProxy, "veyron.proxy", "", "object name of proxy service to use to export services across network boundaries")
return f
}
diff --git a/security/audit/auditor.go b/lib/security/audit/auditor.go
similarity index 100%
rename from security/audit/auditor.go
rename to lib/security/audit/auditor.go
diff --git a/security/audit/auditor_test.go b/lib/security/audit/auditor_test.go
similarity index 98%
rename from security/audit/auditor_test.go
rename to lib/security/audit/auditor_test.go
index 848e207..a6cdc35 100644
--- a/security/audit/auditor_test.go
+++ b/lib/security/audit/auditor_test.go
@@ -8,7 +8,7 @@
"testing"
"time"
- "v.io/x/ref/security/audit"
+ "v.io/x/ref/lib/security/audit"
)
func TestEntryString(t *testing.T) {
diff --git a/security/audit/principal.go b/lib/security/audit/principal.go
similarity index 98%
rename from security/audit/principal.go
rename to lib/security/audit/principal.go
index 2c502bb..3afb385 100644
--- a/security/audit/principal.go
+++ b/lib/security/audit/principal.go
@@ -11,7 +11,7 @@
"v.io/v23/verror"
)
-const pkgPath = "v.io/x/ref/security/audit"
+const pkgPath = "v.io/x/ref/lib/security/audit"
var (
errCantAuditCall = verror.Register(pkgPath+".errCantAuditCall", verror.NoRetry, "{1:}{2:} failed to audit call to {3}{:_}")
diff --git a/security/audit/principal_test.go b/lib/security/audit/principal_test.go
similarity index 99%
rename from security/audit/principal_test.go
rename to lib/security/audit/principal_test.go
index 87d6797..cc5a81b 100644
--- a/security/audit/principal_test.go
+++ b/lib/security/audit/principal_test.go
@@ -17,7 +17,7 @@
"v.io/v23/security"
"v.io/v23/verror"
- "v.io/x/ref/security/audit"
+ "v.io/x/ref/lib/security/audit"
)
func TestAuditingPrincipal(t *testing.T) {
diff --git a/security/blessingroots.go b/lib/security/blessingroots.go
similarity index 98%
rename from security/blessingroots.go
rename to lib/security/blessingroots.go
index d765905..009df29 100644
--- a/security/blessingroots.go
+++ b/lib/security/blessingroots.go
@@ -10,10 +10,9 @@
"sort"
"sync"
- "v.io/x/ref/security/serialization"
-
"v.io/v23/security"
"v.io/v23/verror"
+ "v.io/x/ref/lib/security/serialization"
)
// blessingRoots implements security.BlessingRoots.
diff --git a/security/blessingroots_test.go b/lib/security/blessingroots_test.go
similarity index 100%
rename from security/blessingroots_test.go
rename to lib/security/blessingroots_test.go
diff --git a/security/blessingstore.go b/lib/security/blessingstore.go
similarity index 99%
rename from security/blessingstore.go
rename to lib/security/blessingstore.go
index cba2d00..bebf3ef 100644
--- a/security/blessingstore.go
+++ b/lib/security/blessingstore.go
@@ -14,11 +14,10 @@
"sort"
"sync"
- "v.io/x/ref/security/serialization"
-
"v.io/v23/security"
"v.io/v23/verror"
"v.io/x/lib/vlog"
+ "v.io/x/ref/lib/security/serialization"
)
var (
diff --git a/security/blessingstore_test.go b/lib/security/blessingstore_test.go
similarity index 100%
rename from security/blessingstore_test.go
rename to lib/security/blessingstore_test.go
diff --git a/security/doc.go b/lib/security/doc.go
similarity index 100%
rename from security/doc.go
rename to lib/security/doc.go
diff --git a/security/principal.go b/lib/security/principal.go
similarity index 99%
rename from security/principal.go
rename to lib/security/principal.go
index 71bb6bc..003f23a 100644
--- a/security/principal.go
+++ b/lib/security/principal.go
@@ -13,7 +13,7 @@
"v.io/v23/verror"
)
-const pkgPath = "v.io/x/ref/security"
+const pkgPath = "v.io/x/ref/lib/security"
var (
errCantCreateSigner = verror.Register(pkgPath+".errCantCreateSigner", verror.NoRetry, "{1:}{2:} failed to create serialization.Signer{:_}")
diff --git a/security/principal_test.go b/lib/security/principal_test.go
similarity index 100%
rename from security/principal_test.go
rename to lib/security/principal_test.go
diff --git a/security/flag/flag.go b/lib/security/securityflag/flag.go
similarity index 91%
rename from security/flag/flag.go
rename to lib/security/securityflag/flag.go
index f8fbb97..48ee109 100644
--- a/security/flag/flag.go
+++ b/lib/security/securityflag/flag.go
@@ -2,9 +2,9 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package flag defines a method for parsing AccessList flags and constructing
-// a security.Authorizer based on them.
-package flag
+// Package securityflag defines a method for parsing AccessList flags and
+// constructing a security.Authorizer based on them.
+package securityflag
import (
"bytes"
@@ -14,11 +14,10 @@
"v.io/v23/security"
"v.io/v23/security/access"
"v.io/v23/verror"
-
"v.io/x/ref/lib/flags"
)
-const pkgPath = "v.io/x/ref/security/flag"
+const pkgPath = "v.io/x/ref/lib/security/securityflag"
var (
errCantOpenPermissionsFile = verror.Register(pkgPath+".errCantOpenPermissionsFile", verror.NoRetry, "{1:}{2:} cannot open argument to --v23.permissions.file {3}{:_}")
diff --git a/security/flag/flag_test.go b/lib/security/securityflag/flag_test.go
similarity index 98%
rename from security/flag/flag_test.go
rename to lib/security/securityflag/flag_test.go
index 97c13c3..29cff52 100644
--- a/security/flag/flag_test.go
+++ b/lib/security/securityflag/flag_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package flag
+package securityflag
import (
"bytes"
@@ -16,7 +16,6 @@
"v.io/v23/security"
"v.io/v23/security/access"
-
"v.io/x/ref/test/modules"
)
diff --git a/security/flag/v23_internal_test.go b/lib/security/securityflag/v23_internal_test.go
similarity index 96%
rename from security/flag/v23_internal_test.go
rename to lib/security/securityflag/v23_internal_test.go
index ee2061a..d4e2d18 100644
--- a/security/flag/v23_internal_test.go
+++ b/lib/security/securityflag/v23_internal_test.go
@@ -4,7 +4,7 @@
// This file was auto-generated via go generate.
// DO NOT UPDATE MANUALLY
-package flag
+package securityflag
import "fmt"
import "testing"
diff --git a/security/serialization/serialization.go b/lib/security/serialization/serialization.go
similarity index 100%
rename from security/serialization/serialization.go
rename to lib/security/serialization/serialization.go
diff --git a/security/serialization/serialization_test.go b/lib/security/serialization/serialization_test.go
similarity index 98%
rename from security/serialization/serialization_test.go
rename to lib/security/serialization/serialization_test.go
index d3d2a17..06f018f 100644
--- a/security/serialization/serialization_test.go
+++ b/lib/security/serialization/serialization_test.go
@@ -18,11 +18,10 @@
"strings"
"testing"
- "v.io/x/ref/security/serialization"
+ "v.io/v23/security"
+ "v.io/x/ref/lib/security/serialization"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
-
- "v.io/v23/security"
)
// We call our own TestMain here because v23 test generate causes an import cycle
diff --git a/security/serialization/signing_writer.go b/lib/security/serialization/signing_writer.go
similarity index 100%
rename from security/serialization/signing_writer.go
rename to lib/security/serialization/signing_writer.go
diff --git a/security/serialization/types.vdl b/lib/security/serialization/types.vdl
similarity index 100%
rename from security/serialization/types.vdl
rename to lib/security/serialization/types.vdl
diff --git a/security/serialization/types.vdl.go b/lib/security/serialization/types.vdl.go
similarity index 91%
rename from security/serialization/types.vdl.go
rename to lib/security/serialization/types.vdl.go
index 41ace24..096ae05 100644
--- a/security/serialization/types.vdl.go
+++ b/lib/security/serialization/types.vdl.go
@@ -20,14 +20,14 @@
}
func (SignedHeader) __VDLReflect(struct {
- Name string "v.io/x/ref/security/serialization.SignedHeader"
+ Name string "v.io/x/ref/lib/security/serialization.SignedHeader"
}) {
}
type HashCode [32]byte
func (HashCode) __VDLReflect(struct {
- Name string "v.io/x/ref/security/serialization.HashCode"
+ Name string "v.io/x/ref/lib/security/serialization.HashCode"
}) {
}
@@ -51,7 +51,7 @@
SignedDataHash struct{ Value HashCode }
// __SignedDataReflect describes the SignedData union type.
__SignedDataReflect struct {
- Name string "v.io/x/ref/security/serialization.SignedData"
+ Name string "v.io/x/ref/lib/security/serialization.SignedData"
Type SignedData
Union struct {
Signature SignedDataSignature
diff --git a/security/serialization/verifying_reader.go b/lib/security/serialization/verifying_reader.go
similarity index 98%
rename from security/serialization/verifying_reader.go
rename to lib/security/serialization/verifying_reader.go
index b708988..28c736a 100644
--- a/security/serialization/verifying_reader.go
+++ b/lib/security/serialization/verifying_reader.go
@@ -16,7 +16,7 @@
"v.io/v23/vom"
)
-const pkgPath = "v.io/x/ref/security/serialization"
+const pkgPath = "v.io/x/ref/lib/security/serialization"
var (
errCantBeNilVerifier = verror.Register(pkgPath+".errCantBeNilVerifier", verror.NoRetry, "{1:}{2:} data:{3} signature:{4} key:{5} cannot be nil{:_}")
diff --git a/security/serializer_reader_writer.go b/lib/security/serializer_reader_writer.go
similarity index 100%
rename from security/serializer_reader_writer.go
rename to lib/security/serializer_reader_writer.go
diff --git a/security/storage.go b/lib/security/storage.go
similarity index 96%
rename from security/storage.go
rename to lib/security/storage.go
index 8e9da82..1690c91 100644
--- a/security/storage.go
+++ b/lib/security/storage.go
@@ -10,7 +10,7 @@
"v.io/v23/security"
"v.io/v23/verror"
"v.io/v23/vom"
- "v.io/x/ref/security/serialization"
+ "v.io/x/ref/lib/security/serialization"
)
var (
diff --git a/security/testutil_test.go b/lib/security/testutil_test.go
similarity index 100%
rename from security/testutil_test.go
rename to lib/security/testutil_test.go
diff --git a/security/util.go b/lib/security/util.go
similarity index 100%
rename from security/util.go
rename to lib/security/util.go
diff --git a/security/util_test.go b/lib/security/util_test.go
similarity index 100%
rename from security/util_test.go
rename to lib/security/util_test.go
diff --git a/lib/signals/signals_test.go b/lib/signals/signals_test.go
index 1df20e1..6af0d33 100644
--- a/lib/signals/signals_test.go
+++ b/lib/signals/signals_test.go
@@ -20,13 +20,13 @@
"v.io/v23/rpc"
"v.io/v23/services/appcycle"
"v.io/v23/vtrace"
-
"v.io/x/ref/lib/mgmt"
- _ "v.io/x/ref/profiles"
- vflag "v.io/x/ref/security/flag"
- "v.io/x/ref/services/mgmt/device"
+ "v.io/x/ref/lib/security/securityflag"
+ "v.io/x/ref/services/device"
"v.io/x/ref/test"
"v.io/x/ref/test/modules"
+
+ _ "v.io/x/ref/profiles"
)
//go:generate v23 test generate
@@ -344,7 +344,7 @@
if ep, err = server.Listen(v23.GetListenSpec(ctx)); err != nil {
t.Fatalf("Got error: %v", err)
}
- if err := server.Serve("", device.ConfigServer(&configServer{ch}), vflag.NewAuthorizerOrDie()); err != nil {
+ if err := server.Serve("", device.ConfigServer(&configServer{ch}), securityflag.NewAuthorizerOrDie()); err != nil {
t.Fatalf("Got error: %v", err)
}
return server, ep[0].Name(), ch
diff --git a/lib/stats/sysstats/sysstats.go b/lib/stats/sysstats/sysstats.go
index 86772fd..49ad421 100644
--- a/lib/stats/sysstats/sysstats.go
+++ b/lib/stats/sysstats/sysstats.go
@@ -14,7 +14,7 @@
"strings"
"time"
- "v.io/x/ref/lib/flags/buildinfo"
+ "v.io/x/lib/buildinfo"
"v.io/x/ref/lib/stats"
)
diff --git a/services/mgmt/suidhelper/impl/args.go b/lib/suid/args.go
similarity index 80%
rename from services/mgmt/suidhelper/impl/args.go
rename to lib/suid/args.go
index 8081a26..90e9d55 100644
--- a/services/mgmt/suidhelper/impl/args.go
+++ b/lib/suid/args.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package impl
+package suid
import (
"bytes"
@@ -14,10 +14,9 @@
"strings"
"v.io/v23/verror"
- sflag "v.io/x/ref/services/mgmt/suidhelper/impl/flag"
)
-const pkgPath = "v.io/x/ref/services/mgmt/suidhelper/impl"
+const pkgPath = "v.io/x/ref/lib/suid"
var (
errUserNameMissing = verror.Register(pkgPath+".errUserNameMissing", verror.NoRetry, "{1:}{2:} --username missing{:_}")
@@ -55,21 +54,19 @@
)
func init() {
- setupFlags(nil)
+ setupFlags(flag.CommandLine)
}
func setupFlags(fs *flag.FlagSet) {
- if fs != nil {
- sflag.SetupFlags(fs)
- }
- flagUsername = sflag.Username
- flagWorkspace = sflag.Workspace
- flagLogDir = sflag.LogDir
- flagRun = sflag.Run
- flagMinimumUid = sflag.MinimumUid
- flagRemove = sflag.Remove
- flagDryrun = sflag.Dryrun
- flagProgName = sflag.ProgName
+ const uidThreshold = 501
+ flagUsername = fs.String("username", "", "The UNIX user name used for the other functions of this tool.")
+ flagWorkspace = fs.String("workspace", "", "Path to the application's workspace directory.")
+ flagLogDir = fs.String("logdir", "", "Path to the log directory.")
+ flagRun = fs.String("run", "", "Path to the application to exec.")
+ flagProgName = fs.String("progname", "unnamed_app", "Visible name of the application, used in argv[0]")
+ flagMinimumUid = fs.Int64("minuid", uidThreshold, "UIDs cannot be less than this number.")
+ flagRemove = fs.Bool("rm", false, "Remove the file trees given as command-line arguments.")
+ flagDryrun = fs.Bool("dryrun", false, "Elides root-requiring systemcalls.")
}
func cleanEnv(env []string) []string {
diff --git a/services/mgmt/suidhelper/impl/args_darwin_test.go b/lib/suid/args_darwin_test.go
similarity index 94%
rename from services/mgmt/suidhelper/impl/args_darwin_test.go
rename to lib/suid/args_darwin_test.go
index ef8ae82..f8eeacb 100644
--- a/services/mgmt/suidhelper/impl/args_darwin_test.go
+++ b/lib/suid/args_darwin_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package impl
+package suid
const (
testUserName = "_uucp"
diff --git a/services/mgmt/suidhelper/impl/args_linux_test.go b/lib/suid/args_linux_test.go
similarity index 94%
rename from services/mgmt/suidhelper/impl/args_linux_test.go
rename to lib/suid/args_linux_test.go
index 15e6b01..9e66342 100644
--- a/services/mgmt/suidhelper/impl/args_linux_test.go
+++ b/lib/suid/args_linux_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package impl
+package suid
const (
testUserName = "uucp"
diff --git a/services/mgmt/suidhelper/impl/args_test.go b/lib/suid/args_test.go
similarity index 99%
rename from services/mgmt/suidhelper/impl/args_test.go
rename to lib/suid/args_test.go
index d5c7233..5476a06 100644
--- a/services/mgmt/suidhelper/impl/args_test.go
+++ b/lib/suid/args_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package impl
+package suid
import (
"flag"
diff --git a/lib/suid/constants.go b/lib/suid/constants.go
new file mode 100644
index 0000000..178603e
--- /dev/null
+++ b/lib/suid/constants.go
@@ -0,0 +1,11 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package suid
+
+const (
+ // fd of the pipe to be used to return the pid of the forked child to the
+ // device manager.
+ PipeToParentFD = 5
+)
diff --git a/services/mgmt/suidhelper/impl/run.go b/lib/suid/run.go
similarity index 96%
rename from services/mgmt/suidhelper/impl/run.go
rename to lib/suid/run.go
index 5b50974..bedc968 100644
--- a/services/mgmt/suidhelper/impl/run.go
+++ b/lib/suid/run.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package impl
+package suid
import (
"flag"
diff --git a/services/mgmt/suidhelper/impl/system.go b/lib/suid/system.go
similarity index 78%
rename from services/mgmt/suidhelper/impl/system.go
rename to lib/suid/system.go
index 449ad38..de37d54 100644
--- a/services/mgmt/suidhelper/impl/system.go
+++ b/lib/suid/system.go
@@ -4,9 +4,10 @@
// +build linux darwin
-package impl
+package suid
import (
+ "encoding/binary"
"log"
"os"
"path/filepath"
@@ -49,7 +50,7 @@
attr := new(syscall.ProcAttr)
if dir, err := os.Getwd(); err != nil {
- log.Printf("error Getwd(): %v\n", err)
+ log.Printf("error Getwd(): %v", err)
return verror.New(errGetwdFailed, nil, err)
attr.Dir = dir
}
@@ -71,16 +72,28 @@
attr.Sys.Credential.Uid = uint32(hw.uid)
}
- _, _, err := syscall.StartProcess(hw.argv0, hw.argv, attr)
+ // Make sure the child won't talk on the fd we use to talk back to the parent
+ syscall.CloseOnExec(PipeToParentFD)
+
+ // Start the child process
+ pid, _, err := syscall.StartProcess(hw.argv0, hw.argv, attr)
if err != nil {
if !hw.dryrun {
- log.Printf("StartProcess failed: attr: %#v, attr.Sys: %#v, attr.Sys.Cred: %#v error: %v\n", attr, attr.Sys, attr.Sys.Credential, err)
+ log.Printf("StartProcess failed: attr: %#v, attr.Sys: %#v, attr.Sys.Cred: %#v error: %v", attr, attr.Sys, attr.Sys.Credential, err)
} else {
log.Printf("StartProcess failed: %v", err)
}
return verror.New(errStartProcessFailed, nil, hw.argv0, err)
}
- // TODO(rjkroege): Return the pid to the node manager.
+
+ // Return the pid of the new child process
+ pipeToParent := os.NewFile(PipeToParentFD, "pipe_to_parent_wr")
+ if err = binary.Write(pipeToParent, binary.LittleEndian, int32(pid)); err != nil {
+ log.Printf("Problem returning pid to parent: %v", err)
+ } else {
+ log.Printf("Returned pid %v to parent", pid)
+ }
+
os.Exit(0)
return nil // Not reached.
}
diff --git a/services/mgmt/suidhelper/impl/system_test.go b/lib/suid/system_test.go
similarity index 98%
rename from services/mgmt/suidhelper/impl/system_test.go
rename to lib/suid/system_test.go
index 8930612..98c3091 100644
--- a/services/mgmt/suidhelper/impl/system_test.go
+++ b/lib/suid/system_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package impl
+package suid
import (
"bytes"
diff --git a/services/mgmt/sysinit/init_darwin.go b/lib/sysinit/init_darwin.go
similarity index 100%
rename from services/mgmt/sysinit/init_darwin.go
rename to lib/sysinit/init_darwin.go
diff --git a/services/mgmt/sysinit/init_linux.go b/lib/sysinit/init_linux.go
similarity index 100%
rename from services/mgmt/sysinit/init_linux.go
rename to lib/sysinit/init_linux.go
diff --git a/services/mgmt/sysinit/linux_test.go b/lib/sysinit/linux_test.go
similarity index 100%
rename from services/mgmt/sysinit/linux_test.go
rename to lib/sysinit/linux_test.go
diff --git a/services/mgmt/sysinit/service_description.go b/lib/sysinit/service_description.go
similarity index 97%
rename from services/mgmt/sysinit/service_description.go
rename to lib/sysinit/service_description.go
index 62c677f..d19f072 100644
--- a/services/mgmt/sysinit/service_description.go
+++ b/lib/sysinit/service_description.go
@@ -14,7 +14,7 @@
"v.io/v23/verror"
)
-const pkgPath = "v.io/x/ref/services/mgmt/sysinit"
+const pkgPath = "v.io/x/ref/lib/sysinit"
var (
errMarshalFailed = verror.Register(pkgPath+".errMarshalFailed", verror.NoRetry, "{1:}{2:} Marshal({3}) failed{:_}")
diff --git a/services/mgmt/sysinit/sysinit.go b/lib/sysinit/sysinit.go
similarity index 100%
rename from services/mgmt/sysinit/sysinit.go
rename to lib/sysinit/sysinit.go
diff --git a/lib/unixfd/unixfd.go b/lib/unixfd/unixfd.go
index 1cae9b8..a80e1d9 100644
--- a/lib/unixfd/unixfd.go
+++ b/lib/unixfd/unixfd.go
@@ -7,7 +7,6 @@
package unixfd
import (
- "errors"
"fmt"
"io"
"net"
@@ -19,6 +18,18 @@
"unsafe"
"v.io/v23/rpc"
+ "v.io/v23/verror"
+)
+
+const pkgPath = "v.io/x/ref/lib/unixfd"
+
+var (
+ errListenerClosed = verror.Register(pkgPath+".errListenerClosed", verror.NoRetry, "{1:}{2:} listener closed{:_}")
+ errListenerAlreadyClosed = verror.Register(pkgPath+".errListenerAlreadyClosed", verror.NoRetry, "{1:}{2:} listener already closed{:_}")
+ errCantSendSocketWithoutData = verror.Register(pkgPath+".errCantSendSocketWithoutData", verror.NoRetry, "{1:}{2:} cannot send a socket without data.{:_}")
+ errWrongSentLength = verror.Register(pkgPath+".errWrongSentLength", verror.NoRetry, "{1:}{2:} expected to send {3}, {4} bytes, sent {5}, {6}{:_}")
+ errTooBigOOB = verror.Register(pkgPath+".errTooBigOOB", verror.NoRetry, "{1:}{2:} received too large oob data ({3}, max {4}){:_}")
+ errBadNetwork = verror.Register(pkgPath+".errBadNetwork", verror.NoRetry, "{1:}{2:} invalid network{:_}")
)
const Network string = "unixfd"
@@ -45,7 +56,7 @@
func (l *singleConnListener) Accept() (net.Conn, error) {
c := l.getChan()
if c == nil {
- return nil, errors.New("listener closed")
+ return nil, verror.New(errListenerClosed, nil)
}
if conn, ok := <-c; ok {
return conn, nil
@@ -58,7 +69,7 @@
defer l.Unlock()
lc := l.c
if lc == nil {
- return errors.New("listener already closed")
+ return verror.New(errListenerAlreadyClosed, nil)
}
close(l.c)
l.c = nil
@@ -217,7 +228,7 @@
// which you must close if you do not Dial or Listen to the address.
func SendConnection(conn *net.UnixConn, data []byte) (addr net.Addr, err error) {
if len(data) < 1 {
- return nil, errors.New("cannot send a socket without data.")
+ return nil, verror.New(errCantSendSocketWithoutData, nil)
}
remote, local, err := socketpair()
if err != nil {
@@ -233,7 +244,7 @@
return nil, err
} else if n != len(data) || oobn != len(rights) {
rfile.Close()
- return nil, fmt.Errorf("expected to send %d, %d bytes, sent %d, %d", len(data), len(rights), n, oobn)
+ return nil, verror.New(errWrongSentLength, nil, len(data), len(rights), n, oobn)
}
// Wait for the other side to acknowledge.
// This is to work around a race on OS X where it appears we can close
@@ -276,7 +287,7 @@
return nil, n, nil, err
}
if oobn > len(oob) {
- return nil, n, nil, fmt.Errorf("received too large oob data (%d, max %d)", oobn, len(oob))
+ return nil, n, nil, verror.New(errTooBigOOB, nil, oobn, len(oob))
}
scms, err := syscall.ParseSocketControlMessage(oob[:oobn])
if err != nil {
@@ -326,7 +337,7 @@
func CloseUnixAddr(addr net.Addr) error {
if addr.Network() != Network {
- return errors.New("invalid network")
+ return verror.New(errBadNetwork, nil)
}
fd, err := strconv.ParseInt(addr.String(), 10, 32)
if err != nil {
diff --git a/lib/vdl/build/build.go b/lib/vdl/build/build.go
index c036e9d..07947bb 100644
--- a/lib/vdl/build/build.go
+++ b/lib/vdl/build/build.go
@@ -256,7 +256,7 @@
}
// SrcDirs returns a list of package root source directories, based on the
-// VDLPATH, VDLROOT and VANADIUM_ROOT environment variables.
+// VDLPATH, VDLROOT and V23_ROOT environment variables.
//
// VDLPATH is a list of directories separated by filepath.ListSeparator;
// e.g. the separator is ":" on UNIX, and ";" on Windows. Each VDLPATH
@@ -265,8 +265,8 @@
//
// VDLROOT is a single directory specifying the location of the standard vdl
// packages. It has the same requirements as VDLPATH components. If VDLROOT is
-// empty, we use VANADIUM_ROOT to construct the VDLROOT. An error is reported if
-// neither VDLROOT nor VANADIUM_ROOT is specified.
+// empty, we use V23_ROOT to construct the VDLROOT. An error is reported if
+// neither VDLROOT nor V23_ROOT is specified.
func SrcDirs(errs *vdlutil.Errors) []string {
var srcDirs []string
if root := vdlRootDir(errs); root != "" {
@@ -278,10 +278,10 @@
func vdlRootDir(errs *vdlutil.Errors) string {
vdlroot := os.Getenv("VDLROOT")
if vdlroot == "" {
- // Try to construct VDLROOT out of VANADIUM_ROOT.
- vroot := os.Getenv("VANADIUM_ROOT")
+ // Try to construct VDLROOT out of V23_ROOT.
+ vroot := os.Getenv("V23_ROOT")
if vroot == "" {
- errs.Error("Either VDLROOT or VANADIUM_ROOT must be set")
+ errs.Error("Either VDLROOT or V23_ROOT must be set")
return ""
}
vdlroot = filepath.Join(vroot, "release", "go", "src", "v.io", "v23", "vdlroot")
diff --git a/lib/vdl/build/build_test.go b/lib/vdl/build/build_test.go
index aa083b2..3974345 100644
--- a/lib/vdl/build/build_test.go
+++ b/lib/vdl/build/build_test.go
@@ -17,8 +17,8 @@
"v.io/v23/vdlroot/vdltool"
"v.io/x/ref/lib/vdl/build"
"v.io/x/ref/lib/vdl/compile"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
"v.io/x/ref/lib/vdl/testdata/base"
- "v.io/x/ref/lib/vdl/vdltest"
"v.io/x/ref/lib/vdl/vdlutil"
)
@@ -53,8 +53,8 @@
}
func setVanadiumRoot(t *testing.T, root string) bool {
- if err := os.Setenv("VANADIUM_ROOT", root); err != nil {
- t.Errorf("Setenv(VANADIUM_ROOT, %q) failed: %v", root, err)
+ if err := os.Setenv("V23_ROOT", root); err != nil {
+ t.Errorf("Setenv(V23_ROOT, %q) failed: %v", root, err)
return false
}
return true
@@ -75,12 +75,12 @@
Want []string
ErrRE string
}{
- {"", "", nil, "Either VDLROOT or VANADIUM_ROOT must be set"},
+ {"", "", nil, "Either VDLROOT or V23_ROOT must be set"},
{"/a", "", []string{"/a"}, ""},
{"/a/b/c", "", []string{"/a/b/c"}, ""},
{"", "/v23", []string{"/v23/release/go/src/v.io/v23/vdlroot"}, ""},
{"", "/a/b/c", []string{"/a/b/c/release/go/src/v.io/v23/vdlroot"}, ""},
- // If both VDLROOT and VANADIUM_ROOT are specified, VDLROOT takes precedence.
+ // If both VDLROOT and V23_ROOT are specified, VDLROOT takes precedence.
{"/a", "/v23", []string{"/a"}, ""},
{"/a/b/c", "/x/y/z", []string{"/a/b/c"}, ""},
}
diff --git a/lib/vdl/codegen/javascript/gen.go b/lib/vdl/codegen/javascript/gen.go
index 6403d4d..454ac25 100644
--- a/lib/vdl/codegen/javascript/gen.go
+++ b/lib/vdl/codegen/javascript/gen.go
@@ -336,6 +336,17 @@
return false
}
+func hasEnums(pkg *compile.Package) bool {
+ for _, file := range pkg.Files {
+ for _, def := range file.TypeDefs {
+ if def.Type.Kind() == vdl.Enum {
+ return true
+ }
+ }
+ }
+ return false
+}
+
func generateSystemImports(data data) string {
res := "var vdl = require('"
packagePrefix := ""
@@ -358,7 +369,7 @@
}
}
- if hasConsts(data.Pkg) {
+ if hasConsts(data.Pkg) || hasEnums(data.Pkg) {
if data.PathToCoreJS != "" {
res += "var canonicalize = require('" + packagePrefix + "/vdl/canonicalize');\n"
} else {
diff --git a/lib/vdl/compile/compile_test.go b/lib/vdl/compile/compile_test.go
index d8734fb..9192a77 100644
--- a/lib/vdl/compile/compile_test.go
+++ b/lib/vdl/compile/compile_test.go
@@ -11,7 +11,7 @@
"v.io/x/ref/lib/vdl/build"
"v.io/x/ref/lib/vdl/compile"
- "v.io/x/ref/lib/vdl/vdltest"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
)
type f map[string]string
diff --git a/lib/vdl/compile/const_test.go b/lib/vdl/compile/const_test.go
index 326bee1..a2ce72d 100644
--- a/lib/vdl/compile/const_test.go
+++ b/lib/vdl/compile/const_test.go
@@ -12,7 +12,7 @@
"v.io/v23/vdl"
"v.io/x/ref/lib/vdl/build"
"v.io/x/ref/lib/vdl/compile"
- "v.io/x/ref/lib/vdl/vdltest"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
)
func testConstPackage(t *testing.T, name string, tpkg constPkg, env *compile.Env) *compile.Package {
diff --git a/lib/vdl/compile/error_test.go b/lib/vdl/compile/error_test.go
index 95a1020..845c511 100644
--- a/lib/vdl/compile/error_test.go
+++ b/lib/vdl/compile/error_test.go
@@ -12,8 +12,8 @@
"v.io/v23/vdl"
"v.io/x/ref/lib/vdl/build"
"v.io/x/ref/lib/vdl/compile"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
"v.io/x/ref/lib/vdl/parse"
- "v.io/x/ref/lib/vdl/vdltest"
)
func TestError(t *testing.T) {
diff --git a/lib/vdl/compile/ident_test.go b/lib/vdl/compile/ident_test.go
index 77f7819..4a61fe4 100644
--- a/lib/vdl/compile/ident_test.go
+++ b/lib/vdl/compile/ident_test.go
@@ -9,7 +9,7 @@
"v.io/x/ref/lib/vdl/build"
"v.io/x/ref/lib/vdl/compile"
- "v.io/x/ref/lib/vdl/vdltest"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
)
func TestIdentConflict(t *testing.T) {
diff --git a/lib/vdl/compile/interface_test.go b/lib/vdl/compile/interface_test.go
index 4cc1d10..1d2f8ac 100644
--- a/lib/vdl/compile/interface_test.go
+++ b/lib/vdl/compile/interface_test.go
@@ -11,8 +11,8 @@
"v.io/v23/vdl"
"v.io/x/ref/lib/vdl/build"
"v.io/x/ref/lib/vdl/compile"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
"v.io/x/ref/lib/vdl/parse"
- "v.io/x/ref/lib/vdl/vdltest"
)
func TestInterface(t *testing.T) {
diff --git a/lib/vdl/compile/type_test.go b/lib/vdl/compile/type_test.go
index 59396fe..4b64a70 100644
--- a/lib/vdl/compile/type_test.go
+++ b/lib/vdl/compile/type_test.go
@@ -10,7 +10,7 @@
"v.io/v23/vdl"
"v.io/x/ref/lib/vdl/build"
"v.io/x/ref/lib/vdl/compile"
- "v.io/x/ref/lib/vdl/vdltest"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
)
const qual = "package path qualified identifier"
diff --git a/lib/vdl/vdltest/vdltest.go b/lib/vdl/internal/vdltest/vdltest.go
similarity index 100%
rename from lib/vdl/vdltest/vdltest.go
rename to lib/vdl/internal/vdltest/vdltest.go
diff --git a/lib/vdl/parse/parse_test.go b/lib/vdl/parse/parse_test.go
index 0b84e89..90849e6 100644
--- a/lib/vdl/parse/parse_test.go
+++ b/lib/vdl/parse/parse_test.go
@@ -12,8 +12,8 @@
"strings"
"testing"
+ "v.io/x/ref/lib/vdl/internal/vdltest"
"v.io/x/ref/lib/vdl/parse"
- "v.io/x/ref/lib/vdl/vdltest"
"v.io/x/ref/lib/vdl/vdlutil"
)
diff --git a/profiles/fake/runtime.go b/profiles/fake/runtime.go
index ceaa6cc..e2c5cf3 100644
--- a/profiles/fake/runtime.go
+++ b/profiles/fake/runtime.go
@@ -12,8 +12,7 @@
"v.io/v23/context"
"v.io/v23/rpc"
"v.io/v23/security"
-
- vsecurity "v.io/x/ref/security"
+ vsecurity "v.io/x/ref/lib/security"
)
type contextKey int
diff --git a/profiles/internal/naming/namespace/acl.go b/profiles/internal/naming/namespace/acl.go
index d47e4ea..cdb00ce 100644
--- a/profiles/internal/naming/namespace/acl.go
+++ b/profiles/internal/naming/namespace/acl.go
@@ -15,10 +15,10 @@
)
// setAccessListInMountTable sets the AccessList in a single server.
-func setAccessListInMountTable(ctx *context.T, client rpc.Client, name string, acl access.Permissions, etag, id string, opts []rpc.CallOpt) (s status) {
+func setAccessListInMountTable(ctx *context.T, client rpc.Client, name string, acl access.Permissions, version, id string, opts []rpc.CallOpt) (s status) {
s.id = id
ctx, _ = context.WithTimeout(ctx, callTimeout)
- call, err := client.StartCall(ctx, name, "SetPermissions", []interface{}{acl, etag}, append(opts, options.NoResolve{})...)
+ call, err := client.StartCall(ctx, name, "SetPermissions", []interface{}{acl, version}, append(opts, options.NoResolve{})...)
s.err = err
if err != nil {
return
@@ -27,21 +27,21 @@
return
}
-func (ns *namespace) SetPermissions(ctx *context.T, name string, acl access.Permissions, etag string, opts ...naming.NamespaceOpt) error {
+func (ns *namespace) SetPermissions(ctx *context.T, name string, acl access.Permissions, version string, opts ...naming.NamespaceOpt) error {
defer vlog.LogCall()()
client := v23.GetClient(ctx)
// Apply to all mount tables implementing the name.
f := func(ctx *context.T, mt, id string) status {
- return setAccessListInMountTable(ctx, client, mt, acl, etag, id, getCallOpts(opts))
+ return setAccessListInMountTable(ctx, client, mt, acl, version, id, getCallOpts(opts))
}
err := ns.dispatch(ctx, name, f, opts)
- vlog.VI(1).Infof("SetPermissions(%s, %v, %s) -> %v", name, acl, etag, err)
+ vlog.VI(1).Infof("SetPermissions(%s, %v, %s) -> %v", name, acl, version, err)
return err
}
// GetPermissions gets an AccessList from a mount table.
-func (ns *namespace) GetPermissions(ctx *context.T, name string, opts ...naming.NamespaceOpt) (acl access.Permissions, etag string, err error) {
+func (ns *namespace) GetPermissions(ctx *context.T, name string, opts ...naming.NamespaceOpt) (acl access.Permissions, version string, err error) {
defer vlog.LogCall()()
client := v23.GetClient(ctx)
@@ -58,6 +58,6 @@
err = serr
return
}
- err = call.Finish(&acl, &etag)
+ err = call.Finish(&acl, &version)
return
}
diff --git a/profiles/internal/naming/namespace/acl_test.go b/profiles/internal/naming/namespace/acl_test.go
index 74e60c2..3cc7cb5 100644
--- a/profiles/internal/naming/namespace/acl_test.go
+++ b/profiles/internal/naming/namespace/acl_test.go
@@ -17,7 +17,7 @@
"v.io/v23/security/access"
_ "v.io/x/ref/profiles"
- service "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
)
@@ -57,7 +57,7 @@
// Create a new mounttable service.
func newMT(t *testing.T, ctx *context.T) (func(), string) {
- estr, stopFunc, err := service.StartServers(ctx, v23.GetListenSpec(ctx), "", "", "")
+ estr, stopFunc, err := mounttablelib.StartServers(ctx, v23.GetListenSpec(ctx), "", "", "")
if err != nil {
t.Fatalf("r.NewServer: %s", err)
}
@@ -137,11 +137,11 @@
}
// Set/Get the mount point's AccessList.
- acl, etag, err := ns.GetPermissions(rootCtx, "a/b/c")
+ acl, version, err := ns.GetPermissions(rootCtx, "a/b/c")
if err != nil {
t.Fatalf("GetPermissions a/b/c: %s", err)
}
- if err := ns.SetPermissions(rootCtx, "a/b/c", openAccessList, etag); err != nil {
+ if err := ns.SetPermissions(rootCtx, "a/b/c", openAccessList, version); err != nil {
t.Fatalf("SetPermissions a/b/c: %s", err)
}
nacl, _, err := ns.GetPermissions(rootCtx, "a/b/c")
@@ -154,8 +154,8 @@
// Now Set/Get the parallel mount point's AccessList.
name := "a/b/c/d/e"
- etag = "" // Parallel setacl with any other value is dangerous
- if err := ns.SetPermissions(rootCtx, name, openAccessList, etag); err != nil {
+ version = "" // Parallel setacl with any other value is dangerous
+ if err := ns.SetPermissions(rootCtx, name, openAccessList, version); err != nil {
t.Fatalf("SetPermissions %s: %s", name, err)
}
nacl, _, err = ns.GetPermissions(rootCtx, name)
@@ -187,7 +187,7 @@
// Create mount points accessible only by root's key.
name = "a/b/c/d/f"
deadbody := "/the:8888/rain"
- if err := ns.SetPermissions(rootCtx, name, closedAccessList, etag); err != nil {
+ if err := ns.SetPermissions(rootCtx, name, closedAccessList, version); err != nil {
t.Fatalf("SetPermissions %s: %s", name, err)
}
nacl, _, err = ns.GetPermissions(rootCtx, name)
@@ -215,7 +215,7 @@
// Create a mount point via Serve accessible only by root's key.
name = "a/b/c/d/g"
- if err := ns.SetPermissions(rootCtx, name, closedAccessList, etag); err != nil {
+ if err := ns.SetPermissions(rootCtx, name, closedAccessList, version); err != nil {
t.Fatalf("SetPermissions %s: %s", name, err)
}
server, err := v23.NewServer(rootCtx)
diff --git a/profiles/internal/naming/namespace/all_test.go b/profiles/internal/naming/namespace/all_test.go
index 3c5fbb8..ec3ad92 100644
--- a/profiles/internal/naming/namespace/all_test.go
+++ b/profiles/internal/naming/namespace/all_test.go
@@ -24,7 +24,7 @@
_ "v.io/x/ref/profiles"
inamespace "v.io/x/ref/profiles/internal/naming/namespace"
- mtlib "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
)
@@ -184,7 +184,7 @@
}
func runMT(t *testing.T, ctx *context.T, mountPoint string) *serverEntry {
- mtd, err := mtlib.NewMountTableDispatcher("")
+ mtd, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
boom(t, "NewMountTableDispatcher returned error: %v", err)
}
diff --git a/profiles/internal/rpc/benchmark/internal/server.go b/profiles/internal/rpc/benchmark/internal/server.go
index 483fd17..0c94e23 100644
--- a/profiles/internal/rpc/benchmark/internal/server.go
+++ b/profiles/internal/rpc/benchmark/internal/server.go
@@ -5,13 +5,11 @@
package internal
import (
- "v.io/x/ref/security/flag"
-
"v.io/v23"
"v.io/v23/context"
"v.io/v23/rpc"
"v.io/x/lib/vlog"
-
+ "v.io/x/ref/lib/security/securityflag"
"v.io/x/ref/profiles/internal/rpc/benchmark"
)
@@ -47,7 +45,7 @@
vlog.Fatalf("Listen failed: %v", err)
}
- if err := server.Serve("", benchmark.BenchmarkServer(&impl{}), flag.NewAuthorizerOrDie()); err != nil {
+ if err := server.Serve("", benchmark.BenchmarkServer(&impl{}), securityflag.NewAuthorizerOrDie()); err != nil {
vlog.Fatalf("Serve failed: %v", err)
}
return eps[0].Name(), func() {
diff --git a/profiles/internal/rpc/client.go b/profiles/internal/rpc/client.go
index 458040f..200c33b 100644
--- a/profiles/internal/rpc/client.go
+++ b/profiles/internal/rpc/client.go
@@ -80,6 +80,8 @@
errBlessingGrant = verror.Register(pkgPath+".blessingGrantFailed", verror.NoRetry, "failed to grant blessing to server with blessings {3}{:4}")
errBlessingAdd = verror.Register(pkgPath+".blessingAddFailed", verror.NoRetry, "failed to add blessing granted to server {3}{:4}")
+
+ errNoPrincipal = verror.Register(pkgPath+".noPrincipal", verror.NoRetry, "principal required for secure connections")
)
type client struct {
@@ -410,7 +412,9 @@
// on here.
var principal security.Principal
if callEncrypted(opts) {
- principal = v23.GetPrincipal(ctx)
+ if principal = v23.GetPrincipal(ctx); principal == nil {
+ return nil, verror.NoRetry, verror.New(errNoPrincipal, ctx)
+ }
}
// servers is now ordered by the priority heurestic implemented in
@@ -488,7 +492,7 @@
return nil, verror.NoRetry, err
}
- if err := fc.prepareBlessingsAndDischarges(method, args, r.rejectedBlessings, opts); err != nil {
+ if err := fc.prepareBlessingsAndDischarges(ctx, method, r.suffix, args, r.rejectedBlessings, opts); err != nil {
r.err = verror.New(verror.ErrNotTrusted, ctx, name, r.flow.RemoteBlessings(), err)
vlog.VI(2).Infof("rpc: err: %s", r.err)
r.flow.Close()
@@ -605,19 +609,13 @@
// server, (2) preparing blessings that the client authenticates with,
// and, (3) preparing any discharges for third-party caveats on the client's
// blessings.
-func (fc *flowClient) prepareBlessingsAndDischarges(method string, args []interface{}, rejectedServerBlessings []security.RejectedBlessing, opts []rpc.CallOpt) error {
+func (fc *flowClient) prepareBlessingsAndDischarges(ctx *context.T, method, suffix string, args []interface{}, rejectedServerBlessings []security.RejectedBlessing, opts []rpc.CallOpt) error {
// LocalPrincipal is nil which means we are operating under
// SecurityNone.
if fc.flow.LocalPrincipal() == nil {
return nil
}
- // Prepare blessings that must be granted to the server (using any
- // rpc.Granter implementation in 'opts').
- if err := fc.prepareGrantedBlessings(opts); err != nil {
- return err
- }
-
// Fetch blessings from the client's blessing store that are to be
// shared with the server.
if fc.blessings = fc.flow.LocalPrincipal().BlessingStore().ForPeer(fc.server...); fc.blessings.IsZero() {
@@ -635,14 +633,44 @@
}
fc.discharges = fc.dc.PrepareDischarges(fc.ctx, fc.blessings.ThirdPartyCaveats(), impetus)
}
+
+ // Prepare blessings that must be granted to the server (using any
+ // rpc.Granter implementation in 'opts').
+ //
+ // NOTE(ataly, suharshs): Before invoking the granter, we set the parameters of
+ // the current call on the context. The context would now have two principals
+ // set on it -- one available via v23.GetPrincipal(ctx) and the other available
+ // via security.GetCall(ctx).LocalPrincipal(). While in theory the two principals
+ // can be different, the flow.LocalPrincipal == nil check at the beginning
+ // of this method ensures that the two are the same and non-nil at this point
+ // in the code.
+ ldischargeMap := make(map[string]security.Discharge)
+ for _, d := range fc.discharges {
+ ldischargeMap[d.ID()] = d
+ }
+ seccall := security.NewCall(&security.CallParams{
+ LocalPrincipal: fc.flow.LocalPrincipal(),
+ LocalBlessings: fc.blessings,
+ RemoteBlessings: fc.flow.RemoteBlessings(),
+ LocalEndpoint: fc.flow.LocalEndpoint(),
+ RemoteEndpoint: fc.flow.RemoteEndpoint(),
+ LocalDischarges: ldischargeMap,
+ RemoteDischarges: fc.flow.RemoteDischarges(),
+ Method: method,
+ Suffix: suffix,
+ })
+ ctx = security.SetCall(ctx, seccall)
+ if err := fc.prepareGrantedBlessings(ctx, opts); err != nil {
+ return err
+ }
return nil
}
-func (fc *flowClient) prepareGrantedBlessings(opts []rpc.CallOpt) error {
+func (fc *flowClient) prepareGrantedBlessings(ctx *context.T, opts []rpc.CallOpt) error {
for _, o := range opts {
switch v := o.(type) {
case rpc.Granter:
- if b, err := v.Grant(fc.flow.RemoteBlessings()); err != nil {
+ if b, err := v.Grant(ctx); err != nil {
return verror.New(errBlessingGrant, fc.ctx, fc.server, err)
} else if fc.grantedBlessings, err = security.UnionOfBlessings(fc.grantedBlessings, b); err != nil {
return verror.New(errBlessingAdd, fc.ctx, fc.server, err)
diff --git a/profiles/internal/rpc/full_test.go b/profiles/internal/rpc/full_test.go
index 3ff09b7..b6916ce 100644
--- a/profiles/internal/rpc/full_test.go
+++ b/profiles/internal/rpc/full_test.go
@@ -801,14 +801,24 @@
}
}
-// granter implements rpc.Granter, returning a fixed (security.Blessings, error) pair.
+// granter implements rpc.Granter.
+//
+// It returns the specified (security.Blessings, error) pair if either the
+// blessing or the error is specified. Otherwise it returns a blessing
+// derived from the local blessings of the current call.
type granter struct {
rpc.CallOpt
b security.Blessings
err error
}
-func (g granter) Grant(id security.Blessings) (security.Blessings, error) { return g.b, g.err }
+func (g granter) Grant(ctx *context.T) (security.Blessings, error) {
+ if !g.b.IsZero() || g.err != nil {
+ return g.b, g.err
+ }
+ call := security.GetCall(ctx)
+ return call.LocalPrincipal().Bless(call.RemoteBlessings().PublicKey(), call.LocalBlessings(), "blessed", security.UnconstrainedUse())
+}
func TestGranter(t *testing.T) {
var (
@@ -828,6 +838,7 @@
{blessing: ""},
{granter: granter{b: bless(pclient, pserver, "blessed")}, blessing: "client/blessed"},
{granter: granter{err: errors.New("hell no")}, startErrID: verror.ErrNotTrusted, starterr: "hell no"},
+ {granter: granter{}, blessing: "client/blessed"},
{granter: granter{b: pclient.BlessingStore().Default()}, finishErrID: verror.ErrNoAccess, finisherr: "blessing granted not bound to this server"},
}
for i, test := range tests {
@@ -1642,6 +1653,39 @@
}
}
+func TestNoPrincipal(t *testing.T) {
+ ctx, shutdown := initForTest()
+ defer shutdown()
+ sm := imanager.InternalNew(naming.FixedRoutingID(0x66666666))
+ defer sm.Shutdown()
+ ns := tnaming.NewSimpleNamespace()
+ server, err := testInternalNewServer(ctx, sm, ns, testutil.NewPrincipal("server"))
+ if err != nil {
+ t.Fatalf("InternalNewServer failed: %v", err)
+ }
+ if _, err = server.Listen(listenSpec); err != nil {
+ t.Fatalf("server.Listen failed: %v", err)
+ }
+ disp := &testServerDisp{&testServer{}}
+ if err := server.ServeDispatcher("mp/server", disp); err != nil {
+ t.Fatalf("server.Serve failed: %v", err)
+ }
+ client, err := InternalNewClient(sm, ns)
+ if err != nil {
+ t.Fatalf("InternalNewClient failed: %v", err)
+ }
+
+ // A call should fail if the principal in the ctx is nil and SecurityNone is not specified.
