Merge "veyron/runtimes/google/rt: Use the new security model by default."
diff --git a/lib/signals/signals_test.go b/lib/signals/signals_test.go
index bddef80..636bbdb 100644
--- a/lib/signals/signals_test.go
+++ b/lib/signals/signals_test.go
@@ -15,7 +15,6 @@
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/mgmt"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/services/mgmt/appcycle"
@@ -326,7 +325,7 @@
// TestCleanRemoteShutdown verifies that remote shutdown works correctly.
func TestCleanRemoteShutdown(t *testing.T) {
- r := rt.Init(options.ForceNewSecurityModel{})
+ r := rt.Init()
defer r.Cleanup()
sh := modules.NewShell()
diff --git a/runtimes/google/ipc/stream/vif/vif.go b/runtimes/google/ipc/stream/vif/vif.go
index c30a543..4e444f4 100644
--- a/runtimes/google/ipc/stream/vif/vif.go
+++ b/runtimes/google/ipc/stream/vif/vif.go
@@ -177,22 +177,10 @@
return vif, nil
}
-func adjustIPCVersionForOldSecurityModel(in naming.Endpoint, opts []stream.VCOpt) naming.Endpoint {
- out := in
- for _, o := range opts {
- if r, ok := o.(*version.Range); ok {
- out = r.Endpoint(out.Addr().Network(), out.Addr().String(), out.RoutingID())
- vlog.Infof("Adjusted Dialer endpoint from %v to %v for OpenVC message because the old security model is being used", in, out)
- }
- }
- return out
-}
-
// Dial creates a new VC to the provided remote identity, authenticating the VC
// with the provided local identity.
func (vif *VIF) Dial(remoteEP naming.Endpoint, opts ...stream.VCOpt) (stream.VC, error) {
- localEP := adjustIPCVersionForOldSecurityModel(vif.localEP, opts)
- vc, err := vif.newVC(vif.allocVCI(), localEP, remoteEP, true)
+ vc, err := vif.newVC(vif.allocVCI(), vif.localEP, remoteEP, true)
if err != nil {
return nil, err
}
@@ -201,7 +189,7 @@
err = vif.sendOnExpressQ(&message.OpenVC{
VCI: vc.VCI(),
DstEndpoint: remoteEP,
- SrcEndpoint: localEP,
+ SrcEndpoint: vif.localEP,
Counters: counters})
if err != nil {
err = fmt.Errorf("vif.sendOnExpressQ(OpenVC) failed: %v", err)
diff --git a/runtimes/google/ipc/version/version.go b/runtimes/google/ipc/version/version.go
index 33d251f..131e40a 100644
--- a/runtimes/google/ipc/version/version.go
+++ b/runtimes/google/ipc/version/version.go
@@ -14,10 +14,6 @@
Min, Max version.IPCVersion
}
-// TODO(ashankar): Remove when the transition to the new security API is complete.
-func (*Range) IPCClientOpt() {}
-func (*Range) IPCStreamVCOpt() {}
-
var (
// supportedRange represents the range of protocol verions supported by this
// implementation.
diff --git a/runtimes/google/rt/ipc.go b/runtimes/google/rt/ipc.go
index 7b3251c..53ab84f 100644
--- a/runtimes/google/rt/ipc.go
+++ b/runtimes/google/rt/ipc.go
@@ -7,14 +7,12 @@
iipc "veyron.io/veyron/veyron/runtimes/google/ipc"
imanager "veyron.io/veyron/veyron/runtimes/google/ipc/stream/manager"
"veyron.io/veyron/veyron/runtimes/google/ipc/stream/vc"
- iversion "veyron.io/veyron/veyron/runtimes/google/ipc/version"
ivtrace "veyron.io/veyron/veyron/runtimes/google/vtrace"
"veyron.io/veyron/veyron2/context"
"veyron.io/veyron/veyron2/i18n"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/ipc/stream"
- "veyron.io/veyron/veyron2/ipc/version"
"veyron.io/veyron/veyron2/naming"
"veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/security"
@@ -105,9 +103,6 @@
}
// Add the option that provides the local identity to the client.
otherOpts = append(otherOpts, rt.newLocalID(id), vc.LocalPrincipal{rt.principal})
- if !rt.useNewSecurityModelInIPCClients {
- otherOpts = append(otherOpts, &iversion.Range{Min: version.IPCVersion2, Max: version.IPCVersion3})
- }
return iipc.InternalNewClient(sm, ns, otherOpts...)
}
diff --git a/runtimes/google/rt/ipc_test.go b/runtimes/google/rt/ipc_test.go
index 01cbd00..4c6cc6c 100644
--- a/runtimes/google/rt/ipc_test.go
+++ b/runtimes/google/rt/ipc_test.go
@@ -7,7 +7,6 @@
"veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/security"
@@ -25,7 +24,7 @@
}
func newRT() veyron2.Runtime {
- r, err := rt.New(options.ForceNewSecurityModel{})
+ r, err := rt.New()
if err != nil {
panic(err)
}
diff --git a/runtimes/google/rt/mgmt_test.go b/runtimes/google/rt/mgmt_test.go
index 6cc07b5..4b3b757 100644
--- a/runtimes/google/rt/mgmt_test.go
+++ b/runtimes/google