+ ctx, err = v23.SetPrincipal(ctx, nil)
+ if err != nil {
+ t.Fatalf("failed to set principal: %v", err)
+ }
+ _, err = client.StartCall(ctx, "mp/server", "Echo", []interface{}{"foo"})
+ if err == nil || verror.ErrorID(err) != errNoPrincipal.ID {
+ t.Fatalf("Expected errNoPrincipal, got %v", err)
+ }
+}
+
func TestCallWithNilContext(t *testing.T) {
sm := imanager.InternalNew(naming.FixedRoutingID(0x66666666))
defer sm.Shutdown()
@@ -1655,7 +1699,7 @@
t.Errorf("Expected nil interface got: %#v", call)
}
if verror.ErrorID(err) != verror.ErrBadArg.ID {
- t.Errorf("Expected an BadArg error, got: %s", err.Error())
+ t.Errorf("Expected a BadArg error, got: %s", err.Error())
}
}
diff --git a/profiles/internal/rpc/reserved.go b/profiles/internal/rpc/reserved.go
index 890f5c3..7152349 100644
--- a/profiles/internal/rpc/reserved.go
+++ b/profiles/internal/rpc/reserved.go
@@ -345,24 +345,11 @@
}
func callWithSuffix(src rpc.StreamServerCall, suffix string) rpc.StreamServerCall {
- ctx := src.Context()
- secCall := security.GetCall(ctx)
- ctx = security.SetCall(ctx, &derivedSecurityCall{
- Call: secCall,
- suffix: suffix,
- methodTags: secCall.MethodTags(),
- })
- return &derivedServerCall{src, ctx, suffix}
+ return &derivedServerCall{src, securityCallWithSuffix(src.Context(), suffix), suffix}
}
func callWithMethodTags(src rpc.StreamServerCall, tags []*vdl.Value) rpc.StreamServerCall {
- ctx, suffix := src.Context(), src.Suffix()
- ctx = security.SetCall(ctx, &derivedSecurityCall{
- Call: security.GetCall(ctx),
- suffix: suffix,
- methodTags: tags,
- })
- return &derivedServerCall{src, ctx, suffix}
+ return &derivedServerCall{src, securityCallWithMethodTags(src.Context(), tags), src.Suffix()}
}
func (c *derivedServerCall) Context() *context.T { return c.ctx }
@@ -374,5 +361,23 @@
methodTags []*vdl.Value
}
+func securityCallWithSuffix(ctx *context.T, suffix string) *context.T {
+ secCall := security.GetCall(ctx)
+ return security.SetCall(ctx, &derivedSecurityCall{
+ Call: secCall,
+ suffix: suffix,
+ methodTags: secCall.MethodTags(),
+ })
+}
+
+func securityCallWithMethodTags(ctx *context.T, tags []*vdl.Value) *context.T {
+ secCall := security.GetCall(ctx)
+ return security.SetCall(ctx, &derivedSecurityCall{
+ Call: secCall,
+ suffix: secCall.Suffix(),
+ methodTags: tags,
+ })
+}
+
func (c *derivedSecurityCall) Suffix() string { return c.suffix }
func (c *derivedSecurityCall) MethodTags() []*vdl.Value { return c.methodTags }
diff --git a/profiles/internal/rpc/resolve_test.go b/profiles/internal/rpc/resolve_test.go
index a143c3a..ef41e60 100644
--- a/profiles/internal/rpc/resolve_test.go
+++ b/profiles/internal/rpc/resolve_test.go
@@ -25,7 +25,7 @@
inaming "v.io/x/ref/profiles/internal/naming"
irpc "v.io/x/ref/profiles/internal/rpc"
grt "v.io/x/ref/profiles/internal/rt"
- mounttable "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test/expect"
"v.io/x/ref/test/modules"
)
@@ -75,9 +75,9 @@
return fmt.Errorf("root failed: %v", err)
}
mp := ""
- mt, err := mounttable.NewMountTableDispatcher("")
+ mt, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
- return fmt.Errorf("mounttable.NewMountTableDispatcher failed: %s", err)
+ return fmt.Errorf("mounttablelib.NewMountTableDispatcher failed: %s", err)
}
eps, err := server.Listen(lspec)
if err != nil {
diff --git a/profiles/internal/rpc/server.go b/profiles/internal/rpc/server.go
index e995815..db689b8 100644
--- a/profiles/internal/rpc/server.go
+++ b/profiles/internal/rpc/server.go
@@ -26,13 +26,12 @@
"v.io/v23/verror"
"v.io/v23/vom"
"v.io/v23/vtrace"
- "v.io/x/lib/vlog"
- "v.io/x/ref/profiles/internal/rpc/stream"
-
"v.io/x/lib/netstate"
+ "v.io/x/lib/vlog"
"v.io/x/ref/lib/stats"
"v.io/x/ref/profiles/internal/lib/publisher"
inaming "v.io/x/ref/profiles/internal/naming"
+ "v.io/x/ref/profiles/internal/rpc/stream"
"v.io/x/ref/profiles/internal/rpc/stream/vc"
// TODO(cnicolaou): finish verror2 -> verror transition, in particular
@@ -157,7 +156,13 @@
var _ rpc.Server = (*server)(nil)
-func InternalNewServer(ctx *context.T, streamMgr stream.Manager, ns namespace.T, client rpc.Client, principal security.Principal, opts ...rpc.ServerOpt) (rpc.Server, error) {
+func InternalNewServer(
+ ctx *context.T,
+ streamMgr stream.Manager,
+ ns namespace.T,
+ client rpc.Client,
+ principal security.Principal,
+ opts ...rpc.ServerOpt) (rpc.Server, error) {
ctx, cancel := context.WithRootCancel(ctx)
ctx, _ = vtrace.SetNewSpan(ctx, "NewServer")
statsPrefix := naming.Join("rpc", "server", "routing-id", streamMgr.RoutingID().String())
@@ -951,7 +956,6 @@
discharges map[string]security.Discharge
starttime time.Time
endStreamArgs bool // are the stream args at EOF?
- allowDebug bool // true if the caller is permitted to view debug information.
}
var _ rpc.Stream = (*flowServer)(nil)
@@ -996,6 +1000,25 @@
return fs, nil
}
+// authorizeVtrace works by simulating a call to __debug/vtrace.Trace. That
+// rpc is essentially equivalent in power to the data we are attempting to
+// attach here.
+func (fs *flowServer) authorizeVtrace() error {
+ // Set up a context as though we were calling __debug/vtrace.
+ params := &security.CallParams{}
+ params.Copy(security.GetCall(fs.T))
+ params.Method = "Trace"
+ params.MethodTags = []*vdl.Value{vdl.ValueOf(access.Debug)}
+ params.Suffix = "__debug/vtrace"
+ ctx := security.SetCall(fs.T, security.NewCall(params))
+
+ var auth security.Authorizer
+ if fs.server.dispReserved != nil {
+ _, auth, _ = fs.server.dispReserved.Lookup(params.Suffix)
+ }
+ return authorize(ctx, auth)
+}
+
func (fs *flowServer) serve() error {
defer fs.flow.Close()
@@ -1004,7 +1027,8 @@
vtrace.GetSpan(fs.T).Finish()
var traceResponse vtrace.Response
- if fs.allowDebug {
+ // Check if the caller is permitted to view vtrace data.
+ if fs.authorizeVtrace() == nil {
traceResponse = vtrace.GetResponse(fs.T)
}
@@ -1122,13 +1146,12 @@
return nil, verror.New(verror.ErrBadProtocol, fs.T, newErrBadInputArg(fs.T, fs.suffix, fs.method, uint64(ix), err))
}
}
+
// Check application's authorization policy.
if err := authorize(fs.T, auth); err != nil {
return nil, err
}
- // Check if the caller is permitted to view debug information.
- // TODO(mattr): Is access.Debug the right thing to check?
- fs.allowDebug = authorize(setDebugCall(fs.T), auth) == nil
+
// Invoke the method.
results, err := invoker.Invoke(strippedMethod, fs, argptrs)
fs.server.stats.record(fs.method, time.Since(fs.starttime))
@@ -1254,20 +1277,6 @@
return nil
}
-// debugSecurityCall wraps another security.Call but always returns
-// the debug method tag.
-type debugSecurityCall struct {
- security.Call
-}
-
-func (debugSecurityCall) MethodTags() []*vdl.Value {
- return []*vdl.Value{vdl.ValueOf(access.Debug)}
-}
-
-func setDebugCall(ctx *context.T) *context.T {
- return security.SetCall(ctx, debugSecurityCall{security.GetCall(ctx)})
-}
-
// Send implements the rpc.Stream method.
func (fs *flowServer) Send(item interface{}) error {
defer vlog.LogCall()()
diff --git a/profiles/internal/rpc/stream/errors.go b/profiles/internal/rpc/stream/errors.go
new file mode 100644
index 0000000..f7d7515
--- /dev/null
+++ b/profiles/internal/rpc/stream/errors.go
@@ -0,0 +1,36 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package stream
+
+import (
+ "v.io/v23/verror"
+)
+
+const pkgPath = "v.io/x/ref/profiles/internal/rpc/stream"
+
+// The stream family of packages guarantee to return one of the verror codes defined here, their
+// messages are constructed so as to avoid embedding a component/method name and are thus
+// more suitable for inclusion in other verrors.
+var (
+ ErrSecurity = verror.Register(pkgPath+".errSecurity", verror.NoRetry, "{:3}")
+ ErrNetwork = verror.Register(pkgPath+".errNetwork", verror.NoRetry, "{:3}")
+ ErrProxy = verror.Register(pkgPath+".errProxy", verror.NoRetry, "{:3}")
+ ErrBadArg = verror.Register(pkgPath+".errBadArg", verror.NoRetry, "{:3}")
+ ErrBadState = verror.Register(pkgPath+".errBadState", verror.NoRetry, "{:3}")
+ // TODO(cnicolaou): remove this when the rest of the stream sub packages are converted.
+ ErrSecOrNet = verror.Register(pkgPath+".errSecOrNet", verror.NoRetry, "{:3}")
+ // Update IsStreamError below if you add any other errors here.
+)
+
+// IsStreamError returns true if the err is one of the verror codes defined by this package.
+func IsStreamError(err error) bool {
+ id := verror.ErrorID(err)
+ switch id {
+ case ErrSecurity.ID, ErrNetwork.ID, ErrProxy.ID, ErrBadArg.ID, ErrBadState.ID, ErrSecOrNet.ID:
+ return true
+ default:
+ return false
+ }
+}
diff --git a/profiles/internal/rpc/stream/manager/error_test.go b/profiles/internal/rpc/stream/manager/error_test.go
new file mode 100644
index 0000000..b2c2f9d
--- /dev/null
+++ b/profiles/internal/rpc/stream/manager/error_test.go
@@ -0,0 +1,135 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package manager_test
+
+import (
+ "net"
+ "testing"
+ "time"
+
+ "v.io/v23/naming"
+ "v.io/v23/rpc"
+ "v.io/v23/security"
+ "v.io/v23/verror"
+
+ _ "v.io/x/ref/profiles"
+ inaming "v.io/x/ref/profiles/internal/naming"
+ "v.io/x/ref/profiles/internal/rpc/stream"
+ "v.io/x/ref/profiles/internal/rpc/stream/manager"
+ "v.io/x/ref/profiles/internal/rpc/stream/message"
+ "v.io/x/ref/profiles/internal/testing/mocks/mocknet"
+ "v.io/x/ref/test"
+ "v.io/x/ref/test/testutil"
+)
+
+func TestListenErrors(t *testing.T) {
+ server := manager.InternalNew(naming.FixedRoutingID(0x1))
+ pserver := testutil.NewPrincipal("server")
+
+ // principal, no blessings
+ _, _, err := server.Listen("tcp", "127.0.0.1:0", pserver, security.Blessings{}, nil)
+ if verror.ErrorID(err) != stream.ErrBadArg.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+
+ // blessings, no principal
+ _, _, err = server.Listen("tcp", "127.0.0.1:0", nil, pserver.BlessingStore().Default(), nil)
+ if verror.ErrorID(err) != stream.ErrBadArg.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+
+ // bad protocol
+ _, _, err = server.Listen("foo", "127.0.0.1:0", pserver, pserver.BlessingStore().Default())
+ if verror.ErrorID(err) != stream.ErrBadArg.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+
+ // bad address
+ _, _, err = server.Listen("tcp", "xx.0.0.1:0", pserver, pserver.BlessingStore().Default())
+ if verror.ErrorID(err) != stream.ErrBadArg.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+
+ // bad address for proxy
+ _, _, err = server.Listen("v23", "127x.0.0.1", pserver, pserver.BlessingStore().Default())
+ if verror.ErrorID(err) != stream.ErrBadArg.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+}
+
+func acceptLoop(ln stream.Listener) {
+ for {
+ f, err := ln.Accept()
+ if err != nil {
+ return
+ }
+ f.Close()
+ }
+
+}
+func dropDataDialer(network, address string, timeout time.Duration) (net.Conn, error) {
+ matcher := func(read bool, msg message.T) bool {
+ switch msg.(type) {
+ case *message.HopSetup:
+ return true
+ }
+ return false
+ }
+ opts := mocknet.Opts{
+ Mode: mocknet.V23CloseAtMessage,
+ V23MessageMatcher: matcher,
+ }
+ return mocknet.DialerWithOpts(opts, network, address, timeout)
+}
+
+func TestDialErrors(t *testing.T) {
+ _, shutdown := test.InitForTest()
+ defer shutdown()
+ server := manager.InternalNew(naming.FixedRoutingID(0x55555555))
+ client := manager.InternalNew(naming.FixedRoutingID(0xcccccccc))
+ pclient := testutil.NewPrincipal("client")
+ pserver := testutil.NewPrincipal("server")
+
+ // bad protocol
+ ep, _ := inaming.NewEndpoint(naming.FormatEndpoint("x", "127.0.0.1:2"))
+ _, err := client.Dial(ep, pclient)
+ if verror.ErrorID(err) != stream.ErrBadArg.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+
+ // no server
+ ep, _ = inaming.NewEndpoint(naming.FormatEndpoint("tcp", "127.0.0.1:2"))
+ _, err = client.Dial(ep, pclient)
+ if verror.ErrorID(err) != stream.ErrNetwork.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+
+ rpc.RegisterProtocol("dropData", dropDataDialer, net.Listen)
+
+ ln, sep, err := server.Listen("tcp", "127.0.0.1:0", pserver, pserver.BlessingStore().Default())
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ // Server will just listen for flows and close them.
+ go acceptLoop(ln)
+
+ cep, err := mocknet.RewriteEndpointProtocol(sep.String(), "dropData")
+ if err != nil {
+ t.Fatal(err)
+ }
+ _, err = client.Dial(cep, pclient)
+ if verror.ErrorID(err) != stream.ErrNetwork.ID {
+ t.Fatalf("wrong error: %s", err)
+ }
+ t.Log(err)
+}
diff --git a/profiles/internal/rpc/stream/manager/listener.go b/profiles/internal/rpc/stream/manager/listener.go
index 4d705ba..16ace2f 100644
--- a/profiles/internal/rpc/stream/manager/listener.go
+++ b/profiles/internal/rpc/stream/manager/listener.go
@@ -5,7 +5,6 @@
package manager
import (
- "errors"
"fmt"
"net"
"strings"
@@ -25,7 +24,23 @@
"v.io/x/ref/profiles/internal/rpc/stream"
)
-var errListenerIsClosed = errors.New("Listener has been Closed")
+func reg(id, msg string) verror.IDAction {
+ return verror.Register(verror.ID(pkgPath+id), verror.NoRetry, msg)
+}
+
+var (
+ errVomEncoder = reg(".vomEncoder", "failed to create vom encoder{:3}")
+ errVomDecoder = reg(".vomDecoder", "failed to create vom decoder{:3}")
+ errVomEncodeRequest = reg(".vomEncodeRequest", "failed to encode request to proxy{:3}")
+ errVomDecodeResponse = reg(".vomDecodeRequest", "failed to decoded response from proxy{:3}")
+ errProxyError = reg(".proxyError", "proxy error {:3}")
+ errProxyEndpointError = reg(".proxyEndpointError", "proxy returned an invalid endpoint {:3}{:4}")
+ errAlreadyConnected = reg(".alreadyConnected", "already connected to proxy and accepting connections? VIF: {3}, StartAccepting{:_}")
+ errFailedToCreateLivenessFlow = reg(".failedToCreateLivenessFlow", "unable to create liveness check flow to proxy{:3}")
+ errAcceptFailed = reg(".acceptFailed", "accept failed{:3}")
+ errFailedToEstablishVC = reg(".failedToEstablishVC", "VC establishment with proxy failed{:_}")
+ errListenerAlreadyClosed = reg(".listenerAlreadyClosed", "listener already closed")
+)
// listener extends stream.Listener with a DebugString method.
type listener interface {
@@ -106,9 +121,9 @@
item, err := ln.q.Get(nil)
switch {
case err == upcqueue.ErrQueueIsClosed:
- return nil, errListenerIsClosed
+ return nil, verror.New(stream.ErrNetwork, nil, verror.New(errListenerAlreadyClosed, nil))
case err != nil:
- return nil, fmt.Errorf("Accept failed: %v", err)
+ return nil, verror.New(stream.ErrNetwork, nil, verror.New(errAcceptFailed, nil, err))
default:
return item.(vif.ConnectorAndFlow).Flow, nil
}
@@ -187,7 +202,7 @@
// Prepend the default idle timeout for VC.
opts = append([]stream.ListenerOpt{vc.IdleTimeout{defaultIdleTimeout}}, opts...)
if err := vf.StartAccepting(opts...); err != nil {
- return nil, nil, fmt.Errorf("already connected to proxy and accepting connections? VIF: %v, StartAccepting error: %v", vf, err)
+ return nil, nil, verror.New(stream.ErrNetwork, nil, verror.New(errAlreadyConnected, nil, vf, err))
}
// Proxy protocol: See v.io/x/ref/profiles/internal/rpc/stream/proxy/protocol.vdl
//
@@ -198,12 +213,14 @@
if verror.ErrorID(err) == verror.ErrAborted.ID {
ln.manager.vifs.Delete(vf)
}
- return nil, nil, fmt.Errorf("VC establishment with proxy failed: %v", err)
+ // TODO(cnicolaou): use one of ErrSecurity or ErrProtocol when the vif package
+ // is converted.
+ return nil, nil, verror.New(stream.ErrSecOrNet, nil, verror.New(errFailedToEstablishVC, nil, err))
}
flow, err := vc.Connect()
if err != nil {
vf.StopAccepting()
- return nil, nil, fmt.Errorf("unable to create liveness check flow to proxy: %v", err)
+ return nil, nil, verror.New(stream.ErrNetwork, nil, verror.New(errFailedToCreateLivenessFlow, nil, err))
}
var request proxy.Request
var response proxy.Response
@@ -211,34 +228,34 @@
if err != nil {
flow.Close()
vf.StopAccepting()
- return nil, nil, fmt.Errorf("failed to create new Encoder: %v", err)
+ return nil, nil, verror.New(stream.ErrNetwork, nil, verror.New(errVomDecoder, nil, err))
}
if err := enc.Encode(request); err != nil {
flow.Close()
vf.StopAccepting()
- return nil, nil, fmt.Errorf("failed to encode request to proxy: %v", err)
+ return nil, nil, verror.New(stream.ErrNetwork, nil, verror.New(errVomEncodeRequest, nil, err))
}
dec, err := vom.NewDecoder(flow)
if err != nil {
flow.Close()
vf.StopAccepting()
- return nil, nil, fmt.Errorf("failed to create new Decoder: %v", err)
+ return nil, nil, verror.New(stream.ErrNetwork, nil, verror.New(errVomDecoder, nil, err))
}
if err := dec.Decode(&response); err != nil {
flow.Close()
vf.StopAccepting()
- return nil, nil, fmt.Errorf("failed to decode response from proxy: %v", err)
+ return nil, nil, verror.New(stream.ErrNetwork, nil, verror.New(errVomDecodeResponse, nil, err))
}
if response.Error != nil {
flow.Close()
vf.StopAccepting()
- return nil, nil, fmt.Errorf("proxy error: %v", response.Error)
+ return nil, nil, verror.New(stream.ErrProxy, nil, response.Error)
}
ep, err := inaming.NewEndpoint(response.Endpoint)
if err != nil {
flow.Close()
vf.StopAccepting()
- return nil, nil, fmt.Errorf("proxy returned invalid endpoint(%v): %v", response.Endpoint, err)
+ return nil, nil, verror.New(stream.ErrProxy, nil, verror.New(errProxyEndpointError, nil, response.Endpoint, err))
}
go func(vf *vif.VIF, flow stream.Flow, q *upcqueue.T) {
<-flow.Closed()
@@ -252,9 +269,9 @@
item, err := ln.q.Get(nil)
switch {
case err == upcqueue.ErrQueueIsClosed:
- return nil, errListenerIsClosed
+ return nil, verror.New(stream.ErrNetwork, nil, verror.New(errListenerAlreadyClosed, nil))
case err != nil:
- return nil, fmt.Errorf("Accept failed: %v", err)
+ return nil, verror.New(stream.ErrNetwork, nil, verror.New(errAcceptFailed, nil, err))
default:
return item.(vif.ConnectorAndFlow).Flow, nil
}
diff --git a/profiles/internal/rpc/stream/manager/manager.go b/profiles/internal/rpc/stream/manager/manager.go
index 8d6e2f8..756a479 100644
--- a/profiles/internal/rpc/stream/manager/manager.go
+++ b/profiles/internal/rpc/stream/manager/manager.go
@@ -6,7 +6,6 @@
package manager
import (
- "errors"
"fmt"
"net"
"strings"
@@ -28,10 +27,14 @@
"v.io/x/ref/profiles/internal/rpc/version"
)
+const pkgPath = "v.io/x/ref/profiles/internal/rpc/stream/manager"
+
var (
- errShutDown = errors.New("manager has been shut down")
- errProvidedServerBlessingsWithoutPrincipal = errors.New("blessings provided but no known principal")
- errNoBlessingNames = errors.New("stream.ListenerOpts includes a principal but no blessing names could be extracted")
+ errUnknownNetwork = reg(".unknownNetwork", "unknown network{:3}")
+ errEndpointParseError = reg(".endpointParseError", "failed to parse endpoint {3}{:4}")
+ errAlreadyShutdown = reg(".alreadyShutdown", "already shutdown")
+ errProvidedServerBlessingsWithoutPrincipal = reg(".serverBlessingsWithoutPrincipal", "blessings provided but with no principal")
+ errNoBlessingNames = reg(".noBlessingNames", "no blessing names could be extracted for the provided principal")
)
const (
@@ -70,7 +73,7 @@
var _ stream.Manager = (*manager)(nil)
-type DialTimeout struct{ time.Duration }
+type DialTimeout time.Duration
func (DialTimeout) RPCStreamVCOpt() {}
func (DialTimeout) RPCClientOpt() {}
@@ -79,7 +82,7 @@
if d, _, _ := rpc.RegisteredProtocol(network); d != nil {
return d(network, address, timeout)
}
- return nil, fmt.Errorf("unknown network %s", network)
+ return nil, verror.New(stream.ErrBadArg, nil, verror.New(errUnknownNetwork, nil, network))
}
// FindOrDialVIF returns the network connection (VIF) to the provided address
@@ -91,7 +94,7 @@
for _, o := range opts {
switch v := o.(type) {
case DialTimeout:
- timeout = v.Duration
+ timeout = time.Duration(v)
}
}
addr := remote.Addr()
@@ -102,7 +105,10 @@
vlog.VI(1).Infof("(%q, %q) not in VIF cache. Dialing", network, address)
conn, err := dial(network, address, timeout)
if err != nil {
- return nil, fmt.Errorf("net.Dial(%q, %q) failed: %v", network, address, err)
+ if !stream.IsStreamError(err) {
+ err = verror.New(stream.ErrNetwork, nil, err)
+ }
+ return nil, err
}
// (network, address) in the endpoint might not always match up
// with the key used in the vifs. For example:
@@ -126,7 +132,7 @@
vf, err := vif.InternalNewDialedVIF(conn, m.rid, principal, vRange, m.deleteVIF, opts...)
if err != nil {
conn.Close()
- return nil, fmt.Errorf("failed to create VIF: %v", err)
+ return nil, verror.New(stream.ErrNetwork, nil, err)
}
// TODO(ashankar): If two goroutines are simultaneously invoking
// manager.Dial, it is possible that two VIFs are inserted into m.vifs
@@ -162,7 +168,7 @@
if _, l, _ := rpc.RegisteredProtocol(protocol); l != nil {
return l(protocol, address)
}
- return nil, fmt.Errorf("unknown network %s", protocol)
+ return nil, verror.New(stream.ErrBadArg, nil, verror.New(errUnknownNetwork, nil, protocol))
}
func (m *manager) Listen(protocol, address string, principal security.Principal, blessings security.Blessings, opts ...stream.ListenerOpt) (stream.Listener, naming.Endpoint, error) {
@@ -182,7 +188,7 @@
m.muListeners.Lock()
if m.shutdown {
m.muListeners.Unlock()
- return nil, nil, errShutDown
+ return nil, nil, verror.New(stream.ErrBadState, nil, verror.New(errAlreadyShutdown, nil))
}
m.muListeners.Unlock()
@@ -190,20 +196,24 @@
// Act as if listening on the address of a remote proxy.
ep, err := inaming.NewEndpoint(address)
if err != nil {
- return nil, nil, fmt.Errorf("failed to parse endpoint %q: %v", address, err)
+ return nil, nil, verror.New(stream.ErrBadArg, nil, verror.New(errEndpointParseError, nil, address, err))
}
return m.remoteListen(ep, principal, opts)
}
netln, err := listen(protocol, address)
if err != nil {
- return nil, nil, fmt.Errorf("net.Listen(%q, %q) failed: %v", protocol, address, err)
+ if !stream.IsStreamError(err) {
+ vlog.Infof("XXXX %v : %s\n", verror.ErrorID(err), err)
+ err = verror.New(stream.ErrBadArg, nil, err)
+ }
+ return nil, nil, err
}
m.muListeners.Lock()
if m.shutdown {
m.muListeners.Unlock()
closeNetListener(netln)
- return nil, nil, errShutDown
+ return nil, nil, verror.New(stream.ErrBadState, nil, verror.New(errAlreadyShutdown, nil))
}
ln := newNetListener(m, netln, principal, blessings, opts)
@@ -221,7 +231,7 @@
defer m.muListeners.Unlock()
if m.shutdown {
ln.Close()
- return nil, nil, errShutDown
+ return nil, nil, verror.New(stream.ErrBadState, nil, verror.New(errAlreadyShutdown, nil))
}
m.listeners[ln] = true
return ln, ep, nil
@@ -310,7 +320,7 @@
func extractBlessingNames(p security.Principal, b security.Blessings) ([]string, error) {
if !b.IsZero() && p == nil {
- return nil, errProvidedServerBlessingsWithoutPrincipal
+ return nil, verror.New(stream.ErrBadArg, nil, verror.New(errProvidedServerBlessingsWithoutPrincipal, nil))
}
if p == nil {
return nil, nil
@@ -320,7 +330,7 @@
ret = append(ret, b)
}
if len(ret) == 0 {
- return nil, errNoBlessingNames
+ return nil, verror.New(stream.ErrBadArg, nil, verror.New(errNoBlessingNames, nil))
}
return ret, nil
}
diff --git a/profiles/internal/rpc/stream/manager/manager_test.go b/profiles/internal/rpc/stream/manager/manager_test.go
index 3dc9604..b26d57e 100644
--- a/profiles/internal/rpc/stream/manager/manager_test.go
+++ b/profiles/internal/rpc/stream/manager/manager_test.go
@@ -160,7 +160,7 @@
go func() {
// 203.0.113.0 is TEST-NET-3 from RFC5737
ep, _ := inaming.NewEndpoint(naming.FormatEndpoint("tcp", "203.0.113.10:80"))
- _, err := client.Dial(ep, testutil.NewPrincipal("client"), DialTimeout{time.Second})
+ _, err := client.Dial(ep, testutil.NewPrincipal("client"), DialTimeout(time.Second))
ch <- err
}()
@@ -719,13 +719,13 @@
rpc.RegisterProtocol("tn", dialer, listener)
_, _, err := server.Listen("tnx", "127.0.0.1:0", principal, blessings)
- if err == nil || !strings.Contains(err.Error(), "unknown network tnx") {
- t.Fatal("expected error is missing (%v)", err)
+ if err == nil || !strings.Contains(err.Error(), "unknown network: tnx") {
+ t.Fatalf("expected error is missing (%v)", err)
}
_, _, err = server.Listen("tn", "127.0.0.1:0", principal, blessings)
if err == nil || !strings.Contains(err.Error(), "tn.Listen") {
- t.Fatal("expected error is missing (%v)", err)
+ t.Fatalf("expected error is missing (%v)", err)
}
// Need a functional listener to test Dial.
diff --git a/profiles/internal/rpc/test/client_test.go b/profiles/internal/rpc/test/client_test.go
index 681e072..6db0f38 100644
--- a/profiles/internal/rpc/test/client_test.go
+++ b/profiles/internal/rpc/test/client_test.go
@@ -26,7 +26,7 @@
_ "v.io/x/ref/profiles"
inaming "v.io/x/ref/profiles/internal/naming"
irpc "v.io/x/ref/profiles/internal/rpc"
- mounttable "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test"
"v.io/x/ref/test/expect"
"v.io/x/ref/test/modules"
@@ -44,9 +44,9 @@
if err != nil {
return fmt.Errorf("root failed: %v", err)
}
- mt, err := mounttable.NewMountTableDispatcher("")
+ mt, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
- return fmt.Errorf("mounttable.NewMountTableDispatcher failed: %s", err)
+ return fmt.Errorf("mounttablelib.NewMountTableDispatcher failed: %s", err)
}
eps, err := server.Listen(lspec)
if err != nil {
diff --git a/profiles/internal/rt/mgmt_test.go b/profiles/internal/rt/mgmt_test.go
index 4b2fabf..de8bd0c 100644
--- a/profiles/internal/rt/mgmt_test.go
+++ b/profiles/internal/rt/mgmt_test.go
@@ -18,14 +18,14 @@
"v.io/v23/naming"
"v.io/v23/rpc"
"v.io/v23/services/appcycle"
-
"v.io/x/ref/lib/mgmt"
- _ "v.io/x/ref/profiles"
- vflag "v.io/x/ref/security/flag"
- "v.io/x/ref/services/mgmt/device"
+ "v.io/x/ref/lib/security/securityflag"
+ "v.io/x/ref/services/device"
"v.io/x/ref/test"
"v.io/x/ref/test/expect"
"v.io/x/ref/test/modules"
+
+ _ "v.io/x/ref/profiles"
)
//go:generate v23 test generate
@@ -289,7 +289,7 @@
if eps, err = server.Listen(v23.GetListenSpec(ctx)); err != nil {
t.Fatalf("Got error: %v", err)
}
- if err := server.Serve("", device.ConfigServer(&configServer{ch}), vflag.NewAuthorizerOrDie()); err != nil {
+ if err := server.Serve("", device.ConfigServer(&configServer{ch}), securityflag.NewAuthorizerOrDie()); err != nil {
t.Fatalf("Got error: %v", err)
}
return server, eps[0].Name(), ch
diff --git a/profiles/internal/rt/rt_test.go b/profiles/internal/rt/rt_test.go
index 405a94e..014bdf1 100644
--- a/profiles/internal/rt/rt_test.go
+++ b/profiles/internal/rt/rt_test.go
@@ -13,14 +13,12 @@
"testing"
"time"
- "v.io/x/lib/vlog"
-
"v.io/v23"
"v.io/v23/context"
"v.io/v23/security"
-
+ "v.io/x/lib/vlog"
"v.io/x/ref/envvar"
- vsecurity "v.io/x/ref/security"
+ vsecurity "v.io/x/ref/lib/security"
"v.io/x/ref/test"
"v.io/x/ref/test/expect"
"v.io/x/ref/test/modules"
diff --git a/profiles/internal/rt/runtime.go b/profiles/internal/rt/runtime.go
index 83dd024..9edd9f5 100644
--- a/profiles/internal/rt/runtime.go
+++ b/profiles/internal/rt/runtime.go
@@ -23,10 +23,9 @@
"v.io/v23/security"
"v.io/v23/verror"
"v.io/v23/vtrace"
+ "v.io/x/lib/buildinfo"
"v.io/x/lib/vlog"
-
"v.io/x/ref/lib/flags"
- "v.io/x/ref/lib/flags/buildinfo"
"v.io/x/ref/lib/stats"
_ "v.io/x/ref/lib/stats/sysstats"
"v.io/x/ref/profiles/internal/lib/dependency"
@@ -45,14 +44,19 @@
clientKey
namespaceKey
principalKey
- reservedNameKey
- profileKey
- appCycleKey
- listenSpecKey
- protocolsKey
backgroundKey
+ reservedNameKey
+
+ // initKey is used to store values that are only set at init time.
+ initKey
)
+type initData struct {
+ appCycle v23.AppCycle
+ listenSpec *rpc.ListenSpec
+ protocols []string
+}
+
type vtraceDependency struct{}
// Runtime implements the v23.Runtime interface.
@@ -62,15 +66,25 @@
deps *dependency.Graph
}
-type reservedNameDispatcher struct {
- dispatcher rpc.Dispatcher
- opts []rpc.ServerOpt
-}
-
-func Init(ctx *context.T, appCycle v23.AppCycle, protocols []string, listenSpec *rpc.ListenSpec, flags flags.RuntimeFlags,
- reservedDispatcher rpc.Dispatcher, dispatcherOpts ...rpc.ServerOpt) (*Runtime, *context.T, v23.Shutdown, error) {
+func Init(
+ ctx *context.T,
+ appCycle v23.AppCycle,
+ protocols []string,
+ listenSpec *rpc.ListenSpec,
+ flags flags.RuntimeFlags,
+ reservedDispatcher rpc.Dispatcher) (*Runtime, *context.T, v23.Shutdown, error) {
r := &Runtime{deps: dependency.NewGraph()}
+ ctx = context.WithValue(ctx, initKey, &initData{
+ protocols: protocols,
+ listenSpec: listenSpec,
+ appCycle: appCycle,
+ })
+
+ if reservedDispatcher != nil {
+ ctx = context.WithValue(ctx, reservedNameKey, reservedDispatcher)
+ }
+
err := vlog.ConfigureLibraryLoggerFromFlags()
if err != nil && err != vlog.Configured {
return nil, nil, nil, err
@@ -98,22 +112,6 @@
vtrace.FormatTraces(os.Stderr, vtrace.GetStore(ctx).TraceRecords(), nil)
})
- if reservedDispatcher != nil {
- ctx = context.WithValue(ctx, reservedNameKey, &reservedNameDispatcher{reservedDispatcher, dispatcherOpts})
- }
-
- if appCycle != nil {
- ctx = context.WithValue(ctx, appCycleKey, appCycle)
- }
-
- if len(protocols) > 0 {
- ctx = context.WithValue(ctx, protocolsKey, protocols)
- }
-
- if listenSpec != nil {
- ctx = context.WithValue(ctx, listenSpecKey, listenSpec)
- }
-
// Setup i18n.
ctx = i18n.ContextWithLangID(ctx, i18n.LangIDFromEnv())
if len(flags.I18nCatalogue) != 0 {
@@ -242,16 +240,21 @@
client, _ := ctx.Value(clientKey).(rpc.Client)
otherOpts := append([]rpc.ServerOpt{}, opts...)
- if reserved, ok := ctx.Value(reservedNameKey).(*reservedNameDispatcher); ok {
- otherOpts = append(otherOpts, irpc.ReservedNameDispatcher{reserved.dispatcher})
- otherOpts = append(otherOpts, reserved.opts...)
- }
- if protocols, ok := ctx.Value(protocolsKey).([]string); ok {
- otherOpts = append(otherOpts, irpc.PreferredServerResolveProtocols(protocols))
+
+ if reservedDispatcher := r.GetReservedNameDispatcher(ctx); reservedDispatcher != nil {
+ otherOpts = append(otherOpts, irpc.ReservedNameDispatcher{
+ Dispatcher: reservedDispatcher,
+ })
}
+ id, _ := ctx.Value(initKey).(*initData)
+ if id.protocols != nil {
+ otherOpts = append(otherOpts, irpc.PreferredServerResolveProtocols(id.protocols))
+ }
if !hasServerBlessingsOpt(opts) && principal != nil {
- otherOpts = append(otherOpts, options.ServerBlessings{principal.BlessingStore().Default()})
+ otherOpts = append(otherOpts, options.ServerBlessings{
+ Blessings: principal.BlessingStore().Default(),
+ })
}
server, err := irpc.InternalNewServer(ctx, sm, ns, r.GetClient(ctx), principal, otherOpts...)
if err != nil {
@@ -364,12 +367,11 @@
p, _ := ctx.Value(principalKey).(security.Principal)
sm, _ := ctx.Value(streamManagerKey).(stream.Manager)
ns, _ := ctx.Value(namespaceKey).(namespace.T)
- otherOpts = append(otherOpts, imanager.DialTimeout{5 * time.Minute})
+ otherOpts = append(otherOpts, imanager.DialTimeout(5*time.Minute))
- if protocols, ok := ctx.Value(protocolsKey).([]string); ok {
- otherOpts = append(otherOpts, irpc.PreferredProtocols(protocols))
+ if id, _ := ctx.Value(initKey).(*initData); id.protocols != nil {
+ otherOpts = append(otherOpts, irpc.PreferredProtocols(id.protocols))
}
-
client, err := irpc.InternalNewClient(sm, ns, otherOpts...)
if err != nil {
return ctx, nil, err
@@ -427,13 +429,15 @@
}
func (*Runtime) GetAppCycle(ctx *context.T) v23.AppCycle {
- appCycle, _ := ctx.Value(appCycleKey).(v23.AppCycle)
- return appCycle
+ id, _ := ctx.Value(initKey).(*initData)
+ return id.appCycle
}
func (*Runtime) GetListenSpec(ctx *context.T) rpc.ListenSpec {
- listenSpec, _ := ctx.Value(listenSpecKey).(*rpc.ListenSpec)
- return listenSpec.Copy()
+ if id, _ := ctx.Value(initKey).(*initData); id.listenSpec != nil {
+ return id.listenSpec.Copy()
+ }
+ return rpc.ListenSpec{}
}
func (*Runtime) SetBackgroundContext(ctx *context.T) *context.T {
@@ -457,17 +461,12 @@
}
func (*Runtime) SetReservedNameDispatcher(ctx *context.T, d rpc.Dispatcher) *context.T {
- rnd := &reservedNameDispatcher{dispatcher: d}
- if oldRnd, ok := ctx.Value(reservedNameKey).(*reservedNameDispatcher); ok {
- rnd.opts = oldRnd.opts
- }
- newctx := context.WithValue(ctx, reservedNameKey, rnd)
- return newctx
+ return context.WithValue(ctx, reservedNameKey, d)
}
func (*Runtime) GetReservedNameDispatcher(ctx *context.T) rpc.Dispatcher {
- if d, ok := ctx.Value(reservedNameKey).(*reservedNameDispatcher); ok {
- return d.dispatcher
+ if d, ok := ctx.Value(reservedNameKey).(rpc.Dispatcher); ok {
+ return d
}
return nil
}
diff --git a/profiles/internal/rt/security.go b/profiles/internal/rt/security.go
index faf0661..8f350c2 100644
--- a/profiles/internal/rt/security.go
+++ b/profiles/internal/rt/security.go
@@ -15,11 +15,10 @@
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/verror"
-
"v.io/x/ref/lib/exec"
"v.io/x/ref/lib/mgmt"
- vsecurity "v.io/x/ref/security"
- "v.io/x/ref/security/agent"
+ vsecurity "v.io/x/ref/lib/security"
+ "v.io/x/ref/services/agent"
)
func initSecurity(ctx *context.T, credentials string, client rpc.Client) (security.Principal, error) {
diff --git a/profiles/internal/testing/mocks/naming/namespace.go b/profiles/internal/testing/mocks/naming/namespace.go
index cef0067..6a7e1ef 100644
--- a/profiles/internal/testing/mocks/naming/namespace.go
+++ b/profiles/internal/testing/mocks/naming/namespace.go
@@ -160,13 +160,13 @@
return nil
}
-func (ns *namespaceMock) GetPermissions(ctx *context.T, name string, opts ...naming.NamespaceOpt) (acl access.Permissions, etag string, err error) {
+func (ns *namespaceMock) GetPermissions(ctx *context.T, name string, opts ...naming.NamespaceOpt) (acl access.Permissions, version string, err error) {
defer vlog.LogCall()()
panic("Calling GetPermissions on a mock namespace. This is not supported.")
return nil, "", nil
}
-func (ns *namespaceMock) SetPermissions(ctx *context.T, name string, acl access.Permissions, etag string, opts ...naming.NamespaceOpt) error {
+func (ns *namespaceMock) SetPermissions(ctx *context.T, name string, acl access.Permissions, version string, opts ...naming.NamespaceOpt) error {
defer vlog.LogCall()()
panic("Calling SetPermissions on a mock namespace. This is not supported.")
return nil
diff --git a/profiles/internal/vtrace/v23_internal_test.go b/profiles/internal/vtrace/v23_internal_test.go
deleted file mode 100644
index c454bfe..0000000
--- a/profiles/internal/vtrace/v23_internal_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This file was auto-generated via go generate.
-// DO NOT UPDATE MANUALLY
-package vtrace
-
-import "testing"
-import "os"
-
-import "v.io/x/ref/test"
-
-func TestMain(m *testing.M) {
- test.Init()
- os.Exit(m.Run())
-}
diff --git a/profiles/internal/vtrace/vtrace_test.go b/profiles/internal/vtrace/vtrace_test.go
index 63090f4..a1a73f6 100644
--- a/profiles/internal/vtrace/vtrace_test.go
+++ b/profiles/internal/vtrace/vtrace_test.go
@@ -6,31 +6,62 @@
import (
"bytes"
+ "fmt"
"strings"
"testing"
"v.io/v23"
"v.io/v23/context"
- "v.io/v23/namespace"
- "v.io/v23/naming"
+ "v.io/v23/options"
"v.io/v23/rpc"
"v.io/v23/security"
+ "v.io/v23/security/access"
+ "v.io/v23/uniqueid"
"v.io/v23/vtrace"
- "v.io/x/lib/vlog"
+ "v.io/x/ref/lib/flags"
+ _ "v.io/x/ref/lib/security/securityflag"
_ "v.io/x/ref/profiles"
- irpc "v.io/x/ref/profiles/internal/rpc"
- "v.io/x/ref/profiles/internal/rpc/stream"
- "v.io/x/ref/profiles/internal/rpc/stream/manager"
- tnaming "v.io/x/ref/profiles/internal/testing/mocks/naming"
+ ivtrace "v.io/x/ref/profiles/internal/vtrace"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
)
-//go:generate v23 test generate
+func init() {
+ test.Init()
+}
+
+// initForTest initializes the vtrace runtime and starts a mounttable.
+func initForTest(t *testing.T) (*context.T, v23.Shutdown, *testutil.IDProvider) {
+ idp := testutil.NewIDProvider("base")
+ ctx, shutdown := test.InitForTest()
+ if err := idp.Bless(v23.GetPrincipal(ctx), "alice"); err != nil {
+ t.Fatalf("Could not bless initial principal %v", err)
+ }
+
+ // Start a local mounttable.
+ s, err := v23.NewServer(ctx, options.ServesMountTable(true))
+ if err != nil {
+ t.Fatalf("Could not create mt server %v", err)
+ }
+ eps, err := s.Listen(v23.GetListenSpec(ctx))
+ if err != nil {
+ t.Fatalf("Could not listen for mt %v", err)
+ }
+ disp, err := mounttablelib.NewMountTableDispatcher("")
+ if err != nil {
+ t.Fatalf("Could not create mt dispatcher %v", err)
+ }
+ if err := s.ServeDispatcher("", disp); err != nil {
+ t.Fatalf("Could not serve mt dispatcher %v", err)
+ }
+ v23.GetNamespace(ctx).SetRoots(eps[0].Name())
+ return ctx, shutdown, idp
+}
func TestNewFromContext(t *testing.T) {
- c0, shutdown := test.InitForTest()
+ c0, shutdown, _ := initForTest(t)
defer shutdown()
c1, s1 := vtrace.SetNewSpan(c0, "s1")
c2, s2 := vtrace.SetNewSpan(c1, "s2")
@@ -47,15 +78,9 @@
}
}
-type fakeAuthorizer int
-
-func (fakeAuthorizer) Authorize(*context.T) error {
- return nil
-}
-
+// testServer can be easily configured to have child servers of the
+// same type which it will call when it receives a call.
type testServer struct {
- sm stream.Manager
- ns namespace.T
name string
child string
stop func() error
@@ -63,62 +88,102 @@
}
func (c *testServer) Run(call rpc.ServerCall) error {
+ ctx := call.Context()
if c.forceCollect {
- vtrace.ForceCollect(call.Context())
+ vtrace.ForceCollect(ctx)
}
-
- client, err := irpc.InternalNewClient(c.sm, c.ns)
- if err != nil {
- vlog.Error(err)
- return err
- }
-
- vtrace.GetSpan(call.Context()).Annotate(c.name + "-begin")
-
+ vtrace.GetSpan(ctx).Annotate(c.name + "-begin")
if c.child != "" {
- var clientCall rpc.ClientCall
- if clientCall, err = client.StartCall(call.Context(), c.child, "Run", []interface{}{}); err != nil {
- vlog.Error(err)
+ clientCall, err := v23.GetClient(ctx).StartCall(ctx, c.child, "Run", nil)
+ if err != nil {
return err
}
if err := clientCall.Finish(); err != nil {
- vlog.Error(err)
return err
}
}
- vtrace.GetSpan(call.Context()).Annotate(c.name + "-end")
-
+ vtrace.GetSpan(ctx).Annotate(c.name + "-end")
return nil
}
-func makeTestServer(ctx *context.T, principal security.Principal, ns namespace.T, name, child string, forceCollect bool) (*testServer, error) {
- sm := manager.InternalNew(naming.FixedRoutingID(0x111111111))
- client, err := irpc.InternalNewClient(sm, ns)
+func runCallChain(t *testing.T, ctx *context.T, idp *testutil.IDProvider, force1, force2 bool) *vtrace.TraceRecord {
+ ctx, span := vtrace.SetNewSpan(ctx, "")
+ span.Annotate("c0-begin")
+ _, stop, err := makeChainedTestServers(ctx, idp, force1, force2)
if err != nil {
- return nil, err
+ t.Fatalf("Could not start servers %v", err)
}
- s, err := irpc.InternalNewServer(ctx, sm, ns, client, principal)
+ defer stop()
+ call, err := v23.GetClient(ctx).StartCall(ctx, "c1", "Run", nil)
if err != nil {
- return nil, err
+ t.Fatal("can't call: ", err)
}
+ if err := call.Finish(); err != nil {
+ t.Error(err)
+ }
+ span.Annotate("c0-end")
+ span.Finish()
+ return vtrace.GetStore(ctx).TraceRecord(span.Trace())
+}
+
+func makeChainedTestServers(ctx *context.T, idp *testutil.IDProvider, force ...bool) ([]*testServer, func(), error) {
+ out := []*testServer{}
+ last := len(force) - 1
+ ext := "alice"
+ for i, f := range force {
+ name := fmt.Sprintf("c%d", i+1)
+ ext += "/" + name
+ principal := testutil.NewPrincipal()
+ if err := idp.Bless(principal, ext); err != nil {
+ return nil, nil, err
+ }
+ c, err := makeTestServer(ctx, principal, name)
+ if err != nil {
+ return nil, nil, err
+ }
+ if i < last {
+ c.child = fmt.Sprintf("c%d", i+2)
+ }
+ c.forceCollect = f
+ out = append(out, c)
+ }
+ return out, func() {
+ for _, s := range out {
+ s.stop()
+ }
+ }, nil
+}
+
+type anyone struct{}
+
+func (anyone) Authorize(ctx *context.T) error { return nil }
+
+func makeTestServer(ctx *context.T, principal security.Principal, name string) (*testServer, error) {
+ // Set a new vtrace store to simulate a separate process.
+ ctx, err := ivtrace.Init(ctx, flags.VtraceFlags{CacheSize: 100})
+ if err != nil {
+ return nil, err
+ }
+ ctx, _ = vtrace.SetNewTrace(ctx)
+ ctx, err = v23.SetPrincipal(ctx, principal)
+ if err != nil {
+ return nil, err
+ }
+ s, err := v23.NewServer(ctx)
+ if err != nil {
+ return nil, err
+ }
if _, err := s.Listen(v23.GetListenSpec(ctx)); err != nil {
return nil, err
}
-
c := &testServer{
- sm: sm,
- ns: ns,
- name: name,
- child: child,
- stop: s.Stop,
- forceCollect: forceCollect,
+ name: name,
+ stop: s.Stop,
}
-
- if err := s.Serve(name, c, fakeAuthorizer(0)); err != nil {
+ if err := s.Serve(name, c, anyone{}); err != nil {
return nil, err
}
-
return c, nil
}
@@ -140,148 +205,172 @@
return b.String()
}
-func expectSequence(t *testing.T, trace vtrace.TraceRecord, expectedSpans []string) {
- // It's okay to have additional spans - someone may have inserted
- // additional spans for more debugging.
- if got, want := len(trace.Spans), len(expectedSpans); got < want {
- t.Errorf("Found %d spans, want %d", got, want)
- }
+type spanSet map[uniqueid.Id]*vtrace.SpanRecord
- spans := map[string]*vtrace.SpanRecord{}
- summaries := []string{}
+func newSpanSet(trace vtrace.TraceRecord) spanSet {
+ out := spanSet{}
for i := range trace.Spans {
span := &trace.Spans[i]
+ out[span.Id] = span
+ }
+ return out
+}
- // All spans should have a start.
- if span.Start.IsZero() {
- t.Errorf("span missing start: %x, %s", span.Id[12:], traceString(&trace))
+func (s spanSet) hasAncestor(span *vtrace.SpanRecord, ancestor *vtrace.SpanRecord) bool {
+ for span = s[span.Parent]; span != nil; span = s[span.Parent] {
+ if span == ancestor {
+ return true
}
- // All spans except the root should have a valid end.
- // TODO(mattr): For now I'm also skipping connectFlow and
- // vc.HandshakeDialedVC spans because the ws endpoints are
- // currently non-deterministic in terms of whether they fail
- // before the test ends or not. In the future it will be
- // configurable whether we listen on ws or not and then we should
- // adjust the test to not listen and remove this check.
- if span.Name != "" &&
- span.Name != "<client>connectFlow" &&
- span.Name != "vc.HandshakeDialedVC" {
- if span.End.IsZero() {
- t.Errorf("span missing end: %x, %s", span.Id[12:], traceString(&trace))
- } else if !span.Start.Before(span.End) {
- t.Errorf("span end should be after start: %x, %s", span.Id[12:], traceString(&trace))
- }
- }
+ }
+ return false
+}
- summary := summary(span)
- summaries = append(summaries, summary)
- spans[summary] = span
+func expectSequence(t *testing.T, trace vtrace.TraceRecord, expectedSpans []string) {
+ s := newSpanSet(trace)
+ found := make(map[string]*vtrace.SpanRecord)
+ for _, es := range expectedSpans {
+ found[es] = nil
}
- for i := range expectedSpans {
- child, ok := spans[expectedSpans[i]]
- if !ok {
- t.Errorf("expected span %s not found in %#v", expectedSpans[i], summaries)
+ for i := range trace.Spans {
+ span := &trace.Spans[i]
+ smry := summary(span)
+ if _, ok := found[smry]; ok {
+ found[smry] = span
+ }
+ }
+
+ for i, es := range expectedSpans {
+ span := found[es]
+ if span == nil {
+ t.Errorf("expected span %s not found in\n%s", es, traceString(&trace))
continue
}
+ // All spans should have a start.
+ if span.Start.IsZero() {
+ t.Errorf("span missing start: %x\n%s", span.Id[12:], traceString(&trace))
+ }
+ // All spans except the root should have a valid end.
+ if span.Parent != trace.Id {
+ if span.End.IsZero() {
+ t.Errorf("span missing end: %x\n%s", span.Id[12:], traceString(&trace))
+ } else if !span.Start.Before(span.End) {
+ t.Errorf("span end should be after start: %x\n%s", span.Id[12:], traceString(&trace))
+ }
+ }
+ // Spans should decend from the previous span in the list.
if i == 0 {
continue
}
- parent, ok := spans[expectedSpans[i-1]]
- if !ok {
- t.Errorf("expected span %s not found in %#v", expectedSpans[i-1], summaries)
- continue
+ if ancestor := found[expectedSpans[i-1]]; ancestor != nil && !s.hasAncestor(span, ancestor) {
+ t.Errorf("span %s does not have ancestor %s", es, expectedSpans[i-1])
}
- if child.Parent != parent.Id {
- t.Errorf("%v should be a child of %v, but it's not.", child, parent)
- }
- }
-}
-
-func runCallChain(t *testing.T, ctx *context.T, force1, force2 bool) {
- var (
- sm = manager.InternalNew(naming.FixedRoutingID(0x555555555))
- ns = tnaming.NewSimpleNamespace()
- pclient = testutil.NewPrincipal("client")
- pserver1 = testutil.NewPrincipal("server1")
- pserver2 = testutil.NewPrincipal("server2")
- )
- for _, p1 := range []security.Principal{pclient, pserver1, pserver2} {
- for _, p2 := range []security.Principal{pclient, pserver1, pserver2} {
- p1.AddToRoots(p2.BlessingStore().Default())
- }
- }
- ctx, _ = v23.SetPrincipal(ctx, pclient)
- client, err := irpc.InternalNewClient(sm, ns)
- if err != nil {
- t.Error(err)
- }
- ctx1, _ := vtrace.SetNewTrace(ctx)
- c1, err := makeTestServer(ctx1, pserver1, ns, "c1", "c2", force1)
- if err != nil {
- t.Fatal("Can't start server:", err)
- }
- defer c1.stop()
-
- ctx2, _ := vtrace.SetNewTrace(ctx)
- c2, err := makeTestServer(ctx2, pserver2, ns, "c2", "", force2)
- if err != nil {
- t.Fatal("Can't start server:", err)
- }
- defer c2.stop()
-
- call, err := client.StartCall(ctx, "c1", "Run", []interface{}{})
- if err != nil {
- t.Fatal("can't call: ", err)
- }
- if err := call.Finish(); err != nil {
- t.Error(err)
}
}
// TestCancellationPropagation tests that cancellation propogates along an
// RPC call chain without user intervention.
func TestTraceAcrossRPCs(t *testing.T) {
- ctx, shutdown := test.InitForTest()
+ ctx, shutdown, idp := initForTest(t)
defer shutdown()
- ctx, span := vtrace.SetNewSpan(ctx, "")
+
vtrace.ForceCollect(ctx)
- span.Annotate("c0-begin")
+ record := runCallChain(t, ctx, idp, false, false)
- runCallChain(t, ctx, false, false)
-
- span.Annotate("c0-end")
-
- expectedSpans := []string{
+ expectSequence(t, *record, []string{
": c0-begin, c0-end",
"<rpc.Client>\"c1\".Run",
"\"\".Run: c1-begin, c1-end",
"<rpc.Client>\"c2\".Run",
"\"\".Run: c2-begin, c2-end",
- }
- record := vtrace.GetStore(ctx).TraceRecord(span.Trace())
- expectSequence(t, *record, expectedSpans)
+ })
}
// TestCancellationPropagationLateForce tests that cancellation propogates along an
// RPC call chain when tracing is initiated by someone deep in the call chain.
func TestTraceAcrossRPCsLateForce(t *testing.T) {
- ctx, shutdown := test.InitForTest()
+ ctx, shutdown, idp := initForTest(t)
defer shutdown()
- ctx, span := vtrace.SetNewSpan(ctx, "")
- span.Annotate("c0-begin")
- runCallChain(t, ctx, false, true)
+ record := runCallChain(t, ctx, idp, false, true)
- span.Annotate("c0-end")
-
- expectedSpans := []string{
+ expectSequence(t, *record, []string{
": c0-end",
"<rpc.Client>\"c1\".Run",
"\"\".Run: c1-end",
"<rpc.Client>\"c2\".Run",
"\"\".Run: c2-begin, c2-end",
+ })
+}
+
+func traceWithAuth(t *testing.T, ctx *context.T, principal security.Principal) bool {
+ s, err := makeTestServer(ctx, principal, "server")
+ if err != nil {
+ t.Fatalf("Couldn't start server %v", err)
+ }
+ defer s.stop()
+
+ ctx, span := vtrace.SetNewTrace(ctx)
+ vtrace.ForceCollect(ctx)
+
+ ctx, client, err := v23.SetNewClient(ctx)
+ if err != nil {
+ t.Fatalf("Couldn't create client %v", err)
+ }
+ call, err := client.StartCall(ctx, "server", "Run", nil)
+ if err != nil {
+ t.Fatalf("Couldn't make call %v", err)
+ }
+ if err = call.Finish(); err != nil {
+ t.Fatalf("Couldn't complete call %v", err)
}
record := vtrace.GetStore(ctx).TraceRecord(span.Trace())
- expectSequence(t, *record, expectedSpans)
+ for _, sp := range record.Spans {
+ if sp.Name == `"".Run` {
+ return true
+ }
+ }
+ return false
+}
+
+type debugDispatcher string
+
+func (acls debugDispatcher) Lookup(string) (interface{}, security.Authorizer, error) {
+ perms, err := access.ReadPermissions(strings.NewReader(string(acls)))
+ if err != nil {
+ return nil, nil, err
+ }
+ auth, err := access.PermissionsAuthorizer(perms, access.TypicalTagType())
+ if err != nil {
+ return nil, nil, err
+ }
+ return nil, auth, nil
+}
+
+// TestPermissions tests that only permitted users are allowed to gather tracing
+// information.
+func TestTracePermissions(t *testing.T) {
+ ctx, shutdown, idp := initForTest(t)
+ defer shutdown()
+
+ type testcase struct {
+ perms string
+ spans bool
+ }
+ cases := []testcase{
+ {`{}`, false},
+ {`{"Read":{"In": ["base/alice"]}, "Write":{"In": ["base/alice"]}}`, false},
+ {`{"Debug":{"In": ["base/alice"]}}`, true},
+ }
+
+ // Create a different principal for the server.
+ pserver := testutil.NewPrincipal()
+ idp.Bless(pserver, "server")
+
+ for _, tc := range cases {
+ ctx2 := v23.SetReservedNameDispatcher(ctx, debugDispatcher(tc.perms))
+ if found := traceWithAuth(t, ctx2, pserver); found != tc.spans {
+ t.Errorf("got %v wanted %v for perms %s", found, tc.spans, tc.perms)
+ }
+ }
}
diff --git a/profiles/roaming/roaminginit.go b/profiles/roaming/roaminginit.go
index 9edddc6..342422d 100644
--- a/profiles/roaming/roaminginit.go
+++ b/profiles/roaming/roaminginit.go
@@ -21,22 +21,19 @@
"v.io/v23/config"
"v.io/v23/context"
"v.io/v23/rpc"
- "v.io/x/lib/vlog"
-
"v.io/x/lib/netconfig"
"v.io/x/lib/netstate"
+ "v.io/x/lib/vlog"
"v.io/x/ref/lib/flags"
+ "v.io/x/ref/lib/security/securityflag"
"v.io/x/ref/profiles/internal"
"v.io/x/ref/profiles/internal/lib/appcycle"
"v.io/x/ref/profiles/internal/lib/websocket"
_ "v.io/x/ref/profiles/internal/rpc/protocols/tcp"
_ "v.io/x/ref/profiles/internal/rpc/protocols/ws"
_ "v.io/x/ref/profiles/internal/rpc/protocols/wsh"
- grt "v.io/x/ref/profiles/internal/rt"
+ "v.io/x/ref/profiles/internal/rt"
"v.io/x/ref/services/debug/debuglib"
-
- // TODO(cnicolaou,ashankar): move this into flags.
- sflag "v.io/x/ref/security/flag"
)
const (
@@ -61,7 +58,7 @@
Addrs: rpc.ListenAddrs(lf.Addrs),
Proxy: lf.ListenProxy,
}
- reservedDispatcher := debuglib.NewDispatcher(vlog.Log.LogDir, sflag.NewAuthorizerOrDie())
+ reservedDispatcher := debuglib.NewDispatcher(vlog.Log.LogDir, securityflag.NewAuthorizerOrDie())
ac := appcycle.New()
@@ -72,7 +69,7 @@
listenSpec.AddressChooser = func(string, []rpc.Address) ([]rpc.Address, error) {
return []rpc.Address{&netstate.AddrIfc{addr, "nat", nil}}, nil
}
- runtime, ctx, shutdown, err := grt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
+ runtime, ctx, shutdown, err := rt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
if err != nil {
return nil, nil, shutdown, err
}
@@ -115,7 +112,7 @@
listenSpec.StreamName = SettingsStreamName
listenSpec.AddressChooser = internal.IPAddressChooser
- runtime, ctx, shutdown, err := grt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
+ runtime, ctx, shutdown, err := rt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
if err != nil {
return nil, nil, shutdown, err
}
@@ -133,7 +130,7 @@
// monitorNetworkSettings will monitor network configuration changes and
// publish subsequent Settings to reflect any changes detected.
func monitorNetworkSettingsX(
- runtime *grt.Runtime,
+ runtime *rt.Runtime,
ctx *context.T,
watcher netconfig.NetConfigWatcher,
prev netstate.AddrList,
diff --git a/profiles/static/staticinit.go b/profiles/static/staticinit.go
index 8458777..7da5a31 100644
--- a/profiles/static/staticinit.go
+++ b/profiles/static/staticinit.go
@@ -10,21 +10,18 @@
"v.io/v23"
"v.io/v23/context"
"v.io/v23/rpc"
- "v.io/x/lib/vlog"
-
"v.io/x/lib/netstate"
+ "v.io/x/lib/vlog"
"v.io/x/ref/lib/flags"
+ "v.io/x/ref/lib/security/securityflag"
"v.io/x/ref/profiles/internal"
"v.io/x/ref/profiles/internal/lib/appcycle"
"v.io/x/ref/profiles/internal/lib/websocket"
_ "v.io/x/ref/profiles/internal/rpc/protocols/tcp"
_ "v.io/x/ref/profiles/internal/rpc/protocols/ws"
_ "v.io/x/ref/profiles/internal/rpc/protocols/wsh"
- grt "v.io/x/ref/profiles/internal/rt"
+ "v.io/x/ref/profiles/internal/rt"
"v.io/x/ref/services/debug/debuglib"
-
- // TODO(cnicolaou,ashankar): move this into flags.
- sflag "v.io/x/ref/security/flag"
)
var commonFlags *flags.Flags
@@ -45,7 +42,7 @@
Addrs: rpc.ListenAddrs(lf.Addrs),
Proxy: lf.ListenProxy,
}
- reservedDispatcher := debuglib.NewDispatcher(vlog.Log.LogDir, sflag.NewAuthorizerOrDie())
+ reservedDispatcher := debuglib.NewDispatcher(vlog.Log.LogDir, securityflag.NewAuthorizerOrDie())
ac := appcycle.New()
@@ -56,7 +53,7 @@
listenSpec.AddressChooser = func(string, []rpc.Address) ([]rpc.Address, error) {
return []rpc.Address{&netstate.AddrIfc{addr, "nat", nil}}, nil
}
- runtime, ctx, shutdown, err := grt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
+ runtime, ctx, shutdown, err := rt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
if err != nil {
return nil, nil, nil, err
}
@@ -69,7 +66,7 @@
}
listenSpec.AddressChooser = internal.IPAddressChooser
- runtime, ctx, shutdown, err := grt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
+ runtime, ctx, shutdown, err := rt.Init(ctx, ac, nil, &listenSpec, commonFlags.RuntimeFlags(), reservedDispatcher)
if err != nil {
return nil, nil, shutdown, err
}
diff --git a/security/GO.PACKAGE b/security/GO.PACKAGE
deleted file mode 100644
index 0bfdb86..0000000
--- a/security/GO.PACKAGE
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "dependencies": {
- "incoming": [
- {"allow": "v.io/x/ref/security/..."},
- {"allow": "...", "comment": "dependencies on v.io/x/ref/security are temporarily allowed"}
- ]
- }
-}
diff --git a/services/GO.PACKAGE b/services/GO.PACKAGE
index 00b927c..34ef35b 100644
--- a/services/GO.PACKAGE
+++ b/services/GO.PACKAGE
@@ -2,7 +2,8 @@
"dependencies": {
"incoming": [
{"allow": "v.io/x/ref/services/..."},
- {"allow": "v.io/x/ref/test/modules/core", "comment":"temporarily allowing dependency from lib"},
+ {"allow": "v.io/x/ref/test/modules", "comment":"temporarily allowing dependency from lib"},
+ {"allow": "v.io/x/ref/test/v23tests", "comment":"temporarily allowing dependency from lib"},
{"allow": "v.io/x/ref/lib/...", "comment":"temporarily allowing dependency from lib"},
{"allow": "v.io/x/ref/profiles/...", "comment":"temporarily allowing dependency from profiles"},
{"allow": "v.io/x/ref/cmd/...", "comment":"temporarily allowing dependency from v.io/x/ref/cmd"},
diff --git a/security/agent/agent_test.go b/services/agent/agent_test.go
similarity index 98%
rename from security/agent/agent_test.go
rename to services/agent/agent_test.go
index 4f9bb96..2c3c17d 100644
--- a/security/agent/agent_test.go
+++ b/services/agent/agent_test.go
@@ -14,16 +14,16 @@
"testing"
"time"
- _ "v.io/x/ref/profiles"
- "v.io/x/ref/security/agent"
- "v.io/x/ref/security/agent/server"
+ "v.io/v23"
+ "v.io/v23/context"
+ "v.io/v23/security"
+ "v.io/x/ref/services/agent"
+ "v.io/x/ref/services/agent/server"
"v.io/x/ref/test"
"v.io/x/ref/test/modules"
"v.io/x/ref/test/testutil"
- "v.io/v23"
- "v.io/v23/context"
- "v.io/v23/security"
+ _ "v.io/x/ref/profiles"
)
//go:generate v23 test generate
diff --git a/security/agent/agent_v23_test.go b/services/agent/agent_v23_test.go
similarity index 93%
rename from security/agent/agent_v23_test.go
rename to services/agent/agent_v23_test.go
index e23db65..33f60eb 100644
--- a/security/agent/agent_v23_test.go
+++ b/services/agent/agent_v23_test.go
@@ -15,14 +15,14 @@
"v.io/v23/security"
"v.io/x/ref/envvar"
- vsecurity "v.io/x/ref/security"
+ vsecurity "v.io/x/ref/lib/security"
"v.io/x/ref/test/v23tests"
)
//go:generate v23 test generate
func V23TestTestPassPhraseUse(i *v23tests.T) {
- bin := i.BuildGoPkg("v.io/x/ref/security/agent/agentd").WithEnv(envvar.Credentials + "=" + i.NewTempDir())
+ bin := i.BuildGoPkg("v.io/x/ref/services/agent/agentd").WithEnv(envvar.Credentials + "=" + i.NewTempDir())
// Create the passphrase
agent := bin.Start("echo", "Hello")
@@ -63,8 +63,8 @@
func V23TestAllPrincipalMethods(i *v23tests.T) {
// Test all methods of the principal interface.
// (Errors are printed to STDERR)
- testbin := i.BuildGoPkg("v.io/x/ref/security/agent/test_principal").Path()
- i.BuildGoPkg("v.io/x/ref/security/agent/agentd").
+ testbin := i.BuildGoPkg("v.io/x/ref/services/agent/internal/test_principal").Path()
+ i.BuildGoPkg("v.io/x/ref/services/agent/agentd").
WithEnv(envvar.Credentials+"="+i.NewTempDir()).
Start(testbin).
WaitOrDie(nil, os.Stderr)
@@ -77,7 +77,7 @@
// the server.
var (
clientAgent, serverAgent = createClientAndServerAgents(i)
- pingpong = i.BuildGoPkg("v.io/x/ref/security/agent/pingpong").Path()
+ pingpong = i.BuildGoPkg("v.io/x/ref/services/agent/internal/pingpong").Path()
serverName = serverAgent.Start(pingpong).ExpectVar("NAME")
)
// Run the client via an agent once.
@@ -123,7 +123,7 @@
func V23TestAgentRestartExitCode(i *v23tests.T) {
var (
clientAgent, serverAgent = createClientAndServerAgents(i)
- pingpong = i.BuildGoPkg("v.io/x/ref/security/agent/pingpong").Path()
+ pingpong = i.BuildGoPkg("v.io/x/ref/services/agent/internal/pingpong").Path()
serverName = serverAgent.Start(pingpong).ExpectVar("NAME")
scriptDir = i.NewTempDir()
@@ -223,7 +223,7 @@
// The client will have a single blessing "pingpongd/client", blessed by the server.
func createClientAndServerAgents(i *v23tests.T) (client, server *v23tests.Binary) {
var (
- agentd = i.BuildGoPkg("v.io/x/ref/security/agent/agentd")
+ agentd = i.BuildGoPkg("v.io/x/ref/services/agent/agentd")
clientDir = i.NewTempDir()
serverDir = i.NewTempDir()
)
diff --git a/security/agent/agentd/main.go b/services/agent/agentd/main.go
similarity index 98%
rename from security/agent/agentd/main.go
rename to services/agent/agentd/main.go
index 80be5c2..60bccd3 100644
--- a/security/agent/agentd/main.go
+++ b/services/agent/agentd/main.go
@@ -16,20 +16,20 @@
"golang.org/x/crypto/ssh/terminal"
- "v.io/x/ref/envvar"
- vsignals "v.io/x/ref/lib/signals"
- _ "v.io/x/ref/profiles"
- vsecurity "v.io/x/ref/security"
- "v.io/x/ref/security/agent"
- "v.io/x/ref/security/agent/server"
-
"v.io/v23"
"v.io/v23/security"
"v.io/v23/verror"
"v.io/x/lib/vlog"
+ "v.io/x/ref/envvar"
+ vsecurity "v.io/x/ref/lib/security"
+ vsignals "v.io/x/ref/lib/signals"
+ "v.io/x/ref/services/agent"
+ "v.io/x/ref/services/agent/server"
+
+ _ "v.io/x/ref/profiles"
)
-const pkgPath = "v.io/x/ref/security/agent/agentd"
+const pkgPath = "v.io/x/ref/services/agent/agentd"
var (
errCantReadPassphrase = verror.Register(pkgPath+".errCantReadPassphrase", verror.NoRetry, "{1:}{2:} failed to read passphrase{:_}")
diff --git a/security/agent/client.go b/services/agent/client.go
similarity index 99%
rename from security/agent/client.go
rename to services/agent/client.go
index 419fed2..9abb091 100644
--- a/security/agent/client.go
+++ b/services/agent/client.go
@@ -19,7 +19,7 @@
"v.io/v23/vtrace"
"v.io/x/lib/vlog"
"v.io/x/ref/lib/unixfd"
- "v.io/x/ref/security/agent/cache"
+ "v.io/x/ref/services/agent/internal/cache"
)
// FdVarName is the name of the environment variable containing
diff --git a/security/agent/cache/cache.go b/services/agent/internal/cache/cache.go
similarity index 98%
rename from security/agent/cache/cache.go
rename to services/agent/internal/cache/cache.go
index 5dd9484..e16ca7a 100644
--- a/security/agent/cache/cache.go
+++ b/services/agent/internal/cache/cache.go
@@ -14,10 +14,10 @@
"v.io/v23/security"
"v.io/v23/verror"
"v.io/x/lib/vlog"
- "v.io/x/ref/security/agent/lru"
+ "v.io/x/ref/services/agent/internal/lru"
)
-const pkgPath = "v.io/x/ref/security/agent/cache"
+const pkgPath = "v.io/x/ref/services/agent/internal/cache"
var (
errNotImplemented = verror.Register(pkgPath+".errNotImplemented", verror.NoRetry, "{1:}{2:} Not implemented{:_}")
diff --git a/security/agent/cache/cache_test.go b/services/agent/internal/cache/cache_test.go
similarity index 100%
rename from security/agent/cache/cache_test.go
rename to services/agent/internal/cache/cache_test.go
diff --git a/security/agent/lru/lru.go b/services/agent/internal/lru/lru.go
similarity index 100%
rename from security/agent/lru/lru.go
rename to services/agent/internal/lru/lru.go
diff --git a/security/agent/lru/lru_test.go b/services/agent/internal/lru/lru_test.go
similarity index 100%
rename from security/agent/lru/lru_test.go
rename to services/agent/internal/lru/lru_test.go
diff --git a/security/agent/pingpong/main.go b/services/agent/internal/pingpong/main.go
similarity index 99%
rename from security/agent/pingpong/main.go
rename to services/agent/internal/pingpong/main.go
index 883e4cb..e5c8744 100644
--- a/security/agent/pingpong/main.go
+++ b/services/agent/internal/pingpong/main.go
@@ -13,8 +13,8 @@
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/x/lib/vlog"
-
"v.io/x/ref/lib/signals"
+
_ "v.io/x/ref/profiles"
)
diff --git a/security/agent/pingpong/wire.vdl b/services/agent/internal/pingpong/wire.vdl
similarity index 100%
rename from security/agent/pingpong/wire.vdl
rename to services/agent/internal/pingpong/wire.vdl
diff --git a/security/agent/pingpong/wire.vdl.go b/services/agent/internal/pingpong/wire.vdl.go
similarity index 97%
rename from security/agent/pingpong/wire.vdl.go
rename to services/agent/internal/pingpong/wire.vdl.go
index 351d0eb..a95e188 100644
--- a/security/agent/pingpong/wire.vdl.go
+++ b/services/agent/internal/pingpong/wire.vdl.go
@@ -107,7 +107,7 @@
// descPingPong hides the desc to keep godoc clean.
var descPingPong = rpc.InterfaceDesc{
Name: "PingPong",
- PkgPath: "v.io/x/ref/security/agent/pingpong",
+ PkgPath: "v.io/x/ref/services/agent/internal/pingpong",
Doc: "// Simple service used in the agent tests.",
Methods: []rpc.MethodDesc{
{
diff --git a/security/agent/test_principal/main.go b/services/agent/internal/test_principal/main.go
similarity index 98%
rename from security/agent/test_principal/main.go
rename to services/agent/internal/test_principal/main.go
index df969b8..d60f430 100644
--- a/security/agent/test_principal/main.go
+++ b/services/agent/internal/test_principal/main.go
@@ -16,8 +16,9 @@
"v.io/v23"
"v.io/v23/security"
"v.io/x/ref/envvar"
+ "v.io/x/ref/services/agent"
+
_ "v.io/x/ref/profiles"
- "v.io/x/ref/security/agent"
)
func newKey() security.PublicKey {
diff --git a/security/agent/keymgr/client.go b/services/agent/keymgr/client.go
similarity index 96%
rename from security/agent/keymgr/client.go
rename to services/agent/keymgr/client.go
index bc188d9..925f867 100644
--- a/security/agent/keymgr/client.go
+++ b/services/agent/keymgr/client.go
@@ -15,10 +15,10 @@
"v.io/v23/context"
"v.io/v23/verror"
"v.io/x/ref/lib/unixfd"
- "v.io/x/ref/security/agent/server"
+ "v.io/x/ref/services/agent/server"
)
-const pkgPath = "v.io/x/ref/security/agent/keymgr"
+const pkgPath = "v.io/x/ref/services/agent/keymgr"
// Errors
var (
diff --git a/security/agent/keymgr/keymgr_test.go b/services/agent/keymgr/keymgr_test.go
similarity index 98%
rename from security/agent/keymgr/keymgr_test.go
rename to services/agent/keymgr/keymgr_test.go
index 790dc75..1e2a521 100644
--- a/security/agent/keymgr/keymgr_test.go
+++ b/services/agent/keymgr/keymgr_test.go
@@ -12,14 +12,14 @@
"syscall"
"testing"
- _ "v.io/x/ref/profiles"
- "v.io/x/ref/security/agent"
- "v.io/x/ref/security/agent/server"
- "v.io/x/ref/test"
-
"v.io/v23"
"v.io/v23/context"
"v.io/v23/security"
+ "v.io/x/ref/services/agent"
+ "v.io/x/ref/services/agent/server"
+ "v.io/x/ref/test"
+
+ _ "v.io/x/ref/profiles"
)
func createAgent(ctx *context.T, path string) (*Agent, func(), error) {
diff --git a/security/agent/peer_test.go b/services/agent/peer_test.go
similarity index 100%
rename from security/agent/peer_test.go
rename to services/agent/peer_test.go
diff --git a/security/agent/server/server.go b/services/agent/server/server.go
similarity index 98%
rename from security/agent/server/server.go
rename to services/agent/server/server.go
index 986f995..ac03233 100644
--- a/security/agent/server/server.go
+++ b/services/agent/server/server.go
@@ -25,13 +25,13 @@
"v.io/v23/security"
"v.io/v23/verror"
"v.io/x/lib/vlog"
+ vsecurity "v.io/x/ref/lib/security"
"v.io/x/ref/lib/unixfd"
- vsecurity "v.io/x/ref/security"
)
const PrincipalHandleByteSize = sha512.Size
-const pkgPath = "v.io/x/ref/security/agent/server"
+const pkgPath = "v.io/x/ref/services/agent/server"
// Errors
var (
diff --git a/security/agent/server/sharing.go b/services/agent/server/sharing.go
similarity index 100%
rename from security/agent/server/sharing.go
rename to services/agent/server/sharing.go
diff --git a/security/agent/server/sharing_test.go b/services/agent/server/sharing_test.go
similarity index 100%
rename from security/agent/server/sharing_test.go
rename to services/agent/server/sharing_test.go
diff --git a/security/agent/server/wire.vdl b/services/agent/server/wire.vdl
similarity index 100%
rename from security/agent/server/wire.vdl
rename to services/agent/server/wire.vdl
diff --git a/security/agent/server/wire.vdl.go b/services/agent/server/wire.vdl.go
similarity index 99%
rename from security/agent/server/wire.vdl.go
rename to services/agent/server/wire.vdl.go
index 5dd8a15..01f2990 100644
--- a/security/agent/server/wire.vdl.go
+++ b/services/agent/server/wire.vdl.go
@@ -461,7 +461,7 @@
// descAgent hides the desc to keep godoc clean.
var descAgent = rpc.InterfaceDesc{
Name: "Agent",
- PkgPath: "v.io/x/ref/security/agent/server",
+ PkgPath: "v.io/x/ref/services/agent/server",
Methods: []rpc.MethodDesc{
{
Name: "Bless",
diff --git a/security/agent/v23_test.go b/services/agent/v23_test.go
similarity index 100%
rename from security/agent/v23_test.go
rename to services/agent/v23_test.go
diff --git a/services/application/application/doc.go b/services/application/application/doc.go
index eb474ad..eed1111 100644
--- a/services/application/application/doc.go
+++ b/services/application/application/doc.go
@@ -58,28 +58,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/services/application/application/impl_test.go b/services/application/application/impl_test.go
index dc93bb8..5a3749b 100644
--- a/services/application/application/impl_test.go
+++ b/services/application/application/impl_test.go
@@ -94,8 +94,8 @@
return nil
}
-func (s *server) SetPermissions(_ rpc.ServerCall, acl access.Permissions, etag string) error {
- vlog.VI(2).Infof("%v.SetPermissions(%v, %v) was called", acl, etag)
+func (s *server) SetPermissions(_ rpc.ServerCall, acl access.Permissions, version string) error {
+ vlog.VI(2).Infof("%v.SetPermissions(%v, %v) was called", acl, version)
return nil
}
diff --git a/services/application/application/main.go b/services/application/application/main.go
index 3af5487..e33dc99 100644
--- a/services/application/application/main.go
+++ b/services/application/application/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/services/application/applicationd/acl_test.go b/services/application/applicationd/acl_test.go
index bfefc2f..bd7e3da 100644
--- a/services/application/applicationd/acl_test.go
+++ b/services/application/applicationd/acl_test.go
@@ -22,7 +22,7 @@
"v.io/x/ref/lib/signals"
appd "v.io/x/ref/services/application/applicationd"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/internal/servicetest"
"v.io/x/ref/services/repository"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
@@ -48,7 +48,7 @@
defer fmt.Fprintf(stdout, "%v terminating\n", publishName)
defer vlog.VI(1).Infof("%v terminating", publishName)
- server, endpoint := mgmttest.NewServer(ctx)
+ server, endpoint := servicetest.NewServer(ctx)
defer server.Stop()
name := naming.JoinAddressName(endpoint, "")
@@ -82,15 +82,15 @@
t.Fatal(err)
}
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, v23.GetPrincipal(ctx))
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, v23.GetPrincipal(ctx))
defer deferFn()
// setup mock up directory to put state in
- storedir, cleanup := mgmttest.SetupRootDir(t, "application")
+ storedir, cleanup := servicetest.SetupRootDir(t, "application")
defer cleanup()
- nmh := mgmttest.RunCommand(t, sh, nil, repoCmd, "repo", storedir)
- pid := mgmttest.ReadPID(t, nmh)
+ nmh := servicetest.RunCommand(t, sh, nil, repoCmd, "repo", storedir)
+ pid := servicetest.ReadPID(t, nmh)
defer syscall.Kill(pid, syscall.SIGINT)
otherCtx, err := v23.SetPrincipal(ctx, testutil.NewPrincipal())
@@ -121,15 +121,32 @@
t.Fatalf("Put() failed: %v", err)
}
- acl, etag, err := repostub.GetPermissions(ctx)
- if verror.ErrorID(err) != verror.ErrNoExist.ID {
- t.Fatalf("GetPermissions should have failed with ErrNoExist but was: %v", err)
+ vlog.VI(2).Infof("Accessing the Permission Lists of the root returns a (simulated) list providing default authorization.")
+ acl, version, err := repostub.GetPermissions(ctx)
+ if err != nil {
+ t.Fatalf("GetPermissions should not have failed: %v", err)
}
- if got, want := etag, ""; got != want {
+ if got, want := version, ""; got != want {
t.Fatalf("GetPermissions got %v, want %v", got, want)
}
- if acl != nil {
- t.Fatalf("GetPermissions got %v, expected %v", acl, nil)
+ expected := access.Permissions{
+ "Admin": access.AccessList{
+ In: []security.BlessingPattern{"root/$", "root/self/$", "root/self/child"},
+ NotIn: []string(nil)},
+ "Read": access.AccessList{
+ In: []security.BlessingPattern{"root/$", "root/self/$", "root/self/child"},
+ NotIn: []string(nil)},
+ "Write": access.AccessList{
+ In: []security.BlessingPattern{"root/$", "root/self/$", "root/self/child"},
+ NotIn: []string(nil)},
+ "Debug": access.AccessList{
+ In: []security.BlessingPattern{"root/$", "root/self/$", "root/self/child"},
+ NotIn: []string(nil)},
+ "Resolve": access.AccessList{
+ In: []security.BlessingPattern{"root/$", "root/self/$", "root/self/child"},
+ NotIn: []string(nil)}}
+ if got := acl; !reflect.DeepEqual(expected.Normalize(), got.Normalize()) {
+ t.Errorf("got %#v, exected %#v ", got, expected)
}
vlog.VI(2).Infof("self attempting to give other permission to update application")
@@ -142,11 +159,11 @@
t.Fatalf("SetPermissions failed: %v", err)
}
- acl, etag, err = repostub.GetPermissions(ctx)
+ acl, version, err = repostub.GetPermissions(ctx)
if err != nil {
t.Fatalf("GetPermissions should not have failed: %v", err)
}
- expected := newAccessList
+ expected = newAccessList
if got := acl; !reflect.DeepEqual(expected.Normalize(), got.Normalize()) {
t.Errorf("got %#v, exected %#v ", got, expected)
}
@@ -157,14 +174,14 @@
}
// Other takes control.
- acl, etag, err = repostub.GetPermissions(otherCtx)
+ acl, version, err = repostub.GetPermissions(otherCtx)
if err != nil {
t.Fatalf("GetPermissions 2 should not have failed: %v", err)
}
acl["Admin"] = access.AccessList{
In: []security.BlessingPattern{"root/other"},
NotIn: []string{}}
- if err = repostub.SetPermissions(otherCtx, acl, etag); err != nil {
+ if err = repostub.SetPermissions(otherCtx, acl, version); err != nil {
t.Fatalf("SetPermissions failed: %v", err)
}
@@ -211,11 +228,11 @@
t.Fatal(err)
}
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, v23.GetPrincipal(ctx))
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, v23.GetPrincipal(ctx))
defer deferFn()
// setup mock up directory to put state in
- storedir, cleanup := mgmttest.SetupRootDir(t, "application")
+ storedir, cleanup := servicetest.SetupRootDir(t, "application")
defer cleanup()
otherCtx, err := v23.SetPrincipal(ctx, testutil.NewPrincipal())
@@ -226,8 +243,8 @@
t.Fatal(err)
}
- nmh := mgmttest.RunCommand(t, sh, nil, repoCmd, "repo", storedir)
- pid := mgmttest.ReadPID(t, nmh)
+ nmh := servicetest.RunCommand(t, sh, nil, repoCmd, "repo", storedir)
+ pid := servicetest.ReadPID(t, nmh)
defer syscall.Kill(pid, syscall.SIGINT)
// Create example envelope.
@@ -246,20 +263,37 @@
if err := v2stub.Put(ctx, []string{"base"}, envelopeV1); err != nil {
t.Fatalf("Put() failed: %v", err)
}
+ v3stub := repository.ApplicationClient("repo/naps/v1")
+ if err := v3stub.Put(ctx, []string{"base"}, envelopeV1); err != nil {
+ t.Fatalf("Put() failed: %v", err)
+ }
vlog.VI(2).Info("Self can access.AccessLists but other can't.")
- for _, path := range []string{"repo/search", "repo/search/v1", "repo/search/v2"} {
+ expectedSelfPermissions := access.Permissions{
+ "Admin": access.AccessList{
+ In: []security.BlessingPattern{"root/$", "root/self"},
+ NotIn: []string{}},
+ "Read": access.AccessList{In: []security.BlessingPattern{"root/$", "root/self"},
+ NotIn: []string{}},
+ "Write": access.AccessList{In: []security.BlessingPattern{"root/$", "root/self"},
+ NotIn: []string{}},
+ "Debug": access.AccessList{In: []security.BlessingPattern{"root/$", "root/self"},
+ NotIn: []string{}},
+ "Resolve": access.AccessList{In: []security.BlessingPattern{"root/$", "root/self"},
+ NotIn: []string{}}}
+
+ for _, path := range []string{"repo/search", "repo/search/v1", "repo/search/v2", "repo/naps", "repo/naps/v1"} {
stub := repository.ApplicationClient(path)
- acl, etag, err := stub.GetPermissions(ctx)
- if verror.ErrorID(err) != verror.ErrNoExist.ID {
- t.Fatalf("GetPermissions should have failed with ErrNoExist but was: %v", err)
+ acl, _, err := stub.GetPermissions(ctx)
+ if err != nil {
+ t.Fatalf("Newly uploaded envelopes failed to receive permission lists: %v", err)
}
- if got, want := etag, ""; got != want {
- t.Fatalf("GetPermissions got %v, want %v", got, want)
+
+ if got := acl; !reflect.DeepEqual(expectedSelfPermissions.Normalize(), got.Normalize()) {
+ t.Errorf("got %#v, expected %#v ", got, expectedSelfPermissions)
}
- if acl != nil {
- t.Fatalf("GetPermissions got %v, expected %v", acl, nil)
- }
+
+ // But otherCtx doesn't have admin permissions so has no access.
if _, _, err := stub.GetPermissions(otherCtx); err == nil {
t.Fatalf("GetPermissions didn't fail for other when it should have.")
}
@@ -280,55 +314,77 @@
t.Fatalf("GetPermissions should have failed")
}
- vlog.VI(2).Infof("Self gives other full access only to repo/search/v1.")
- newAccessList = make(access.Permissions)
- for _, tag := range access.AllTypicalTags() {
- newAccessList.Add("root/other", string(tag))
- }
- if err := v1stub.SetPermissions(ctx, newAccessList, ""); err != nil {
- t.Fatalf("SetPermissions failed: %v", err)
- }
-
- vlog.VI(2).Infof("Other can now access this location.")
- acl, _, err := v1stub.GetPermissions(otherCtx)
+ vlog.VI(2).Infof("Self gives other full access to repo/search/...")
+ newAccessList, version, err := v1stub.GetPermissions(ctx)
if err != nil {
t.Fatalf("GetPermissions should not have failed: %v", err)
}
- expected := access.Permissions{
- "Admin": access.AccessList{
- In: []security.BlessingPattern{"root/other"},
- NotIn: []string{}},
- "Read": access.AccessList{In: []security.BlessingPattern{"root/other"},
- NotIn: []string{}},
- "Write": access.AccessList{In: []security.BlessingPattern{"root/other"},
- NotIn: []string{}},
- "Debug": access.AccessList{In: []security.BlessingPattern{"root/other"},
- NotIn: []string{}},
- "Resolve": access.AccessList{In: []security.BlessingPattern{"root/other"},
- NotIn: []string{}}}
- if got := acl; !reflect.DeepEqual(expected.Normalize(), got.Normalize()) {
- t.Errorf("got %#v, exected %#v ", got, expected)
+ for _, tag := range access.AllTypicalTags() {
+ newAccessList.Add("root/other", string(tag))
}
- vlog.VI(2).Infof("Self can too thanks to hierarchical auth.")
- if _, _, err = v1stub.GetPermissions(ctx); err != nil {
- t.Fatalf("GetPermissions should not have failed: %v", err)
+ if err := v1stub.SetPermissions(ctx, newAccessList, version); err != nil {
+ t.Fatalf("SetPermissions failed: %v", err)
}
- // But other locations should be unaffected and other cannot access.
- for _, path := range []string{"repo/search", "repo/search/v2"} {
+ expected := access.Permissions{
+ "Resolve": access.AccessList{In: []security.BlessingPattern{
+ "root/$",
+ "root/other",
+ "root/self"},
+ NotIn: []string(nil)},
+ "Admin": access.AccessList{In: []security.BlessingPattern{
+ "root/$",
+ "root/other",
+ "root/self"},
+ NotIn: []string(nil)},
+ "Read": access.AccessList{In: []security.BlessingPattern{
+ "root/$",
+ "root/other",
+ "root/self"},
+ NotIn: []string(nil)},
+ "Write": access.AccessList{In: []security.BlessingPattern{
+ "root/$",
+ "root/other",
+ "root/self"},
+ NotIn: []string(nil)},
+ "Debug": access.AccessList{In: []security.BlessingPattern{
+ "root/$",
+ "root/other", "root/self"},
+ NotIn: []string(nil)},
+ }
+
+ for _, path := range []string{"repo/search", "repo/search/v1", "repo/search/v2"} {
+ stub := repository.ApplicationClient(path)
+ vlog.VI(2).Infof("Other can now access this app independent of version.")
+ acl, _, err := stub.GetPermissions(otherCtx)
+ if err != nil {
+ t.Fatalf("GetPermissions should not have failed: %v", err)
+ }
+
+ if got := acl; !reflect.DeepEqual(expected.Normalize(), got.Normalize()) {
+ t.Errorf("got %#v, expected %#v ", got, expected)
+ }
+ vlog.VI(2).Infof("Self can also access thanks to hierarchical auth.")
+ if _, _, err = stub.GetPermissions(ctx); err != nil {
+ t.Fatalf("GetPermissions should not have failed: %v", err)
+ }
+ }
+
+ vlog.VI(2).Infof("But other locations are unaffected and other cannot access.")
+ for _, path := range []string{"repo/naps", "repo/naps/v1"} {
stub := repository.ApplicationClient(path)
if _, _, err := stub.GetPermissions(otherCtx); err == nil {
- t.Fatalf("GetPermissions didn't fail for other when it should have.")
+ t.Fatalf("GetPermissions didn't fail when it should have.")
}
}
// Self gives other write perms on base.
- acl, etag, err := repostub.GetPermissions(ctx)
+ newAccessList, version, err = repostub.GetPermissions(ctx)
if err != nil {
t.Fatalf("GetPermissions should not have failed: %v", err)
}
newAccessList["Write"] = access.AccessList{In: []security.BlessingPattern{"root/other", "root/self"}}
- if err := repostub.SetPermissions(ctx, newAccessList, etag); err != nil {
+ if err := repostub.SetPermissions(ctx, newAccessList, version); err != nil {
t.Fatalf("SetPermissions failed: %v", err)
}
@@ -339,11 +395,23 @@
}
}
+ // But because application search already exists, the ACLs do not change.
+ for _, path := range []string{"repo/search", "repo/search/v1", "repo/search/v2"} {
+ stub := repository.ApplicationClient(path)
+ acl, _, err := stub.GetPermissions(otherCtx)
+ if err != nil {
+ t.Fatalf("GetPermissions should not have failed: %v", err)
+ }
+ if got := acl; !reflect.DeepEqual(expected.Normalize(), got.Normalize()) {
+ t.Errorf("got %#v, expected %#v ", got, expected)
+ }
+ }
+
// But self didn't give other AccessList modification permissions.
for _, path := range []string{"repo/search", "repo/search/v2"} {
stub := repository.ApplicationClient(path)
- if _, _, err := stub.GetPermissions(otherCtx); err == nil {
- t.Fatalf("GetPermissions didn't fail for other when it should have.")
+ if _, _, err := stub.GetPermissions(otherCtx); err != nil {
+ t.Fatalf("GetPermissions failed when it should not have for same application: %v", err)
}
}
}
diff --git a/services/application/applicationd/dispatcher.go b/services/application/applicationd/dispatcher.go
index 4c5aa1c..9d2e65d 100644
--- a/services/application/applicationd/dispatcher.go
+++ b/services/application/applicationd/dispatcher.go
@@ -13,8 +13,8 @@
"v.io/v23/security/access"
"v.io/v23/verror"
- "v.io/x/ref/services/mgmt/lib/acls"
- "v.io/x/ref/services/mgmt/lib/fs"
+ "v.io/x/ref/services/internal/acls"
+ "v.io/x/ref/services/internal/fs"
"v.io/x/ref/services/repository"
)
@@ -35,9 +35,14 @@
}
func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
+ name, _, err := parse(nil, suffix)
+ if err != nil {
+ return nil, nil, err
+ }
+
auth, err := acls.NewHierarchicalAuthorizer(
naming.Join("/acls", "data"),
- naming.Join("/acls", suffix, "data"),
+ naming.Join("/acls", name, "data"),
(*applicationAccessListStore)(d.store))
if err != nil {
return nil, nil, err
diff --git a/services/application/applicationd/impl_test.go b/services/application/applicationd/impl_test.go
index d61c7dd..781403c 100644
--- a/services/application/applicationd/impl_test.go
+++ b/services/application/applicationd/impl_test.go
@@ -18,7 +18,7 @@
"v.io/v23/verror"
appd "v.io/x/ref/services/application/applicationd"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/internal/servicetest"
"v.io/x/ref/services/repository"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
@@ -55,7 +55,7 @@
t.Fatalf("NewDispatcher() failed: %v", err)
}
- server, endpoint := mgmttest.NewServer(ctx)
+ server, endpoint := servicetest.NewServer(ctx)
defer server.Stop()
if err := server.ServeDispatcher("", dispatcher); err != nil {
@@ -195,7 +195,7 @@
t.Fatalf("NewDispatcher() failed: %v", err)
}
- server, endpoint := mgmttest.NewServer(ctx)
+ server, endpoint := servicetest.NewServer(ctx)
if err := server.ServeDispatcher("", dispatcher); err != nil {
t.Fatalf("Serve(%v) failed: %v", dispatcher, err)
@@ -238,7 +238,7 @@
t.Fatalf("NewDispatcher() failed: %v", err)
}
- server, endpoint = mgmttest.NewServer(ctx)
+ server, endpoint = servicetest.NewServer(ctx)
defer server.Stop()
if err := server.ServeDispatcher("", dispatcher); err != nil {
diff --git a/services/application/applicationd/service.go b/services/application/applicationd/service.go
index 9632cdf..3a0938b 100644
--- a/services/application/applicationd/service.go
+++ b/services/application/applicationd/service.go
@@ -7,12 +7,14 @@
import (
"strings"
- "v.io/x/ref/services/mgmt/lib/acls"
- "v.io/x/ref/services/mgmt/lib/fs"
+ "v.io/x/ref/services/internal/acls"
+ "v.io/x/ref/services/internal/fs"
"v.io/x/ref/services/repository"
+ "v.io/v23/context"
"v.io/v23/naming"
"v.io/v23/rpc"
+ "v.io/v23/security"
"v.io/v23/security/access"
"v.io/v23/services/application"
"v.io/v23/verror"
@@ -37,7 +39,7 @@
var (
ErrInvalidSuffix = verror.Register(pkgPath+".InvalidSuffix", verror.NoRetry, "{1:}{2:} invalid suffix{:_}")
ErrOperationFailed = verror.Register(pkgPath+".OperationFailed", verror.NoRetry, "{1:}{2:} operation failed{:_}")
- ErrInvalidBlessing = verror.Register(pkgPath+".InvalidBlessing", verror.NoRetry, "{1:}{2:} invalid blessing{:_}")
+ ErrNotAuthorized = verror.Register(pkgPath+".errNotAuthorized", verror.NoRetry, "{1:}{2:} none of the client's blessings are valid {:_}")
)
// NewApplicationService returns a new Application service implementation.
@@ -45,7 +47,7 @@
return &appRepoService{store: store, storeRoot: storeRoot, suffix: suffix}
}
-func parse(call rpc.ServerCall, suffix string) (string, string, error) {
+func parse(ctx *context.T, suffix string) (string, string, error) {
tokens := strings.Split(suffix, "/")
switch len(tokens) {
case 2:
@@ -53,14 +55,14 @@
case 1:
return tokens[0], "", nil
default:
- return "", "", verror.New(ErrInvalidSuffix, call.Context())
+ return "", "", verror.New(ErrInvalidSuffix, ctx)
}
}
func (i *appRepoService) Match(call rpc.ServerCall, profiles []string) (application.Envelope, error) {
vlog.VI(0).Infof("%v.Match(%v)", i.suffix, profiles)
empty := application.Envelope{}
- name, version, err := parse(call, i.suffix)
+ name, version, err := parse(call.Context(), i.suffix)
if err != nil {
return empty, err
}
@@ -88,7 +90,7 @@
func (i *appRepoService) Put(call rpc.ServerCall, profiles []string, envelope application.Envelope) error {
vlog.VI(0).Infof("%v.Put(%v, %v)", i.suffix, profiles, envelope)
- name, version, err := parse(call, i.suffix)
+ name, version, err := parse(call.Context(), i.suffix)
if err != nil {
return err
}
@@ -103,6 +105,22 @@
return err
}
+ // Only add a Permission list value if there is not already one
+ // present.
+ apath := naming.Join("/acls", name, "data")
+ aobj := i.store.BindObject(apath)
+ if _, err := aobj.Get(call); verror.ErrorID(err) == fs.ErrNotInMemStore.ID {
+ rb, _ := security.RemoteBlessingNames(call.Context())
+ if len(rb) == 0 {
+ // None of the client's blessings are valid.
+ return verror.New(ErrNotAuthorized, call.Context())
+ }
+ newacls := acls.PermissionsForBlessings(rb)
+ if _, err := aobj.Put(nil, newacls); err != nil {
+ return err
+ }
+ }
+
for _, profile := range profiles {
path := naming.Join(tname, "/applications", name, profile, version)
@@ -120,7 +138,7 @@
func (i *appRepoService) Remove(call rpc.ServerCall, profile string) error {
vlog.VI(0).Infof("%v.Remove(%v)", i.suffix, profile)
- name, version, err := parse(call, i.suffix)
+ name, version, err := parse(call.Context(), i.suffix)
if err != nil {
return err
}
@@ -230,18 +248,32 @@
return ch, nil
}
-func (i *appRepoService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (i *appRepoService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, version string, err error) {
+ name, _, err := parse(call.Context(), i.suffix)
+ if err != nil {
+ return nil, "", err
+ }
i.store.Lock()
defer i.store.Unlock()
- path := naming.Join("/acls", i.suffix, "data")
- return getAccessList(i.store, path)
+ path := naming.Join("/acls", name, "data")
+
+ acl, version, err = getAccessList(i.store, path)
+ if verror.ErrorID(err) == verror.ErrNoExist.ID {
+ return acls.NilAuthPermissions(call), "", nil
+ }
+
+ return acl, version, err
}
-func (i *appRepoService) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
+func (i *appRepoService) SetPermissions(call rpc.ServerCall, acl access.Permissions, version string) error {
+ name, _, err := parse(call.Context(), i.suffix)
+ if err != nil {
+ return err
+ }
i.store.Lock()
defer i.store.Unlock()
- path := naming.Join("/acls", i.suffix, "data")
- return setAccessList(i.store, path, acl, etag)
+ path := naming.Join("/acls", name, "data")
+ return setAccessList(i.store, path, acl, version)
}
// getAccessList fetches a Permissions out of the Memstore at the provided path.
@@ -262,25 +294,25 @@
return nil, "", err
}
- etag, err := acls.ComputeEtag(acl)
+ version, err := acls.ComputeVersion(acl)
if err != nil {
return nil, "", err
}
- return acl, etag, nil
+ return acl, version, nil
}
// setAccessList writes a Permissions into the Memstore at the provided path.
// where path is expected to have already been cleaned by naming.Join.
-func setAccessList(store *fs.Memstore, path string, acl access.Permissions, etag string) error {
- _, oetag, err := getAccessList(store, path)
+func setAccessList(store *fs.Memstore, path string, acl access.Permissions, version string) error {
+ _, oversion, err := getAccessList(store, path)
if verror.ErrorID(err) == verror.ErrNoExist.ID {
- oetag = etag
+ oversion = version
} else if err != nil {
return err
}
- if oetag != etag {
- return verror.NewErrBadEtag(nil)
+ if oversion != version {
+ return verror.NewErrBadVersion(nil)
}
tname, err := store.BindTransactionRoot("").CreateTransaction(nil)
diff --git a/services/binary/binary/doc.go b/services/binary/binary/doc.go
index 5f85f8c..bd9f9b5 100644
--- a/services/binary/binary/doc.go
+++ b/services/binary/binary/doc.go
@@ -56,28 +56,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/services/binary/binary/impl.go b/services/binary/binary/impl.go
index 41f6a71..6b9add4 100644
--- a/services/binary/binary/impl.go
+++ b/services/binary/binary/impl.go
@@ -9,7 +9,7 @@
"os"
"v.io/x/lib/cmdline"
- "v.io/x/ref/services/mgmt/lib/binary"
+ "v.io/x/ref/services/binary/binarylib"
)
var cmdDelete = &cmdline.Command{
@@ -26,7 +26,7 @@
return cmd.UsageErrorf("delete: incorrect number of arguments, expected %d, got %d", expected, got)
}
von := args[0]
- if err := binary.Delete(gctx, von); err != nil {
+ if err := binarylib.Delete(gctx, von); err != nil {
return err
}
fmt.Fprintf(cmd.Stdout(), "Binary deleted successfully\n")
@@ -53,7 +53,7 @@
return cmd.UsageErrorf("download: incorrect number of arguments, expected %d, got %d", expected, got)
}
von, filename := args[0], args[1]
- if err := binary.DownloadToFile(gctx, von, filename); err != nil {
+ if err := binarylib.DownloadToFile(gctx, von, filename); err != nil {
return err
}
fmt.Fprintf(cmd.Stdout(), "Binary downloaded to file %s\n", filename)
@@ -85,14 +85,14 @@
return err
}
if fi.IsDir() {
- sig, err := binary.UploadFromDir(gctx, von, filename)
+ sig, err := binarylib.UploadFromDir(gctx, von, filename)
if err != nil {
return err
}
fmt.Fprintf(cmd.Stdout(), "Binary package uploaded from directory %s signature(%v)\n", filename, sig)
return nil
}
- sig, err := binary.UploadFromFile(gctx, von, filename)
+ sig, err := binarylib.UploadFromFile(gctx, von, filename)
if err != nil {
return err
}
@@ -114,7 +114,7 @@
return cmd.UsageErrorf("rooturl: incorrect number of arguments, expected %d, got %d", expected, got)
}
von := args[0]
- url, _, err := binary.DownloadUrl(gctx, von)
+ url, _, err := binarylib.DownloadUrl(gctx, von)
if err != nil {
return err
}
diff --git a/services/binary/binary/impl_test.go b/services/binary/binary/impl_test.go
index 3fe3ca6..f833c02 100644
--- a/services/binary/binary/impl_test.go
+++ b/services/binary/binary/impl_test.go
@@ -81,11 +81,11 @@
return nil
}
-func (s *server) GetPermissions(rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (s *server) GetPermissions(rpc.ServerCall) (acl access.Permissions, version string, err error) {
return nil, "", nil
}
-func (s *server) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
+func (s *server) SetPermissions(call rpc.ServerCall, acl access.Permissions, version string) error {
return nil
}
diff --git a/services/binary/binary/main.go b/services/binary/binary/main.go
index 3af5487..e33dc99 100644
--- a/services/binary/binary/main.go
+++ b/services/binary/binary/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/services/binary/binarylib/acl_test.go b/services/binary/binarylib/acl_test.go
index 488b841..8dbf0ba 100644
--- a/services/binary/binarylib/acl_test.go
+++ b/services/binary/binarylib/acl_test.go
@@ -20,11 +20,10 @@
"v.io/v23/services/repository"
"v.io/v23/verror"
"v.io/x/lib/vlog"
-
+ vsecurity "v.io/x/ref/lib/security"
"v.io/x/ref/lib/signals"
- vsecurity "v.io/x/ref/security"
"v.io/x/ref/services/binary/binarylib"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/internal/servicetest"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
)
@@ -48,7 +47,7 @@
defer vlog.VI(1).Infof("%v terminating", publishName)
defer shutdown()
- server, endpoint := mgmttest.NewServer(ctx)
+ server, endpoint := servicetest.NewServer(ctx)
name := naming.JoinAddressName(endpoint, "")
vlog.VI(1).Infof("binaryd name: %v", name)
@@ -102,19 +101,19 @@
t.Fatalf("SetPrincipal failed: %v", err)
}
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, childCtx, v23.GetPrincipal(childCtx))
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, childCtx, v23.GetPrincipal(childCtx))
defer deferFn()
// make selfCtx and childCtx have the same Namespace Roots as set by
// CreateShellAndMountTable
v23.GetNamespace(selfCtx).SetRoots(v23.GetNamespace(childCtx).Roots()...)
// setup mock up directory to put state in
- storedir, cleanup := mgmttest.SetupRootDir(t, "bindir")
+ storedir, cleanup := servicetest.SetupRootDir(t, "bindir")
defer cleanup()
prepDirectory(t, storedir)
- nmh := mgmttest.RunCommand(t, sh, nil, binaryCmd, "bini", storedir)
- pid := mgmttest.ReadPID(t, nmh)
+ nmh := servicetest.RunCommand(t, sh, nil, binaryCmd, "bini", storedir)
+ pid := servicetest.ReadPID(t, nmh)
defer syscall.Kill(pid, syscall.SIGINT)
vlog.VI(2).Infof("Self uploads a shared and private binary.")
@@ -153,11 +152,11 @@
if err != nil {
t.Fatalf("SetPrincipal failed: %v", err)
}
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, selfCtx, v23.GetPrincipal(selfCtx))
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, selfCtx, v23.GetPrincipal(selfCtx))
defer deferFn()
// setup mock up directory to put state in
- storedir, cleanup := mgmttest.SetupRootDir(t, "bindir")
+ storedir, cleanup := servicetest.SetupRootDir(t, "bindir")
defer cleanup()
prepDirectory(t, storedir)
@@ -170,8 +169,8 @@
t.Fatalf("SetPrincipal() failed: %v", err)
}
- nmh := mgmttest.RunCommand(t, sh, nil, binaryCmd, "bini", storedir)
- pid := mgmttest.ReadPID(t, nmh)
+ nmh := servicetest.RunCommand(t, sh, nil, binaryCmd, "bini", storedir)
+ pid := servicetest.ReadPID(t, nmh)
defer syscall.Kill(pid, syscall.SIGINT)
vlog.VI(2).Infof("Self uploads a shared and private binary.")
@@ -216,7 +215,7 @@
}
vlog.VI(2).Infof("Validate the AccessList file on bini/private.")
- acl, etag, err := b("bini/private").GetPermissions(selfCtx)
+ acl, version, err := b("bini/private").GetPermissions(selfCtx)
if err != nil {
t.Fatalf("GetPermissions failed: %v", err)
}
@@ -239,7 +238,7 @@
acl.Clear("self", string(tag))
acl.Add("self/$", string(tag))
}
- if err := b("bini/private").SetPermissions(selfCtx, acl, etag); err != nil {
+ if err := b("bini/private").SetPermissions(selfCtx, acl, version); err != nil {
t.Fatalf("SetPermissions failed: %v", err)
}
@@ -437,11 +436,11 @@
if err != nil {
t.Fatalf("SetPrincipal failed: %v", err)
}
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, selfCtx, v23.GetPrincipal(selfCtx))
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, selfCtx, v23.GetPrincipal(selfCtx))
defer deferFn()
// setup mock up directory to put state in
- storedir, cleanup := mgmttest.SetupRootDir(t, "bindir")
+ storedir, cleanup := servicetest.SetupRootDir(t, "bindir")
defer cleanup()
prepDirectory(t, storedir)
@@ -450,8 +449,8 @@
t.Fatalf("otherPrincipal.AddToRoots() failed: %v", err)
}
- nmh := mgmttest.RunCommand(t, sh, nil, binaryCmd, "bini", storedir)
- pid := mgmttest.ReadPID(t, nmh)
+ nmh := servicetest.RunCommand(t, sh, nil, binaryCmd, "bini", storedir)
+ pid := servicetest.ReadPID(t, nmh)
defer syscall.Kill(pid, syscall.SIGINT)
acl, tag, err := b("bini").GetPermissions(selfCtx)
diff --git a/services/mgmt/lib/binary/impl.go b/services/binary/binarylib/client.go
similarity index 97%
rename from services/mgmt/lib/binary/impl.go
rename to services/binary/binarylib/client.go
index aae347a..9b97863 100644
--- a/services/mgmt/lib/binary/impl.go
+++ b/services/binary/binarylib/client.go
@@ -2,11 +2,9 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package binary provides a client-side library for the binary
-// repository.
-//
+package binarylib
+
// TODO(jsimsa): Implement parallel download and upload.
-package binary
import (
"bytes"
@@ -29,11 +27,9 @@
"v.io/v23/verror"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/mgmt/lib/packages"
+ "v.io/x/ref/services/internal/packages"
)
-const pkgPath = "v.io/x/ref/services/mgmt/lib/binary"
-
var (
errOperationFailed = verror.Register(pkgPath+".errOperationFailed", verror.NoRetry, "{1:}{2:} operation failed{:_}")
)
diff --git a/services/mgmt/lib/binary/impl_test.go b/services/binary/binarylib/client_test.go
similarity index 91%
rename from services/mgmt/lib/binary/impl_test.go
rename to services/binary/binarylib/client_test.go
index 7bb0543..2d91162 100644
--- a/services/mgmt/lib/binary/impl_test.go
+++ b/services/binary/binarylib/client_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package binary
+package binarylib
import (
"bytes"
@@ -19,8 +19,6 @@
"v.io/v23/services/repository"
"v.io/x/lib/vlog"
- _ "v.io/x/ref/profiles"
- "v.io/x/ref/services/binary/binarylib"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
)
@@ -37,9 +35,9 @@
if err != nil {
t.Fatalf("TempDir() failed: %v", err)
}
- path, perm := filepath.Join(rootDir, binarylib.VersionFile), os.FileMode(0600)
- if err := ioutil.WriteFile(path, []byte(binarylib.Version), perm); err != nil {
- vlog.Fatalf("WriteFile(%v, %v, %v) failed: %v", path, binarylib.Version, perm, err)
+ path, perm := filepath.Join(rootDir, VersionFile), os.FileMode(0600)
+ if err := ioutil.WriteFile(path, []byte(Version), perm); err != nil {
+ vlog.Fatalf("WriteFile(%v, %v, %v) failed: %v", path, Version, perm, err)
}
// Setup and start the binary repository server.
server, err := v23.NewServer(ctx)
@@ -47,12 +45,12 @@
t.Fatalf("NewServer() failed: %v", err)
}
depth := 2
- state, err := binarylib.NewState(rootDir, "http://test-root-url", depth)
+ state, err := NewState(rootDir, "http://test-root-url", depth)
if err != nil {
t.Fatalf("NewState(%v, %v) failed: %v", rootDir, depth, err)
}
- dispatcher, err := binarylib.NewDispatcher(v23.GetPrincipal(ctx), state)
+ dispatcher, err := NewDispatcher(v23.GetPrincipal(ctx), state)
if err != nil {
t.Fatalf("NewDispatcher() failed: %v\n", err)
}
diff --git a/services/binary/binarylib/dispatcher.go b/services/binary/binarylib/dispatcher.go
index 93c268c..9b0b4d9 100644
--- a/services/binary/binarylib/dispatcher.go
+++ b/services/binary/binarylib/dispatcher.go
@@ -11,7 +11,7 @@
"v.io/v23/security"
"v.io/v23/services/repository"
- "v.io/x/ref/services/mgmt/lib/acls"
+ "v.io/x/ref/services/internal/acls"
)
const (
diff --git a/services/binary/binarylib/impl_test.go b/services/binary/binarylib/impl_test.go
index 571000a..d8d5a17 100644
--- a/services/binary/binarylib/impl_test.go
+++ b/services/binary/binarylib/impl_test.go
@@ -23,7 +23,7 @@
_ "v.io/x/ref/profiles/static"
"v.io/x/ref/services/binary/binarylib"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/internal/servicetest"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
)
@@ -35,11 +35,11 @@
// startServer starts the binary repository server.
func startServer(t *testing.T, ctx *context.T, depth int) (repository.BinaryClientMethods, string, string, func()) {
// Setup the root of the binary repository.
- rootDir, cleanup := mgmttest.SetupRootDir(t, "bindir")
+ rootDir, cleanup := servicetest.SetupRootDir(t, "bindir")
prepDirectory(t, rootDir)
// Setup and start the binary repository server.
- server, endpoint := mgmttest.NewServer(ctx)
+ server, endpoint := servicetest.NewServer(ctx)
listener, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
diff --git a/services/binary/binarylib/service.go b/services/binary/binarylib/service.go
index caf878d..5a83d94 100644
--- a/services/binary/binarylib/service.go
+++ b/services/binary/binarylib/service.go
@@ -47,7 +47,7 @@
"v.io/v23/services/repository"
"v.io/v23/verror"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/mgmt/lib/acls"
+ "v.io/x/ref/services/internal/acls"
)
// binaryService implements the Binary server interface.
@@ -92,28 +92,6 @@
const BufferLength = 4096
-func prefixPatterns(blessings []string) []security.BlessingPattern {
- var patterns []security.BlessingPattern
- for _, b := range blessings {
- patterns = append(patterns, security.BlessingPattern(b).PrefixPatterns()...)
- }
- return patterns
-}
-
-// insertAccessLists configures the starting AccessList set for a newly "Create"-d binary based
-// on the caller's blessings.
-func insertAccessLists(dir string, aclstore *acls.PathStore, blessings []string) error {
- tam := make(access.Permissions)
-
- // Add the invoker's blessings and all its prefixes.
- for _, p := range prefixPatterns(blessings) {
- for _, tag := range access.AllTypicalTags() {
- tam.Add(p, string(tag))
- }
- }
- return aclstore.Set(dir, tam, "")
-}
-
func (i *binaryService) Create(call rpc.ServerCall, nparts int32, mediaInfo repository.MediaInfo) error {
vlog.Infof("%v.Create(%v, %v)", i.suffix, nparts, mediaInfo)
if nparts < 1 {
@@ -141,7 +119,7 @@
// None of the client's blessings are valid.
return verror.New(ErrNotAuthorized, call.Context())
}
- if err := insertAccessLists(aclPath(i.state.rootDir, i.suffix), i.aclstore, rb); err != nil {
+ if err := i.aclstore.Set(aclPath(i.state.rootDir, i.suffix), acls.PermissionsForBlessings(rb), ""); err != nil {
vlog.Errorf("insertAccessLists(%v) failed: %v", rb, err)
return verror.New(ErrOperationFailed, call.Context())
}
@@ -392,28 +370,17 @@
return ch, nil
}
-func (i *binaryService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (i *binaryService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, version string, err error) {
- acl, etag, err = i.aclstore.Get(aclPath(i.state.rootDir, i.suffix))
+ acl, version, err = i.aclstore.Get(aclPath(i.state.rootDir, i.suffix))
if os.IsNotExist(err) {
// No AccessList file found which implies a nil authorizer. This results in default authorization.
- // Therefore we return an AccessList that mimics the default authorization policy (i.e., the AccessList
- // is matched by all blessings that are either extensions of one of the local blessings or
- // can be extended to form one of the local blessings.)
- tam := make(access.Permissions)
-
- lb := security.LocalBlessingNames(call.Context())
- for _, p := range prefixPatterns(lb) {
- for _, tag := range access.AllTypicalTags() {
- tam.Add(p, string(tag))
- }
- }
- return tam, "", nil
+ return acls.NilAuthPermissions(call), "", nil
}
- return acl, etag, err
+ return acl, version, err
}
-func (i *binaryService) SetPermissions(_ rpc.ServerCall, acl access.Permissions, etag string) error {
- return i.aclstore.Set(aclPath(i.state.rootDir, i.suffix), acl, etag)
+func (i *binaryService) SetPermissions(_ rpc.ServerCall, acl access.Permissions, version string) error {
+ return i.aclstore.Set(aclPath(i.state.rootDir, i.suffix), acl, version)
}
diff --git a/services/build/build/doc.go b/services/build/build/doc.go
index 846047a..a5ae097 100644
--- a/services/build/build/doc.go
+++ b/services/build/build/doc.go
@@ -53,28 +53,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/services/build/build/main.go b/services/build/build/main.go
index 3af5487..e33dc99 100644
--- a/services/build/build/main.go
+++ b/services/build/build/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/services/build/buildd/impl_test.go b/services/build/buildd/impl_test.go
index b152e1f..ffce344 100644
--- a/services/build/buildd/impl_test.go
+++ b/services/build/buildd/impl_test.go
@@ -24,9 +24,9 @@
// findGoBinary returns the path to the given Go binary and
// the GOROOT environment variable to use.
func findGoBinary(t *testing.T, name string) (bin, goroot string) {
- root := os.Getenv("VANADIUM_ROOT")
+ root := os.Getenv("V23_ROOT")
if root == "" {
- t.Fatalf("VANADIUM_ROOT is not set")
+ t.Fatalf("V23_ROOT is not set")
}
envroot := filepath.Join(root, "environment", "go", runtime.GOOS, runtime.GOARCH, "go")
envbin := filepath.Join(envroot, "bin", name)
diff --git a/services/build/buildd/main.go b/services/build/buildd/main.go
index 0379642..c2b05de 100644
--- a/services/build/buildd/main.go
+++ b/services/build/buildd/main.go
@@ -11,10 +11,10 @@
"v.io/v23"
"v.io/v23/services/build"
"v.io/x/lib/vlog"
-
+ "v.io/x/ref/lib/security/securityflag"
"v.io/x/ref/lib/signals"
+
_ "v.io/x/ref/profiles/roaming"
- vflag "v.io/x/ref/security/flag"
)
var (
@@ -38,7 +38,7 @@
vlog.Errorf("Listen(%s) failed: %v", ls, err)
return
}
- if err := server.Serve(*name, build.BuilderServer(NewBuilderService(*gobin, *goroot)), vflag.NewAuthorizerOrDie()); err != nil {
+ if err := server.Serve(*name, build.BuilderServer(NewBuilderService(*gobin, *goroot)), securityflag.NewAuthorizerOrDie()); err != nil {
vlog.Errorf("Serve(%v) failed: %v", *name, err)
return
}
diff --git a/services/debug/debug/doc.go b/services/debug/debug/doc.go
index bdb3a7b..0283fff 100644
--- a/services/debug/debug/doc.go
+++ b/services/debug/debug/doc.go
@@ -57,28 +57,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/services/debug/debug/main.go b/services/debug/debug/main.go
index 3af5487..e33dc99 100644
--- a/services/debug/debug/main.go
+++ b/services/debug/debug/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/services/mgmt/device/config.vdl b/services/device/config.vdl
similarity index 100%
rename from services/mgmt/device/config.vdl
rename to services/device/config.vdl
diff --git a/services/mgmt/device/config.vdl.go b/services/device/config.vdl.go
similarity index 98%
rename from services/mgmt/device/config.vdl.go
rename to services/device/config.vdl.go
index 769efa9..d42e2db 100644
--- a/services/mgmt/device/config.vdl.go
+++ b/services/device/config.vdl.go
@@ -109,7 +109,7 @@
// descConfig hides the desc to keep godoc clean.
var descConfig = rpc.InterfaceDesc{
Name: "Config",
- PkgPath: "v.io/x/ref/services/mgmt/device",
+ PkgPath: "v.io/x/ref/services/device",
Doc: "// Config is an RPC API to the config service.",
Methods: []rpc.MethodDesc{
{
diff --git a/cmd/mgmt/device/acl_fmt.go b/services/device/device/acl_fmt.go
similarity index 100%
rename from cmd/mgmt/device/acl_fmt.go
rename to services/device/device/acl_fmt.go
diff --git a/cmd/mgmt/device/acl_impl.go b/services/device/device/acl_impl.go
similarity index 93%
rename from cmd/mgmt/device/acl_impl.go
rename to services/device/device/acl_impl.go
index 0b02e14..5eacbfa 100644
--- a/cmd/mgmt/device/acl_impl.go
+++ b/services/device/device/acl_impl.go
@@ -107,10 +107,10 @@
// Set the AccessLists on the specified names.
for {
- objAccessList, etag := make(access.Permissions), ""
+ objAccessList, version := make(access.Permissions), ""
if !forceSet {
var err error
- if objAccessList, etag, err = device.ApplicationClient(vanaName).GetPermissions(gctx); err != nil {
+ if objAccessList, version, err = device.ApplicationClient(vanaName).GetPermissions(gctx); err != nil {
return fmt.Errorf("GetPermissions(%s) failed: %v", vanaName, err)
}
}
@@ -124,8 +124,8 @@
}
}
}
- switch err := device.ApplicationClient(vanaName).SetPermissions(gctx, objAccessList, etag); {
- case err != nil && verror.ErrorID(err) != verror.ErrBadEtag.ID:
+ switch err := device.ApplicationClient(vanaName).SetPermissions(gctx, objAccessList, version); {
+ case err != nil && verror.ErrorID(err) != verror.ErrBadVersion.ID:
return fmt.Errorf("SetPermissions(%s) failed: %v", vanaName, err)
case err == nil:
return nil
diff --git a/cmd/mgmt/device/acl_test.go b/services/device/device/acl_test.go
similarity index 93%
rename from cmd/mgmt/device/acl_test.go
rename to services/device/device/acl_test.go
index a8894e4..cc4a0cc 100644
--- a/cmd/mgmt/device/acl_test.go
+++ b/services/device/device/acl_test.go
@@ -15,10 +15,10 @@
"v.io/v23/security/access"
"v.io/v23/verror"
- cmd_device "v.io/x/ref/cmd/mgmt/device"
+ cmd_device "v.io/x/ref/services/device/device"
)
-const pkgPath = "v.io/x/ref/cmd/mgmt/device/main"
+const pkgPath = "v.io/x/ref/services/device/main"
var (
errOops = verror.Register(pkgPath+".errOops", verror.NoRetry, "oops!")
@@ -52,8 +52,8 @@
In: []security.BlessingPattern{"other", "self"},
},
},
- etag: "anEtagForToday",
- err: nil,
+ version: "aVersionForToday",
+ err: nil,
}})
if err := cmd.Execute([]string{"acl", "get", deviceName}); err != nil {
@@ -138,10 +138,10 @@
NotIn: []string{"other/bob"},
},
},
- etag: "anEtagForToday",
- err: nil,
+ version: "aVersionForToday",
+ err: nil,
},
- verror.NewErrBadEtag(nil),
+ verror.NewErrBadVersion(nil),
GetPermissionsResponse{
acl: access.Permissions{
"Admin": access.AccessList{
@@ -152,8 +152,8 @@
NotIn: []string{"other/bob/baddevice"},
},
},
- etag: "anEtagForTomorrow",
- err: nil,
+ version: "aVersionForTomorrow",
+ err: nil,
},
nil,
})
@@ -199,7 +199,7 @@
NotIn: []string(nil),
},
},
- etag: "anEtagForToday",
+ version: "aVersionForToday",
},
"GetPermissions",
SetPermissionsStimulus{
@@ -218,7 +218,7 @@
NotIn: []string(nil),
},
},
- etag: "anEtagForTomorrow",
+ version: "aVersionForTomorrow",
},
}
@@ -231,9 +231,9 @@
// GetPermissions fails.
tape.SetResponses([]interface{}{GetPermissionsResponse{
- acl: access.Permissions{},
- etag: "anEtagForToday",
- err: verror.New(errOops, nil),
+ acl: access.Permissions{},
+ version: "aVersionForToday",
+ err: verror.New(errOops, nil),
},
})
@@ -256,15 +256,15 @@
stdout.Reset()
stderr.Reset()
- // SetPermissions fails with something other than a bad etag failure.
+ // SetPermissions fails with something other than a bad version failure.
tape.SetResponses([]interface{}{GetPermissionsResponse{
acl: access.Permissions{
"Read": access.AccessList{
In: []security.BlessingPattern{"other", "self"},
},
},
- etag: "anEtagForToday",
- err: nil,
+ version: "aVersionForToday",
+ err: nil,
},
verror.New(errOops, nil),
})
@@ -288,7 +288,7 @@
NotIn: []string(nil),
},
},
- etag: "anEtagForToday",
+ version: "aVersionForToday",
},
}
diff --git a/cmd/mgmt/device/associate_impl.go b/services/device/device/associate_impl.go
similarity index 100%
rename from cmd/mgmt/device/associate_impl.go
rename to services/device/device/associate_impl.go
diff --git a/cmd/mgmt/device/devicemanager_mock_test.go b/services/device/device/devicemanager_mock_test.go
similarity index 93%
rename from cmd/mgmt/device/devicemanager_mock_test.go
rename to services/device/device/devicemanager_mock_test.go
index 42d502f..7c8e2d8 100644
--- a/cmd/mgmt/device/devicemanager_mock_test.go
+++ b/services/device/device/devicemanager_mock_test.go
@@ -24,8 +24,8 @@
"v.io/v23/services/repository"
"v.io/x/lib/vlog"
- binlib "v.io/x/ref/services/mgmt/lib/binary"
- pkglib "v.io/x/ref/services/mgmt/lib/packages"
+ "v.io/x/ref/services/binary/binarylib"
+ "v.io/x/ref/services/internal/packages"
)
type mockDeviceInvoker struct {
@@ -144,11 +144,11 @@
}
defer os.RemoveAll(dir)
tmpFile := filepath.Join(dir, "downloaded")
- if err := binlib.DownloadToFile(ctx, pkgVON, tmpFile); err != nil {
+ if err := binarylib.DownloadToFile(ctx, pkgVON, tmpFile); err != nil {
return 0, fmt.Errorf("DownloadToFile failed: %v", err)
}
dst := filepath.Join(dir, "install")
- if err := pkglib.Install(tmpFile, dst); err != nil {
+ if err := packages.Install(tmpFile, dst); err != nil {
return 0, fmt.Errorf("packages.Install failed: %v", err)
}
return packageSize(dst), nil
@@ -167,7 +167,7 @@
is.appName = appNameAfterFetch
is.files = make(map[string]int64)
// Fetch the binary and record its size in the stimulus.
- data, mediaInfo, err := binlib.Download(call.Context(), binaryName)
+ data, mediaInfo, err := binarylib.Download(call.Context(), binaryName)
if err != nil {
return "", err
}
@@ -245,25 +245,25 @@
// Mock AccessList getting and setting
type GetPermissionsResponse struct {
- acl access.Permissions
- etag string
- err error
+ acl access.Permissions
+ version string
+ err error
}
type SetPermissionsStimulus struct {
- fun string
- acl access.Permissions
- etag string
+ fun string
+ acl access.Permissions
+ version string
}
-func (mni *mockDeviceInvoker) SetPermissions(_ rpc.ServerCall, acl access.Permissions, etag string) error {
- return mni.simpleCore(SetPermissionsStimulus{"SetPermissions", acl, etag}, "SetPermissions")
+func (mni *mockDeviceInvoker) SetPermissions(_ rpc.ServerCall, acl access.Permissions, version string) error {
+ return mni.simpleCore(SetPermissionsStimulus{"SetPermissions", acl, version}, "SetPermissions")
}
func (mni *mockDeviceInvoker) GetPermissions(rpc.ServerCall) (access.Permissions, string, error) {
ir := mni.tape.Record("GetPermissions")
r := ir.(GetPermissionsResponse)
- return r.acl, r.etag, r.err
+ return r.acl, r.version, r.err
}
func (mni *mockDeviceInvoker) Debug(rpc.ServerCall) (string, error) {
diff --git a/cmd/mgmt/device/doc.go b/services/device/device/doc.go
similarity index 90%
rename from cmd/mgmt/device/doc.go
rename to services/device/device/doc.go
index 42a8873..a9a06ad 100644
--- a/cmd/mgmt/device/doc.go
+++ b/services/device/device/doc.go
@@ -36,16 +36,30 @@
The global flags are:
-alsologtostderr=true
log to standard error as well as files
+ -dryrun=false
+ Elides root-requiring systemcalls.
-log_backtrace_at=:0
when logging hits line file:N, emit a stack trace
-log_dir=
if non-empty, write log files to this directory
+ -logdir=
+ Path to the log directory.
-logtostderr=false
log to standard error instead of files
-max_stack_buf_size=4292608
max size in bytes of the buffer to use for logging stack traces
+ -minuid=501
+ UIDs cannot be less than this number.
+ -progname=unnamed_app
+ Visible name of the application, used in argv[0]
+ -rm=false
+ Remove the file trees given as command-line arguments.
+ -run=
+ Path to the application to exec.
-stderrthreshold=2
logs at or above this threshold go to stderr
+ -username=
+ The UNIX user name used for the other functions of this tool.
-v=0
log level for V logs
-v23.credentials=
@@ -75,35 +89,10 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.acl.file=map[]
- specify an acl file as <name>:<aclfile>
- -veyron.acl.literal=
- explicitly specify the runtime acl as a JSON-encoded access.Permissions.
- Overrides all --veyron.acl.file flags.
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
+ -workspace=
+ Path to the application's workspace directory.
Device Install
@@ -382,8 +371,8 @@
Device Publish
Publishes the given application(s) to the binary and application servers. The
-binaries should be in $VANADIUM_ROOT/release/go/bin/[<GOOS>_<GOARCH>]. The
-binary is published as <binserv>/<binary name>/<GOOS>-<GOARCH>/<TIMESTAMP>. The
+binaries should be in $V23_ROOT/release/go/bin/[<GOOS>_<GOARCH>]. The binary is
+published as <binserv>/<binary name>/<GOOS>-<GOARCH>/<TIMESTAMP>. The
application envelope is published as <appserv>/<binary name>/0. Optionally, adds
blessing patterns to the Read and Resolve AccessLists.
diff --git a/cmd/mgmt/device/impl.go b/services/device/device/impl.go
similarity index 96%
rename from cmd/mgmt/device/impl.go
rename to services/device/device/impl.go
index bfd28cb..cf45c9e 100644
--- a/cmd/mgmt/device/impl.go
+++ b/services/device/device/impl.go
@@ -126,12 +126,13 @@
type granter struct {
rpc.CallOpt
- p security.Principal
extension string
}
-func (g *granter) Grant(other security.Blessings) (security.Blessings, error) {
- return g.p.Bless(other.PublicKey(), g.p.BlessingStore().Default(), g.extension, security.UnconstrainedUse())
+func (g *granter) Grant(ctx *context.T) (security.Blessings, error) {
+ call := security.GetCall(ctx)
+ p := call.LocalPrincipal()
+ return p.Bless(call.RemoteBlessings().PublicKey(), p.BlessingStore().Default(), g.extension, security.UnconstrainedUse())
}
func runStart(cmd *cmdline.Command, args []string) error {
@@ -226,7 +227,7 @@
}
// Skip server endpoint authorization since an unclaimed device might have
// roots that will not be recognized by the claimer.
- if err := device.ClaimableClient(deviceName).Claim(gctx, pairingToken, &granter{p: v23.GetPrincipal(gctx), extension: grant}, serverKeyOpts, options.SkipServerEndpointAuthorization{}); err != nil {
+ if err := device.ClaimableClient(deviceName).Claim(gctx, pairingToken, &granter{extension: grant}, serverKeyOpts, options.SkipServerEndpointAuthorization{}); err != nil {
return err
}
fmt.Fprintln(cmd.Stdout(), "Successfully claimed.")
diff --git a/cmd/mgmt/device/impl_test.go b/services/device/device/impl_test.go
similarity index 99%
rename from cmd/mgmt/device/impl_test.go
rename to services/device/device/impl_test.go
index bc5ea53..1e4d141 100644
--- a/cmd/mgmt/device/impl_test.go
+++ b/services/device/device/impl_test.go
@@ -18,9 +18,8 @@
"v.io/v23/services/application"
"v.io/v23/services/device"
"v.io/v23/verror"
-
- cmd_device "v.io/x/ref/cmd/mgmt/device"
- "v.io/x/ref/security"
+ "v.io/x/ref/lib/security"
+ cmd_device "v.io/x/ref/services/device/device"
)
//go:generate v23 test generate
diff --git a/cmd/mgmt/device/instance_impl.go b/services/device/device/instance_impl.go
similarity index 100%
rename from cmd/mgmt/device/instance_impl.go
rename to services/device/device/instance_impl.go
diff --git a/cmd/mgmt/device/instance_impl_test.go b/services/device/device/instance_impl_test.go
similarity index 98%
rename from cmd/mgmt/device/instance_impl_test.go
rename to services/device/device/instance_impl_test.go
index 251d860..d06dcbf 100644
--- a/cmd/mgmt/device/instance_impl_test.go
+++ b/services/device/device/instance_impl_test.go
@@ -13,7 +13,7 @@
"v.io/v23/naming"
"v.io/v23/verror"
- cmd_device "v.io/x/ref/cmd/mgmt/device"
+ cmd_device "v.io/x/ref/services/device/device"
)
func TestStopCommand(t *testing.T) {
diff --git a/cmd/mgmt/device/local_install.go b/services/device/device/local_install.go
similarity index 96%
rename from cmd/mgmt/device/local_install.go
rename to services/device/device/local_install.go
index 2116d91..6c1ba9c 100644
--- a/cmd/mgmt/device/local_install.go
+++ b/services/device/device/local_install.go
@@ -28,7 +28,7 @@
"v.io/x/lib/vlog"
"v.io/x/lib/cmdline"
- pkglib "v.io/x/ref/services/mgmt/lib/packages"
+ "v.io/x/ref/services/internal/packages"
)
var cmdInstallLocal = &cmdline.Command{
@@ -193,18 +193,18 @@
}
h.Write(bytes)
part := binary.PartInfo{Checksum: hex.EncodeToString(h.Sum(nil)), Size: int64(len(bytes))}
- return []binary.PartInfo{part}, pkglib.MediaInfoForFileName(fileName), nil
+ return []binary.PartInfo{part}, packages.MediaInfoForFileName(fileName), nil
}
func (binaryInvoker) Upload(repository.BinaryUploadServerCall, int32) error {
return errNotImplemented
}
-func (binaryInvoker) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (binaryInvoker) GetPermissions(call rpc.ServerCall) (acl access.Permissions, version string, err error) {
return nil, "", errNotImplemented
}
-func (binaryInvoker) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
+func (binaryInvoker) SetPermissions(call rpc.ServerCall, acl access.Permissions, version string) error {
return errNotImplemented
}
@@ -213,7 +213,7 @@
func (i envelopeInvoker) Match(rpc.ServerCall, []string) (application.Envelope, error) {
return application.Envelope(i), nil
}
-func (envelopeInvoker) GetPermissions(rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (envelopeInvoker) GetPermissions(rpc.ServerCall) (acl access.Permissions, version string, err error) {
return nil, "", errNotImplemented
}
@@ -233,7 +233,7 @@
// Directory packages first get zip'ped.
if info.IsDir() {
fileName = filepath.Join(tmpZipDir, info.Name()+".zip")
- if err := pkglib.CreateZip(fileName, p); err != nil {
+ if err := packages.CreateZip(fileName, p); err != nil {
return "", "", err
}
}
diff --git a/cmd/mgmt/device/local_install_test.go b/services/device/device/local_install_test.go
similarity index 98%
rename from cmd/mgmt/device/local_install_test.go
rename to services/device/device/local_install_test.go
index 8524813..e6d938d 100644
--- a/cmd/mgmt/device/local_install_test.go
+++ b/services/device/device/local_install_test.go
@@ -20,7 +20,7 @@
"v.io/v23/services/application"
"v.io/v23/services/device"
- cmd_device "v.io/x/ref/cmd/mgmt/device"
+ cmd_device "v.io/x/ref/services/device/device"
)
func createFile(t *testing.T, path string, contents string) {
diff --git a/cmd/mgmt/device/main.go b/services/device/device/main.go
similarity index 82%
rename from cmd/mgmt/device/main.go
rename to services/device/device/main.go
index e5ee2c2..46c85c4 100644
--- a/cmd/mgmt/device/main.go
+++ b/services/device/device/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/cmd/mgmt/device/mock_test.go b/services/device/device/mock_test.go
similarity index 100%
rename from cmd/mgmt/device/mock_test.go
rename to services/device/device/mock_test.go
diff --git a/cmd/mgmt/device/publish.go b/services/device/device/publish.go
similarity index 93%
rename from cmd/mgmt/device/publish.go
rename to services/device/device/publish.go
index df6a2b1..828aaad 100644
--- a/cmd/mgmt/device/publish.go
+++ b/services/device/device/publish.go
@@ -21,7 +21,7 @@
"v.io/v23/verror"
"v.io/x/lib/cmdline"
- "v.io/x/ref/services/mgmt/lib/binary"
+ "v.io/x/ref/services/binary/binarylib"
"v.io/x/ref/services/repository"
)
@@ -35,7 +35,7 @@
Short: "Publish the given application(s).",
Long: `
Publishes the given application(s) to the binary and application servers.
-The binaries should be in $VANADIUM_ROOT/release/go/bin/[<GOOS>_<GOARCH>].
+The binaries should be in $V23_ROOT/release/go/bin/[<GOOS>_<GOARCH>].
The binary is published as <binserv>/<binary name>/<GOOS>-<GOARCH>/<TIMESTAMP>.
The application envelope is published as <appserv>/<binary name>/0.
Optionally, adds blessing patterns to the Read and Resolve AccessLists.`,
@@ -68,7 +68,7 @@
if readBlessings == "" {
return nil
}
- acl, etag, err := permissions.ObjectClient(von).GetPermissions(gctx)
+ acl, version, err := permissions.ObjectClient(von).GetPermissions(gctx)
if err != nil {
// TODO(caprita): This is a workaround until we sort out the
// default AccessLists for applicationd (see issue #1317). At that
@@ -82,7 +82,7 @@
acl.Add(security.BlessingPattern(blessing), string(tag))
}
}
- if err := permissions.ObjectClient(von).SetPermissions(gctx, acl, etag); err != nil {
+ if err := permissions.ObjectClient(von).SetPermissions(gctx, acl, version); err != nil {
return err
}
fmt.Fprintf(cmd.Stdout(), "Added patterns %q to Read,Resolve AccessList for %q\n", readBlessings, von)
@@ -101,7 +101,7 @@
binaryVON := naming.Join(binaryService, binaryName, fmt.Sprintf("%s-%s", goos, goarch), timestamp)
binaryFile := filepath.Join(binPath, binaryName)
// TODO(caprita): Take signature of binary and put it in the envelope.
- if _, err := binary.UploadFromFile(gctx, binaryVON, binaryFile); err != nil {
+ if _, err := binarylib.UploadFromFile(gctx, binaryVON, binaryFile); err != nil {
return err
}
fmt.Fprintf(cmd.Stdout(), "Binary %q uploaded from file %s\n", binaryVON, binaryFile)
@@ -150,9 +150,9 @@
return cmd.UsageErrorf("publish: incorrect number of arguments, expected at least %d, got %d", expectedMin, got)
}
binaries := args
- vroot := os.Getenv("VANADIUM_ROOT")
+ vroot := os.Getenv("V23_ROOT")
if vroot == "" {
- return cmd.UsageErrorf("publish: $VANADIUM_ROOT environment variable should be set")
+ return cmd.UsageErrorf("publish: $V23_ROOT environment variable should be set")
}
binPath := filepath.Join(vroot, "release/go/bin")
goos := goosFlag.Get().(string)
diff --git a/cmd/mgmt/device/root.go b/services/device/device/root.go
similarity index 100%
rename from cmd/mgmt/device/root.go
rename to services/device/device/root.go
diff --git a/cmd/mgmt/device/updateall.go b/services/device/device/updateall.go
similarity index 98%
rename from cmd/mgmt/device/updateall.go
rename to services/device/device/updateall.go
index 19b1b04..551ae5b 100644
--- a/cmd/mgmt/device/updateall.go
+++ b/services/device/device/updateall.go
@@ -15,7 +15,7 @@
"v.io/v23/verror"
"v.io/x/lib/cmdline"
- deviceimpl "v.io/x/ref/services/mgmt/device/impl"
+ deviceimpl "v.io/x/ref/services/device/internal/impl"
)
// TODO(caprita): Re-implement this with Glob, so that one can say instead,
diff --git a/cmd/mgmt/device/util_test.go b/services/device/device/util_test.go
similarity index 90%
rename from cmd/mgmt/device/util_test.go
rename to services/device/device/util_test.go
index 6fc6ad1..0be10bc 100644
--- a/cmd/mgmt/device/util_test.go
+++ b/services/device/device/util_test.go
@@ -8,7 +8,7 @@
"v.io/v23"
"v.io/v23/context"
- cmd_device "v.io/x/ref/cmd/mgmt/device"
+ cmd_device "v.io/x/ref/services/device/device"
"v.io/x/ref/test"
)
diff --git a/cmd/mgmt/device/v23_internal_test.go b/services/device/device/v23_internal_test.go
similarity index 100%
rename from cmd/mgmt/device/v23_internal_test.go
rename to services/device/device/v23_internal_test.go
diff --git a/services/mgmt/device/deviced/commands.go b/services/device/deviced/commands.go
similarity index 98%
rename from services/mgmt/device/deviced/commands.go
rename to services/device/deviced/commands.go
index 87af138..a8bc375 100644
--- a/services/mgmt/device/deviced/commands.go
+++ b/services/device/deviced/commands.go
@@ -12,7 +12,7 @@
"v.io/v23"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/mgmt/device/impl"
+ "v.io/x/ref/services/device/internal/impl"
)
var (
diff --git a/services/mgmt/device/deviced/main.go b/services/device/deviced/main.go
similarity index 100%
rename from services/mgmt/device/deviced/main.go
rename to services/device/deviced/main.go
diff --git a/services/mgmt/device/deviced/server.go b/services/device/deviced/server.go
similarity index 97%
rename from services/mgmt/device/deviced/server.go
rename to services/device/deviced/server.go
index 9279f00..95b7068 100644
--- a/services/mgmt/device/deviced/server.go
+++ b/services/device/deviced/server.go
@@ -20,8 +20,8 @@
"v.io/x/ref/lib/mgmt"
"v.io/x/ref/lib/signals"
_ "v.io/x/ref/profiles/roaming"
- "v.io/x/ref/services/mgmt/device/config"
- "v.io/x/ref/services/mgmt/device/starter"
+ "v.io/x/ref/services/device/internal/config"
+ "v.io/x/ref/services/device/internal/starter"
"v.io/v23"
"v.io/v23/context"
@@ -30,7 +30,7 @@
"v.io/x/lib/vlog"
)
-const pkgPath = "v.io/x/ref/services/mgmt/device/deviced"
+const pkgPath = "v.io/x/ref/services/device/deviced"
var (
errSplitHostPortFailed = verror.Register(pkgPath+".errSplitHostPortFailed", verror.NoRetry, "{1:}{2:} net.SplitHostPort({3}) failed{:_}")
diff --git a/cmd/mgmt/device/devicex b/services/device/devicex
similarity index 98%
rename from cmd/mgmt/device/devicex
rename to services/device/devicex
index 7e53c30..e910510 100755
--- a/cmd/mgmt/device/devicex
+++ b/services/device/devicex
@@ -123,7 +123,7 @@
# Fetches binaries needed by device manager installation.
# Globals:
# BIN_NAMES
-# VANADIUM_ROOT
+# V23_ROOT
# Arguments:
# destination for binaries
# source of binaries
@@ -141,11 +141,11 @@
# If source is not specified, try to look for it in the repository.
if [[ -z "${BIN_SOURCE}" ]]; then
- if [[ -z "${VANADIUM_ROOT}" ]]; then
+ if [[ -z "${V23_ROOT}" ]]; then
echo 'ERROR: binary source not specified and no local repository available'
exit 1
fi
- local -r REPO_BIN_DIR="${VANADIUM_ROOT}/release/go/bin"
+ local -r REPO_BIN_DIR="${V23_ROOT}/release/go/bin"
echo "Fetching binaries:${bin_names_str} from build repository: ${REPO_BIN_DIR} ..."
for bin_name in "${BIN_NAMES[@]}"; do
copy_binary "${bin_name}" "${REPO_BIN_DIR}" "${BIN_INSTALL}"
diff --git a/services/mgmt/device/doc.go b/services/device/doc.go
similarity index 100%
rename from services/mgmt/device/doc.go
rename to services/device/doc.go
diff --git a/services/mgmt/inithelper/main.go b/services/device/inithelper/main.go
similarity index 98%
rename from services/mgmt/inithelper/main.go
rename to services/device/inithelper/main.go
index c9bf9e5..4916c28 100644
--- a/services/mgmt/inithelper/main.go
+++ b/services/device/inithelper/main.go
@@ -18,7 +18,7 @@
"fmt"
"os"
- "v.io/x/ref/services/mgmt/sysinit"
+ "v.io/x/ref/lib/sysinit"
)
func usage() {
diff --git a/services/mgmt/device/config/config.go b/services/device/internal/config/config.go
similarity index 98%
rename from services/mgmt/device/config/config.go
rename to services/device/internal/config/config.go
index 16b96b0..b8c323c 100644
--- a/services/mgmt/device/config/config.go
+++ b/services/device/internal/config/config.go
@@ -34,7 +34,7 @@
"v.io/v23/verror"
)
-const pkgPath = "v.io/x/ref/services/mgmt/device/config"
+const pkgPath = "v.io/x/ref/services/device/internal/config"
var (
errNeedName = verror.Register(pkgPath+".errNeedName", verror.NoRetry, "{1:}{2:} Name cannot be empty{:_}")
diff --git a/services/mgmt/device/config/config_test.go b/services/device/internal/config/config_test.go
similarity index 98%
rename from services/mgmt/device/config/config_test.go
rename to services/device/internal/config/config_test.go
index 4356961..968bda8 100644
--- a/services/mgmt/device/config/config_test.go
+++ b/services/device/internal/config/config_test.go
@@ -11,7 +11,7 @@
"strings"
"testing"
- "v.io/x/ref/services/mgmt/device/config"
+ "v.io/x/ref/services/device/internal/config"
"v.io/v23/services/application"
)
diff --git a/services/mgmt/device/config/const.go b/services/device/internal/config/const.go
similarity index 100%
rename from services/mgmt/device/config/const.go
rename to services/device/internal/config/const.go
diff --git a/services/mgmt/device/impl/acl_propagator.go b/services/device/internal/impl/acl_propagator.go
similarity index 96%
rename from services/mgmt/device/impl/acl_propagator.go
rename to services/device/internal/impl/acl_propagator.go
index 944ea60..37cfa38 100644
--- a/services/mgmt/device/impl/acl_propagator.go
+++ b/services/device/internal/impl/acl_propagator.go
@@ -10,7 +10,7 @@
"v.io/v23/security"
"v.io/v23/security/access"
- "v.io/x/ref/services/mgmt/lib/acls"
+ "v.io/x/ref/services/internal/acls"
)
// computePath builds the desired path for the debug acls.
diff --git a/services/mgmt/device/impl/app_service.go b/services/device/internal/impl/app_service.go
similarity index 97%
rename from services/mgmt/device/impl/app_service.go
rename to services/device/internal/impl/app_service.go
index 3952e1e..322b8d9 100644
--- a/services/mgmt/device/impl/app_service.go
+++ b/services/device/internal/impl/app_service.go
@@ -149,16 +149,15 @@
"v.io/v23/services/device"
"v.io/v23/verror"
"v.io/x/lib/vlog"
-
"v.io/x/ref/envvar"
vexec "v.io/x/ref/lib/exec"
"v.io/x/ref/lib/mgmt"
- vsecurity "v.io/x/ref/security"
- "v.io/x/ref/security/agent"
- "v.io/x/ref/security/agent/keymgr"
- iconfig "v.io/x/ref/services/mgmt/device/config"
- "v.io/x/ref/services/mgmt/lib/acls"
- libpackages "v.io/x/ref/services/mgmt/lib/packages"
+ vsecurity "v.io/x/ref/lib/security"
+ "v.io/x/ref/services/agent"
+ "v.io/x/ref/services/agent/keymgr"
+ "v.io/x/ref/services/device/internal/config"
+ "v.io/x/ref/services/internal/acls"
+ "v.io/x/ref/services/internal/packages"
)
// instanceInfo holds state about a running instance.
@@ -200,7 +199,7 @@
// appService implements the Device manager's Application interface.
type appService struct {
callback *callbackState
- config *iconfig.State
+ config *config.State
// suffix contains the name components of the current invocation name
// suffix. It is used to identify an application, installation, or
// instance.
@@ -650,11 +649,11 @@
if err := os.MkdirAll(packagesDir, os.FileMode(0755)); err != nil {
return err
}
- installFrom := func(packages application.Packages, sourceDir string) error {
- for pkg, _ := range packages {
+ installFrom := func(pkgs application.Packages, sourceDir string) error {
+ for pkg, _ := range pkgs {
pkgFile := filepath.Join(sourceDir, "pkg", pkg)
dst := filepath.Join(packagesDir, pkg)
- if err := libpackages.Install(pkgFile, dst); err != nil {
+ if err := packages.Install(pkgFile, dst); err != nil {
return err
}
}
@@ -778,7 +777,7 @@
cmd.Args = append(cmd.Args, "--progname", appName)
// Set the app's default namespace root to the local namespace.
- cmd.Env = envvar.DoNotUse_AppendNamespaceRoot(nsRoot, cmd.Env)
+ cmd.Env = []string{envvar.NamespacePrefix + "=" + nsRoot}
cmd.Env = append(cmd.Env, envelope.Env...)
rootDir := filepath.Join(instanceDir, "root")
cmd.Dir = rootDir
@@ -840,6 +839,13 @@
appAclDir := filepath.Join(instanceDir, "debugacls", "data")
cfg.Set("v23.permissions.file", "runtime:"+appAclDir)
+ // This adds to cmd.Extrafiles. The helper expects a fixed fd, so this call needs
+ // to go before anything that conditionally adds to Extrafiles, like the agent
+ // setup code immediately below.
+ var handshaker appHandshaker
+ handshaker.prepareToStart(ctx, cmd)
+ defer handshaker.cleanup()
+
// Set up any agent-specific state.
// NOTE(caprita): This ought to belong in genCmd.
var agentCleaner func()
@@ -861,7 +867,7 @@
cmd.ExtraFiles = append(cmd.ExtraFiles, file)
cfg.Set(mgmt.SecurityAgentFDConfigKey, strconv.Itoa(fd))
} else {
- cmd.Env = envvar.DoNotUse_AppendCredentials(filepath.Join(instanceDir, "credentials"), cmd.Env)
+ cmd.Env = append(cmd.Env, envvar.Credentials+"="+filepath.Join(instanceDir, "credentials"))
}
handle := vexec.NewParentHandle(cmd, vexec.ConfigOpt{cfg})
defer func() {
@@ -871,35 +877,30 @@
}
}
}()
+
// Start the child process.
- if err := handle.Start(); err != nil {
- if agentCleaner != nil {
- agentCleaner()
- }
- return 0, verror.New(ErrOperationFailed, ctx, fmt.Sprintf("Start() failed: %v", err))
- }
+ startErr := handle.Start()
+ // Perform unconditional cleanup before dealing with any error from handle.Start()
if agentCleaner != nil {
agentCleaner()
}
+ // Now react to any error in handle.Start()
+ if startErr != nil {
+ return 0, verror.New(ErrOperationFailed, ctx, fmt.Sprintf("Start() failed: %v", err))
+ }
- // Wait for the suidhelper to exit.
+ // Wait for the suidhelper to exit. This is blocking as we assume the helper won't
+ // get stuck.
if err := handle.Wait(0); err != nil {
return 0, verror.New(ErrOperationFailed, ctx, fmt.Sprintf("Wait() on suidhelper failed: %v", err))
}
- // Wait for the process invoked by suidhelper to become ready.
- if err := handle.WaitForReady(childReadyTimeout); err != nil {
- return 0, verror.New(ErrOperationFailed, ctx, fmt.Sprintf("WaitForReady(%v) failed: %v", childReadyTimeout, err))
- }
- pid := handle.ChildPid()
- childName, err := listener.waitForValue(childReadyTimeout)
+ pid, childName, err := handshaker.doHandshake(handle, listener)
+
if err != nil {
- return 0, verror.New(ErrOperationFailed, nil)
+ return 0, err
}
- // Because suidhelper uses Go's in-built support for setuid forking,
- // handle.Pid() is the pid of suidhelper, not the pid of the app
- // so use the pid returned in the app's ready status.
info.AppCycleMgrName, info.Pid = childName, pid
if err := saveInstanceInfo(ctx, instanceDir, info); err != nil {
return 0, err
@@ -1349,7 +1350,7 @@
}
// TODO(rjkroege): Consider maintaining an in-memory Permissions cache.
-func (i *appService) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
+func (i *appService) SetPermissions(call rpc.ServerCall, acl access.Permissions, version string) error {
dir, isInstance, err := dirFromSuffix(i.suffix, i.config.Root)
if err != nil {
return err
@@ -1360,10 +1361,10 @@
return err
}
}
- return i.aclstore.Set(path.Join(dir, "acls"), acl, etag)
+ return i.aclstore.Set(path.Join(dir, "acls"), acl, version)
}
-func (i *appService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (i *appService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, version string, err error) {
dir, _, err := dirFromSuffix(i.suffix, i.config.Root)
if err != nil {
return nil, "", err
diff --git a/services/device/internal/impl/app_starting_util.go b/services/device/internal/impl/app_starting_util.go
new file mode 100644
index 0000000..76d9bed
--- /dev/null
+++ b/services/device/internal/impl/app_starting_util.go
@@ -0,0 +1,186 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+// TODO -- Ideally the code in this file would be integrated with the instance reaping,
+// so we avoid having two process polling loops. This code is currently separate because
+// the actions taken when the app dies (or is caught lying about its pid) prior to being
+// considered running are fairly different from what's currently done by the reaper in
+// handling deaths that occur after the app started successfully.
+
+import (
+ "encoding/binary"
+ "fmt"
+ "os"
+ "os/exec"
+ "syscall"
+ "time"
+
+ "v.io/v23/context"
+ "v.io/v23/verror"
+ "v.io/x/lib/vlog"
+ vexec "v.io/x/ref/lib/exec"
+ "v.io/x/ref/lib/suid"
+)
+
+// appWatcher watches the pid of a running app until either the pid exits or stop()
+// is called
+type appWatcher struct {
+ pid int // Pid to watch
+ callback func() // Called if the pid exits or if stop() is invoked
+ stopper chan struct{} // Used to stop the appWatcher
+}
+
+func newAppWatcher(pidToWatch int, callOnPidExit func()) *appWatcher {
+ return &appWatcher{
+ pid: pidToWatch,
+ callback: callOnPidExit,
+ stopper: make(chan struct{}, 1),
+ }
+}
+
+func (a *appWatcher) stop() {
+ close(a.stopper)
+}
+
+func (a *appWatcher) watchAppPid() {
+ defer a.callback()
+
+ ticker := time.NewTicker(1 * time.Second)
+ defer ticker.Stop()
+
+ for {
+ select {
+ case <-ticker.C:
+ if err := syscall.Kill(a.pid, 0); err != nil && err != syscall.EPERM {
+ vlog.Errorf("App died in startup: pid=%d: %v", a.pid, err)
+ return
+ } else {
+ vlog.VI(2).Infof("App pid %d is alive", a.pid)
+ }
+
+ case <-a.stopper:
+ vlog.Errorf("AppWatcher was stopped")
+ return
+ }
+ }
+ // Not reached.
+}
+
+// appHandshaker is a utility to do the app handshake for a newly started app while
+// reacting quickly if the app crashes. appHandshaker reads two pids from the app (one
+// from the helper that forked the app, and the other from the app itself). If the app
+// appears to be lying about its own pid, it will kill the app.
+type appHandshaker struct {
+ helperRead, helperWrite *os.File
+ ctx *context.T
+}
+
+func (a *appHandshaker) cleanup() {
+ if a.helperRead != nil {
+ a.helperRead.Close()
+ a.helperRead = nil
+ }
+ if a.helperWrite != nil {
+ a.helperWrite.Close()
+ a.helperWrite = nil
+ }
+}
+
+// prepareToStart sets up the pipe used to talk to the helper. It must be called before
+// the app is started so that the app will inherit the file descriptor
+func (a *appHandshaker) prepareToStart(ctx *context.T, cmd *exec.Cmd) error {
+ if suid.PipeToParentFD != (len(cmd.ExtraFiles) + vexec.FileOffset) {
+ return verror.New(ErrOperationFailed, ctx,
+ fmt.Sprintf("FD expected by helper (%v) was not available (%v) (%v)",
+ suid.PipeToParentFD, len(cmd.ExtraFiles), vexec.FileOffset))
+ }
+ a.ctx = ctx
+
+ var err error
+ a.helperRead, a.helperWrite, err = os.Pipe()
+ if err != nil {
+ vlog.Errorf("Failed to create pipe: %v", err)
+ return err
+ }
+ cmd.ExtraFiles = append(cmd.ExtraFiles, a.helperWrite)
+ return nil
+}
+
+// doAppHandshake executes the startup handshake for the app. Upon success, it returns the
+// pid and appCycle manager name for the started app.
+//
+// handle should have been set up to use a helper for the app and handle.Start()
+// and handle.Wait() should already have been called (so we know the helper is done)
+func (a *appHandshaker) doHandshake(handle *vexec.ParentHandle, listener callbackListener) (int, string, error) {
+ // Close our copy of helperWrite to make helperRead return EOF once the
+ // helper's copy of helperWrite is closed.
+ a.helperWrite.Close()
+ a.helperWrite = nil
+
+ // Get the app pid from the helper. This won't block as the helper is done
+ var pid32 int32
+ if err := binary.Read(a.helperRead, binary.LittleEndian, &pid32); err != nil {
+ vlog.Errorf("Error reading app pid from child: %v", err)
+ return 0, "", verror.New(ErrOperationFailed, a.ctx, fmt.Sprintf("failed to read pid from helper: %v", err))
+ }
+ pidFromHelper := int(pid32)
+ vlog.VI(1).Infof("read app pid %v from child", pidFromHelper)
+
+ // Watch the app pid in case it exits.
+ pidExitedChan := make(chan struct{}, 1)
+ watcher := newAppWatcher(pidFromHelper, func() {
+ listener.stop()
+ close(pidExitedChan)
+ })
+ go watcher.watchAppPid()
+ defer watcher.stop()
+
+ // Wait for the child to say it's ready and provide its own pid via the init handshake
+ childReadyErrChan := make(chan error, 1)
+ go func() {
+ if err := handle.WaitForReady(childReadyTimeout); err != nil {
+ childReadyErrChan <- verror.New(ErrOperationFailed, a.ctx, fmt.Sprintf("WaitForReady(%v) failed: %v", childReadyTimeout, err))
+ }
+ childReadyErrChan <- nil
+ }()
+
+ // Wait until we get the pid from the app, but return early if
+ // the watcher notices that the app failed
+ pidFromChild := 0
+
+ select {
+ case <-pidExitedChan:
+ return 0, "", verror.New(ErrOperationFailed, a.ctx,
+ fmt.Sprintf("App exited (pid %d)", pidFromHelper))
+
+ case err := <-childReadyErrChan:
+ if err != nil {
+ return 0, "", err
+ }
+ // Note: handle.Pid() is the pid of the helper, rather than that
+ // of the app that the helper then forked. ChildPid is the pid
+ // received via the app startup handshake
+ pidFromChild = handle.ChildPid()
+ }
+
+ if pidFromHelper != pidFromChild {
+ // Something nasty is going on and we should kill pidFromHelper.
+ // TODO(arup): In future we'll extend suidhelper to support a kill
+ // function, and invoke it here.
+ return 0, "", verror.New(ErrOperationFailed, a.ctx,
+ fmt.Sprintf("Child pids do not match! (%d != %d)", pidFromHelper, pidFromChild))
+ }
+
+ // The appWatcher will stop the listener if the pid dies while waiting below
+ childName, err := listener.waitForValue(childReadyTimeout)
+ if err != nil {
+ // TODO(arup) kill pidFromHelper here using suidhelper
+ return 0, "", verror.New(ErrOperationFailed, a.ctx,
+ fmt.Sprintf("Waiting for child name: %v", err))
+ }
+
+ return pidFromHelper, childName, nil
+}
diff --git a/services/mgmt/device/impl/app_state.go b/services/device/internal/impl/app_state.go
similarity index 100%
rename from services/mgmt/device/impl/app_state.go
rename to services/device/internal/impl/app_state.go
diff --git a/services/mgmt/device/impl/app_state_test.go b/services/device/internal/impl/app_state_test.go
similarity index 100%
rename from services/mgmt/device/impl/app_state_test.go
rename to services/device/internal/impl/app_state_test.go
diff --git a/services/mgmt/device/impl/args_darwin_test.go b/services/device/internal/impl/args_darwin_test.go
similarity index 100%
rename from services/mgmt/device/impl/args_darwin_test.go
rename to services/device/internal/impl/args_darwin_test.go
diff --git a/services/mgmt/device/impl/args_linux_test.go b/services/device/internal/impl/args_linux_test.go
similarity index 100%
rename from services/mgmt/device/impl/args_linux_test.go
rename to services/device/internal/impl/args_linux_test.go
diff --git a/services/mgmt/device/impl/associate_instance_test.go b/services/device/internal/impl/associate_instance_test.go
similarity index 100%
rename from services/mgmt/device/impl/associate_instance_test.go
rename to services/device/internal/impl/associate_instance_test.go
diff --git a/services/mgmt/device/impl/association_instance.go b/services/device/internal/impl/association_instance.go
similarity index 100%
rename from services/mgmt/device/impl/association_instance.go
rename to services/device/internal/impl/association_instance.go
diff --git a/services/mgmt/device/impl/association_state.go b/services/device/internal/impl/association_state.go
similarity index 100%
rename from services/mgmt/device/impl/association_state.go
rename to services/device/internal/impl/association_state.go
diff --git a/services/mgmt/device/impl/association_state_test.go b/services/device/internal/impl/association_state_test.go
similarity index 98%
rename from services/mgmt/device/impl/association_state_test.go
rename to services/device/internal/impl/association_state_test.go
index 0c5bb8a..b0b035c 100644
--- a/services/mgmt/device/impl/association_state_test.go
+++ b/services/device/internal/impl/association_state_test.go
@@ -12,7 +12,7 @@
"testing"
"v.io/v23/services/device"
- "v.io/x/ref/services/mgmt/device/impl"
+ "v.io/x/ref/services/device/internal/impl"
)
// TestAssociationPersistance verifies correct operation of association
diff --git a/services/mgmt/device/impl/callback.go b/services/device/internal/impl/callback.go
similarity index 96%
rename from services/mgmt/device/impl/callback.go
rename to services/device/internal/impl/callback.go
index e48bc86..659ccdb 100644
--- a/services/mgmt/device/impl/callback.go
+++ b/services/device/internal/impl/callback.go
@@ -11,7 +11,7 @@
"v.io/x/ref/lib/exec"
"v.io/x/ref/lib/mgmt"
- "v.io/x/ref/services/mgmt/device"
+ "v.io/x/ref/services/device"
)
// InvokeCallback provides the parent device manager with the given name (which
diff --git a/services/mgmt/device/impl/claim.go b/services/device/internal/impl/claim.go
similarity index 98%
rename from services/mgmt/device/impl/claim.go
rename to services/device/internal/impl/claim.go
index d58e9b2..921b1f2 100644
--- a/services/mgmt/device/impl/claim.go
+++ b/services/device/internal/impl/claim.go
@@ -15,7 +15,7 @@
"v.io/v23/security/access"
"v.io/v23/verror"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/mgmt/lib/acls"
+ "v.io/x/ref/services/internal/acls"
)
// claimable implements the device.Claimable RPC interface and the
diff --git a/services/mgmt/device/impl/config_service.go b/services/device/internal/impl/config_service.go
similarity index 100%
rename from services/mgmt/device/impl/config_service.go
rename to services/device/internal/impl/config_service.go
diff --git a/services/mgmt/device/impl/debug_acls_test.go b/services/device/internal/impl/debug_acls_test.go
similarity index 94%
rename from services/mgmt/device/impl/debug_acls_test.go
rename to services/device/internal/impl/debug_acls_test.go
index 57448c6..6f0f865 100644
--- a/services/mgmt/device/impl/debug_acls_test.go
+++ b/services/device/internal/impl/debug_acls_test.go
@@ -16,18 +16,18 @@
"v.io/v23/services/permissions"
"v.io/v23/verror"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/internal/servicetest"
"v.io/x/ref/test/testutil"
)
func updateAccessList(t *testing.T, ctx *context.T, blessing, right string, name ...string) {
accessStub := permissions.ObjectClient(naming.Join(name...))
- acl, etag, err := accessStub.GetPermissions(ctx)
+ acl, version, err := accessStub.GetPermissions(ctx)
if err != nil {
t.Fatalf(testutil.FormatLogLine(2, "GetPermissions(%v) failed %v", name, err))
}
acl.Add(security.BlessingPattern(blessing), right)
- if err = accessStub.SetPermissions(ctx, acl, etag); err != nil {
+ if err = accessStub.SetPermissions(ctx, acl, version); err != nil {
t.Fatalf(testutil.FormatLogLine(2, "SetPermissions(%v, %v, %v) failed: %v", name, blessing, right, err))
}
}
@@ -43,8 +43,8 @@
defer cleanup()
// Set up the device manager.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ servicetest.ReadPID(t, dmh)
claimDevice(t, ctx, "dm", "mydevice", noPairingToken)
// Create the local server that the app uses to let us know it's ready.
@@ -198,8 +198,8 @@
}
// Set up the device manager.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "--log_dir="+extraLogDir, "dm", root, helperPath, "unused", "unused_curr_link")
- mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "--log_dir="+extraLogDir, "dm", root, helperPath, "unused", "unused_curr_link")
+ servicetest.ReadPID(t, dmh)
// Make some users.
selfCtx := ctx
diff --git a/services/mgmt/device/impl/device_installer.go b/services/device/internal/impl/device_installer.go
similarity index 98%
rename from services/mgmt/device/impl/device_installer.go
rename to services/device/internal/impl/device_installer.go
index 233e1e5..01bdeb7 100644
--- a/services/mgmt/device/impl/device_installer.go
+++ b/services/device/internal/impl/device_installer.go
@@ -57,8 +57,8 @@
"v.io/v23/services/application"
"v.io/x/ref/envvar"
- "v.io/x/ref/services/mgmt/device/config"
- "v.io/x/ref/services/mgmt/sysinit"
+ "v.io/x/ref/lib/sysinit"
+ "v.io/x/ref/services/device/internal/config"
)
// restartExitCode is the exit code that the device manager should return when it
@@ -251,9 +251,7 @@
output += fmt.Sprintf(" TIMESTAMP=$(%s)\n", dateCommand)
output += fmt.Sprintf(" exec > %s-$TIMESTAMP 2> %s-$TIMESTAMP\n", stdoutLog, stderrLog)
output += "fi\n"
- for _, v := range envvar.DoNotUse_AppendCredentials(principalDir, nil) {
- output += fmt.Sprintf("%v ", v)
- }
+ output += fmt.Sprintf("%s=%q ", envvar.Credentials, principalDir)
// Escape the path to the binary; %q uses Go-syntax escaping, but it's
// close enough to Bash that we're using it as an approximation.
//
diff --git a/services/mgmt/device/impl/device_service.go b/services/device/internal/impl/device_service.go
similarity index 98%
rename from services/mgmt/device/impl/device_service.go
rename to services/device/internal/impl/device_service.go
index 54f18ad..18eba41 100644
--- a/services/mgmt/device/impl/device_service.go
+++ b/services/device/internal/impl/device_service.go
@@ -61,14 +61,13 @@
"v.io/v23/services/binary"
"v.io/v23/services/device"
"v.io/v23/verror"
+ "v.io/x/lib/buildinfo"
"v.io/x/lib/vlog"
- "v.io/x/ref/lib/flags/buildinfo"
-
"v.io/x/ref/envvar"
vexec "v.io/x/ref/lib/exec"
"v.io/x/ref/lib/mgmt"
- vsecurity "v.io/x/ref/security"
- "v.io/x/ref/services/mgmt/device/config"
+ vsecurity "v.io/x/ref/lib/security"
+ "v.io/x/ref/services/device/internal/config"
"v.io/x/ref/services/profile"
)
@@ -363,7 +362,7 @@
if p, err = vsecurity.CreatePersistentPrincipal(credentialsDir, nil); err != nil {
return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("CreatePersistentPrincipal(%v, nil) failed: %v", credentialsDir, err))
}
- cmd.Env = envvar.DoNotUse_AppendCredentials(credentialsDir, cmd.Env)
+ cmd.Env = append(cmd.Env, envvar.Credentials+"="+credentialsDir)
}
dmPrincipal := v23.GetPrincipal(ctx)
dmBlessings, err := dmPrincipal.Bless(p.PublicKey(), dmPrincipal.BlessingStore().Default(), "testdm", security.UnconstrainedUse())
@@ -627,12 +626,12 @@
return nil
}
-func (s *deviceService) SetPermissions(_ rpc.ServerCall, acl access.Permissions, etag string) error {
+func (s *deviceService) SetPermissions(_ rpc.ServerCall, acl access.Permissions, version string) error {
d := AclDir(s.disp.config)
- return s.disp.aclstore.Set(d, acl, etag)
+ return s.disp.aclstore.Set(d, acl, version)
}
-func (s *deviceService) GetPermissions(rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (s *deviceService) GetPermissions(rpc.ServerCall) (acl access.Permissions, version string, err error) {
d := AclDir(s.disp.config)
return s.disp.aclstore.Get(d)
}
diff --git a/services/mgmt/device/impl/dispatcher.go b/services/device/internal/impl/dispatcher.go
similarity index 97%
rename from services/mgmt/device/impl/dispatcher.go
rename to services/device/internal/impl/dispatcher.go
index 2ec2dcb..9227d9b 100644
--- a/services/mgmt/device/impl/dispatcher.go
+++ b/services/device/internal/impl/dispatcher.go
@@ -12,13 +12,6 @@
"strings"
"sync"
- "v.io/x/ref/security/agent"
- "v.io/x/ref/security/agent/keymgr"
- "v.io/x/ref/services/logreader/logreaderlib"
- idevice "v.io/x/ref/services/mgmt/device"
- "v.io/x/ref/services/mgmt/device/config"
- "v.io/x/ref/services/mgmt/lib/acls"
-
"v.io/v23"
"v.io/v23/context"
"v.io/v23/naming"
@@ -32,6 +25,12 @@
"v.io/v23/vdlroot/signature"
"v.io/v23/verror"
"v.io/x/lib/vlog"
+ "v.io/x/ref/services/agent"
+ "v.io/x/ref/services/agent/keymgr"
+ s_device "v.io/x/ref/services/device"
+ "v.io/x/ref/services/device/internal/config"
+ "v.io/x/ref/services/internal/acls"
+ "v.io/x/ref/services/logreader/logreaderlib"
)
// internalState wraps state shared between different device manager
@@ -69,7 +68,7 @@
deviceSuffix = "device"
configSuffix = "cfg"
- pkgPath = "v.io/x/ref/services/mgmt/device/impl"
+ pkgPath = "v.io/x/ref/services/device/internal/impl"
)
var (
@@ -341,7 +340,7 @@
if len(components) != 2 {
return nil, nil, verror.New(ErrInvalidSuffix, nil)
}
- receiver := idevice.ConfigServer(&configService{
+ receiver := s_device.ConfigServer(&configService{
callback: d.internal.callback,
suffix: components[1],
})
diff --git a/services/mgmt/device/impl/helper_manager.go b/services/device/internal/impl/helper_manager.go
similarity index 100%
rename from services/mgmt/device/impl/helper_manager.go
rename to services/device/internal/impl/helper_manager.go
diff --git a/services/mgmt/device/impl/impl_helper_test.go b/services/device/internal/impl/impl_helper_test.go
similarity index 96%
rename from services/mgmt/device/impl/impl_helper_test.go
rename to services/device/internal/impl/impl_helper_test.go
index 67d318c..e2b7c81 100644
--- a/services/mgmt/device/impl/impl_helper_test.go
+++ b/services/device/internal/impl/impl_helper_test.go
@@ -13,7 +13,7 @@
"path"
"testing"
- "v.io/x/ref/services/mgmt/device/impl"
+ "v.io/x/ref/services/device/internal/impl"
)
func TestBaseCleanupDir(t *testing.T) {
diff --git a/services/mgmt/device/impl/impl_test.go b/services/device/internal/impl/impl_test.go
similarity index 91%
rename from services/mgmt/device/impl/impl_test.go
rename to services/device/internal/impl/impl_test.go
index 990223a..521d126 100644
--- a/services/mgmt/device/impl/impl_test.go
+++ b/services/device/internal/impl/impl_test.go
@@ -45,13 +45,12 @@
"v.io/x/ref/envvar"
"v.io/x/ref/lib/mgmt"
"v.io/x/ref/lib/signals"
+ "v.io/x/ref/lib/suid"
"v.io/x/ref/services/binary/binarylib"
- "v.io/x/ref/services/mgmt/device/config"
- "v.io/x/ref/services/mgmt/device/impl"
- "v.io/x/ref/services/mgmt/device/starter"
- libbinary "v.io/x/ref/services/mgmt/lib/binary"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
- suidhelper "v.io/x/ref/services/mgmt/suidhelper/impl"
+ "v.io/x/ref/services/device/internal/config"
+ "v.io/x/ref/services/device/internal/impl"
+ "v.io/x/ref/services/device/internal/starter"
+ "v.io/x/ref/services/internal/servicetest"
"v.io/x/ref/test"
"v.io/x/ref/test/expect"
"v.io/x/ref/test/modules"
@@ -106,7 +105,7 @@
return
}
vlog.VI(1).Infof("TestSuidHelper starting")
- if err := suidhelper.Run(os.Environ()); err != nil {
+ if err := suid.Run(os.Environ()); err != nil {
vlog.Fatalf("Failed to Run() setuidhelper: %v", err)
}
}
@@ -240,9 +239,9 @@
}
func ping(ctx *context.T) {
- helperEnv := os.Getenv(suidhelper.SavedArgs)
+ helperEnv := os.Getenv(suid.SavedArgs)
d := json.NewDecoder(strings.NewReader(helperEnv))
- var savedArgs suidhelper.ArgsSavedForTest
+ var savedArgs suid.ArgsSavedForTest
if err := d.Decode(&savedArgs); err != nil {
vlog.Fatalf("Failed to decode preserved argument %v: %v", helperEnv, err)
}
@@ -287,7 +286,7 @@
}
publishName := args[0]
- server, _ := mgmttest.NewServer(ctx)
+ server, _ := servicetest.NewServer(ctx)
defer server.Stop()
if err := server.Serve(publishName, new(appService), nil); err != nil {
vlog.Fatalf("Serve(%v) failed: %v", publishName, err)
@@ -349,14 +348,14 @@
ctx, shutdown := initForTest()
defer shutdown()
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, v23.GetPrincipal(ctx))
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, v23.GetPrincipal(ctx))
defer deferFn()
// Set up mock application and binary repositories.
envelope, cleanup := startMockRepos(t, ctx)
defer cleanup()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -398,12 +397,12 @@
// demonstrates that the initial device manager could be started by hand
// as long as the right initial configuration is passed into the device
// manager implementation.
- dmh := mgmttest.RunCommand(t, sh, dmPauseBeforeStopEnv, deviceManagerCmd, dmArgs...)
+ dmh := servicetest.RunCommand(t, sh, dmPauseBeforeStopEnv, deviceManagerCmd, dmArgs...)
defer func() {
syscall.Kill(dmh.Pid(), syscall.SIGINT)
}()
- mgmttest.ReadPID(t, dmh)
+ servicetest.ReadPID(t, dmh)
// Brand new device manager must be claimed first.
claimDevice(t, ctx, "factoryDM", "mydevice", noPairingToken)
@@ -444,9 +443,9 @@
// relaunch it from the current link.
resolveExpectNotFound(t, ctx, "v2DM") // Ensure a clean slate.
- dmh = mgmttest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
+ dmh = servicetest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
- mgmttest.ReadPID(t, dmh)
+ servicetest.ReadPID(t, dmh)
resolve(t, ctx, "v2DM", 1) // Current link should have been launching v2.
// Try issuing an update without changing the envelope in the
@@ -457,7 +456,8 @@
t.Fatalf("script changed")
}
- // Try issuing an update with a binary that has a different major version number. It should fail
+ // Try issuing an update with a binary that has a different major version
+ // number. It should fail.
resolveExpectNotFound(t, ctx, "v2.5DM") // Ensure a clean slate.
*envelope = envelopeFromShell(sh, dmEnv, deviceManagerV10Cmd, application.DeviceManagerTitle, "v2.5DM")
updateDeviceExpectError(t, ctx, "v2DM", impl.ErrOperationFailed.ID)
@@ -485,9 +485,9 @@
// Re-lanuch the device manager from current link. We instruct the
// device manager to pause before stopping its server, so that we can
// verify that a second revert fails while a revert is in progress.
- dmh = mgmttest.RunCommand(t, sh, dmPauseBeforeStopEnv, execScriptCmd, currLink)
+ dmh = servicetest.RunCommand(t, sh, dmPauseBeforeStopEnv, execScriptCmd, currLink)
- mgmttest.ReadPID(t, dmh)
+ servicetest.ReadPID(t, dmh)
resolve(t, ctx, "v3DM", 1) // Current link should have been launching v3.
// Revert the device manager to its previous version (v2).
@@ -503,8 +503,8 @@
resolveExpectNotFound(t, ctx, "v2DM") // Ensure a clean slate.
- dmh = mgmttest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
- mgmttest.ReadPID(t, dmh)
+ dmh = servicetest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
+ servicetest.ReadPID(t, dmh)
resolve(t, ctx, "v2DM", 1) // Current link should have been launching v2.
// Revert the device manager to its previous version (factory).
@@ -518,8 +518,8 @@
resolveExpectNotFound(t, ctx, "factoryDM") // Ensure a clean slate.
- dmh = mgmttest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
- mgmttest.ReadPID(t, dmh)
+ dmh = servicetest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
+ servicetest.ReadPID(t, dmh)
resolve(t, ctx, "factoryDM", 1) // Current link should have been launching factory version.
stopDevice(t, ctx, "factoryDM")
dmh.Expect("factoryDM terminated")
@@ -527,8 +527,8 @@
// Re-launch the device manager, to exercise the behavior of Suspend.
resolveExpectNotFound(t, ctx, "factoryDM") // Ensure a clean slate.
- dmh = mgmttest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
- mgmttest.ReadPID(t, dmh)
+ dmh = servicetest.RunCommand(t, sh, dmEnv, execScriptCmd, currLink)
+ servicetest.ReadPID(t, dmh)
resolve(t, ctx, "factoryDM", 1)
suspendDevice(t, ctx, "factoryDM")
dmh.Expect("restart handler")
@@ -550,7 +550,7 @@
// returns a channel on which the app's ping message is returned, and a cleanup
// function.
func setupPingServer(t *testing.T, ctx *context.T) (<-chan pingArgs, func()) {
- server, _ := mgmttest.NewServer(ctx)
+ server, _ := servicetest.NewServer(ctx)
pingCh := make(chan pingArgs, 1)
if err := server.Serve("pingserver", pingServer(pingCh), &openAuthorizer{}); err != nil {
t.Fatalf("Serve(%q, <dispatcher>) failed: %v", "pingserver", err)
@@ -614,14 +614,14 @@
ctx, shutdown := initForTest()
defer shutdown()
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
// Set up mock application and binary repositories.
envelope, cleanup := startMockRepos(t, ctx)
defer cleanup()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -632,8 +632,8 @@
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ servicetest.ReadPID(t, dmh)
claimDevice(t, ctx, "dm", "mydevice", noPairingToken)
// Create the local server that the app uses to let us know it's ready.
@@ -867,7 +867,7 @@
if err != nil {
t.Fatalf("binarylib.NewState failed: %v", err)
}
- server, _ := mgmttest.NewServer(ctx)
+ server, _ := servicetest.NewServer(ctx)
d, err := binarylib.NewDispatcher(v23.GetPrincipal(ctx), state)
if err != nil {
t.Fatalf("server.NewDispatcher failed: %v", err)
@@ -898,14 +898,14 @@
t.Fatal(err)
}
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
// Set up mock application and binary repositories.
envelope, cleanup := startMockRepos(t, ctx)
defer cleanup()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -917,8 +917,8 @@
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
pairingToken := "abcxyz"
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link", pairingToken)
- pid := mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link", pairingToken)
+ pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
*envelope = envelopeFromShell(sh, nil, appCmd, "google naps", "trapp")
@@ -984,14 +984,14 @@
idp := testutil.NewIDProvider("root")
ctx = ctxWithNewPrincipal(t, ctx, idp, "self")
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
// Set up mock application and binary repositories.
envelope, cleanup := startMockRepos(t, ctx)
defer cleanup()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -1002,8 +1002,8 @@
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, "unused_helper", "unused_app_repo_name", "unused_curr_link")
- pid := mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, "unused_helper", "unused_app_repo_name", "unused_curr_link")
+ pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
// Create an envelope for an app.
@@ -1025,14 +1025,16 @@
if err := expectedAccessList.WriteTo(&b); err != nil {
t.Fatalf("Failed to save AccessList:%v", err)
}
+ // Note, "version" below refers to the Permissions version, not the device
+ // manager version.
md5hash := md5.Sum(b.Bytes())
- expectedETAG := hex.EncodeToString(md5hash[:])
- acl, etag, err := deviceStub.GetPermissions(selfCtx)
+ expectedVersion := hex.EncodeToString(md5hash[:])
+ acl, version, err := deviceStub.GetPermissions(selfCtx)
if err != nil {
t.Fatal(err)
}
- if etag != expectedETAG {
- t.Fatalf("getAccessList expected:%v(%v), got:%v(%v)", expectedAccessList, expectedETAG, acl, etag)
+ if version != expectedVersion {
+ t.Fatalf("getAccessList expected:%v(%v), got:%v(%v)", expectedAccessList, expectedVersion, acl, version)
}
// Install from octx should fail, since it does not match the AccessList.
installAppExpectError(t, octx, verror.ErrNoAccess.ID)
@@ -1042,9 +1044,9 @@
newAccessList.Add("root/other", string(tag))
}
if err := deviceStub.SetPermissions(selfCtx, newAccessList, "invalid"); err == nil {
- t.Fatalf("SetPermissions should have failed with invalid etag")
+ t.Fatalf("SetPermissions should have failed with invalid version")
}
- if err := deviceStub.SetPermissions(selfCtx, newAccessList, etag); err != nil {
+ if err := deviceStub.SetPermissions(selfCtx, newAccessList, version); err != nil {
t.Fatal(err)
}
// Install should now fail with selfCtx, which no longer matches the
@@ -1072,9 +1074,9 @@
ctx, shutdown := initForTest()
defer shutdown()
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
- testDir, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ testDir, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
// No need to call SaveCreatorInfo() here because that's part of SelfInstall below
@@ -1103,8 +1105,8 @@
if err := impl.Start(dmDir, os.Stderr, stdout); err != nil {
t.Fatalf("Start failed: %v", err)
}
- dms := expect.NewSession(t, stdout, mgmttest.ExpectTimeout)
- mgmttest.ReadPID(t, dms)
+ dms := expect.NewSession(t, stdout, servicetest.ExpectTimeout)
+ servicetest.ReadPID(t, dms)
claimDevice(t, ctx, "dm", "mydevice", noPairingToken)
revertDeviceExpectError(t, ctx, "dm", impl.ErrUpdateNoOp.ID) // No previous version available.
@@ -1132,14 +1134,14 @@
ctx, shutdown := initForTest()
defer shutdown()
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
// Set up mock application and binary repositories.
envelope, cleanup := startMockRepos(t, ctx)
defer cleanup()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -1150,8 +1152,8 @@
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- pid := mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
// Create the local server that the app uses to let us know it's ready.
@@ -1234,7 +1236,7 @@
ctx, shutdown := initForTest()
defer shutdown()
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
// Set up mock application and binary repositories.
@@ -1256,13 +1258,13 @@
}
}
createFile("hello.txt", "Hello World!")
- if _, err := libbinary.UploadFromDir(ctx, naming.Join(binaryVON, "testpkg"), tmpdir); err != nil {
- t.Fatalf("libbinary.UploadFromDir failed: %v", err)
+ if _, err := binarylib.UploadFromDir(ctx, naming.Join(binaryVON, "testpkg"), tmpdir); err != nil {
+ t.Fatalf("binarylib.UploadFromDir failed: %v", err)
}
createAndUpload := func(von, contents string) {
createFile("tempfile", contents)
- if _, err := libbinary.UploadFromFile(ctx, naming.Join(binaryVON, von), filepath.Join(tmpdir, "tempfile")); err != nil {
- t.Fatalf("libbinary.UploadFromFile failed: %v", err)
+ if _, err := binarylib.UploadFromFile(ctx, naming.Join(binaryVON, von), filepath.Join(tmpdir, "tempfile")); err != nil {
+ t.Fatalf("binarylib.UploadFromFile failed: %v", err)
}
}
createAndUpload("testfile", "Goodbye World!")
@@ -1270,7 +1272,7 @@
createAndUpload("rightshark", "Right shark")
createAndUpload("beachball", "Beach ball")
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -1281,8 +1283,8 @@
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- pid := mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
// Create the local server that the app uses to let us know it's ready.
@@ -1376,10 +1378,10 @@
ctx, shutdown := initForTest()
defer shutdown()
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -1398,8 +1400,8 @@
v23.GetPrincipal(c).AddToRoots(v23.GetPrincipal(ctx).BlessingStore().Default())
}
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, "unused_helper", "unused_app_repo_name", "unused_curr_link")
- pid := mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, "unused_helper", "unused_app_repo_name", "unused_curr_link")
+ pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
deviceStub := device.DeviceClient("dm/device")
@@ -1478,14 +1480,14 @@
t.Fatal(err)
}
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
// Set up mock application and binary repositories.
envelope, cleanup := startMockRepos(t, ctx)
defer cleanup()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -1497,8 +1499,8 @@
// Create a script wrapping the test target that implements suidhelper.
helperPath := generateSuidHelperScript(t, root)
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "-mocksetuid", "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- pid := mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "-mocksetuid", "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
// Claim the devicemanager with selfCtx as root/self/alice
claimDevice(t, selfCtx, "dm", "alice", noPairingToken)
@@ -1607,7 +1609,7 @@
ctx, shutdown := initForTest()
defer shutdown()
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
defer deferFn()
binaryVON := "binary"
@@ -1616,7 +1618,7 @@
up := testutil.RandomBytes(testutil.Intn(5 << 20))
mediaInfo := repository.MediaInfo{Type: "application/octet-stream"}
- sig, err := libbinary.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo)
+ sig, err := binarylib.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo)
if err != nil {
t.Fatalf("Upload(%v) failed:%v", binaryVON, err)
}
@@ -1631,16 +1633,16 @@
if err := ioutil.WriteFile(filepath.Join(tmpdir, "pkg.txt"), pkgContents, 0600); err != nil {
t.Fatalf("ioutil.WriteFile failed: %v", err)
}
- pkgSig, err := libbinary.UploadFromDir(ctx, pkgVON, tmpdir)
+ pkgSig, err := binarylib.UploadFromDir(ctx, pkgVON, tmpdir)
if err != nil {
- t.Fatalf("libbinary.UploadFromDir failed: %v", err)
+ t.Fatalf("binarylib.UploadFromDir failed: %v", err)
}
// Start the application repository
envelope, serverStop := startApplicationRepository(ctx)
defer serverStop()
- root, cleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, cleanup := servicetest.SetupRootDir(t, "devicemanager")
defer cleanup()
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
@@ -1651,8 +1653,8 @@
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- pid := mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ pid := servicetest.ReadPID(t, dmh)
defer syscall.Kill(pid, syscall.SIGINT)
claimDevice(t, ctx, "dm", "mydevice", noPairingToken)
@@ -1679,10 +1681,10 @@
// Verify that when the binary is corrupted, signature verification fails.
up[0] = up[0] ^ 0xFF
- if err := libbinary.Delete(ctx, naming.Join(binaryVON, "testbinary")); err != nil {
+ if err := binarylib.Delete(ctx, naming.Join(binaryVON, "testbinary")); err != nil {
t.Fatalf("Delete(%v) failed:%v", binaryVON, err)
}
- if _, err := libbinary.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo); err != nil {
+ if _, err := binarylib.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo); err != nil {
t.Fatalf("Upload(%v) failed:%v", binaryVON, err)
}
if _, err := appStub().Install(ctx, mockApplicationRepoName, device.Config{}, nil); verror.ErrorID(err) != impl.ErrOperationFailed.ID {
@@ -1691,10 +1693,10 @@
// Restore the binary and verify that installation succeeds.
up[0] = up[0] ^ 0xFF
- if err := libbinary.Delete(ctx, naming.Join(binaryVON, "testbinary")); err != nil {
+ if err := binarylib.Delete(ctx, naming.Join(binaryVON, "testbinary")); err != nil {
t.Fatalf("Delete(%v) failed:%v", binaryVON, err)
}
- if _, err := libbinary.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo); err != nil {
+ if _, err := binarylib.Upload(ctx, naming.Join(binaryVON, "testbinary"), up, mediaInfo); err != nil {
t.Fatalf("Upload(%v) failed:%v", binaryVON, err)
}
if _, err := appStub().Install(ctx, mockApplicationRepoName, device.Config{}, nil); err != nil {
@@ -1703,7 +1705,7 @@
// Verify that when the package contents are corrupted, signature verification fails.
pkgContents[0] = pkgContents[0] ^ 0xFF
- if err := libbinary.Delete(ctx, pkgVON); err != nil {
+ if err := binarylib.Delete(ctx, pkgVON); err != nil {
t.Fatalf("Delete(%v) failed:%v", pkgVON, err)
}
if err := os.Remove(filepath.Join(tmpdir, "pkg.txt")); err != nil {
@@ -1712,8 +1714,8 @@
if err := ioutil.WriteFile(filepath.Join(tmpdir, "pkg.txt"), pkgContents, 0600); err != nil {
t.Fatalf("ioutil.WriteFile failed: %v", err)
}
- if _, err = libbinary.UploadFromDir(ctx, pkgVON, tmpdir); err != nil {
- t.Fatalf("libbinary.UploadFromDir failed: %v", err)
+ if _, err = binarylib.UploadFromDir(ctx, pkgVON, tmpdir); err != nil {
+ t.Fatalf("binarylib.UploadFromDir failed: %v", err)
}
if _, err := appStub().Install(ctx, mockApplicationRepoName, device.Config{}, nil); verror.ErrorID(err) != impl.ErrOperationFailed.ID {
t.Fatalf("Failed to verify signature mismatch for package:%v", pkgVON)
diff --git a/services/mgmt/device/impl/instance_reaping.go b/services/device/internal/impl/instance_reaping.go
similarity index 100%
rename from services/mgmt/device/impl/instance_reaping.go
rename to services/device/internal/impl/instance_reaping.go
diff --git a/services/mgmt/device/impl/instance_reaping_test.go b/services/device/internal/impl/instance_reaping_test.go
similarity index 92%
rename from services/mgmt/device/impl/instance_reaping_test.go
rename to services/device/internal/impl/instance_reaping_test.go
index 8b0e906..bac5e15 100644
--- a/services/mgmt/device/impl/instance_reaping_test.go
+++ b/services/device/internal/impl/instance_reaping_test.go
@@ -19,7 +19,7 @@
"v.io/v23/vdl"
"v.io/x/ref/envvar"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/internal/servicetest"
)
func TestReaperNoticesAppDeath(t *testing.T) {
@@ -28,8 +28,8 @@
// Set up the device manager. Since we won't do device manager updates,
// don't worry about its application envelope and current link.
- dmh := mgmttest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, nil, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ servicetest.ReadPID(t, dmh)
claimDevice(t, ctx, "dm", "mydevice", noPairingToken)
// Create the local server that the app uses to let us know it's ready.
@@ -107,8 +107,8 @@
defer os.RemoveAll(dmCreds)
dmEnv := []string{fmt.Sprintf("%v=%v", envvar.Credentials, dmCreds)}
- dmh := mgmttest.RunCommand(t, sh, dmEnv, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- mgmttest.ReadPID(t, dmh)
+ dmh := servicetest.RunCommand(t, sh, dmEnv, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ servicetest.ReadPID(t, dmh)
claimDevice(t, ctx, "dm", "mydevice", noPairingToken)
// Create the local server that the app uses to let us know it's ready.
@@ -152,8 +152,8 @@
}
// Run another device manager to replace the dead one.
- dmh = mgmttest.RunCommand(t, sh, dmEnv, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
- mgmttest.ReadPID(t, dmh)
+ dmh = servicetest.RunCommand(t, sh, dmEnv, deviceManagerCmd, "dm", root, helperPath, "unused_app_repo_name", "unused_curr_link")
+ servicetest.ReadPID(t, dmh)
resolve(t, ctx, "dm", 1) // Verify the device manager has published itself.
// By now, we've reconciled the state of the tree with which processes
diff --git a/services/mgmt/device/impl/mock_repo_test.go b/services/device/internal/impl/mock_repo_test.go
similarity index 93%
rename from services/mgmt/device/impl/mock_repo_test.go
rename to services/device/internal/impl/mock_repo_test.go
index 527c01c..6f2bece 100644
--- a/services/mgmt/device/impl/mock_repo_test.go
+++ b/services/device/internal/impl/mock_repo_test.go
@@ -23,7 +23,7 @@
"v.io/v23/verror"
"v.io/x/lib/vlog"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/internal/servicetest"
)
const mockBinaryRepoName = "br"
@@ -43,7 +43,7 @@
// repository. It returns a pointer to the envelope that the repository returns
// to clients (so that it can be changed). It also returns a cleanup function.
func startApplicationRepository(ctx *context.T) (*application.Envelope, func()) {
- server, _ := mgmttest.NewServer(ctx)
+ server, _ := servicetest.NewServer(ctx)
invoker := new(arInvoker)
name := mockApplicationRepoName
if err := server.Serve(name, repository.ApplicationServer(invoker), &openAuthorizer{}); err != nil {
@@ -76,11 +76,11 @@
return i.envelope, nil
}
-func (i *arInvoker) GetPermissions(rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (i *arInvoker) GetPermissions(rpc.ServerCall) (acl access.Permissions, version string, err error) {
return nil, "", nil
}
-func (i *arInvoker) SetPermissions(_ rpc.ServerCall, acl access.Permissions, etag string) error {
+func (i *arInvoker) SetPermissions(_ rpc.ServerCall, acl access.Permissions, version string) error {
return nil
}
@@ -91,7 +91,7 @@
// startBinaryRepository sets up a server running the binary repository and
// returns a cleanup function.
func startBinaryRepository(ctx *context.T) func() {
- server, _ := mgmttest.NewServer(ctx)
+ server, _ := servicetest.NewServer(ctx)
name := mockBinaryRepoName
if err := server.Serve(name, repository.BinaryServer(new(brInvoker)), &openAuthorizer{}); err != nil {
vlog.Fatalf("Serve(%q) failed: %v", name, err)
@@ -106,7 +106,7 @@
// BINARY REPOSITORY INTERFACE IMPLEMENTATION
// TODO(toddw): Move the errors from dispatcher.go into a common location.
-const pkgPath = "v.io/x/ref/services/mgmt/device/impl"
+const pkgPath = "v.io/x/ref/services/device/internal/impl"
var ErrOperationFailed = verror.Register(pkgPath+".OperationFailed", verror.NoRetry, "")
@@ -170,10 +170,10 @@
return nil
}
-func (i *brInvoker) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (i *brInvoker) GetPermissions(call rpc.ServerCall) (acl access.Permissions, version string, err error) {
return nil, "", nil
}
-func (i *brInvoker) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
+func (i *brInvoker) SetPermissions(call rpc.ServerCall, acl access.Permissions, version string) error {
return nil
}
diff --git a/services/mgmt/device/impl/only_for_test.go b/services/device/internal/impl/only_for_test.go
similarity index 100%
rename from services/mgmt/device/impl/only_for_test.go
rename to services/device/internal/impl/only_for_test.go
diff --git a/services/mgmt/device/impl/profile.go b/services/device/internal/impl/profile.go
similarity index 99%
rename from services/mgmt/device/impl/profile.go
rename to services/device/internal/impl/profile.go
index 8b86817..f21cdb3 100644
--- a/services/mgmt/device/impl/profile.go
+++ b/services/device/internal/impl/profile.go
@@ -156,7 +156,7 @@
Format: build.ELF,
},
{
- Label: "linux-x86",
+ Label: "linux-386",
Description: "",
Arch: build.X86,
Os: build.Linux,
diff --git a/services/mgmt/device/impl/proxy_invoker.go b/services/device/internal/impl/proxy_invoker.go
similarity index 100%
rename from services/mgmt/device/impl/proxy_invoker.go
rename to services/device/internal/impl/proxy_invoker.go
diff --git a/services/mgmt/device/impl/proxy_invoker_test.go b/services/device/internal/impl/proxy_invoker_test.go
similarity index 100%
rename from services/mgmt/device/impl/proxy_invoker_test.go
rename to services/device/internal/impl/proxy_invoker_test.go
diff --git a/services/mgmt/device/impl/shell_darwin.go b/services/device/internal/impl/shell_darwin.go
similarity index 100%
rename from services/mgmt/device/impl/shell_darwin.go
rename to services/device/internal/impl/shell_darwin.go
diff --git a/services/mgmt/device/impl/shell_linux.go b/services/device/internal/impl/shell_linux.go
similarity index 100%
rename from services/mgmt/device/impl/shell_linux.go
rename to services/device/internal/impl/shell_linux.go
diff --git a/services/mgmt/device/impl/util.go b/services/device/internal/impl/util.go
similarity index 95%
rename from services/mgmt/device/impl/util.go
rename to services/device/internal/impl/util.go
index 59f5796..36ec927 100644
--- a/services/mgmt/device/impl/util.go
+++ b/services/device/internal/impl/util.go
@@ -14,8 +14,8 @@
"strings"
"time"
- "v.io/x/ref/services/mgmt/device/config"
- "v.io/x/ref/services/mgmt/lib/binary"
+ "v.io/x/ref/services/binary/binarylib"
+ "v.io/x/ref/services/device/internal/config"
"v.io/v23/context"
"v.io/v23/security"
@@ -46,7 +46,7 @@
func downloadBinary(ctx *context.T, publisher security.Blessings, bin *application.SignedFile, workspace, fileName string) error {
// TODO(gauthamt): Reduce the number of passes we make over the binary/package
// data to verify its checksum and signature.
- data, _, err := binary.Download(ctx, bin.File)
+ data, _, err := binarylib.Download(ctx, bin.File)
if err != nil {
return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("Download(%v) failed: %v", bin.File, err))
}
@@ -67,7 +67,7 @@
return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("invalid local package name: %q", localPkg))
}
path := filepath.Join(pkgDir, localPkg)
- if err := binary.DownloadToFile(ctx, pkgName.File, path); err != nil {
+ if err := binarylib.DownloadToFile(ctx, pkgName.File, path); err != nil {
return verror.New(ErrOperationFailed, ctx, fmt.Sprintf("DownloadToFile(%q, %q) failed: %v", pkgName, path, err))
}
data, err := ioutil.ReadFile(path)
diff --git a/services/mgmt/device/impl/util_test.go b/services/device/internal/impl/util_test.go
similarity index 97%
rename from services/mgmt/device/impl/util_test.go
rename to services/device/internal/impl/util_test.go
index 8158ddc..3cc4314 100644
--- a/services/mgmt/device/impl/util_test.go
+++ b/services/device/internal/impl/util_test.go
@@ -33,8 +33,8 @@
"v.io/v23/verror"
_ "v.io/x/ref/profiles/roaming"
- "v.io/x/ref/services/mgmt/device/impl"
- mgmttest "v.io/x/ref/services/mgmt/lib/testutil"
+ "v.io/x/ref/services/device/internal/impl"
+ "v.io/x/ref/services/internal/servicetest"
"v.io/x/ref/test"
"v.io/x/ref/test/modules"
"v.io/x/ref/test/testutil"
@@ -96,7 +96,7 @@
func claimDevice(t *testing.T, ctx *context.T, name, extension, pairingToken string) {
// Setup blessings to be granted to the claimed device
- g := &granter{p: v23.GetPrincipal(ctx), extension: extension}
+ g := &granter{extension: extension}
s := options.SkipServerEndpointAuthorization{}
// Call the Claim RPC: Skip server authorization because the unclaimed
// device presents nothing that can be used to recognize it.
@@ -122,7 +122,7 @@
func claimDeviceExpectError(t *testing.T, ctx *context.T, name, extension, pairingToken string, errID verror.ID) {
// Setup blessings to be granted to the claimed device
- g := &granter{p: v23.GetPrincipal(ctx), extension: extension}
+ g := &granter{extension: extension}
s := options.SkipServerEndpointAuthorization{}
// Call the Claim RPC
if err := device.ClaimableClient(name).Claim(ctx, pairingToken, g, s); verror.ErrorID(err) != errID {
@@ -218,8 +218,10 @@
extension string
}
-func (g *granter) Grant(other security.Blessings) (security.Blessings, error) {
- return g.p.Bless(other.PublicKey(), g.p.BlessingStore().Default(), g.extension, security.UnconstrainedUse())
+func (g *granter) Grant(ctx *context.T) (security.Blessings, error) {
+ call := security.GetCall(ctx)
+ p := call.LocalPrincipal()
+ return p.Bless(call.RemoteBlessings().PublicKey(), p.BlessingStore().Default(), g.extension, security.UnconstrainedUse())
}
func startAppImpl(t *testing.T, ctx *context.T, appID, grant string) (string, error) {
@@ -463,12 +465,12 @@
idp := testutil.NewIDProvider("root")
ctx = ctxWithNewPrincipal(t, ctx, idp, "self")
- sh, deferFn := mgmttest.CreateShellAndMountTable(t, ctx, nil)
+ sh, deferFn := servicetest.CreateShellAndMountTable(t, ctx, nil)
// Set up mock application and binary repositories.
envelope, envCleanup := startMockRepos(t, ctx)
- root, rootCleanup := mgmttest.SetupRootDir(t, "devicemanager")
+ root, rootCleanup := servicetest.SetupRootDir(t, "devicemanager")
if err := impl.SaveCreatorInfo(root); err != nil {
t.Fatal(err)
}
diff --git a/services/mgmt/device/impl/v23_test.go b/services/device/internal/impl/v23_test.go
similarity index 100%
rename from services/mgmt/device/impl/v23_test.go
rename to services/device/internal/impl/v23_test.go
diff --git a/services/mgmt/device/starter/starter.go b/services/device/internal/starter/starter.go
similarity index 94%
rename from services/mgmt/device/starter/starter.go
rename to services/device/internal/starter/starter.go
index a854f24..b0a636c 100644
--- a/services/mgmt/device/starter/starter.go
+++ b/services/device/internal/starter/starter.go
@@ -17,10 +17,10 @@
"v.io/x/lib/netstate"
"v.io/x/ref/profiles/roaming"
"v.io/x/ref/services/debug/debuglib"
- "v.io/x/ref/services/mgmt/device/config"
- "v.io/x/ref/services/mgmt/device/impl"
- "v.io/x/ref/services/mgmt/lib/acls"
- mounttable "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/device/internal/config"
+ "v.io/x/ref/services/device/internal/impl"
+ "v.io/x/ref/services/internal/acls"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/v23"
"v.io/v23/context"
@@ -30,7 +30,7 @@
"v.io/x/lib/vlog"
)
-const pkgPath = "v.io/x/ref/services/mgmt/device/starter"
+const pkgPath = "v.io/x/ref/services/device/internal/starter"
var (
errCantSaveInfo = verror.Register(pkgPath+".errCantSaveInfo", verror.NoRetry, "{1:}{2:} failed to save info{:_}")
@@ -226,13 +226,12 @@
vlog.Errorf("Failed to start mounttable service: %v", err)
return nil, err
}
- // TODO(caprita): We link in a proxy server into the device manager so
- // that we can bootstrap with install-local before we can install an
- // actual proxy app. Once support is added to the RPC layer to allow
- // install-local to serve on the same connection it established to the
- // device manager (see TODO in
- // v.io/x/ref/cmd/mgmt/device/impl/local_install.go), we can get rid of
- // this local proxy altogether.
+ // TODO(caprita): We link in a proxy server into the device manager so that we
+ // can bootstrap with install-local before we can install an actual proxy app.
+ // Once support is added to the RPC layer to allow install-local to serve on
+ // the same connection it established to the device manager (see TODO in
+ // v.io/x/ref/services/device/device/local_install.go), we can get rid of this
+ // local proxy altogether.
stopProxy, err := startProxyServer(ctx, args.Proxy, mtName)
if err != nil {
vlog.Errorf("Failed to start proxy service: %v", err)
@@ -293,9 +292,9 @@
}
func startMounttable(ctx *context.T, n NamespaceArgs) (string, func(), error) {
- mtName, stopMT, err := mounttable.StartServers(ctx, n.ListenSpec, n.Name, n.Neighborhood, n.AccessListFile)
+ mtName, stopMT, err := mounttablelib.StartServers(ctx, n.ListenSpec, n.Name, n.Neighborhood, n.AccessListFile)
if err != nil {
- vlog.Errorf("mounttable.StartServers(%#v) failed: %v", n, err)
+ vlog.Errorf("mounttablelib.StartServers(%#v) failed: %v", n, err)
} else {
vlog.Infof("Local mounttable (%v) published as %q", mtName, n.Name)
}
diff --git a/cmd/mgmt/mgmt_v23_test.go b/services/device/mgmt_v23_test.go
similarity index 96%
rename from cmd/mgmt/mgmt_v23_test.go
rename to services/device/mgmt_v23_test.go
index 49bc382..7fc2c4f 100644
--- a/cmd/mgmt/mgmt_v23_test.go
+++ b/services/device/mgmt_v23_test.go
@@ -23,7 +23,7 @@
// to test a device manager with multi-account support enabled for app
// account vanaguest.
//
-package mgmt_test
+package device_test
//go:generate v23 test generate .
@@ -85,7 +85,7 @@
// applicationd/binaryd servers will be run by alice too.
namespaceBin = i.BuildV23Pkg("v.io/x/ref/cmd/namespace").WithStartOpts(aliceOpts)
debugBin = i.BuildV23Pkg("v.io/x/ref/services/debug/debug").WithStartOpts(aliceOpts)
- deviceBin = i.BuildV23Pkg("v.io/x/ref/cmd/mgmt/device").WithStartOpts(aliceOpts)
+ deviceBin = i.BuildV23Pkg("v.io/x/ref/services/device/device").WithStartOpts(aliceOpts)
binaryBin = i.BuildV23Pkg("v.io/x/ref/services/binary/binary").WithStartOpts(aliceOpts)
applicationBin = i.BuildV23Pkg("v.io/x/ref/services/application/application").WithStartOpts(aliceOpts)
binarydBin = i.BuildV23Pkg("v.io/x/ref/services/binary/binaryd").WithStartOpts(aliceOpts)
@@ -98,7 +98,7 @@
// waiting to be claimed.
//
// Other binaries, like applicationd and binaryd will be run by alice.
- deviceScript = i.BinaryFromPath("device/devicex").WithEnv("V23_DEVICE_DIR=" + dmInstallDir)
+ deviceScript = i.BinaryFromPath("./devicex").WithEnv("V23_DEVICE_DIR=" + dmInstallDir)
mtName = "devices/" + hostname // Name under which the device manager will publish itself.
)
@@ -107,10 +107,10 @@
buildAndCopyBinaries(
i,
binStagingDir,
- "v.io/x/ref/services/mgmt/device/deviced",
- "v.io/x/ref/security/agent/agentd",
- "v.io/x/ref/services/mgmt/suidhelper",
- "v.io/x/ref/services/mgmt/inithelper")
+ "v.io/x/ref/services/device/deviced",
+ "v.io/x/ref/services/agent/agentd",
+ "v.io/x/ref/services/device/suidhelper",
+ "v.io/x/ref/services/device/inithelper")
appDName := "applicationd"
devicedAppName := filepath.Join(appDName, "deviced", "test")
@@ -284,7 +284,7 @@
// Upload a deviced binary
devicedAppBinName := binarydName + "/deviced"
- binaryBin.Run("upload", devicedAppBinName, i.BuildGoPkg("v.io/x/ref/services/mgmt/device/deviced").Path())
+ binaryBin.Run("upload", devicedAppBinName, i.BuildGoPkg("v.io/x/ref/services/device/deviced").Path())
// Upload a device manager envelope.
devicedEnvelopeFilename := filepath.Join(workDir, "deviced.envelope")
diff --git a/cmd/mgmt/shell.sh b/services/device/shell.sh
similarity index 100%
rename from cmd/mgmt/shell.sh
rename to services/device/shell.sh
diff --git a/cmd/mgmt/shell_test.sh b/services/device/shell_test.sh
similarity index 99%
rename from cmd/mgmt/shell_test.sh
rename to services/device/shell_test.sh
index eafdc96..9d66678 100755
--- a/cmd/mgmt/shell_test.sh
+++ b/services/device/shell_test.sh
@@ -265,7 +265,7 @@
# main "$@"
shell_test::enable_agent() {
if [[ ! -n ${shell_test_RUNNING_UNDER_AGENT+1} ]]; then
- local -r AGENTD="$(shell_test::build_go_binary 'v.io/x/ref/security/agent/agentd')"
+ local -r AGENTD="$(shell_test::build_go_binary 'v.io/x/ref/services/agent/agentd')"
local -r WORKDIR="${shell_test_WORK_DIR}"
export shell_test_RUNNING_UNDER_AGENT=1
V23_CREDENTIALS="${WORKDIR}/credentials" exec ${AGENTD} --no-passphrase --additional-principals="${WORKDIR}/childcredentials" bash -"$-" "$0" "$@"
diff --git a/cmd/mgmt/suid_test.sh b/services/device/suid_test.sh
similarity index 97%
rename from cmd/mgmt/suid_test.sh
rename to services/device/suid_test.sh
index ea320e2..2c09107 100755
--- a/cmd/mgmt/suid_test.sh
+++ b/services/device/suid_test.sh
@@ -56,15 +56,15 @@
BINARY_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/binary/binary')"
APPLICATIOND_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/application/applicationd')"
APPLICATION_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/application/application')"
- AGENTD_BIN="$(shell_test::build_go_binary 'v.io/x/ref/security/agent/agentd')"
- SUIDHELPER_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/mgmt/suidhelper')"
- INITHELPER_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/mgmt/inithelper')"
- DEVICEMANAGER_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/mgmt/device/deviced')"
- DEVICE_BIN="$(shell_test::build_go_binary 'v.io/x/ref/cmd/mgmt/device')"
+ AGENTD_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/agent/agentd')"
+ SUIDHELPER_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/device/suidhelper')"
+ INITHELPER_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/device/inithelper')"
+ DEVICEMANAGER_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/device/deviced')"
+ DEVICE_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/device/device')"
NAMESPACE_BIN="$(shell_test::build_go_binary 'v.io/x/ref/cmd/namespace')"
PRINCIPAL_BIN="$(shell_test::build_go_binary 'v.io/x/ref/cmd/principal')"
DEBUG_BIN="$(shell_test::build_go_binary 'v.io/x/ref/services/debug/debug')"
- DEVICE_SCRIPT="$(go list -f {{.Dir}} v.io/x/ref/cmd/mgmt/device)/devicex"
+ DEVICE_SCRIPT="$(go list -f {{.Dir}} v.io/x/ref/services/device)/devicex"
}
# TODO(caprita): Move to shell_tesh.sh
diff --git a/services/mgmt/suidhelper/main.go b/services/device/suidhelper/main.go
similarity index 88%
rename from services/mgmt/suidhelper/main.go
rename to services/device/suidhelper/main.go
index b36e1b8..92fc1c9 100644
--- a/services/mgmt/suidhelper/main.go
+++ b/services/device/suidhelper/main.go
@@ -14,13 +14,13 @@
"fmt"
"os"
- "v.io/x/ref/services/mgmt/suidhelper/impl"
+ "v.io/x/ref/lib/suid"
)
func main() {
flag.Parse()
fmt.Fprintln(os.Stderr, os.Args)
- if err := impl.Run(os.Environ()); err != nil {
+ if err := suid.Run(os.Environ()); err != nil {
fmt.Fprintln(os.Stderr, "Failed with:", err)
// TODO(rjkroege): We should really only print the usage message
// if the error is related to interpreting flags.
diff --git a/cmd/mgmt/test.sh b/services/device/test.sh
similarity index 100%
rename from cmd/mgmt/test.sh
rename to services/device/test.sh
diff --git a/cmd/mgmt/v23_test.go b/services/device/v23_test.go
similarity index 95%
rename from cmd/mgmt/v23_test.go
rename to services/device/v23_test.go
index eca31e6..597fed2 100644
--- a/cmd/mgmt/v23_test.go
+++ b/services/device/v23_test.go
@@ -4,7 +4,7 @@
// This file was auto-generated via go generate.
// DO NOT UPDATE MANUALLY
-package mgmt_test
+package device_test
import "testing"
import "os"
diff --git a/services/security/discharger.vdl b/services/discharger/discharger.vdl
similarity index 97%
rename from services/security/discharger.vdl
rename to services/discharger/discharger.vdl
index 040fe21..7aed262 100644
--- a/services/security/discharger.vdl
+++ b/services/discharger/discharger.vdl
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package security
+package discharger
import "v.io/v23/security"
diff --git a/services/security/discharger.vdl.go b/services/discharger/discharger.vdl.go
similarity index 95%
rename from services/security/discharger.vdl.go
rename to services/discharger/discharger.vdl.go
index 3b0715a..1024842 100644
--- a/services/security/discharger.vdl.go
+++ b/services/discharger/discharger.vdl.go
@@ -5,7 +5,7 @@
// This file was auto-generated by the vanadium vdl tool.
// Source: discharger.vdl
-package security
+package discharger
import (
// VDL system imports
@@ -21,7 +21,7 @@
var (
// Indicates that the Caveat does not require a discharge
- ErrNotAThirdPartyCaveat = verror.Register("v.io/x/ref/services/security.NotAThirdPartyCaveat", verror.NoRetry, "{1:}{2:} discharges are not required for non-third-party caveats (id: {c.id})")
+ ErrNotAThirdPartyCaveat = verror.Register("v.io/x/ref/services/discharger.NotAThirdPartyCaveat", verror.NoRetry, "{1:}{2:} discharges are not required for non-third-party caveats (id: {c.id})")
)
func init() {
@@ -132,7 +132,7 @@
// descDischarger hides the desc to keep godoc clean.
var descDischarger = rpc.InterfaceDesc{
Name: "Discharger",
- PkgPath: "v.io/x/ref/services/security",
+ PkgPath: "v.io/x/ref/services/discharger",
Doc: "// Discharger is the interface for obtaining discharges for ThirdPartyCaveats.",
Methods: []rpc.MethodDesc{
{
diff --git a/services/security/discharger/discharger.go b/services/discharger/dischargerlib/discharger.go
similarity index 86%
rename from services/security/discharger/discharger.go
rename to services/discharger/dischargerlib/discharger.go
index 30ad199..1c3e405 100644
--- a/services/security/discharger/discharger.go
+++ b/services/discharger/dischargerlib/discharger.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package discharger
+package dischargerlib
import (
"fmt"
@@ -10,7 +10,7 @@
"v.io/v23/rpc"
"v.io/v23/security"
- services "v.io/x/ref/services/security"
+ "v.io/x/ref/services/discharger"
)
// dischargerd issues discharges for all caveats present in the current
@@ -22,7 +22,7 @@
secCall := security.GetCall(ctx)
tp := caveat.ThirdPartyDetails()
if tp == nil {
- return security.Discharge{}, services.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
+ return security.Discharge{}, discharger.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
}
if err := tp.Dischargeable(ctx); err != nil {
return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
@@ -40,6 +40,6 @@
// Discharges are valid for 15 minutes.
// TODO(ashankar,ataly): Parameterize this? Make it easier for clients to add
// caveats on the discharge?
-func NewDischarger() services.DischargerServerMethods {
+func NewDischarger() discharger.DischargerServerMethods {
return dischargerd{}
}
diff --git a/services/security/groups/README b/services/groups/README
similarity index 66%
rename from services/security/groups/README
rename to services/groups/README
index 4d1e921..fa22167 100644
--- a/services/security/groups/README
+++ b/services/groups/README
@@ -1,6 +1,6 @@
WORK IN PROGRESS. DO NOT DEPEND ON ANYTHING IN THIS DIRECTORY.
-This directory provides an implementation of groups.
+This directory provides an implementation of groups for managing access control.
Group support is under development. Code and interfaces in this directory may
change at any time.
diff --git a/services/security/groups/grpserverd/main.go b/services/groups/groupsd/main.go
similarity index 84%
rename from services/security/groups/grpserverd/main.go
rename to services/groups/groupsd/main.go
index b5d2c3d..39222de 100644
--- a/services/security/groups/grpserverd/main.go
+++ b/services/groups/groupsd/main.go
@@ -2,11 +2,11 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// grpserverd is a group server daemon.
+// Daemon groupsd manages groups for access control.
package main
// Example invocation:
-// grpserverd --v23.tcp.address="127.0.0.1:0" --name=grpserverd
+// groupsd --v23.tcp.address="127.0.0.1:0" --name=groupsd
import (
"flag"
@@ -17,8 +17,8 @@
"v.io/x/ref/lib/signals"
_ "v.io/x/ref/profiles/roaming"
- "v.io/x/ref/services/security/groups/memstore"
- "v.io/x/ref/services/security/groups/server"
+ "v.io/x/ref/services/groups/internal/memstore"
+ "v.io/x/ref/services/groups/internal/server"
)
// TODO(sadovsky): Perhaps this should be one of the standard Vanadium flags.
diff --git a/services/security/groups/memstore/memstore.go b/services/groups/internal/memstore/memstore.go
similarity index 67%
rename from services/security/groups/memstore/memstore.go
rename to services/groups/internal/memstore/memstore.go
index 7785c6b..3a5ae6c 100644
--- a/services/security/groups/memstore/memstore.go
+++ b/services/groups/internal/memstore/memstore.go
@@ -11,12 +11,12 @@
"strconv"
"sync"
- "v.io/x/ref/services/security/groups/server"
+ "v.io/x/ref/services/groups/internal/server"
)
type entry struct {
- v interface{}
- etag int
+ v interface{}
+ version int
}
type memstore struct {
@@ -30,14 +30,14 @@
return &memstore{data: map[string]*entry{}}
}
-func (st *memstore) Get(k string) (v interface{}, etag string, err error) {
+func (st *memstore) Get(k string) (v interface{}, version string, err error) {
st.mu.Lock()
defer st.mu.Unlock()
e, ok := st.data[k]
if !ok {
return nil, "", &server.ErrUnknownKey{Key: k}
}
- return e.v, strconv.Itoa(e.etag), nil
+ return e.v, strconv.Itoa(e.version), nil
}
func (st *memstore) Insert(k string, v interface{}) error {
@@ -50,39 +50,39 @@
return nil
}
-func (st *memstore) Update(k string, v interface{}, etag string) error {
+func (st *memstore) Update(k string, v interface{}, version string) error {
st.mu.Lock()
defer st.mu.Unlock()
e, ok := st.data[k]
if !ok {
return &server.ErrUnknownKey{Key: k}
}
- if err := e.checkEtag(etag); err != nil {
+ if err := e.checkVersion(version); err != nil {
return err
}
e.v = v
- e.etag++
+ e.version++
return nil
}
-func (st *memstore) Delete(k string, etag string) error {
+func (st *memstore) Delete(k string, version string) error {
st.mu.Lock()
defer st.mu.Unlock()
e, ok := st.data[k]
if !ok {
return &server.ErrUnknownKey{Key: k}
}
- if err := e.checkEtag(etag); err != nil {
+ if err := e.checkVersion(version); err != nil {
return err
}
delete(st.data, k)
return nil
}
-func (e *entry) checkEtag(etag string) error {
- newEtag := strconv.Itoa(e.etag)
- if etag != newEtag {
- return &server.ErrBadEtag{}
+func (e *entry) checkVersion(version string) error {
+ newVersion := strconv.Itoa(e.version)
+ if version != newVersion {
+ return &server.ErrBadVersion{}
}
return nil
}
diff --git a/services/security/groups/server/doc.go b/services/groups/internal/server/doc.go
similarity index 100%
rename from services/security/groups/server/doc.go
rename to services/groups/internal/server/doc.go
diff --git a/services/security/groups/server/group.go b/services/groups/internal/server/group.go
similarity index 74%
rename from services/security/groups/server/group.go
rename to services/groups/internal/server/group.go
index 51a92bb..2d04399 100644
--- a/services/security/groups/server/group.go
+++ b/services/groups/internal/server/group.go
@@ -68,54 +68,54 @@
return nil
}
-func (g *group) Delete(call rpc.ServerCall, etag string) error {
- return g.readModifyWrite(call, etag, func(gd *groupData, etagSt string) error {
- return g.m.st.Delete(g.name, etagSt)
+func (g *group) Delete(call rpc.ServerCall, version string) error {
+ return g.readModifyWrite(call, version, func(gd *groupData, versionSt string) error {
+ return g.m.st.Delete(g.name, versionSt)
})
}
-func (g *group) Add(call rpc.ServerCall, entry groups.BlessingPatternChunk, etag string) error {
- return g.update(call, etag, func(gd *groupData) {
+func (g *group) Add(call rpc.ServerCall, entry groups.BlessingPatternChunk, version string) error {
+ return g.update(call, version, func(gd *groupData) {
gd.Entries[entry] = struct{}{}
})
}
-func (g *group) Remove(call rpc.ServerCall, entry groups.BlessingPatternChunk, etag string) error {
- return g.update(call, etag, func(gd *groupData) {
+func (g *group) Remove(call rpc.ServerCall, entry groups.BlessingPatternChunk, version string) error {
+ return g.update(call, version, func(gd *groupData) {
delete(gd.Entries, entry)
})
}
// TODO(sadovsky): Replace fake implementation with real implementation.
-func (g *group) Get(call rpc.ServerCall, req groups.GetRequest, reqEtag string) (res groups.GetResponse, etag string, err error) {
- gd, etag, err := g.getInternal(call)
+func (g *group) Get(call rpc.ServerCall, req groups.GetRequest, reqVersion string) (res groups.GetResponse, version string, err error) {
+ gd, version, err := g.getInternal(call)
if err != nil {
return groups.GetResponse{}, "", err
}
- return groups.GetResponse{Entries: gd.Entries}, etag, nil
+ return groups.GetResponse{Entries: gd.Entries}, version, nil
}
// TODO(sadovsky): Replace fake implementation with real implementation.
-func (g *group) Rest(call rpc.ServerCall, req groups.RestRequest, reqEtag string) (res groups.RestResponse, etag string, err error) {
- _, etag, err = g.getInternal(call)
+func (g *group) Rest(call rpc.ServerCall, req groups.RestRequest, reqVersion string) (res groups.RestResponse, version string, err error) {
+ _, version, err = g.getInternal(call)
if err != nil {
return groups.RestResponse{}, "", err
}
- return groups.RestResponse{}, etag, nil
+ return groups.RestResponse{}, version, nil
}
-func (g *group) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
- return g.update(call, etag, func(gd *groupData) {
+func (g *group) SetPermissions(call rpc.ServerCall, acl access.Permissions, version string) error {
+ return g.update(call, version, func(gd *groupData) {
gd.AccessList = acl
})
}
-func (g *group) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
- gd, etag, err := g.getInternal(call)
+func (g *group) GetPermissions(call rpc.ServerCall) (acl access.Permissions, version string, err error) {
+ gd, version, err := g.getInternal(call)
if err != nil {
return nil, "", err
}
- return gd.AccessList, etag, nil
+ return gd.AccessList, version, nil
}
////////////////////////////////////////
@@ -136,8 +136,8 @@
}
// Returns a VDL-compatible error. Performs access check.
-func (g *group) getInternal(call rpc.ServerCall) (gd groupData, etag string, err error) {
- v, etag, err := g.m.st.Get(g.name)
+func (g *group) getInternal(call rpc.ServerCall) (gd groupData, version string, err error) {
+ v, version, err := g.m.st.Get(g.name)
if err != nil {
if _, ok := err.(*ErrUnknownKey); ok {
// TODO(sadovsky): Return NoExist if appropriate.
@@ -152,39 +152,39 @@
if err := g.authorize(call, gd.AccessList); err != nil {
return groupData{}, "", err
}
- return gd, etag, nil
+ return gd, version, nil
}
// Returns a VDL-compatible error. Performs access check.
-func (g *group) update(call rpc.ServerCall, etag string, fn func(gd *groupData)) error {
- return g.readModifyWrite(call, etag, func(gd *groupData, etagSt string) error {
+func (g *group) update(call rpc.ServerCall, version string, fn func(gd *groupData)) error {
+ return g.readModifyWrite(call, version, func(gd *groupData, versionSt string) error {
fn(gd)
- return g.m.st.Update(g.name, *gd, etagSt)
+ return g.m.st.Update(g.name, *gd, versionSt)
})
}
// Returns a VDL-compatible error. Performs access check.
// fn should perform the "modify, write" part of "read, modify, write", and
// should return a Store error.
-func (g *group) readModifyWrite(call rpc.ServerCall, etag string, fn func(gd *groupData, etagSt string) error) error {
+func (g *group) readModifyWrite(call rpc.ServerCall, version string, fn func(gd *groupData, versionSt string) error) error {
// Transaction retry loop.
for i := 0; i < 3; i++ {
- gd, etagSt, err := g.getInternal(call)
+ gd, versionSt, err := g.getInternal(call)
if err != nil {
return err
}
// Fail early if possible.
- if etag != "" && etag != etagSt {
- return verror.NewErrBadEtag(call.Context())
+ if version != "" && version != versionSt {
+ return verror.NewErrBadVersion(call.Context())
}
- if err := fn(&gd, etagSt); err != nil {
- if err, ok := err.(*ErrBadEtag); ok {
- // Retry on etag error if the original etag was empty.
- if etag != "" {
- return verror.NewErrBadEtag(call.Context())
+ if err := fn(&gd, versionSt); err != nil {
+ if err, ok := err.(*ErrBadVersion); ok {
+ // Retry on version error if the original version was empty.
+ if version != "" {
+ return verror.NewErrBadVersion(call.Context())
}
} else {
- // Abort on non-etag error.
+ // Abort on non-version error.
return verror.New(verror.ErrInternal, call.Context(), err)
}
} else {
diff --git a/services/security/groups/server/manager.go b/services/groups/internal/server/manager.go
similarity index 100%
rename from services/security/groups/server/manager.go
rename to services/groups/internal/server/manager.go
diff --git a/services/security/groups/server/server_test.go b/services/groups/internal/server/server_test.go
similarity index 73%
rename from services/security/groups/server/server_test.go
rename to services/groups/internal/server/server_test.go
index fa308df..a01d355 100644
--- a/services/security/groups/server/server_test.go
+++ b/services/groups/internal/server/server_test.go
@@ -19,8 +19,8 @@
"v.io/x/lib/vlog"
_ "v.io/x/ref/profiles"
- "v.io/x/ref/services/security/groups/memstore"
- "v.io/x/ref/services/security/groups/server"
+ "v.io/x/ref/services/groups/internal/memstore"
+ "v.io/x/ref/services/groups/internal/server"
"v.io/x/ref/test/testutil"
)
@@ -44,13 +44,13 @@
return res
}
-func getEtagOrDie(g groups.GroupClientStub, ctx *context.T, t *testing.T) string {
- _, etag, err := g.Get(ctx, groups.GetRequest{}, "")
+func getVersionOrDie(g groups.GroupClientStub, ctx *context.T, t *testing.T) string {
+ _, version, err := g.Get(ctx, groups.GetRequest{}, "")
if err != nil {
debug.PrintStack()
t.Fatal("Get failed: ", err)
}
- return etag
+ return version
}
func bpc(chunk string) groups.BlessingPatternChunk {
@@ -91,7 +91,8 @@
vlog.Fatal("s.Listen() failed: ", err)
}
- // TODO(sadovsky): Pass in an AccessList and test AccessList-checking in Group.Create().
+ // TODO(sadovsky): Pass in an AccessList and test AccessList-checking in
+ // Group.Create().
acl := access.Permissions{}
m := server.NewManager(memstore.New(), acl)
@@ -179,8 +180,8 @@
t.Fatal("Create should have failed")
}
- // Create a group with an AccessList and a few entries, including some redundant
- // ones.
+ // Create a group with an AccessList and a few entries, including some
+ // redundant ones.
g = groups.GroupClient(naming.JoinAddressName(serverName, "grpB"))
acl = access.Permissions{}
// Allow Admin and Read so that we can call GetPermissions and Get.
@@ -206,19 +207,19 @@
ctx, serverName, cleanup := setupOrDie()
defer cleanup()
- // Create a group with a default AccessList and no entries, check that we can delete
- // it.
+ // Create a group with a default AccessList and no entries, check that we can
+ // delete it.
g := groups.GroupClient(naming.JoinAddressName(serverName, "grpA"))
if err := g.Create(ctx, nil, nil); err != nil {
t.Fatal("Create failed: ", err)
}
- // Delete with bad etag should fail.
- if err := g.Delete(ctx, "20"); verror.ErrorID(err) != verror.ErrBadEtag.ID {
- t.Fatal("Delete should have failed with etag error")
+ // Delete with bad version should fail.
+ if err := g.Delete(ctx, "20"); verror.ErrorID(err) != verror.ErrBadVersion.ID {
+ t.Fatal("Delete should have failed with version error")
}
- // Delete with correct etag should succeed.
- etag := getEtagOrDie(g, ctx, t)
- if err := g.Delete(ctx, etag); err != nil {
+ // Delete with correct version should succeed.
+ version := getVersionOrDie(g, ctx, t)
+ if err := g.Delete(ctx, version); err != nil {
t.Fatal("Delete failed: ", err)
}
// Check that the group was actually deleted.
@@ -231,7 +232,7 @@
if err := g.Create(ctx, nil, bpcSlice("foo", "bar", "foo")); err != nil {
t.Fatal("Create failed: ", err)
}
- // Delete with empty etag should succeed.
+ // Delete with empty version should succeed.
if err := g.Delete(ctx, ""); err != nil {
t.Fatal("Delete failed: ", err)
}
@@ -244,8 +245,8 @@
t.Fatal("Create failed: ", err)
}
- // Create a group with an AccessList that disallows Delete(), check that Delete()
- // fails.
+ // Create a group with an AccessList that disallows Delete(), check that
+ // Delete() fails.
g = groups.GroupClient(naming.JoinAddressName(serverName, "grpC"))
acl := access.Permissions{}
acl.Add(security.BlessingPattern("server/client"), string(access.Admin))
@@ -276,73 +277,75 @@
}
var aclBefore, aclAfter access.Permissions
- var etagBefore, etagAfter string
+ var versionBefore, versionAfter string
- getAccessListAndEtagOrDie := func() (access.Permissions, string) {
- // Doesn't use getEtagOrDie since that requires access.Read permission.
- acl, etag, err := g.GetPermissions(ctx)
+ getAccessListAndVersionOrDie := func() (access.Permissions, string) {
+ // Doesn't use getVersionOrDie since that requires access.Read permission.
+ acl, version, err := g.GetPermissions(ctx)
if err != nil {
debug.PrintStack()
t.Fatal("GetPermissions failed: ", err)
}
- return acl, etag
+ return acl, version
}
- // SetPermissions with bad etag should fail.
- aclBefore, etagBefore = getAccessListAndEtagOrDie()
- if err := g.SetPermissions(ctx, myacl, "20"); verror.ErrorID(err) != verror.ErrBadEtag.ID {
- t.Fatal("SetPermissions should have failed with etag error")
+ // SetPermissions with bad version should fail.
+ aclBefore, versionBefore = getAccessListAndVersionOrDie()
+ if err := g.SetPermissions(ctx, myacl, "20"); verror.ErrorID(err) != verror.ErrBadVersion.ID {
+ t.Fatal("SetPermissions should have failed with version error")
}
- // Since SetPermissions failed, the AccessList and etag should not have changed.
- aclAfter, etagAfter = getAccessListAndEtagOrDie()
+ // Since SetPermissions failed, the AccessList and version should not have
+ // changed.
+ aclAfter, versionAfter = getAccessListAndVersionOrDie()
if !reflect.DeepEqual(aclBefore, aclAfter) {
t.Errorf("AccessLists do not match: want %v, got %v", aclBefore, aclAfter)
}
- if etagBefore != etagAfter {
- t.Errorf("Etags do not match: want %v, got %v", etagBefore, etagAfter)
+ if versionBefore != versionAfter {
+ t.Errorf("Versions do not match: want %v, got %v", versionBefore, versionAfter)
}
- // SetPermissions with correct etag should succeed.
- aclBefore, etagBefore = aclAfter, etagAfter
- if err := g.SetPermissions(ctx, myacl, etagBefore); err != nil {
+ // SetPermissions with correct version should succeed.
+ aclBefore, versionBefore = aclAfter, versionAfter
+ if err := g.SetPermissions(ctx, myacl, versionBefore); err != nil {
t.Fatal("SetPermissions failed: ", err)
}
- // Check that the AccessList and etag actually changed.
- aclAfter, etagAfter = getAccessListAndEtagOrDie()
+ // Check that the AccessList and version actually changed.
+ aclAfter, versionAfter = getAccessListAndVersionOrDie()
if !reflect.DeepEqual(myacl, aclAfter) {
t.Errorf("AccessLists do not match: want %v, got %v", myacl, aclAfter)
}
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // SetPermissions with empty etag should succeed.
- aclBefore, etagBefore = aclAfter, etagAfter
+ // SetPermissions with empty version should succeed.
+ aclBefore, versionBefore = aclAfter, versionAfter
myacl.Add(security.BlessingPattern("server/client"), string(access.Read))
if err := g.SetPermissions(ctx, myacl, ""); err != nil {
t.Fatal("SetPermissions failed: ", err)
}
- // Check that the AccessList and etag actually changed.
- aclAfter, etagAfter = getAccessListAndEtagOrDie()
+ // Check that the AccessList and version actually changed.
+ aclAfter, versionAfter = getAccessListAndVersionOrDie()
if !reflect.DeepEqual(myacl, aclAfter) {
t.Errorf("AccessLists do not match: want %v, got %v", myacl, aclAfter)
}
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // SetPermissions with unchanged AccessList should succeed, and etag should still change.
- aclBefore, etagBefore = aclAfter, etagAfter
+ // SetPermissions with unchanged AccessList should succeed, and version should
+ // still change.
+ aclBefore, versionBefore = aclAfter, versionAfter
if err := g.SetPermissions(ctx, myacl, ""); err != nil {
t.Fatal("SetPermissions failed: ", err)
}
- // Check that the AccessList did not change and the etag did change.
- aclAfter, etagAfter = getAccessListAndEtagOrDie()
+ // Check that the AccessList did not change and the version did change.
+ aclAfter, versionAfter = getAccessListAndVersionOrDie()
if !reflect.DeepEqual(aclBefore, aclAfter) {
t.Errorf("AccessLists do not match: want %v, got %v", aclBefore, aclAfter)
}
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
// Take away our access. SetPermissions and GetPermissions should fail.
@@ -373,35 +376,35 @@
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- var etagBefore, etagAfter string
- etagBefore = getEtagOrDie(g, ctx, t)
- // Add with bad etag should fail.
- if err := g.Add(ctx, bpc("foo"), "20"); verror.ErrorID(err) != verror.ErrBadEtag.ID {
- t.Fatal("Add should have failed with etag error")
+ var versionBefore, versionAfter string
+ versionBefore = getVersionOrDie(g, ctx, t)
+ // Add with bad version should fail.
+ if err := g.Add(ctx, bpc("foo"), "20"); verror.ErrorID(err) != verror.ErrBadVersion.ID {
+ t.Fatal("Add should have failed with version error")
}
- // Etag should not have changed.
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore != etagAfter {
- t.Errorf("Etags do not match: want %v, got %v", etagBefore, etagAfter)
+ // Version should not have changed.
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore != versionAfter {
+ t.Errorf("Versions do not match: want %v, got %v", versionBefore, versionAfter)
}
- // Add an entry, verify it was added and the etag changed.
- etagBefore = etagAfter
- if err := g.Add(ctx, bpc("foo"), etagBefore); err != nil {
+ // Add an entry, verify it was added and the version changed.
+ versionBefore = versionAfter
+ if err := g.Add(ctx, bpc("foo"), versionBefore); err != nil {
t.Fatal("Add failed: ", err)
}
want, got = bpcSet("foo"), getEntriesOrDie(g, ctx, t)
if !entriesEqual(want, got) {
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // Add another entry, verify it was added and the etag changed.
- etagBefore = etagAfter
- // Add with empty etag should succeed.
+ // Add another entry, verify it was added and the version changed.
+ versionBefore = versionAfter
+ // Add with empty version should succeed.
if err := g.Add(ctx, bpc("bar"), ""); err != nil {
t.Fatal("Add failed: ", err)
}
@@ -409,27 +412,28 @@
if !entriesEqual(want, got) {
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // Add "bar" again, verify entries are still ["foo", "bar"] and the etag
+ // Add "bar" again, verify entries are still ["foo", "bar"] and the version
// changed.
- etagBefore = etagAfter
- if err := g.Add(ctx, bpc("bar"), etagBefore); err != nil {
+ versionBefore = versionAfter
+ if err := g.Add(ctx, bpc("bar"), versionBefore); err != nil {
t.Fatal("Add failed: ", err)
}
want, got = bpcSet("foo", "bar"), getEntriesOrDie(g, ctx, t)
if !entriesEqual(want, got) {
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // Create a group with an AccessList that disallows Add(), check that Add() fails.
+ // Create a group with an AccessList that disallows Add(), check that Add()
+ // fails.
g = groups.GroupClient(naming.JoinAddressName(serverName, "grpB"))
acl := access.Permissions{}
acl.Add(security.BlessingPattern("server/client"), string(access.Admin))
@@ -458,35 +462,35 @@
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- var etagBefore, etagAfter string
- etagBefore = getEtagOrDie(g, ctx, t)
- // Remove with bad etag should fail.
- if err := g.Remove(ctx, bpc("foo"), "20"); verror.ErrorID(err) != verror.ErrBadEtag.ID {
- t.Fatal("Remove should have failed with etag error")
+ var versionBefore, versionAfter string
+ versionBefore = getVersionOrDie(g, ctx, t)
+ // Remove with bad version should fail.
+ if err := g.Remove(ctx, bpc("foo"), "20"); verror.ErrorID(err) != verror.ErrBadVersion.ID {
+ t.Fatal("Remove should have failed with version error")
}
- // Etag should not have changed.
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore != etagAfter {
- t.Errorf("Etags do not match: want %v, got %v", etagBefore, etagAfter)
+ // Version should not have changed.
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore != versionAfter {
+ t.Errorf("Versions do not match: want %v, got %v", versionBefore, versionAfter)
}
- // Remove an entry, verify it was removed and the etag changed.
- etagBefore = etagAfter
- if err := g.Remove(ctx, bpc("foo"), etagBefore); err != nil {
+ // Remove an entry, verify it was removed and the version changed.
+ versionBefore = versionAfter
+ if err := g.Remove(ctx, bpc("foo"), versionBefore); err != nil {
t.Fatal("Remove failed: ", err)
}
want, got = bpcSet("bar"), getEntriesOrDie(g, ctx, t)
if !entriesEqual(want, got) {
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // Remove another entry, verify it was removed and the etag changed.
- etagBefore = etagAfter
- // Remove with empty etag should succeed.
+ // Remove another entry, verify it was removed and the version changed.
+ versionBefore = versionAfter
+ // Remove with empty version should succeed.
if err := g.Remove(ctx, bpc("bar"), ""); err != nil {
t.Fatal("Remove failed: ", err)
}
@@ -494,27 +498,27 @@
if !entriesEqual(want, got) {
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // Remove "bar" again, verify entries are still [] and the etag changed.
- etagBefore = etagAfter
- if err := g.Remove(ctx, bpc("bar"), etagBefore); err != nil {
+ // Remove "bar" again, verify entries are still [] and the version changed.
+ versionBefore = versionAfter
+ if err := g.Remove(ctx, bpc("bar"), versionBefore); err != nil {
t.Fatal("Remove failed: ", err)
}
want, got = bpcSet(), getEntriesOrDie(g, ctx, t)
if !entriesEqual(want, got) {
t.Errorf("Entries do not match: want %v, got %v", want, got)
}
- etagAfter = getEtagOrDie(g, ctx, t)
- if etagBefore == etagAfter {
- t.Errorf("Etags should not match: %v", etagBefore)
+ versionAfter = getVersionOrDie(g, ctx, t)
+ if versionBefore == versionAfter {
+ t.Errorf("Versions should not match: %v", versionBefore)
}
- // Create a group with an AccessList that disallows Remove(), check that Remove()
- // fails.
+ // Create a group with an AccessList that disallows Remove(), check that
+ // Remove() fails.
g = groups.GroupClient(naming.JoinAddressName(serverName, "grpB"))
acl := access.Permissions{}
acl.Add(security.BlessingPattern("server/client"), string(access.Admin))
diff --git a/services/groups/internal/server/store.go b/services/groups/internal/server/store.go
new file mode 100644
index 0000000..83f605e
--- /dev/null
+++ b/services/groups/internal/server/store.go
@@ -0,0 +1,53 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package server
+
+// Store is a key-value store that uses versions for optimistic concurrency
+// control. The versions passed to Update and Delete must come from Get. If in
+// the meantime some client has called Update or Delete on the same key, the
+// version will be stale and the method call will fail.
+//
+// Note, this API disallows empty versions to simplify implementation. The group
+// server is the only client of this API and always specifies versions.
+type Store interface {
+ // Fails if the given key is unknown (ErrUnknownKey).
+ Get(k string) (v interface{}, version string, err error)
+
+ // Fails if an entry already exists for the given key (ErrKeyAlreadyExists).
+ Insert(k string, v interface{}) error
+
+ // Fails if the given key is unknown (ErrUnknownKey).
+ // Fails if version doesn't match (ErrBadVersion).
+ Update(k string, v interface{}, version string) error
+
+ // Fails if the given key is unknown (ErrUnknownKey).
+ // Fails if version doesn't match (ErrBadVersion).
+ Delete(k string, version string) error
+}
+
+////////////////////////////////////////
+// Store error types
+
+type ErrUnknownKey struct {
+ Key string
+}
+
+func (err *ErrUnknownKey) Error() string {
+ return "unknown key: " + err.Key
+}
+
+type ErrKeyAlreadyExists struct {
+ Key string
+}
+
+func (err *ErrKeyAlreadyExists) Error() string {
+ return "key already exists: " + err.Key
+}
+
+type ErrBadVersion struct{}
+
+func (err *ErrBadVersion) Error() string {
+ return "version is out of date"
+}
diff --git a/services/security/groups/server/types.vdl b/services/groups/internal/server/types.vdl
similarity index 100%
rename from services/security/groups/server/types.vdl
rename to services/groups/internal/server/types.vdl
diff --git a/services/security/groups/server/types.vdl.go b/services/groups/internal/server/types.vdl.go
similarity index 91%
rename from services/security/groups/server/types.vdl.go
rename to services/groups/internal/server/types.vdl.go
index b0ffa4e..0a2eb83 100644
--- a/services/security/groups/server/types.vdl.go
+++ b/services/groups/internal/server/types.vdl.go
@@ -24,7 +24,7 @@
}
func (groupData) __VDLReflect(struct {
- Name string "v.io/x/ref/services/security/groups/server.groupData"
+ Name string "v.io/x/ref/services/groups/internal/server.groupData"
}) {
}
diff --git a/services/security/groups/server/v23_internal_test.go b/services/groups/internal/server/v23_internal_test.go
similarity index 100%
rename from services/security/groups/server/v23_internal_test.go
rename to services/groups/internal/server/v23_internal_test.go
diff --git a/services/identity/identityd/identityd_v23_test.go b/services/identity/identityd/identityd_v23_test.go
index 36e9b28..474c7b2 100644
--- a/services/identity/identityd/identityd_v23_test.go
+++ b/services/identity/identityd/identityd_v23_test.go
@@ -69,7 +69,7 @@
// In production, the two share a common root certificate and thus
// recognize each other. The same is done here, i.Principal()
// wields the root key.
- identityd := i.BuildV23Pkg("v.io/x/ref/services/identity/identityd_test")
+ identityd := i.BuildV23Pkg("v.io/x/ref/services/identity/internal/identityd_test")
creds, err := i.Shell().NewChildCredentials("identityd")
if err != nil {
i.Fatal(err)
diff --git a/services/identity/modules/test_identityd.go b/services/identity/identitylib/test_identityd.go
similarity index 99%
rename from services/identity/modules/test_identityd.go
rename to services/identity/identitylib/test_identityd.go
index 724445a..6287264 100644
--- a/services/identity/modules/test_identityd.go
+++ b/services/identity/identitylib/test_identityd.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package core
+package identitylib
import (
"flag"
diff --git a/services/identity/internal/auditor/blessing_auditor.go b/services/identity/internal/auditor/blessing_auditor.go
index 22670a2..1c5b274 100644
--- a/services/identity/internal/auditor/blessing_auditor.go
+++ b/services/identity/internal/auditor/blessing_auditor.go
@@ -12,7 +12,7 @@
"v.io/v23/security"
"v.io/v23/vom"
- "v.io/x/ref/security/audit"
+ "v.io/x/ref/lib/security/audit"
)
// BlessingLogReader provides the Read method to read audit logs.
diff --git a/services/identity/internal/auditor/blessing_auditor_test.go b/services/identity/internal/auditor/blessing_auditor_test.go
index ed15f90..5813382 100644
--- a/services/identity/internal/auditor/blessing_auditor_test.go
+++ b/services/identity/internal/auditor/blessing_auditor_test.go
@@ -10,8 +10,8 @@
"time"
"v.io/v23/security"
- vsecurity "v.io/x/ref/security"
- "v.io/x/ref/security/audit"
+ vsecurity "v.io/x/ref/lib/security"
+ "v.io/x/ref/lib/security/audit"
)
func TestBlessingAuditor(t *testing.T) {
diff --git a/services/identity/internal/auditor/mock_auditor.go b/services/identity/internal/auditor/mock_auditor.go
index 9530af0..9473b22 100644
--- a/services/identity/internal/auditor/mock_auditor.go
+++ b/services/identity/internal/auditor/mock_auditor.go
@@ -6,7 +6,8 @@
import (
"reflect"
- "v.io/x/ref/security/audit"
+
+ "v.io/x/ref/lib/security/audit"
)
func NewMockBlessingAuditor() (audit.Auditor, BlessingLogReader) {
diff --git a/services/identity/identityd_test/main.go b/services/identity/internal/identityd_test/main.go
similarity index 100%
rename from services/identity/identityd_test/main.go
rename to services/identity/internal/identityd_test/main.go
diff --git a/services/identity/internal/revocation/revocation_test.go b/services/identity/internal/revocation/revocation_test.go
index 463f12d..ce54d9b 100644
--- a/services/identity/internal/revocation/revocation_test.go
+++ b/services/identity/internal/revocation/revocation_test.go
@@ -8,8 +8,8 @@
"testing"
_ "v.io/x/ref/profiles"
- services "v.io/x/ref/services/security"
- "v.io/x/ref/services/security/discharger"
+ "v.io/x/ref/services/discharger"
+ "v.io/x/ref/services/discharger/dischargerlib"
"v.io/x/ref/test"
"v.io/v23"
@@ -29,7 +29,7 @@
if err != nil {
t.Fatalf("dischargerServer.Listen failed: %v", err)
}
- dischargerServiceStub := services.DischargerServer(discharger.NewDischarger())
+ dischargerServiceStub := discharger.DischargerServer(dischargerlib.NewDischarger())
if err := dischargerServer.Serve("", dischargerServiceStub, nil); err != nil {
t.Fatalf("dischargerServer.Serve revoker: %s", err)
}
@@ -48,7 +48,7 @@
dcKey, dc, revoker, closeFunc := revokerSetup(t, ctx)
defer closeFunc()
- discharger := services.DischargerClient(dc)
+ discharger := discharger.DischargerClient(dc)
caveat, err := revoker.NewCaveat(dcKey, dc)
if err != nil {
t.Fatalf("failed to create revocation caveat: %s", err)
diff --git a/services/identity/internal/server/identityd.go b/services/identity/internal/server/identityd.go
index 089a765..6797c39 100644
--- a/services/identity/internal/server/identityd.go
+++ b/services/identity/internal/server/identityd.go
@@ -24,9 +24,10 @@
"v.io/v23/security"
"v.io/v23/verror"
"v.io/x/lib/vlog"
-
+ "v.io/x/ref/lib/security/audit"
"v.io/x/ref/lib/signals"
- "v.io/x/ref/security/audit"
+ "v.io/x/ref/services/discharger"
+ "v.io/x/ref/services/discharger/dischargerlib"
"v.io/x/ref/services/identity/internal/auditor"
"v.io/x/ref/services/identity/internal/blesser"
"v.io/x/ref/services/identity/internal/caveats"
@@ -35,8 +36,6 @@
"v.io/x/ref/services/identity/internal/revocation"
"v.io/x/ref/services/identity/internal/templates"
"v.io/x/ref/services/identity/internal/util"
- services "v.io/x/ref/services/security"
- "v.io/x/ref/services/security/discharger"
)
const (
@@ -242,7 +241,7 @@
func newDispatcher(macaroonKey []byte, blesserParams blesser.OAuthBlesserParams) rpc.Dispatcher {
d := dispatcher(map[string]interface{}{
macaroonService: blesser.NewMacaroonBlesserServer(macaroonKey),
- dischargerService: services.DischargerServer(discharger.NewDischarger()),
+ dischargerService: discharger.DischargerServer(dischargerlib.NewDischarger()),
oauthBlesserService: blesser.NewOAuthBlesserServer(blesserParams),
})
// Set up the glob invoker.
diff --git a/services/mgmt/lib/acls/aclaccess.go b/services/internal/acls/aclaccess.go
similarity index 72%
rename from services/mgmt/lib/acls/aclaccess.go
rename to services/internal/acls/aclaccess.go
index 7d11555..9be795e 100644
--- a/services/mgmt/lib/acls/aclaccess.go
+++ b/services/internal/acls/aclaccess.go
@@ -14,16 +14,16 @@
"path/filepath"
"sync"
+ "v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/security/access"
"v.io/v23/verror"
"v.io/x/lib/vlog"
-
- "v.io/x/ref/security/serialization"
+ "v.io/x/ref/lib/security/serialization"
)
const (
- pkgPath = "v.io/x/ref/services/mgmt/lib/acls"
+ pkgPath = "v.io/x/ref/services/internal/acls"
sigName = "signature"
aclName = "data"
)
@@ -97,27 +97,26 @@
vlog.Errorf("ReadPermissions(%s) failed: %v", aclpath, err)
return nil, "", err
}
- etag, err := ComputeEtag(acl)
+ version, err := ComputeVersion(acl)
if err != nil {
- vlog.Errorf("acls.ComputeEtag failed: %v", err)
+ vlog.Errorf("acls.ComputeVersion failed: %v", err)
return nil, "", err
}
- return acl, etag, nil
+ return acl, version, nil
}
-// Set writes the specified Permissions to the provided
-// directory with enforcement of etag synchronization mechanism and
-// locking.
-func (store PathStore) Set(dir string, acl access.Permissions, etag string) error {
+// Set writes the specified Permissions to the provided directory with
+// enforcement of version synchronization mechanism and locking.
+func (store PathStore) Set(dir string, acl access.Permissions, version string) error {
aclpath := filepath.Join(dir, aclName)
sigpath := filepath.Join(dir, sigName)
defer store.lockPath(dir)()
- _, oetag, err := getCore(store.principal, aclpath, sigpath)
+ _, oversion, err := getCore(store.principal, aclpath, sigpath)
if err != nil && !os.IsNotExist(err) {
return verror.New(ErrOperationFailed, nil)
}
- if len(etag) > 0 && etag != oetag {
- return verror.NewErrBadEtag(nil)
+ if len(version) > 0 && version != oversion {
+ return verror.NewErrBadVersion(nil)
}
return write(store.principal, aclpath, sigpath, dir, acl)
}
@@ -174,3 +173,42 @@
}
return tam, false, nil
}
+
+// PrefixPatterns creates a pattern containing all of the prefix patterns of
+// the provided blessings.
+func PrefixPatterns(blessings []string) []security.BlessingPattern {
+ var patterns []security.BlessingPattern
+ for _, b := range blessings {
+ patterns = append(patterns, security.BlessingPattern(b).PrefixPatterns()...)
+ }
+ return patterns
+}
+
+// PermissionsForBlessings creates the Permissions list that should be used
+// with a newly created object.
+func PermissionsForBlessings(blessings []string) access.Permissions {
+ tam := make(access.Permissions)
+
+ // Add the invoker's blessings and all its prefixes.
+ for _, p := range PrefixPatterns(blessings) {
+ for _, tag := range access.AllTypicalTags() {
+ tam.Add(p, string(tag))
+ }
+ }
+ return tam
+}
+
+// NilAuthPermissions creates an AccessList that mimics the default
+// authorization policy (i.e., the AccessList is matched by all blessings
+// that are either extensions of one of the local blessings or can be
+// extended to form one of the local blessings.)
+func NilAuthPermissions(call rpc.ServerCall) access.Permissions {
+ tam := make(access.Permissions)
+ lb := security.LocalBlessingNames(call.Context())
+ for _, p := range PrefixPatterns(lb) {
+ for _, tag := range access.AllTypicalTags() {
+ tam.Add(p, string(tag))
+ }
+ }
+ return tam
+}
diff --git a/services/mgmt/lib/acls/hierarchical_authorizer.go b/services/internal/acls/hierarchical_authorizer.go
similarity index 100%
rename from services/mgmt/lib/acls/hierarchical_authorizer.go
rename to services/internal/acls/hierarchical_authorizer.go
diff --git a/services/mgmt/lib/acls/etag.go b/services/internal/acls/version.go
similarity index 66%
rename from services/mgmt/lib/acls/etag.go
rename to services/internal/acls/version.go
index 50d84bf..4b8839a 100644
--- a/services/mgmt/lib/acls/etag.go
+++ b/services/internal/acls/version.go
@@ -14,16 +14,16 @@
"v.io/v23/security/access"
)
-// ComputeEtag produces the tag value returned by access.GetPermissions() (per
-// v.io/v23/security/access/service.vdl) that GetPermissions()/SetPermissions()
+// ComputeVersion produces the tag value returned by access.GetPermissions()
+// (per v23/services/permissions/service.vdl) that GetPermissions/SetPermissions
// use to determine if the AccessLists have been asynchronously modified.
-func ComputeEtag(acl access.Permissions) (string, error) {
+func ComputeVersion(acl access.Permissions) (string, error) {
b := new(bytes.Buffer)
if err := acl.WriteTo(b); err != nil {
return "", err
}
md5hash := md5.Sum(b.Bytes())
- etag := hex.EncodeToString(md5hash[:])
- return etag, nil
+ version := hex.EncodeToString(md5hash[:])
+ return version, nil
}
diff --git a/services/mgmt/lib/fs/only_for_test.go b/services/internal/fs/only_for_test.go
similarity index 100%
rename from services/mgmt/lib/fs/only_for_test.go
rename to services/internal/fs/only_for_test.go
diff --git a/services/mgmt/lib/fs/simplestore.go b/services/internal/fs/simplestore.go
similarity index 99%
rename from services/mgmt/lib/fs/simplestore.go
rename to services/internal/fs/simplestore.go
index 7d9c1c8..d51cca1 100644
--- a/services/mgmt/lib/fs/simplestore.go
+++ b/services/internal/fs/simplestore.go
@@ -27,7 +27,7 @@
// TODO(rjkroege@google.com) Switch Memstore to the mid-August 2014
// style store API.
-const pkgPath = "v.io/x/ref/services/mgmt/lib/fs"
+const pkgPath = "v.io/x/ref/services/internal/fs"
// Errors
var (
diff --git a/services/mgmt/lib/fs/simplestore_test.go b/services/internal/fs/simplestore_test.go
similarity index 99%
rename from services/mgmt/lib/fs/simplestore_test.go
rename to services/internal/fs/simplestore_test.go
index a929596..0960235 100644
--- a/services/mgmt/lib/fs/simplestore_test.go
+++ b/services/internal/fs/simplestore_test.go
@@ -14,7 +14,7 @@
"v.io/v23/naming"
"v.io/v23/services/application"
"v.io/v23/verror"
- "v.io/x/ref/services/mgmt/lib/fs"
+ "v.io/x/ref/services/internal/fs"
_ "v.io/x/ref/services/profile"
)
diff --git a/services/mgmt/lib/packages/packages.go b/services/internal/packages/packages.go
similarity index 98%
rename from services/mgmt/lib/packages/packages.go
rename to services/internal/packages/packages.go
index 2522a04..3f9af83 100644
--- a/services/mgmt/lib/packages/packages.go
+++ b/services/internal/packages/packages.go
@@ -38,7 +38,7 @@
".tar.bz2": repository.MediaInfo{Type: "application/x-tar", Encoding: "bzip2"},
}
-const pkgPath = "v.io/x/ref/services/mgmt/lib/packages"
+const pkgPath = "v.io/x/ref/services/internal/packages"
var (
errBadMediaType = verror.Register(pkgPath+".errBadMediaType", verror.NoRetry, "{1:}{2:} unsupported media type{:_}")
diff --git a/services/mgmt/lib/packages/packages_test.go b/services/internal/packages/packages_test.go
similarity index 99%
rename from services/mgmt/lib/packages/packages_test.go
rename to services/internal/packages/packages_test.go
index 43a062d..a6b130c 100644
--- a/services/mgmt/lib/packages/packages_test.go
+++ b/services/internal/packages/packages_test.go
@@ -18,7 +18,7 @@
"v.io/v23/services/repository"
- "v.io/x/ref/services/mgmt/lib/packages"
+ "v.io/x/ref/services/internal/packages"
)
func TestInstall(t *testing.T) {
diff --git a/services/mgmt/lib/testutil/modules.go b/services/internal/servicetest/modules.go
similarity index 96%
rename from services/mgmt/lib/testutil/modules.go
rename to services/internal/servicetest/modules.go
index 9fa84fc..9883ebc 100644
--- a/services/mgmt/lib/testutil/modules.go
+++ b/services/internal/servicetest/modules.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package testutil
+package servicetest
import (
"fmt"
@@ -21,7 +21,7 @@
"v.io/x/lib/vlog"
"v.io/x/ref/envvar"
- mounttable "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
"v.io/x/ref/test/modules"
"v.io/x/ref/test/testutil"
)
@@ -47,9 +47,9 @@
if err != nil {
return fmt.Errorf("root failed: %v", err)
}
- mt, err := mounttable.NewMountTableDispatcher("")
+ mt, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
- return fmt.Errorf("mounttable.NewMountTableDispatcher failed: %s", err)
+ return fmt.Errorf("mounttablelib.NewMountTableDispatcher failed: %s", err)
}
eps, err := server.Listen(lspec)
if err != nil {
diff --git a/services/mgmt/lib/testutil/timeouts.go b/services/internal/servicetest/timeouts.go
similarity index 93%
rename from services/mgmt/lib/testutil/timeouts.go
rename to services/internal/servicetest/timeouts.go
index 38888a4..bae8ff7 100644
--- a/services/mgmt/lib/testutil/timeouts.go
+++ b/services/internal/servicetest/timeouts.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package testutil
+package servicetest
import (
"time"
diff --git a/services/mgmt/suidhelper/impl/flag/flag.go b/services/mgmt/suidhelper/impl/flag/flag.go
deleted file mode 100644
index ee06320..0000000
--- a/services/mgmt/suidhelper/impl/flag/flag.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package flag provides flag definitions for the suidhelper package.
-//
-// It does NOT depend on any packages outside the Go standard library.
-// This allows v.io/x/ref/lib/test to depend on this
-// package, thereby ensuring that the suidhelper flags are defined
-// before the flag.Parse call in testutil.init is made.
-//
-// This is a hack! This file should go away once testutil.init
-// is changed to not parse flags in init().
-// TODO(cnicolaou,ashankar): See above!
-package flag
-
-import "flag"
-
-var (
- Username, Workspace, LogDir, Run, ProgName *string
- MinimumUid *int64
- Remove, Dryrun *bool
-)
-
-func init() {
- SetupFlags(flag.CommandLine)
-}
-
-func SetupFlags(fs *flag.FlagSet) {
- Username = fs.String("username", "", "The UNIX user name used for the other functions of this tool.")
- Workspace = fs.String("workspace", "", "Path to the application's workspace directory.")
- LogDir = fs.String("logdir", "", "Path to the log directory.")
- Run = fs.String("run", "", "Path to the application to exec.")
- ProgName = fs.String("progname", "unnamed_app", "Visible name of the application, used in argv[0]")
- MinimumUid = fs.Int64("minuid", uidThreshold, "UIDs cannot be less than this number.")
- Remove = fs.Bool("rm", false, "Remove the file trees given as command-line arguments.")
- Dryrun = fs.Bool("dryrun", false, "Elides root-requiring systemcalls.")
-}
-
-const uidThreshold = 501
diff --git a/services/mounttable/lib/v23_internal_test.go b/services/mounttable/lib/v23_internal_test.go
deleted file mode 100644
index 8b6b541..0000000
--- a/services/mounttable/lib/v23_internal_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This file was auto-generated via go generate.
-// DO NOT UPDATE MANUALLY
-package mounttable
-
-import "testing"
-import "os"
-
-import "v.io/x/ref/test"
-
-func TestMain(m *testing.M) {
- test.Init()
- os.Exit(m.Run())
-}
diff --git a/services/mounttable/mounttabled/mounttable.go b/services/mounttable/mounttabled/mounttable.go
index 0318179..d2afd5a 100644
--- a/services/mounttable/mounttabled/mounttable.go
+++ b/services/mounttable/mounttabled/mounttable.go
@@ -15,7 +15,7 @@
"v.io/x/ref/lib/signals"
_ "v.io/x/ref/profiles/roaming"
- mounttable "v.io/x/ref/services/mounttable/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
)
var (
@@ -28,9 +28,9 @@
ctx, shutdown := v23.Init()
defer shutdown()
- name, stop, err := mounttable.StartServers(ctx, v23.GetListenSpec(ctx), *mountName, *nhName, *aclFile)
+ name, stop, err := mounttablelib.StartServers(ctx, v23.GetListenSpec(ctx), *mountName, *nhName, *aclFile)
if err != nil {
- vlog.Errorf("mounttable.StartServers failed: %v", err)
+ vlog.Errorf("mounttablelib.StartServers failed: %v", err)
os.Exit(1)
}
defer stop()
diff --git a/services/mounttable/lib/collection_test_interface.vdl b/services/mounttable/mounttablelib/collection_test_interface.vdl
similarity index 96%
rename from services/mounttable/lib/collection_test_interface.vdl
rename to services/mounttable/mounttablelib/collection_test_interface.vdl
index 876164e..2795079 100644
--- a/services/mounttable/lib/collection_test_interface.vdl
+++ b/services/mounttable/mounttablelib/collection_test_interface.vdl
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
type Collection interface {
// Export sets the value for a name. Overwrite controls the behavior when
diff --git a/services/mounttable/lib/collection_test_interface.vdl.go b/services/mounttable/mounttablelib/collection_test_interface.vdl.go
similarity index 98%
rename from services/mounttable/lib/collection_test_interface.vdl.go
rename to services/mounttable/mounttablelib/collection_test_interface.vdl.go
index 71b5369..ba3f3ed 100644
--- a/services/mounttable/lib/collection_test_interface.vdl.go
+++ b/services/mounttable/mounttablelib/collection_test_interface.vdl.go
@@ -5,7 +5,7 @@
// This file was auto-generated by the vanadium vdl tool.
// Source: collection_test_interface.vdl
-package mounttable
+package mounttablelib
import (
// VDL system imports
@@ -130,7 +130,7 @@
// descCollection hides the desc to keep godoc clean.
var descCollection = rpc.InterfaceDesc{
Name: "Collection",
- PkgPath: "v.io/x/ref/services/mounttable/lib",
+ PkgPath: "v.io/x/ref/services/mounttable/mounttablelib",
Methods: []rpc.MethodDesc{
{
Name: "Export",
diff --git a/services/mounttable/lib/collectionserver_test.go b/services/mounttable/mounttablelib/collectionserver_test.go
similarity index 98%
rename from services/mounttable/lib/collectionserver_test.go
rename to services/mounttable/mounttablelib/collectionserver_test.go
index c803fc1..c3cada7 100644
--- a/services/mounttable/lib/collectionserver_test.go
+++ b/services/mounttable/mounttablelib/collectionserver_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"sync"
diff --git a/services/mounttable/lib/mounttable.go b/services/mounttable/mounttablelib/mounttable.go
similarity index 98%
rename from services/mounttable/lib/mounttable.go
rename to services/mounttable/mounttablelib/mounttable.go
index f4e059f..6e1c19d 100644
--- a/services/mounttable/lib/mounttable.go
+++ b/services/mounttable/mounttablelib/mounttable.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"encoding/json"
@@ -25,7 +25,7 @@
"v.io/x/lib/vlog"
)
-const pkgPath = "v.io/x/ref/services/mounttable/lib"
+const pkgPath = "v.io/x/ref/services/mounttable/mounttablelib"
var (
errMalformedAddress = verror.Register(pkgPath+".errMalformedAddress", verror.NoRetry, "{1:}{2:} malformed address {3} for mounted server {4}{:_}")
@@ -733,7 +733,7 @@
ch <- naming.GlobReplyEntry{naming.MountEntry{Name: "", Servers: servers}}
}
-func (ms *mountContext) SetPermissions(call rpc.ServerCall, tam access.Permissions, etag string) error {
+func (ms *mountContext) SetPermissions(call rpc.ServerCall, tam access.Permissions, version string) error {
vlog.VI(2).Infof("SetPermissions %q", ms.name)
mt := ms.mt
@@ -748,7 +748,7 @@
}
n.parent.Unlock()
defer n.Unlock()
- n.acls, err = n.acls.Set(etag, tam)
+ n.acls, err = n.acls.Set(version, tam)
if err == nil {
n.explicitAccessLists = true
}
@@ -769,6 +769,6 @@
}
n.parent.Unlock()
defer n.Unlock()
- etag, tam := n.acls.Get()
- return tam, etag, nil
+ version, tam := n.acls.Get()
+ return tam, version, nil
}
diff --git a/services/mounttable/lib/mounttable_test.go b/services/mounttable/mounttablelib/mounttable_test.go
similarity index 97%
rename from services/mounttable/lib/mounttable_test.go
rename to services/mounttable/mounttablelib/mounttable_test.go
index a156f10..300e997 100644
--- a/services/mounttable/lib/mounttable_test.go
+++ b/services/mounttable/mounttablelib/mounttable_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"errors"
@@ -72,7 +72,7 @@
}
}
-func doGetPermissions(t *testing.T, ctx *context.T, ep, suffix string, shouldSucceed bool) (acl access.Permissions, etag string) {
+func doGetPermissions(t *testing.T, ctx *context.T, ep, suffix string, shouldSucceed bool) (acl access.Permissions, version string) {
name := naming.JoinAddressName(ep, suffix)
client := v23.GetClient(ctx)
call, err := client.StartCall(ctx, name, "GetPermissions", nil, options.NoResolve{})
@@ -82,7 +82,7 @@
}
boom(t, "Failed to GetPermissions %s: %s", name, err)
}
- if err := call.Finish(&acl, &etag); err != nil {
+ if err := call.Finish(&acl, &version); err != nil {
if !shouldSucceed {
return
}
@@ -91,10 +91,10 @@
return
}
-func doSetPermissions(t *testing.T, ctx *context.T, ep, suffix string, acl access.Permissions, etag string, shouldSucceed bool) {
+func doSetPermissions(t *testing.T, ctx *context.T, ep, suffix string, acl access.Permissions, version string, shouldSucceed bool) {
name := naming.JoinAddressName(ep, suffix)
client := v23.GetClient(ctx)
- call, err := client.StartCall(ctx, name, "SetPermissions", []interface{}{acl, etag}, options.NoResolve{})
+ call, err := client.StartCall(ctx, name, "SetPermissions", []interface{}{acl, version}, options.NoResolve{})
if err != nil {
if !shouldSucceed {
return
@@ -311,14 +311,14 @@
checkContents(t, bobCtx, naming.JoinAddressName(mtAddr, "a/b/falls"), "falls mainly on the plain", false)
// Test getting/setting AccessLists.
- acl, etag := doGetPermissions(t, rootCtx, mtAddr, "stuff", true)
- doSetPermissions(t, rootCtx, mtAddr, "stuff", acl, "xyzzy", false) // bad etag
- doSetPermissions(t, rootCtx, mtAddr, "stuff", acl, etag, true) // good etag
- _, netag := doGetPermissions(t, rootCtx, mtAddr, "stuff", true)
- if netag == etag {
- boom(t, "etag didn't change after SetPermissions: %s", netag)
+ acl, version := doGetPermissions(t, rootCtx, mtAddr, "stuff", true)
+ doSetPermissions(t, rootCtx, mtAddr, "stuff", acl, "xyzzy", false) // bad version
+ doSetPermissions(t, rootCtx, mtAddr, "stuff", acl, version, true) // correct version
+ _, nversion := doGetPermissions(t, rootCtx, mtAddr, "stuff", true)
+ if nversion == version {
+ boom(t, "version didn't change after SetPermissions: %s", nversion)
}
- doSetPermissions(t, rootCtx, mtAddr, "stuff", acl, "", true) // no etag
+ doSetPermissions(t, rootCtx, mtAddr, "stuff", acl, "", true) // no version
// Bob should be able to create nodes under the mounttable root but not alice.
doSetPermissions(t, aliceCtx, mtAddr, "onlybob", acl, "", false)
diff --git a/services/mounttable/lib/neighborhood.go b/services/mounttable/mounttablelib/neighborhood.go
similarity index 98%
rename from services/mounttable/lib/neighborhood.go
rename to services/mounttable/mounttablelib/neighborhood.go
index a757414..3be9878 100644
--- a/services/mounttable/lib/neighborhood.go
+++ b/services/mounttable/mounttablelib/neighborhood.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"net"
@@ -290,10 +290,10 @@
}
}
-func (*neighborhoodService) SetPermissions(call rpc.ServerCall, acl access.Permissions, etag string) error {
+func (*neighborhoodService) SetPermissions(call rpc.ServerCall, acl access.Permissions, version string) error {
return verror.New(errDoesntImplementSetPermissions, call.Context())
}
-func (*neighborhoodService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, etag string, err error) {
+func (*neighborhoodService) GetPermissions(call rpc.ServerCall) (acl access.Permissions, version string, err error) {
return nil, "", nil
}
diff --git a/services/mounttable/lib/neighborhood_test.go b/services/mounttable/mounttablelib/neighborhood_test.go
similarity index 98%
rename from services/mounttable/lib/neighborhood_test.go
rename to services/mounttable/mounttablelib/neighborhood_test.go
index 8175954..75d1b34 100644
--- a/services/mounttable/lib/neighborhood_test.go
+++ b/services/mounttable/mounttablelib/neighborhood_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"fmt"
diff --git a/services/mounttable/lib/serverlist.go b/services/mounttable/mounttablelib/serverlist.go
similarity index 98%
rename from services/mounttable/lib/serverlist.go
rename to services/mounttable/mounttablelib/serverlist.go
index 294fe60..0738a94 100644
--- a/services/mounttable/lib/serverlist.go
+++ b/services/mounttable/mounttablelib/serverlist.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"container/list"
diff --git a/services/mounttable/lib/serverlist_test.go b/services/mounttable/mounttablelib/serverlist_test.go
similarity index 98%
rename from services/mounttable/lib/serverlist_test.go
rename to services/mounttable/mounttablelib/serverlist_test.go
index 2b9fd19..b17ffd0 100644
--- a/services/mounttable/lib/serverlist_test.go
+++ b/services/mounttable/mounttablelib/serverlist_test.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"reflect"
diff --git a/services/mounttable/lib/servers.go b/services/mounttable/mounttablelib/servers.go
similarity index 98%
rename from services/mounttable/lib/servers.go
rename to services/mounttable/mounttablelib/servers.go
index 8c56d47..77f358c 100644
--- a/services/mounttable/lib/servers.go
+++ b/services/mounttable/mounttablelib/servers.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"net"
diff --git a/services/mounttable/lib/tamg.go b/services/mounttable/mounttablelib/tamg.go
similarity index 93%
rename from services/mounttable/lib/tamg.go
rename to services/mounttable/mounttablelib/tamg.go
index 568852e..26a8597 100644
--- a/services/mounttable/lib/tamg.go
+++ b/services/mounttable/mounttablelib/tamg.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package mounttable
+package mounttablelib
import (
"strconv"
@@ -31,10 +31,10 @@
if len(genstr) > 0 {
gen, err := strconv.ParseInt(genstr, 10, 32)
if err != nil {
- return b, verror.NewErrBadEtag(nil)
+ return b, verror.NewErrBadVersion(nil)
}
if gen >= 0 && int32(gen) != b.generation {
- return b, verror.NewErrBadEtag(nil)
+ return b, verror.NewErrBadVersion(nil)
}
}
b.tam = tam
diff --git a/services/mounttable/lib/testdata/invalid.acl b/services/mounttable/mounttablelib/testdata/invalid.acl
similarity index 100%
rename from services/mounttable/lib/testdata/invalid.acl
rename to services/mounttable/mounttablelib/testdata/invalid.acl
diff --git a/services/mounttable/lib/testdata/noRoot.acl b/services/mounttable/mounttablelib/testdata/noRoot.acl
similarity index 100%
rename from services/mounttable/lib/testdata/noRoot.acl
rename to services/mounttable/mounttablelib/testdata/noRoot.acl
diff --git a/services/mounttable/lib/testdata/test.acl b/services/mounttable/mounttablelib/testdata/test.acl
similarity index 100%
rename from services/mounttable/lib/testdata/test.acl
rename to services/mounttable/mounttablelib/testdata/test.acl
diff --git a/services/mgmt/lib/binary/v23_internal_test.go b/services/mounttable/mounttablelib/v23_internal_test.go
similarity index 93%
rename from services/mgmt/lib/binary/v23_internal_test.go
rename to services/mounttable/mounttablelib/v23_internal_test.go
index fe3cb00..1d210b4 100644
--- a/services/mgmt/lib/binary/v23_internal_test.go
+++ b/services/mounttable/mounttablelib/v23_internal_test.go
@@ -4,7 +4,7 @@
// This file was auto-generated via go generate.
// DO NOT UPDATE MANUALLY
-package binary
+package mounttablelib
import "testing"
import "os"
diff --git a/services/profile/profile/doc.go b/services/profile/profile/doc.go
index 85d1ed1..caa2d02 100644
--- a/services/profile/profile/doc.go
+++ b/services/profile/profile/doc.go
@@ -57,28 +57,6 @@
If true, dump all stored traces on runtime shutdown.
-v23.vtrace.sample-rate=0
Rate (from 0.0 to 1.0) to sample vtrace traces.
- -vanadium.i18n_catalogue=
- 18n catalogue files to load, comma separated
- -veyron.credentials=
- directory to use for storing security credentials
- -veyron.namespace.root=[/ns.dev.v.io:8101]
- local namespace root; can be repeated to provided multiple roots
- -veyron.proxy=
- object name of proxy service to use to export services across network
- boundaries
- -veyron.tcp.address=
- address to listen on
- -veyron.tcp.protocol=wsh
- protocol to listen with
- -veyron.vtrace.cache_size=1024
- The number of vtrace traces to store in memory.
- -veyron.vtrace.collect_regexp=
- Spans and annotations that match this regular expression will trigger trace
- collection.
- -veyron.vtrace.dump_on_shutdown=true
- If true, dump all stored traces on runtime shutdown.
- -veyron.vtrace.sample_rate=0
- Rate (from 0.0 to 1.0) to sample vtrace traces.
-vmodule=
comma-separated list of pattern=N settings for file-filtered logging
diff --git a/services/profile/profile/main.go b/services/profile/profile/main.go
index 3af5487..e33dc99 100644
--- a/services/profile/profile/main.go
+++ b/services/profile/profile/main.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
-//go:generate go run $VANADIUM_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
+//go:generate go run $V23_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
diff --git a/services/profile/profiled/dispatcher.go b/services/profile/profiled/dispatcher.go
index 171b7f8..16f386f 100644
--- a/services/profile/profiled/dispatcher.go
+++ b/services/profile/profiled/dispatcher.go
@@ -10,7 +10,7 @@
"v.io/v23/rpc"
"v.io/v23/security"
- "v.io/x/ref/services/mgmt/lib/fs"
+ "v.io/x/ref/services/internal/fs"
"v.io/x/ref/services/repository"
)
diff --git a/services/profile/profiled/main.go b/services/profile/profiled/main.go
index 1c6b01f..ab1ab3d 100644
--- a/services/profile/profiled/main.go
+++ b/services/profile/profiled/main.go
@@ -9,10 +9,10 @@
"v.io/v23"
"v.io/x/lib/vlog"
-
+ "v.io/x/ref/lib/security/securityflag"
"v.io/x/ref/lib/signals"
+
_ "v.io/x/ref/profiles/roaming"
- vflag "v.io/x/ref/security/flag"
)
var (
@@ -33,7 +33,7 @@
vlog.Fatalf("NewServer() failed: %v", err)
}
- dispatcher, err := NewDispatcher(*store, vflag.NewAuthorizerOrDie())
+ dispatcher, err := NewDispatcher(*store, securityflag.NewAuthorizerOrDie())
if err != nil {
vlog.Fatalf("NewDispatcher() failed: %v", err)
}
diff --git a/services/profile/profiled/service.go b/services/profile/profiled/service.go
index 7b0cc1b..23e11b2 100644
--- a/services/profile/profiled/service.go
+++ b/services/profile/profiled/service.go
@@ -7,7 +7,7 @@
import (
"errors"
- "v.io/x/ref/services/mgmt/lib/fs"
+ "v.io/x/ref/services/internal/fs"
"v.io/x/ref/services/profile"
"v.io/x/ref/services/repository"
diff --git a/services/security/role.vdl b/services/role/role.vdl
similarity index 97%
rename from services/security/role.vdl
rename to services/role/role.vdl
index 26e970a..454d0dc 100644
--- a/services/security/role.vdl
+++ b/services/role/role.vdl
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package security
+package role
import "v.io/v23/security"
diff --git a/services/security/role.vdl.go b/services/role/role.vdl.go
similarity index 98%
rename from services/security/role.vdl.go
rename to services/role/role.vdl.go
index e15db68..1b4ab83 100644
--- a/services/security/role.vdl.go
+++ b/services/role/role.vdl.go
@@ -5,7 +5,7 @@
// This file was auto-generated by the vanadium vdl tool.
// Source: role.vdl
-package security
+package role
import (
// VDL system imports
@@ -130,7 +130,7 @@
// descRole hides the desc to keep godoc clean.
var descRole = rpc.InterfaceDesc{
Name: "Role",
- PkgPath: "v.io/x/ref/services/security",
+ PkgPath: "v.io/x/ref/services/role",
Doc: "// Role is an interface to request blessings from a role account server. The\n// returned blessings are bound to the client's public key thereby authorizing\n// the client to acquire the role. The server may tie the returned blessings\n// with the client's presented blessing name in order to maintain audit\n// information in the blessing.\n//\n// In order to avoid granting role blessings to all delegates of a principal,\n// the role server requires that each authorized blessing presented by the\n// client have the string \"_role\" as suffix.",
Methods: []rpc.MethodDesc{
{
diff --git a/services/security/roled/internal/caveats.vdl b/services/role/roled/internal/caveats.vdl
similarity index 100%
rename from services/security/roled/internal/caveats.vdl
rename to services/role/roled/internal/caveats.vdl
diff --git a/services/security/roled/internal/caveats.vdl.go b/services/role/roled/internal/caveats.vdl.go
similarity index 100%
rename from services/security/roled/internal/caveats.vdl.go
rename to services/role/roled/internal/caveats.vdl.go
diff --git a/services/security/roled/internal/config.vdl b/services/role/roled/internal/config.vdl
similarity index 100%
rename from services/security/roled/internal/config.vdl
rename to services/role/roled/internal/config.vdl
diff --git a/services/security/roled/internal/config.vdl.go b/services/role/roled/internal/config.vdl.go
similarity index 95%
rename from services/security/roled/internal/config.vdl.go
rename to services/role/roled/internal/config.vdl.go
index 6e10437..0928eb7 100644
--- a/services/security/roled/internal/config.vdl.go
+++ b/services/role/roled/internal/config.vdl.go
@@ -40,7 +40,7 @@
}
func (Config) __VDLReflect(struct {
- Name string "v.io/x/ref/services/security/roled/internal.Config"
+ Name string "v.io/x/ref/services/role/roled/internal.Config"
}) {
}
diff --git a/services/security/roled/internal/discharger.go b/services/role/roled/internal/discharger.go
similarity index 77%
rename from services/security/roled/internal/discharger.go
rename to services/role/roled/internal/discharger.go
index 8bcab33..0ac7fd9 100644
--- a/services/security/roled/internal/discharger.go
+++ b/services/role/roled/internal/discharger.go
@@ -13,7 +13,7 @@
"v.io/v23/security"
"v.io/v23/verror"
- isecurity "v.io/x/ref/services/security"
+ "v.io/x/ref/services/discharger"
"v.io/x/lib/vlog"
)
@@ -26,12 +26,14 @@
}
-type discharger struct{}
+type dischargerImpl struct {
+ serverConfig *serverConfig
+}
-func (discharger) Discharge(call rpc.ServerCall, caveat security.Caveat, impetus security.DischargeImpetus) (security.Discharge, error) {
+func (dischargerImpl) Discharge(call rpc.ServerCall, caveat security.Caveat, impetus security.DischargeImpetus) (security.Discharge, error) {
details := caveat.ThirdPartyDetails()
if details == nil {
- return security.Discharge{}, isecurity.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
+ return security.Discharge{}, discharger.NewErrNotAThirdPartyCaveat(call.Context(), caveat)
}
if err := details.Dischargeable(call.Context()); err != nil {
return security.Discharge{}, err
@@ -58,3 +60,7 @@
}
return discharge, nil
}
+
+func (d *dischargerImpl) GlobChildren__(call rpc.ServerCall) (<-chan string, error) {
+ return globChildren(call.Context(), d.serverConfig)
+}
diff --git a/services/security/roled/internal/dispatcher.go b/services/role/roled/internal/dispatcher.go
similarity index 73%
rename from services/security/roled/internal/dispatcher.go
rename to services/role/roled/internal/dispatcher.go
index 22478b9..1d31cc0 100644
--- a/services/security/roled/internal/dispatcher.go
+++ b/services/role/roled/internal/dispatcher.go
@@ -16,12 +16,13 @@
"v.io/v23/security"
"v.io/v23/verror"
- isecurity "v.io/x/ref/services/security"
+ "v.io/x/ref/services/discharger"
+ "v.io/x/ref/services/role"
"v.io/x/lib/vlog"
)
-const requiredSuffix = security.ChainSeparator + isecurity.RoleSuffix
+const requiredSuffix = security.ChainSeparator + role.RoleSuffix
// NewDispatcher returns a dispatcher object for a role service and its
// associated discharger service.
@@ -31,33 +32,37 @@
// service for the third-party caveats attached to the role blessings returned
// by the role service.
func NewDispatcher(configRoot, dischargerLocation string) rpc.Dispatcher {
- return &dispatcher{configRoot, dischargerLocation}
+ return &dispatcher{&serverConfig{configRoot, dischargerLocation}}
+}
+
+type serverConfig struct {
+ root string
+ dischargerLocation string
}
type dispatcher struct {
- configRoot string
- dischargerLocation string
+ config *serverConfig
}
func (d *dispatcher) Lookup(suffix string) (interface{}, security.Authorizer, error) {
if len(suffix) == 0 {
- return isecurity.DischargerServer(&discharger{}), &openAuthorizer{}, nil
+ return discharger.DischargerServer(&dischargerImpl{d.config}), &openAuthorizer{}, nil
}
- fileName := filepath.Join(d.configRoot, filepath.FromSlash(suffix+".conf"))
- if !strings.HasPrefix(fileName, d.configRoot) {
+ fileName := filepath.Join(d.config.root, filepath.FromSlash(suffix+".conf"))
+ if !strings.HasPrefix(fileName, d.config.root) {
// Guard against ".." in the suffix that could be used to read
// files outside of the config root.
return nil, nil, verror.New(verror.ErrNoExistOrNoAccess, nil)
}
- config, err := loadExpandedConfig(fileName, nil)
+ roleConfig, err := loadExpandedConfig(fileName, nil)
if err != nil && !os.IsNotExist(err) {
// The config file exists, but we failed to read it for some
// reason. This is likely a server configuration error.
- vlog.Errorf("loadConfig(%q, %q): %v", d.configRoot, suffix, err)
+ vlog.Errorf("loadConfig(%q, %q): %v", d.config.root, suffix, err)
return nil, nil, verror.Convert(verror.ErrInternal, nil, err)
}
- obj := &roleService{role: suffix, config: config, dischargerLocation: d.dischargerLocation}
- return isecurity.RoleServer(obj), &authorizer{config}, nil
+ obj := &roleService{serverConfig: d.config, role: suffix, roleConfig: roleConfig}
+ return role.RoleServer(obj), &authorizer{roleConfig}, nil
}
type openAuthorizer struct{}
@@ -71,19 +76,31 @@
}
func (a *authorizer) Authorize(ctx *context.T) error {
+ if security.GetCall(ctx).Method() == "__Glob" {
+ // The Glob implementation only shows objects that the caller
+ // has access to. So this blanket approval is OK.
+ return nil
+ }
if a.config == nil {
return verror.New(verror.ErrNoExistOrNoAccess, ctx)
}
remoteBlessingNames, _ := security.RemoteBlessingNames(ctx)
- for _, pattern := range a.config.Members {
- if pattern.MatchedBy(remoteBlessingNames...) {
- return nil
- }
+ if hasAccess(a.config, remoteBlessingNames) {
+ return nil
}
return verror.New(verror.ErrNoExistOrNoAccess, ctx)
}
+func hasAccess(c *Config, blessingNames []string) bool {
+ for _, pattern := range c.Members {
+ if pattern.MatchedBy(blessingNames...) {
+ return true
+ }
+ }
+ return false
+}
+
func loadExpandedConfig(fileName string, seenFiles map[string]struct{}) (*Config, error) {
if seenFiles == nil {
seenFiles = make(map[string]struct{})
diff --git a/services/security/roled/internal/doc.go b/services/role/roled/internal/doc.go
similarity index 90%
rename from services/security/roled/internal/doc.go
rename to services/role/roled/internal/doc.go
index 118ee40..f72d7c5 100644
--- a/services/security/roled/internal/doc.go
+++ b/services/role/roled/internal/doc.go
@@ -2,5 +2,5 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package internal implements the role service defined in v.io/x/ref/services/security
+// Package internal implements the role service defined in v.io/x/ref/services/role
package internal
diff --git a/services/role/roled/internal/glob.go b/services/role/roled/internal/glob.go
new file mode 100644
index 0000000..224b5f6
--- /dev/null
+++ b/services/role/roled/internal/glob.go
@@ -0,0 +1,86 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+import (
+ "os"
+ "path/filepath"
+ "strings"
+
+ "v.io/v23/context"
+ "v.io/v23/security"
+ "v.io/v23/verror"
+)
+
+func globChildren(ctx *context.T, serverConfig *serverConfig) (<-chan string, error) {
+ n := findRoles(ctx, serverConfig.root)
+ suffix := security.GetCall(ctx).Suffix()
+ if len(suffix) > 0 {
+ n = n.find(strings.Split(suffix, "/"), false)
+ }
+ if n == nil {
+ return nil, verror.New(verror.ErrNoExistOrNoAccess, ctx)
+ }
+ ch := make(chan string, len(n.children))
+ for c := range n.children {
+ ch <- c
+ }
+ close(ch)
+ return ch, nil
+}
+
+// findRoles finds all the roles to which the caller has access.
+func findRoles(ctx *context.T, root string) *node {
+ blessingNames, _ := security.RemoteBlessingNames(ctx)
+ tree := newNode()
+ filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
+ if info.IsDir() || !strings.HasSuffix(path, ".conf") {
+ return nil
+ }
+ c, err := loadExpandedConfig(path, nil)
+ if err != nil {
+ return nil
+ }
+ if !hasAccess(c, blessingNames) {
+ return nil
+ }
+ relPath, err := filepath.Rel(root, path)
+ if err != nil {
+ return nil
+ }
+ tree.find(strings.Split(strings.TrimSuffix(relPath, ".conf"), string(filepath.Separator)), true)
+ return nil
+ })
+ return tree
+}
+
+type node struct {
+ children map[string]*node
+}
+
+func newNode() *node {
+ return &node{children: make(map[string]*node)}
+}
+
+func (n *node) find(names []string, create bool) *node {
+ for {
+ if len(names) == 0 {
+ return n
+ }
+ if next, ok := n.children[names[0]]; ok {
+ n = next
+ names = names[1:]
+ continue
+ }
+ if create {
+ nn := newNode()
+ n.children[names[0]] = nn
+ n = nn
+ names = names[1:]
+ continue
+ }
+ return nil
+ }
+}
diff --git a/services/security/roled/internal/role.go b/services/role/roled/internal/role.go
similarity index 81%
rename from services/security/roled/internal/role.go
rename to services/role/roled/internal/role.go
index c3e8b24..ee578d4 100644
--- a/services/security/roled/internal/role.go
+++ b/services/role/roled/internal/role.go
@@ -16,17 +16,17 @@
"v.io/x/lib/vlog"
- isecurity "v.io/x/ref/services/security"
+ "v.io/x/ref/services/role"
)
var (
- errNoLocalBlessings = verror.Register("v.io/x/ref/services/security/roled/internal/noLocalBlessings", verror.NoRetry, "{1:}{2:} no local blessings")
+ errNoLocalBlessings = verror.Register("v.io/x/ref/services/role/roled/internal/noLocalBlessings", verror.NoRetry, "{1:}{2:} no local blessings")
)
type roleService struct {
- role string
- config *Config
- dischargerLocation string
+ serverConfig *serverConfig
+ role string
+ roleConfig *Config
}
func (i *roleService) SeekBlessings(call rpc.ServerCall) (security.Blessings, error) {
@@ -40,13 +40,17 @@
return security.Blessings{}, verror.New(verror.ErrNoAccess, ctx)
}
- extensions := extensions(i.config, i.role, members)
- caveats, err := caveats(ctx, i.config)
+ extensions := extensions(i.roleConfig, i.role, members)
+ caveats, err := caveats(ctx, i.roleConfig)
if err != nil {
return security.Blessings{}, err
}
- return createBlessings(ctx, i.config, v23.GetPrincipal(ctx), extensions, caveats, i.dischargerLocation)
+ return createBlessings(ctx, i.roleConfig, v23.GetPrincipal(ctx), extensions, caveats, i.serverConfig.dischargerLocation)
+}
+
+func (i *roleService) GlobChildren__(call rpc.ServerCall) (<-chan string, error) {
+ return globChildren(call.Context(), i.serverConfig)
}
// filterNonMembers returns only the blessing names that are authorized members
@@ -58,7 +62,7 @@
// blessings. We need to know exactly which names matched.
// These names will be used later to construct the role
// blessings.
- for _, pattern := range i.config.Members {
+ for _, pattern := range i.roleConfig.Members {
if pattern.MatchedBy(name) {
results = append(results, name)
break
@@ -68,14 +72,14 @@
return results
}
-func extensions(config *Config, role string, blessingNames []string) []string {
+func extensions(config *Config, roleStr string, blessingNames []string) []string {
if !config.Extend {
- return []string{role}
+ return []string{roleStr}
}
var extensions []string
for _, b := range blessingNames {
- b = strings.TrimSuffix(b, security.ChainSeparator+isecurity.RoleSuffix)
- extensions = append(extensions, role+security.ChainSeparator+b)
+ b = strings.TrimSuffix(b, security.ChainSeparator+role.RoleSuffix)
+ extensions = append(extensions, roleStr+security.ChainSeparator+b)
}
return extensions
}
diff --git a/services/security/roled/internal/role_internal_test.go b/services/role/roled/internal/role_internal_test.go
similarity index 100%
rename from services/security/roled/internal/role_internal_test.go
rename to services/role/roled/internal/role_internal_test.go
diff --git a/services/security/roled/internal/role_test.go b/services/role/roled/internal/role_test.go
similarity index 72%
rename from services/security/roled/internal/role_test.go
rename to services/role/roled/internal/role_test.go
index b1f5c43..483279f 100644
--- a/services/security/roled/internal/role_test.go
+++ b/services/role/roled/internal/role_test.go
@@ -17,12 +17,12 @@
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/verror"
+ vsecurity "v.io/x/ref/lib/security"
+ "v.io/x/ref/services/role"
+ irole "v.io/x/ref/services/role/roled/internal"
+ "v.io/x/ref/test/testutil"
_ "v.io/x/ref/profiles"
- vsecurity "v.io/x/ref/security"
- isecurity "v.io/x/ref/services/security"
- irole "v.io/x/ref/services/security/roled/internal"
- "v.io/x/ref/test/testutil"
)
func TestSeekBlessings(t *testing.T) {
@@ -40,7 +40,7 @@
Members: []security.BlessingPattern{
"root/users/user1/_role",
"root/users/user2/_role",
- "root/users/user3", // _role/A implied
+ "root/users/user3", // _role implied
},
Extend: true,
}
@@ -104,7 +104,7 @@
addr := newRoleServer(t, newPrincipalContext(t, ctx, root, "roles"), workdir)
for _, tc := range testcases {
user := v23.GetPrincipal(tc.ctx).BlessingStore().Default()
- c := isecurity.RoleClient(naming.Join(addr, tc.role))
+ c := role.RoleClient(naming.Join(addr, tc.role))
blessings, err := c.SeekBlessings(tc.ctx)
if verror.ErrorID(err) != tc.errID {
t.Errorf("unexpected error ID for (%q, %q). Got %#v, expected %#v", user, tc.role, verror.ErrorID(err), tc.errID)
@@ -123,6 +123,59 @@
}
}
+func TestGlob(t *testing.T) {
+ ctx, shutdown := v23.Init()
+ defer shutdown()
+
+ workdir, err := ioutil.TempDir("", "test-role-server-")
+ if err != nil {
+ t.Fatal("ioutil.TempDir failed: %v", err)
+ }
+ defer os.RemoveAll(workdir)
+ os.Mkdir(filepath.Join(workdir, "sub1"), 0700)
+ os.Mkdir(filepath.Join(workdir, "sub1", "sub2"), 0700)
+ os.Mkdir(filepath.Join(workdir, "sub3"), 0700)
+
+ // Role that user1 has access to.
+ roleAConf := irole.Config{Members: []security.BlessingPattern{"root/user1"}}
+ irole.WriteConfig(t, roleAConf, filepath.Join(workdir, "A.conf"))
+ irole.WriteConfig(t, roleAConf, filepath.Join(workdir, "sub1/B.conf"))
+ irole.WriteConfig(t, roleAConf, filepath.Join(workdir, "sub1/C.conf"))
+ irole.WriteConfig(t, roleAConf, filepath.Join(workdir, "sub1/sub2/D.conf"))
+
+ // Role that user2 has access to.
+ roleBConf := irole.Config{Members: []security.BlessingPattern{"root/user2"}}
+ irole.WriteConfig(t, roleBConf, filepath.Join(workdir, "sub1/sub2/X.conf"))
+
+ root := testutil.NewIDProvider("root")
+ user1 := newPrincipalContext(t, ctx, root, "user1/_role")
+ user2 := newPrincipalContext(t, ctx, root, "user2/_role")
+ user3 := newPrincipalContext(t, ctx, root, "user3/_role")
+ addr := newRoleServer(t, newPrincipalContext(t, ctx, root, "roles"), workdir)
+
+ testcases := []struct {
+ user *context.T
+ name string
+ pattern string
+ results []string
+ }{
+ {user1, "", "*", []string{"A", "sub1"}},
+ {user1, "sub1", "*", []string{"B", "C", "sub2"}},
+ {user1, "sub1/sub2", "*", []string{"D"}},
+ {user1, "", "...", []string{"", "A", "sub1", "sub1/B", "sub1/C", "sub1/sub2", "sub1/sub2/D"}},
+ {user2, "", "*", []string{"sub1"}},
+ {user2, "", "...", []string{"", "sub1", "sub1/sub2", "sub1/sub2/X"}},
+ {user3, "", "*", []string{}},
+ {user3, "", "...", []string{""}},
+ }
+ for i, tc := range testcases {
+ matches, _, _ := testutil.GlobName(tc.user, naming.Join(addr, tc.name), tc.pattern)
+ if !reflect.DeepEqual(matches, tc.results) {
+ t.Errorf("unexpected results for tc #%d. Got %q, expected %q", i, matches, tc.results)
+ }
+ }
+}
+
func newPrincipalContext(t *testing.T, ctx *context.T, root *testutil.IDProvider, names ...string) *context.T {
principal := testutil.NewPrincipal()
var blessings []security.Blessings
diff --git a/services/security/roled/main.go b/services/role/roled/main.go
similarity index 95%
rename from services/security/roled/main.go
rename to services/role/roled/main.go
index 38a3a61..655156c 100644
--- a/services/security/roled/main.go
+++ b/services/role/roled/main.go
@@ -14,7 +14,7 @@
"v.io/x/lib/vlog"
"v.io/x/ref/lib/signals"
_ "v.io/x/ref/profiles/static"
- irole "v.io/x/ref/services/security/roled/internal"
+ irole "v.io/x/ref/services/role/roled/internal"
)
var (
diff --git a/services/security/groups/server/store.go b/services/security/groups/server/store.go
deleted file mode 100644
index b523c65..0000000
--- a/services/security/groups/server/store.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package server
-
-// Store is a key-value store that uses etags for optimistic concurrency
-// control. The etags passed to Update and Delete must come from Get. If in the
-// meantime some client has called Update or Delete on the same key, the etag
-// will be stale and the method call will fail.
-//
-// Note, this API disallows empty etags to simplify implementation. The group
-// server is the only client of this API and always specifies etags.
-type Store interface {
- // Fails if the given key is unknown (ErrUnknownKey).
- Get(k string) (v interface{}, etag string, err error)
-
- // Fails if an entry already exists for the given key (ErrKeyAlreadyExists).
- Insert(k string, v interface{}) error
-
- // Fails if the given key is unknown (ErrUnknownKey).
- // Fails if etag doesn't match (ErrBadEtag).
- Update(k string, v interface{}, etag string) error
-
- // Fails if the given key is unknown (ErrUnknownKey).
- // Fails if etag doesn't match (ErrBadEtag).
- Delete(k string, etag string) error
-}
-
-////////////////////////////////////////
-// Store error types
-
-type ErrUnknownKey struct {
- Key string
-}
-
-func (err *ErrUnknownKey) Error() string {
- return "unknown key: " + err.Key
-}
-
-type ErrKeyAlreadyExists struct {
- Key string
-}
-
-func (err *ErrKeyAlreadyExists) Error() string {
- return "key already exists: " + err.Key
-}
-
-type ErrBadEtag struct{}
-
-func (err *ErrBadEtag) Error() string {
- return "etag is out of date"
-}
diff --git a/services/wsprd/browspr/main/main_nacl.go b/services/wspr/browsprd/main_nacl.go
similarity index 98%
rename from services/wsprd/browspr/main/main_nacl.go
rename to services/wspr/browsprd/main_nacl.go
index 5b8bd6c..7b4f7a3 100644
--- a/services/wsprd/browspr/main/main_nacl.go
+++ b/services/wspr/browsprd/main_nacl.go
@@ -16,11 +16,11 @@
"v.io/v23/security"
"v.io/v23/vdl"
"v.io/x/lib/vlog"
+ vsecurity "v.io/x/ref/lib/security"
_ "v.io/x/ref/profiles/chrome"
"v.io/x/ref/profiles/internal/lib/websocket"
- vsecurity "v.io/x/ref/security"
- "v.io/x/ref/services/wsprd/browspr"
- "v.io/x/ref/services/wsprd/channel/channel_nacl"
+ "v.io/x/ref/services/wspr/internal/browspr"
+ "v.io/x/ref/services/wspr/internal/channel/channel_nacl"
)
func main() {
diff --git a/services/wsprd/account/account.go b/services/wspr/internal/account/account.go
similarity index 98%
rename from services/wsprd/account/account.go
rename to services/wspr/internal/account/account.go
index 857ca84..f577b59 100644
--- a/services/wsprd/account/account.go
+++ b/services/wspr/internal/account/account.go
@@ -15,7 +15,7 @@
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/principal"
+ "v.io/x/ref/services/wspr/internal/principal"
)
type BlesserService interface {
diff --git a/services/wsprd/account/account.vdl b/services/wspr/internal/account/account.vdl
similarity index 100%
rename from services/wsprd/account/account.vdl
rename to services/wspr/internal/account/account.vdl
diff --git a/services/wsprd/account/account.vdl.go b/services/wspr/internal/account/account.vdl.go
similarity index 89%
rename from services/wsprd/account/account.vdl.go
rename to services/wspr/internal/account/account.vdl.go
index 9b14fc6..cc306d0 100644
--- a/services/wsprd/account/account.vdl.go
+++ b/services/wspr/internal/account/account.vdl.go
@@ -20,7 +20,7 @@
}
func (Caveat) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/account.Caveat"
+ Name string "v.io/x/ref/services/wspr/internal/account.Caveat"
}) {
}
diff --git a/services/wsprd/app/app.go b/services/wspr/internal/app/app.go
similarity index 97%
rename from services/wsprd/app/app.go
rename to services/wspr/internal/app/app.go
index b71db40..6c8b51c 100644
--- a/services/wsprd/app/app.go
+++ b/services/wspr/internal/app/app.go
@@ -27,15 +27,15 @@
"v.io/v23/vom"
"v.io/v23/vtrace"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/lib"
- "v.io/x/ref/services/wsprd/namespace"
- "v.io/x/ref/services/wsprd/principal"
- "v.io/x/ref/services/wsprd/rpc/server"
+ "v.io/x/ref/services/wspr/internal/lib"
+ "v.io/x/ref/services/wspr/internal/namespace"
+ "v.io/x/ref/services/wspr/internal/principal"
+ "v.io/x/ref/services/wspr/internal/rpc/server"
)
const (
// pkgPath is the prefix os errors in this package.
- pkgPath = "v.io/x/ref/services/wsprd/app"
+ pkgPath = "v.io/x/ref/services/wspr/internal/app"
)
// Errors
@@ -750,3 +750,14 @@
blessings, _ := clientCall.RemoteBlessings()
return blessings, nil
}
+
+func (c *Controller) SendLogMessage(level lib.LogLevel, msg string) error {
+ c.Lock()
+ defer c.Unlock()
+ id := c.lastGeneratedId
+ c.lastGeneratedId += 2
+ return c.writerCreator(id).Send(lib.ResponseLog, lib.LogMessage{
+ Level: level,
+ Message: msg,
+ })
+}
diff --git a/services/wsprd/app/app.vdl b/services/wspr/internal/app/app.vdl
similarity index 100%
rename from services/wsprd/app/app.vdl
rename to services/wspr/internal/app/app.vdl
diff --git a/services/wsprd/app/app.vdl.go b/services/wspr/internal/app/app.vdl.go
similarity index 93%
rename from services/wsprd/app/app.vdl.go
rename to services/wspr/internal/app/app.vdl.go
index 8573ee7..60dfc1f 100644
--- a/services/wsprd/app/app.vdl.go
+++ b/services/wspr/internal/app/app.vdl.go
@@ -32,7 +32,7 @@
}
func (RpcRequest) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/app.RpcRequest"
+ Name string "v.io/x/ref/services/wspr/internal/app.RpcRequest"
}) {
}
@@ -54,7 +54,7 @@
RpcCallOptionRetryTimeout struct{ Value time.Duration }
// __RpcCallOptionReflect describes the RpcCallOption union type.
__RpcCallOptionReflect struct {
- Name string "v.io/x/ref/services/wsprd/app.RpcCallOption"
+ Name string "v.io/x/ref/services/wspr/internal/app.RpcCallOption"
Type RpcCallOption
Union struct {
AllowedServersPolicy RpcCallOptionAllowedServersPolicy
@@ -79,7 +79,7 @@
}
func (RpcResponse) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/app.RpcResponse"
+ Name string "v.io/x/ref/services/wspr/internal/app.RpcResponse"
}) {
}
diff --git a/services/wsprd/app/app_test.go b/services/wspr/internal/app/app_test.go
similarity index 97%
rename from services/wsprd/app/app_test.go
rename to services/wspr/internal/app/app_test.go
index c6ea428..fbb96fc 100644
--- a/services/wsprd/app/app_test.go
+++ b/services/wspr/internal/app/app_test.go
@@ -24,13 +24,12 @@
"v.io/v23/verror"
"v.io/v23/vom"
"v.io/v23/vtrace"
-
+ vsecurity "v.io/x/ref/lib/security"
"v.io/x/ref/profiles"
- vsecurity "v.io/x/ref/security"
- mounttable "v.io/x/ref/services/mounttable/lib"
- "v.io/x/ref/services/wsprd/lib"
- "v.io/x/ref/services/wsprd/lib/testwriter"
- "v.io/x/ref/services/wsprd/rpc/server"
+ "v.io/x/ref/services/mounttable/mounttablelib"
+ "v.io/x/ref/services/wspr/internal/lib"
+ "v.io/x/ref/services/wspr/internal/lib/testwriter"
+ "v.io/x/ref/services/wspr/internal/rpc/server"
"v.io/x/ref/test"
"v.io/x/ref/test/testutil"
)
@@ -123,7 +122,7 @@
}
func startMountTableServer(ctx *context.T) (rpc.Server, naming.Endpoint, error) {
- mt, err := mounttable.NewMountTableDispatcher("")
+ mt, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
return nil, nil, err
}
diff --git a/services/wsprd/app/controller.vdl b/services/wspr/internal/app/controller.vdl
similarity index 96%
rename from services/wsprd/app/controller.vdl
rename to services/wspr/internal/app/controller.vdl
index 5298f7b..5e7e498 100644
--- a/services/wsprd/app/controller.vdl
+++ b/services/wspr/internal/app/controller.vdl
@@ -8,7 +8,7 @@
"signature"
"v.io/v23/security"
- "v.io/x/ref/services/wsprd/principal"
+ "v.io/x/ref/services/wspr/internal/principal"
)
type Controller interface {
diff --git a/services/wsprd/app/controller.vdl.go b/services/wspr/internal/app/controller.vdl.go
similarity index 98%
rename from services/wsprd/app/controller.vdl.go
rename to services/wspr/internal/app/controller.vdl.go
index ccb8ee0..ffe9ae5 100644
--- a/services/wsprd/app/controller.vdl.go
+++ b/services/wspr/internal/app/controller.vdl.go
@@ -16,7 +16,7 @@
// VDL user imports
"v.io/v23/security"
"v.io/v23/vdlroot/signature"
- "v.io/x/ref/services/wsprd/principal"
+ "v.io/x/ref/services/wspr/internal/principal"
)
// ControllerClientMethods is the client interface
@@ -252,7 +252,7 @@
// descController hides the desc to keep godoc clean.
var descController = rpc.InterfaceDesc{
Name: "Controller",
- PkgPath: "v.io/x/ref/services/wsprd/app",
+ PkgPath: "v.io/x/ref/services/wspr/internal/app",
Methods: []rpc.MethodDesc{
{
Name: "Serve",
diff --git a/services/wsprd/app/messaging.go b/services/wspr/internal/app/messaging.go
similarity index 97%
rename from services/wsprd/app/messaging.go
rename to services/wspr/internal/app/messaging.go
index d42e6fa..ff9c7c4 100644
--- a/services/wsprd/app/messaging.go
+++ b/services/wspr/internal/app/messaging.go
@@ -14,11 +14,11 @@
"v.io/v23/vom"
"v.io/v23/vtrace"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/lib"
+ "v.io/x/ref/services/wspr/internal/lib"
)
const (
- verrorPkgPath = "v.io/x/ref/services/wsprd/app"
+ verrorPkgPath = "v.io/x/ref/services/wspr/internal/app"
)
var (
diff --git a/services/wsprd/app/mock_jsServer_test.go b/services/wspr/internal/app/mock_jsServer_test.go
similarity index 97%
rename from services/wsprd/app/mock_jsServer_test.go
rename to services/wspr/internal/app/mock_jsServer_test.go
index c8ca3f7..febba77 100644
--- a/services/wsprd/app/mock_jsServer_test.go
+++ b/services/wspr/internal/app/mock_jsServer_test.go
@@ -15,9 +15,9 @@
"v.io/v23/vdl"
"v.io/v23/vdlroot/signature"
"v.io/v23/vom"
- "v.io/x/ref/services/wsprd/lib"
- "v.io/x/ref/services/wsprd/principal"
- "v.io/x/ref/services/wsprd/rpc/server"
+ "v.io/x/ref/services/wspr/internal/lib"
+ "v.io/x/ref/services/wspr/internal/principal"
+ "v.io/x/ref/services/wspr/internal/rpc/server"
)
type mockJSServer struct {
@@ -65,6 +65,9 @@
}
m.receivedResponse = vdl.ValueOf(msg)
return nil
+ case lib.ResponseLog:
+ m.flowCount += 2
+ return nil
}
return fmt.Errorf("Unknown message type: %d", responseType)
}
diff --git a/services/wsprd/app/stream.go b/services/wspr/internal/app/stream.go
similarity index 97%
rename from services/wsprd/app/stream.go
rename to services/wspr/internal/app/stream.go
index f526d45..a5c3637 100644
--- a/services/wsprd/app/stream.go
+++ b/services/wspr/internal/app/stream.go
@@ -8,7 +8,7 @@
"fmt"
"v.io/v23/rpc"
- "v.io/x/ref/services/wsprd/lib"
+ "v.io/x/ref/services/wspr/internal/lib"
)
type initConfig struct {
diff --git a/services/wsprd/app/v23_internal_test.go b/services/wspr/internal/app/v23_internal_test.go
similarity index 100%
rename from services/wsprd/app/v23_internal_test.go
rename to services/wspr/internal/app/v23_internal_test.go
diff --git a/services/wsprd/browspr/browspr.go b/services/wspr/internal/browspr/browspr.go
similarity index 98%
rename from services/wsprd/browspr/browspr.go
rename to services/wspr/internal/browspr/browspr.go
index 9ab4206..a8f1f37 100644
--- a/services/wsprd/browspr/browspr.go
+++ b/services/wspr/internal/browspr/browspr.go
@@ -16,8 +16,8 @@
"v.io/v23/vdl"
"v.io/v23/vtrace"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/account"
- "v.io/x/ref/services/wsprd/principal"
+ "v.io/x/ref/services/wspr/internal/account"
+ "v.io/x/ref/services/wspr/internal/principal"
)
// Browspr is an intermediary between our javascript code and the vanadium
diff --git a/services/wspr/internal/browspr/browspr.vdl b/services/wspr/internal/browspr/browspr.vdl
new file mode 100644
index 0000000..f0016ed
--- /dev/null
+++ b/services/wspr/internal/browspr/browspr.vdl
@@ -0,0 +1,46 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package browspr
+
+import (
+ "v.io/x/ref/services/identity"
+ "v.io/x/ref/services/wspr/internal/account"
+)
+
+type StartMessage struct {
+ Identityd string
+ IdentitydBlessingRoot identity.BlessingRootResponse
+ Proxy string
+ NamespaceRoot string
+ LogLevel int32
+ LogModule string
+}
+
+type AssociateAccountMessage struct {
+ Account string
+ Origin string
+ Caveats []account.Caveat
+}
+
+type CreateAccountMessage struct {
+ Token string
+}
+
+type CleanupMessage struct {
+ InstanceId int32
+}
+
+type OriginHasAccountMessage struct {
+ Origin string
+}
+
+type GetAccountsMessage struct{}
+
+type CreateInstanceMessage struct {
+ InstanceId int32
+ Origin string
+ NamespaceRoots []string
+ Proxy string
+}
diff --git a/services/wsprd/browspr/browspr.vdl.go b/services/wspr/internal/browspr/browspr.vdl.go
similarity index 75%
rename from services/wsprd/browspr/browspr.vdl.go
rename to services/wspr/internal/browspr/browspr.vdl.go
index 81f87c9..e4a4600 100644
--- a/services/wsprd/browspr/browspr.vdl.go
+++ b/services/wspr/internal/browspr/browspr.vdl.go
@@ -13,7 +13,7 @@
// VDL user imports
"v.io/x/ref/services/identity"
- "v.io/x/ref/services/wsprd/account"
+ "v.io/x/ref/services/wspr/internal/account"
)
type StartMessage struct {
@@ -26,7 +26,7 @@
}
func (StartMessage) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/browspr.StartMessage"
+ Name string "v.io/x/ref/services/wspr/internal/browspr.StartMessage"
}) {
}
@@ -37,7 +37,7 @@
}
func (AssociateAccountMessage) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/browspr.AssociateAccountMessage"
+ Name string "v.io/x/ref/services/wspr/internal/browspr.AssociateAccountMessage"
}) {
}
@@ -46,7 +46,7 @@
}
func (CreateAccountMessage) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/browspr.CreateAccountMessage"
+ Name string "v.io/x/ref/services/wspr/internal/browspr.CreateAccountMessage"
}) {
}
@@ -55,7 +55,7 @@
}
func (CleanupMessage) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/browspr.CleanupMessage"
+ Name string "v.io/x/ref/services/wspr/internal/browspr.CleanupMessage"
}) {
}
@@ -64,7 +64,7 @@
}
func (OriginHasAccountMessage) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/browspr.OriginHasAccountMessage"
+ Name string "v.io/x/ref/services/wspr/internal/browspr.OriginHasAccountMessage"
}) {
}
@@ -72,7 +72,7 @@
}
func (GetAccountsMessage) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/browspr.GetAccountsMessage"
+ Name string "v.io/x/ref/services/wspr/internal/browspr.GetAccountsMessage"
}) {
}
@@ -84,7 +84,7 @@
}
func (CreateInstanceMessage) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/browspr.CreateInstanceMessage"
+ Name string "v.io/x/ref/services/wspr/internal/browspr.CreateInstanceMessage"
}) {
}
diff --git a/services/wsprd/browspr/browspr_account_test.go b/services/wspr/internal/browspr/browspr_account_test.go
similarity index 100%
rename from services/wsprd/browspr/browspr_account_test.go
rename to services/wspr/internal/browspr/browspr_account_test.go
diff --git a/services/wsprd/browspr/browspr_test.go b/services/wspr/internal/browspr/browspr_test.go
similarity index 97%
rename from services/wsprd/browspr/browspr_test.go
rename to services/wspr/internal/browspr/browspr_test.go
index 0eb0df4..81ab8d0 100644
--- a/services/wsprd/browspr/browspr_test.go
+++ b/services/wspr/internal/browspr/browspr_test.go
@@ -22,16 +22,16 @@
"v.io/v23/vom"
"v.io/x/ref/profiles"
- mounttable "v.io/x/ref/services/mounttable/lib"
- "v.io/x/ref/services/wsprd/app"
- "v.io/x/ref/services/wsprd/lib"
+ "v.io/x/ref/services/mounttable/mounttablelib"
+ "v.io/x/ref/services/wspr/internal/app"
+ "v.io/x/ref/services/wspr/internal/lib"
"v.io/x/ref/test"
)
//go:generate v23 test generate
func startMounttable(ctx *context.T) (rpc.Server, naming.Endpoint, error) {
- mt, err := mounttable.NewMountTableDispatcher("")
+ mt, err := mounttablelib.NewMountTableDispatcher("")
if err != nil {
return nil, nil, err
}
diff --git a/services/wsprd/browspr/file_serializer_nacl.go b/services/wspr/internal/browspr/file_serializer_nacl.go
similarity index 100%
rename from services/wsprd/browspr/file_serializer_nacl.go
rename to services/wspr/internal/browspr/file_serializer_nacl.go
diff --git a/services/wsprd/browspr/pipe.go b/services/wspr/internal/browspr/pipe.go
similarity index 96%
rename from services/wsprd/browspr/pipe.go
rename to services/wspr/internal/browspr/pipe.go
index 1c358f4..138e3ef 100644
--- a/services/wsprd/browspr/pipe.go
+++ b/services/wspr/internal/browspr/pipe.go
@@ -9,8 +9,8 @@
"fmt"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/app"
- "v.io/x/ref/services/wsprd/lib"
+ "v.io/x/ref/services/wspr/internal/app"
+ "v.io/x/ref/services/wspr/internal/lib"
)
// pipe controls the flow of messages for a specific instance (corresponding to a specific tab).
diff --git a/services/wsprd/browspr/v23_internal_test.go b/services/wspr/internal/browspr/v23_internal_test.go
similarity index 100%
rename from services/wsprd/browspr/v23_internal_test.go
rename to services/wspr/internal/browspr/v23_internal_test.go
diff --git a/services/wsprd/browspr/writer.go b/services/wspr/internal/browspr/writer.go
similarity index 89%
rename from services/wsprd/browspr/writer.go
rename to services/wspr/internal/browspr/writer.go
index 259b650..17222f1 100644
--- a/services/wsprd/browspr/writer.go
+++ b/services/wspr/internal/browspr/writer.go
@@ -5,8 +5,8 @@
package browspr
import (
- "v.io/x/ref/services/wsprd/app"
- "v.io/x/ref/services/wsprd/lib"
+ "v.io/x/ref/services/wspr/internal/app"
+ "v.io/x/ref/services/wspr/internal/lib"
)
// postMessageWriter is a lib.ClientWriter that handles sending messages over postMessage to the extension.
diff --git a/services/wsprd/channel/channel.go b/services/wspr/internal/channel/channel.go
similarity index 100%
rename from services/wsprd/channel/channel.go
rename to services/wspr/internal/channel/channel.go
diff --git a/services/wsprd/channel/channel.vdl b/services/wspr/internal/channel/channel.vdl
similarity index 100%
rename from services/wsprd/channel/channel.vdl
rename to services/wspr/internal/channel/channel.vdl
diff --git a/services/wsprd/channel/channel.vdl.go b/services/wspr/internal/channel/channel.vdl.go
similarity index 91%
rename from services/wsprd/channel/channel.vdl.go
rename to services/wspr/internal/channel/channel.vdl.go
index a15b9c1..34c163f 100644
--- a/services/wsprd/channel/channel.vdl.go
+++ b/services/wspr/internal/channel/channel.vdl.go
@@ -19,7 +19,7 @@
}
func (Request) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/channel.Request"
+ Name string "v.io/x/ref/services/wspr/internal/channel.Request"
}) {
}
@@ -30,7 +30,7 @@
}
func (Response) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/channel.Response"
+ Name string "v.io/x/ref/services/wspr/internal/channel.Response"
}) {
}
@@ -52,7 +52,7 @@
MessageResponse struct{ Value Response }
// __MessageReflect describes the Message union type.
__MessageReflect struct {
- Name string "v.io/x/ref/services/wsprd/channel.Message"
+ Name string "v.io/x/ref/services/wspr/internal/channel.Message"
Type Message
Union struct {
Request MessageRequest
diff --git a/services/wsprd/channel/channel_nacl/channel_nacl.go b/services/wspr/internal/channel/channel_nacl/channel_nacl.go
similarity index 94%
rename from services/wsprd/channel/channel_nacl/channel_nacl.go
rename to services/wspr/internal/channel/channel_nacl/channel_nacl.go
index 48aa3b3..347a355 100644
--- a/services/wsprd/channel/channel_nacl/channel_nacl.go
+++ b/services/wspr/internal/channel/channel_nacl/channel_nacl.go
@@ -11,7 +11,7 @@
"v.io/v23/vdl"
"v.io/v23/vom"
- "v.io/x/ref/services/wsprd/channel" // contains most of the logic, factored out for testing
+ "v.io/x/ref/services/wspr/internal/channel" // contains most of the logic, factored out for testing
)
type Channel struct {
diff --git a/services/wsprd/channel/channel_test.go b/services/wspr/internal/channel/channel_test.go
similarity index 98%
rename from services/wsprd/channel/channel_test.go
rename to services/wspr/internal/channel/channel_test.go
index 26d9c03..4513bd1 100644
--- a/services/wsprd/channel/channel_test.go
+++ b/services/wspr/internal/channel/channel_test.go
@@ -10,7 +10,7 @@
"testing"
"v.io/v23/vdl"
- "v.io/x/ref/services/wsprd/channel"
+ "v.io/x/ref/services/wspr/internal/channel"
)
func TestChannelRpcs(t *testing.T) {
diff --git a/services/wsprd/lib/case.go b/services/wspr/internal/lib/case.go
similarity index 100%
rename from services/wsprd/lib/case.go
rename to services/wspr/internal/lib/case.go
diff --git a/services/wsprd/lib/signature_manager.go b/services/wspr/internal/lib/signature_manager.go
similarity index 98%
rename from services/wsprd/lib/signature_manager.go
rename to services/wspr/internal/lib/signature_manager.go
index 22d69b4..41271e8 100644
--- a/services/wsprd/lib/signature_manager.go
+++ b/services/wspr/internal/lib/signature_manager.go
@@ -58,8 +58,6 @@
return time.Now().Sub(c.lastAccessed) > ttl
}
-const pkgPath = "v.io/x/ref/services/wsprd/lib"
-
func (sm *signatureManager) lookupCacheLocked(name string) []signature.Interface {
if entry := sm.cache[name]; entry != nil && !entry.expired() {
entry.lastAccessed = time.Now()
diff --git a/services/wsprd/lib/signature_manager_test.go b/services/wspr/internal/lib/signature_manager_test.go
similarity index 100%
rename from services/wsprd/lib/signature_manager_test.go
rename to services/wspr/internal/lib/signature_manager_test.go
diff --git a/services/wsprd/lib/simple_client.go b/services/wspr/internal/lib/simple_client.go
similarity index 100%
rename from services/wsprd/lib/simple_client.go
rename to services/wspr/internal/lib/simple_client.go
diff --git a/services/wsprd/lib/simple_client_test.go b/services/wspr/internal/lib/simple_client_test.go
similarity index 100%
rename from services/wsprd/lib/simple_client_test.go
rename to services/wspr/internal/lib/simple_client_test.go
diff --git a/services/wsprd/lib/testwriter/writer.go b/services/wspr/internal/lib/testwriter/writer.go
similarity index 98%
rename from services/wsprd/lib/testwriter/writer.go
rename to services/wspr/internal/lib/testwriter/writer.go
index 65dabb9..01c78d4 100644
--- a/services/wsprd/lib/testwriter/writer.go
+++ b/services/wspr/internal/lib/testwriter/writer.go
@@ -13,7 +13,7 @@
"time"
"v.io/v23/verror"
- "v.io/x/ref/services/wsprd/lib"
+ "v.io/x/ref/services/wspr/internal/lib"
)
type TestHarness interface {
diff --git a/services/wsprd/lib/time.go b/services/wspr/internal/lib/time.go
similarity index 100%
rename from services/wsprd/lib/time.go
rename to services/wspr/internal/lib/time.go
diff --git a/services/wsprd/lib/vom.go b/services/wspr/internal/lib/vom.go
similarity index 100%
rename from services/wsprd/lib/vom.go
rename to services/wspr/internal/lib/vom.go
diff --git a/services/wsprd/lib/writer.go b/services/wspr/internal/lib/writer.go
similarity index 92%
rename from services/wsprd/lib/writer.go
rename to services/wspr/internal/lib/writer.go
index f6d60a1..a1ccecc 100644
--- a/services/wsprd/lib/writer.go
+++ b/services/wspr/internal/lib/writer.go
@@ -16,6 +16,7 @@
ResponseAuthRequest = 6
ResponseCancel = 7
ResponseValidate = 8 // Request to validate caveats.
+ ResponseLog = 9 // Sends a message to be logged.
)
type Response struct {
diff --git a/services/wsprd/lib/writer.vdl b/services/wspr/internal/lib/writer.vdl
similarity index 77%
rename from services/wsprd/lib/writer.vdl
rename to services/wspr/internal/lib/writer.vdl
index 7197042..ce94e21 100644
--- a/services/wsprd/lib/writer.vdl
+++ b/services/wspr/internal/lib/writer.vdl
@@ -12,3 +12,13 @@
Err error
TraceResponse vtrace.Response
}
+
+type LogLevel enum {
+ Info
+ Error
+}
+
+type LogMessage struct {
+ Level LogLevel
+ Message string
+}
diff --git a/services/wspr/internal/lib/writer.vdl.go b/services/wspr/internal/lib/writer.vdl.go
new file mode 100644
index 0000000..1930733
--- /dev/null
+++ b/services/wspr/internal/lib/writer.vdl.go
@@ -0,0 +1,92 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file was auto-generated by the vanadium vdl tool.
+// Source: writer.vdl
+
+package lib
+
+import (
+ // VDL system imports
+ "fmt"
+ "v.io/v23/vdl"
+
+ // VDL user imports
+ "v.io/v23/vtrace"
+)
+
+// The response from the javascript server to the proxy.
+type ServerRpcReply struct {
+ Results []*vdl.Value
+ Err error
+ TraceResponse vtrace.Response
+}
+
+func (ServerRpcReply) __VDLReflect(struct {
+ Name string "v.io/x/ref/services/wspr/internal/lib.ServerRpcReply"
+}) {
+}
+
+type LogLevel int
+
+const (
+ LogLevelInfo LogLevel = iota
+ LogLevelError
+)
+
+// LogLevelAll holds all labels for LogLevel.
+var LogLevelAll = [...]LogLevel{LogLevelInfo, LogLevelError}
+
+// LogLevelFromString creates a LogLevel from a string label.
+func LogLevelFromString(label string) (x LogLevel, err error) {
+ err = x.Set(label)
+ return
+}
+
+// Set assigns label to x.
+func (x *LogLevel) Set(label string) error {
+ switch label {
+ case "Info", "info":
+ *x = LogLevelInfo
+ return nil
+ case "Error", "error":
+ *x = LogLevelError
+ return nil
+ }
+ *x = -1
+ return fmt.Errorf("unknown label %q in lib.LogLevel", label)
+}
+
+// String returns the string label of x.
+func (x LogLevel) String() string {
+ switch x {
+ case LogLevelInfo:
+ return "Info"
+ case LogLevelError:
+ return "Error"
+ }
+ return ""
+}
+
+func (LogLevel) __VDLReflect(struct {
+ Name string "v.io/x/ref/services/wspr/internal/lib.LogLevel"
+ Enum struct{ Info, Error string }
+}) {
+}
+
+type LogMessage struct {
+ Level LogLevel
+ Message string
+}
+
+func (LogMessage) __VDLReflect(struct {
+ Name string "v.io/x/ref/services/wspr/internal/lib.LogMessage"
+}) {
+}
+
+func init() {
+ vdl.Register((*ServerRpcReply)(nil))
+ vdl.Register((*LogLevel)(nil))
+ vdl.Register((*LogMessage)(nil))
+}
diff --git a/services/wsprd/namespace/namespace.vdl b/services/wspr/internal/namespace/namespace.vdl
similarity index 91%
rename from services/wsprd/namespace/namespace.vdl
rename to services/wspr/internal/namespace/namespace.vdl
index bfb3849..9e06768 100644
--- a/services/wsprd/namespace/namespace.vdl
+++ b/services/wspr/internal/namespace/namespace.vdl
@@ -36,9 +36,9 @@
// SetRoots sets the current mounttable roots.
SetRoots(roots []string) error
// SetPermissions sets the AccessList in a node in a mount table.
- SetPermissions(name string, acl access.Permissions, etag string) error
+ SetPermissions(name string, acl access.Permissions, version string) error
// GetPermissions returns the AccessList in a node in a mount table.
- GetPermissions(name string) (acl access.Permissions, etag string | error)
+ GetPermissions(name string) (acl access.Permissions, version string | error)
// Delete deletes the name from the mounttable and, if requested, any subtree.
Delete(name string, deleteSubtree bool) error
}
diff --git a/services/wsprd/namespace/namespace.vdl.go b/services/wspr/internal/namespace/namespace.vdl.go
similarity index 97%
rename from services/wsprd/namespace/namespace.vdl.go
rename to services/wspr/internal/namespace/namespace.vdl.go
index 14ac360..cfe0fc8 100644
--- a/services/wsprd/namespace/namespace.vdl.go
+++ b/services/wspr/internal/namespace/namespace.vdl.go
@@ -48,9 +48,9 @@
// SetRoots sets the current mounttable roots.
SetRoots(ctx *context.T, roots []string, opts ...rpc.CallOpt) error
// SetPermissions sets the AccessList in a node in a mount table.
- SetPermissions(ctx *context.T, name string, acl access.Permissions, etag string, opts ...rpc.CallOpt) error
+ SetPermissions(ctx *context.T, name string, acl access.Permissions, version string, opts ...rpc.CallOpt) error
// GetPermissions returns the AccessList in a node in a mount table.
- GetPermissions(ctx *context.T, name string, opts ...rpc.CallOpt) (acl access.Permissions, etag string, err error)
+ GetPermissions(ctx *context.T, name string, opts ...rpc.CallOpt) (acl access.Permissions, version string, err error)
// Delete deletes the name from the mounttable and, if requested, any subtree.
Delete(ctx *context.T, name string, deleteSubtree bool, opts ...rpc.CallOpt) error
}
@@ -269,9 +269,9 @@
// SetRoots sets the current mounttable roots.
SetRoots(call rpc.ServerCall, roots []string) error
// SetPermissions sets the AccessList in a node in a mount table.
- SetPermissions(call rpc.ServerCall, name string, acl access.Permissions, etag string) error
+ SetPermissions(call rpc.ServerCall, name string, acl access.Permissions, version string) error
// GetPermissions returns the AccessList in a node in a mount table.
- GetPermissions(call rpc.ServerCall, name string) (acl access.Permissions, etag string, err error)
+ GetPermissions(call rpc.ServerCall, name string) (acl access.Permissions, version string, err error)
// Delete deletes the name from the mounttable and, if requested, any subtree.
Delete(call rpc.ServerCall, name string, deleteSubtree bool) error
}
@@ -301,9 +301,9 @@
// SetRoots sets the current mounttable roots.
SetRoots(call rpc.ServerCall, roots []string) error
// SetPermissions sets the AccessList in a node in a mount table.
- SetPermissions(call rpc.ServerCall, name string, acl access.Permissions, etag string) error
+ SetPermissions(call rpc.ServerCall, name string, acl access.Permissions, version string) error
// GetPermissions returns the AccessList in a node in a mount table.
- GetPermissions(call rpc.ServerCall, name string) (acl access.Permissions, etag string, err error)
+ GetPermissions(call rpc.ServerCall, name string) (acl access.Permissions, version string, err error)
// Delete deletes the name from the mounttable and, if requested, any subtree.
Delete(call rpc.ServerCall, name string, deleteSubtree bool) error
}
@@ -399,7 +399,7 @@
// descNamespace hides the desc to keep godoc clean.
var descNamespace = rpc.InterfaceDesc{
Name: "Namespace",
- PkgPath: "v.io/x/ref/services/wsprd/namespace",
+ PkgPath: "v.io/x/ref/services/wspr/internal/namespace",
Methods: []rpc.MethodDesc{
{
Name: "Glob",
@@ -481,9 +481,9 @@
Name: "SetPermissions",
Doc: "// SetPermissions sets the AccessList in a node in a mount table.",
InArgs: []rpc.ArgDesc{
- {"name", ``}, // string
- {"acl", ``}, // access.Permissions
- {"etag", ``}, // string
+ {"name", ``}, // string
+ {"acl", ``}, // access.Permissions
+ {"version", ``}, // string
},
},
{
@@ -493,8 +493,8 @@
{"name", ``}, // string
},
OutArgs: []rpc.ArgDesc{
- {"acl", ``}, // access.Permissions
- {"etag", ``}, // string
+ {"acl", ``}, // access.Permissions
+ {"version", ``}, // string
},
},
{
diff --git a/services/wsprd/namespace/request_handler.go b/services/wspr/internal/namespace/request_handler.go
similarity index 95%
rename from services/wsprd/namespace/request_handler.go
rename to services/wspr/internal/namespace/request_handler.go
index ca8c62e..6112c90 100644
--- a/services/wsprd/namespace/request_handler.go
+++ b/services/wspr/internal/namespace/request_handler.go
@@ -98,8 +98,8 @@
return nil
}
-func (s *Server) SetPermissions(call rpc.ServerCall, name string, acl access.Permissions, etag string) error {
- return s.ns.SetPermissions(call.Context(), name, acl, etag)
+func (s *Server) SetPermissions(call rpc.ServerCall, name string, acl access.Permissions, version string) error {
+ return s.ns.SetPermissions(call.Context(), name, acl, version)
}
func (s *Server) GetPermissions(call rpc.ServerCall, name string) (access.Permissions, string, error) {
diff --git a/services/wsprd/principal/blessings.go b/services/wspr/internal/principal/blessings.go
similarity index 100%
rename from services/wsprd/principal/blessings.go
rename to services/wspr/internal/principal/blessings.go
diff --git a/services/wsprd/principal/blessings.vdl b/services/wspr/internal/principal/blessings.vdl
similarity index 100%
rename from services/wsprd/principal/blessings.vdl
rename to services/wspr/internal/principal/blessings.vdl
diff --git a/services/wsprd/principal/blessings.vdl.go b/services/wspr/internal/principal/blessings.vdl.go
similarity index 81%
rename from services/wsprd/principal/blessings.vdl.go
rename to services/wspr/internal/principal/blessings.vdl.go
index 0c09ae3..dc078be 100644
--- a/services/wsprd/principal/blessings.vdl.go
+++ b/services/wspr/internal/principal/blessings.vdl.go
@@ -15,7 +15,7 @@
type BlessingsHandle int32
func (BlessingsHandle) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/principal.BlessingsHandle"
+ Name string "v.io/x/ref/services/wspr/internal/principal.BlessingsHandle"
}) {
}
@@ -25,7 +25,7 @@
}
func (JsBlessings) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/principal.JsBlessings"
+ Name string "v.io/x/ref/services/wspr/internal/principal.JsBlessings"
}) {
}
diff --git a/services/wsprd/principal/js_blessings_store.go b/services/wspr/internal/principal/js_blessings_store.go
similarity index 100%
rename from services/wsprd/principal/js_blessings_store.go
rename to services/wspr/internal/principal/js_blessings_store.go
diff --git a/services/wsprd/principal/js_blessings_store_test.go b/services/wspr/internal/principal/js_blessings_store_test.go
similarity index 100%
rename from services/wsprd/principal/js_blessings_store_test.go
rename to services/wspr/internal/principal/js_blessings_store_test.go
diff --git a/services/wsprd/principal/principal.go b/services/wspr/internal/principal/principal.go
similarity index 98%
rename from services/wsprd/principal/principal.go
rename to services/wspr/internal/principal/principal.go
index 7e74c69..da21e59 100644
--- a/services/wsprd/principal/principal.go
+++ b/services/wspr/internal/principal/principal.go
@@ -38,12 +38,11 @@
"sync"
"time"
- vsecurity "v.io/x/ref/security"
- "v.io/x/ref/security/serialization"
-
"v.io/v23/security"
"v.io/v23/verror"
"v.io/v23/vom"
+ vsecurity "v.io/x/ref/lib/security"
+ "v.io/x/ref/lib/security/serialization"
)
// permissions is a set of a permissions given to an app, containing the account
@@ -70,7 +69,7 @@
Accounts map[string]security.Blessings
}
-const pkgPath = "v.io/x/ref/services/wsprd/principal"
+const pkgPath = "v.io/x/ref/services/wspr/internal/principal"
// Errors.
var (
diff --git a/services/wsprd/principal/principal_test.go b/services/wspr/internal/principal/principal_test.go
similarity index 100%
rename from services/wsprd/principal/principal_test.go
rename to services/wspr/internal/principal/principal_test.go
diff --git a/services/wsprd/principal/util_test.go b/services/wspr/internal/principal/util_test.go
similarity index 100%
rename from services/wsprd/principal/util_test.go
rename to services/wspr/internal/principal/util_test.go
diff --git a/services/wsprd/rpc/server/authorizer.go b/services/wspr/internal/rpc/server/authorizer.go
similarity index 100%
rename from services/wsprd/rpc/server/authorizer.go
rename to services/wspr/internal/rpc/server/authorizer.go
diff --git a/services/wsprd/rpc/server/dispatcher.go b/services/wspr/internal/rpc/server/dispatcher.go
similarity index 98%
rename from services/wsprd/rpc/server/dispatcher.go
rename to services/wspr/internal/rpc/server/dispatcher.go
index 21cec44..82efad2 100644
--- a/services/wsprd/rpc/server/dispatcher.go
+++ b/services/wspr/internal/rpc/server/dispatcher.go
@@ -10,13 +10,12 @@
"fmt"
"sync"
- "v.io/x/ref/services/wsprd/lib"
-
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/vdlroot/signature"
"v.io/v23/verror"
"v.io/x/lib/vlog"
+ "v.io/x/ref/services/wspr/internal/lib"
)
type flowFactory interface {
diff --git a/services/wsprd/rpc/server/dispatcher_test.go b/services/wspr/internal/rpc/server/dispatcher_test.go
similarity index 97%
rename from services/wsprd/rpc/server/dispatcher_test.go
rename to services/wspr/internal/rpc/server/dispatcher_test.go
index f0a8798..b659aab 100644
--- a/services/wsprd/rpc/server/dispatcher_test.go
+++ b/services/wspr/internal/rpc/server/dispatcher_test.go
@@ -14,8 +14,8 @@
"v.io/v23/security"
"v.io/v23/vdl"
"v.io/v23/vdlroot/signature"
- "v.io/x/ref/services/wsprd/lib"
- "v.io/x/ref/services/wsprd/lib/testwriter"
+ "v.io/x/ref/services/wspr/internal/lib"
+ "v.io/x/ref/services/wspr/internal/lib/testwriter"
)
type mockFlowFactory struct {
diff --git a/services/wsprd/rpc/server/invoker.go b/services/wspr/internal/rpc/server/invoker.go
similarity index 97%
rename from services/wsprd/rpc/server/invoker.go
rename to services/wspr/internal/rpc/server/invoker.go
index 93c3144..90e86e9 100644
--- a/services/wsprd/rpc/server/invoker.go
+++ b/services/wspr/internal/rpc/server/invoker.go
@@ -16,7 +16,7 @@
var typedNil []int
-const pkgPath = "v.io/x/ref/services/wsprd/rpc/server"
+const pkgPath = "v.io/x/ref/services/wspr/internal/rpc/server"
// Errors.
var (
diff --git a/services/wsprd/rpc/server/server.go b/services/wspr/internal/rpc/server/server.go
similarity index 93%
rename from services/wsprd/rpc/server/server.go
rename to services/wspr/internal/rpc/server/server.go
index c7b8c80..3a97693 100644
--- a/services/wsprd/rpc/server/server.go
+++ b/services/wspr/internal/rpc/server/server.go
@@ -12,9 +12,6 @@
"sync"
"time"
- "v.io/x/ref/services/wsprd/lib"
- "v.io/x/ref/services/wsprd/principal"
-
"v.io/v23"
"v.io/v23/context"
"v.io/v23/naming"
@@ -26,6 +23,8 @@
"v.io/v23/verror"
"v.io/v23/vtrace"
"v.io/x/lib/vlog"
+ "v.io/x/ref/services/wspr/internal/lib"
+ "v.io/x/ref/services/wspr/internal/principal"
)
type Flow struct {
@@ -63,6 +62,8 @@
FlowHandler
HandleStore
+ SendLogMessage(level lib.LogLevel, msg string) error
+
Context() *context.T
}
@@ -110,6 +111,10 @@
outstandingAuthRequests map[int32]chan error
outstandingValidationRequests map[int32]chan []error
+
+ // statusClose will be closed when the server is shutting down, this will
+ // cause the status poller to exit.
+ statusClose chan struct{}
}
func NewServer(id uint32, listenSpec *rpc.ListenSpec, helper ServerHelper) (*Server, error) {
@@ -506,6 +511,37 @@
}
}
+func (s *Server) readStatus() {
+ // A map of names to the last error message sent.
+ lastErrors := map[string]string{}
+ for {
+ status := s.server.Status()
+ for _, mountStatus := range status.Mounts {
+ var errMsg string
+ if mountStatus.LastMountErr != nil {
+ errMsg = mountStatus.LastMountErr.Error()
+ }
+ mountName := mountStatus.Name
+ if lastMessage, ok := lastErrors[mountName]; !ok || errMsg != lastMessage {
+ if errMsg == "" {
+ s.helper.SendLogMessage(
+ lib.LogLevelInfo, "serve: "+mountName+" successfully mounted ")
+ } else {
+ s.helper.SendLogMessage(
+ lib.LogLevelError, "serve: "+mountName+" failed with: "+errMsg)
+ }
+ }
+ lastErrors[mountName] = errMsg
+ }
+ select {
+ case <-time.After(10 * time.Second):
+ continue
+ case <-s.statusClose:
+ return
+ }
+ }
+}
+
func (s *Server) Serve(name string) error {
s.serverStateLock.Lock()
defer s.serverStateLock.Unlock()
@@ -524,6 +560,8 @@
if err := s.server.ServeDispatcher(name, s.dispatcher); err != nil {
return err
}
+ s.statusClose = make(chan struct{}, 1)
+ go s.readStatus()
return nil
}
@@ -644,6 +682,9 @@
}
s.serverStateLock.Lock()
+ if s.statusClose != nil {
+ close(s.statusClose)
+ }
if s.dispatcher != nil {
s.dispatcher.Cleanup()
}
diff --git a/services/wsprd/rpc/server/server.vdl b/services/wspr/internal/rpc/server/server.vdl
similarity index 94%
rename from services/wsprd/rpc/server/server.vdl
rename to services/wspr/internal/rpc/server/server.vdl
index 6dd891e..043a986 100644
--- a/services/wsprd/rpc/server/server.vdl
+++ b/services/wspr/internal/rpc/server/server.vdl
@@ -5,8 +5,8 @@
package server
import (
- "v.io/x/ref/services/wsprd/principal"
"v.io/v23/security"
+ "v.io/x/ref/services/wspr/internal/principal"
)
type SecurityCall struct {
diff --git a/services/wsprd/rpc/server/server.vdl.go b/services/wspr/internal/rpc/server/server.vdl.go
similarity index 78%
rename from services/wsprd/rpc/server/server.vdl.go
rename to services/wspr/internal/rpc/server/server.vdl.go
index a58943a..21c0041 100644
--- a/services/wsprd/rpc/server/server.vdl.go
+++ b/services/wspr/internal/rpc/server/server.vdl.go
@@ -16,7 +16,7 @@
// VDL user imports
"v.io/v23/security"
- "v.io/x/ref/services/wsprd/principal"
+ "v.io/x/ref/services/wspr/internal/principal"
)
type SecurityCall struct {
@@ -32,7 +32,7 @@
}
func (SecurityCall) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/rpc/server.SecurityCall"
+ Name string "v.io/x/ref/services/wspr/internal/rpc/server.SecurityCall"
}) {
}
@@ -42,7 +42,7 @@
}
func (CaveatValidationRequest) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/rpc/server.CaveatValidationRequest"
+ Name string "v.io/x/ref/services/wspr/internal/rpc/server.CaveatValidationRequest"
}) {
}
@@ -51,7 +51,7 @@
}
func (CaveatValidationResponse) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/rpc/server.CaveatValidationResponse"
+ Name string "v.io/x/ref/services/wspr/internal/rpc/server.CaveatValidationResponse"
}) {
}
@@ -62,8 +62,8 @@
}
var (
- ErrCaveatValidationTimeout = verror.Register("v.io/x/ref/services/wsprd/rpc/server.CaveatValidationTimeout", verror.NoRetry, "{1:}{2:} Caveat validation has timed out")
- ErrInvalidValidationResponseFromJavascript = verror.Register("v.io/x/ref/services/wsprd/rpc/server.InvalidValidationResponseFromJavascript", verror.NoRetry, "{1:}{2:} Invalid validation response from javascript")
+ ErrCaveatValidationTimeout = verror.Register("v.io/x/ref/services/wspr/internal/rpc/server.CaveatValidationTimeout", verror.NoRetry, "{1:}{2:} Caveat validation has timed out")
+ ErrInvalidValidationResponseFromJavascript = verror.Register("v.io/x/ref/services/wspr/internal/rpc/server.InvalidValidationResponseFromJavascript", verror.NoRetry, "{1:}{2:} Invalid validation response from javascript")
)
func init() {
diff --git a/services/wsprd/wspr.go b/services/wspr/wsprd/main.go
similarity index 88%
rename from services/wsprd/wspr.go
rename to services/wspr/wsprd/main.go
index 9e242ee..bd2c1ea 100644
--- a/services/wsprd/wspr.go
+++ b/services/wspr/wsprd/main.go
@@ -14,7 +14,7 @@
"v.io/x/ref/lib/signals"
// TODO(cnicolaou,benj): figure out how to support roaming as a chrome plugin
_ "v.io/x/ref/profiles/roaming"
- "v.io/x/ref/services/wsprd/wspr"
+ "v.io/x/ref/services/wspr/wsprlib"
)
func main() {
@@ -27,7 +27,7 @@
defer shutdown()
listenSpec := v23.GetListenSpec(ctx)
- proxy := wspr.NewWSPR(ctx, *port, &listenSpec, *identd, nil)
+ proxy := wsprlib.NewWSPR(ctx, *port, &listenSpec, *identd, nil)
defer proxy.Shutdown()
addr := proxy.Listen()
diff --git a/services/wsprd/wspr/pipe.go b/services/wspr/wsprlib/pipe.go
similarity index 97%
rename from services/wsprd/wspr/pipe.go
rename to services/wspr/wsprlib/pipe.go
index 1411487..2fa9aaf 100644
--- a/services/wsprd/wspr/pipe.go
+++ b/services/wspr/wsprlib/pipe.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package wspr
+package wsprlib
import (
"encoding/json"
@@ -14,8 +14,8 @@
"v.io/v23"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/app"
- "v.io/x/ref/services/wsprd/lib"
+ "v.io/x/ref/services/wspr/internal/app"
+ "v.io/x/ref/services/wspr/internal/lib"
"github.com/gorilla/websocket"
)
diff --git a/services/wsprd/wspr/writer.go b/services/wspr/wsprlib/writer.go
similarity index 94%
rename from services/wsprd/wspr/writer.go
rename to services/wspr/wsprlib/writer.go
index 956c6bb..ef4be93 100644
--- a/services/wsprd/wspr/writer.go
+++ b/services/wspr/wsprlib/writer.go
@@ -2,18 +2,17 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-package wspr
+package wsprlib
import (
"fmt"
"path/filepath"
"runtime"
- "v.io/x/ref/services/wsprd/lib"
-
"v.io/v23/verror"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/app"
+ "v.io/x/ref/services/wspr/internal/app"
+ "v.io/x/ref/services/wspr/internal/lib"
"github.com/gorilla/websocket"
)
diff --git a/services/wsprd/wspr/wspr.go b/services/wspr/wsprlib/wspr.go
similarity index 97%
rename from services/wsprd/wspr/wspr.go
rename to services/wspr/wsprlib/wspr.go
index 83e59a5..5b87b2b 100644
--- a/services/wsprd/wspr/wspr.go
+++ b/services/wspr/wsprlib/wspr.go
@@ -16,7 +16,7 @@
// "IsStreaming" : true/false
// }
//
-package wspr
+package wsprlib
import (
"bytes"
@@ -34,8 +34,8 @@
"v.io/v23/rpc"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/wsprd/account"
- "v.io/x/ref/services/wsprd/principal"
+ "v.io/x/ref/services/wspr/internal/account"
+ "v.io/x/ref/services/wspr/internal/principal"
)
const (
diff --git a/services/wsprd/browspr/browspr.vdl b/services/wsprd/browspr/browspr.vdl
deleted file mode 100644
index 276bc30..0000000
--- a/services/wsprd/browspr/browspr.vdl
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package browspr
-
-import(
- "v.io/x/ref/services/wsprd/account"
- "v.io/x/ref/services/identity"
-)
-
-type StartMessage struct {
- Identityd string
- IdentitydBlessingRoot identity.BlessingRootResponse
- Proxy string
- NamespaceRoot string
- LogLevel int32
- LogModule string
-}
-
-type AssociateAccountMessage struct {
- Account string
- Origin string
- Caveats []account.Caveat
-}
-
-type CreateAccountMessage struct {
- Token string
-}
-
-type CleanupMessage struct {
- InstanceId int32
-}
-
-type OriginHasAccountMessage struct {
- Origin string
-}
-
-type GetAccountsMessage struct {}
-
-type CreateInstanceMessage struct {
- InstanceId int32
- Origin string
- NamespaceRoots []string
- Proxy string
-}
diff --git a/services/wsprd/lib/writer.vdl.go b/services/wsprd/lib/writer.vdl.go
deleted file mode 100644
index 483ec60..0000000
--- a/services/wsprd/lib/writer.vdl.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This file was auto-generated by the vanadium vdl tool.
-// Source: writer.vdl
-
-package lib
-
-import (
- // VDL system imports
- "v.io/v23/vdl"
-
- // VDL user imports
- "v.io/v23/vtrace"
-)
-
-// The response from the javascript server to the proxy.
-type ServerRpcReply struct {
- Results []*vdl.Value
- Err error
- TraceResponse vtrace.Response
-}
-
-func (ServerRpcReply) __VDLReflect(struct {
- Name string "v.io/x/ref/services/wsprd/lib.ServerRpcReply"
-}) {
-}
-
-func init() {
- vdl.Register((*ServerRpcReply)(nil))
-}
diff --git a/test/modules/modules_test.go b/test/modules/modules_test.go
index 025a4c0..79ca03c 100644
--- a/test/modules/modules_test.go
+++ b/test/modules/modules_test.go
@@ -22,15 +22,14 @@
"v.io/v23"
"v.io/v23/verror"
-
"v.io/x/ref/envvar"
"v.io/x/ref/lib/exec"
- execconsts "v.io/x/ref/lib/exec/consts"
- _ "v.io/x/ref/profiles"
- vsecurity "v.io/x/ref/security"
+ vsecurity "v.io/x/ref/lib/security"
"v.io/x/ref/test"
"v.io/x/ref/test/modules"
"v.io/x/ref/test/testutil"
+
+ _ "v.io/x/ref/profiles"
)
func init() {
@@ -603,7 +602,7 @@
}
for _, want := range childEnv {
- if want == "\""+execconsts.ExecVersionVariable+"=\"" {
+ if want == "\""+exec.ExecVersionVariable+"=\"" {
continue
}
if !find(want, shEnv) {
diff --git a/test/modules/shell.go b/test/modules/shell.go
index d72010e..729c360 100644
--- a/test/modules/shell.go
+++ b/test/modules/shell.go
@@ -158,8 +158,8 @@
"v.io/v23/security"
"v.io/x/ref/envvar"
"v.io/x/ref/lib/exec"
- "v.io/x/ref/security/agent"
- "v.io/x/ref/security/agent/keymgr"
+ "v.io/x/ref/services/agent"
+ "v.io/x/ref/services/agent/keymgr"
"v.io/x/ref/test/expect"
)
diff --git a/test/modules/util.go b/test/modules/util.go
index ca6f5c3..a19e8b9 100644
--- a/test/modules/util.go
+++ b/test/modules/util.go
@@ -13,10 +13,9 @@
"os"
"strings"
- vsecurity "v.io/x/ref/security"
-
"v.io/v23/security"
"v.io/x/lib/vlog"
+ vsecurity "v.io/x/ref/lib/security"
)
func newLogfile(prefix, name string) (*os.File, error) {
diff --git a/test/testutil/security.go b/test/testutil/security.go
index 1cab8b7..a59c5f8 100644
--- a/test/testutil/security.go
+++ b/test/testutil/security.go
@@ -6,13 +6,13 @@
import (
"v.io/v23/security"
- vsecurity "v.io/x/ref/security"
+ vsecurity "v.io/x/ref/lib/security"
)
// NewPrincipal creates a new security.Principal.
//
// It is a convenience wrapper over utility functions available in the
-// v.io/x/ref/security package.
+// v.io/x/ref/lib/security package.
//
// If the set of blessingNames provided is non-empty, it creates self-signed
// blessings for each of those names and marks all of them as the default and
diff --git a/test/v23tests/v23tests.go b/test/v23tests/v23tests.go
index 10a3bf6..9f78de7 100644
--- a/test/v23tests/v23tests.go
+++ b/test/v23tests/v23tests.go
@@ -18,13 +18,11 @@
"testing"
"time"
- "v.io/x/lib/vlog"
-
"v.io/v23"
"v.io/v23/security"
-
+ "v.io/x/lib/vlog"
"v.io/x/ref/envvar"
- "v.io/x/ref/security/agent"
+ "v.io/x/ref/services/agent"
"v.io/x/ref/test"
"v.io/x/ref/test/modules"
"v.io/x/ref/test/testutil"
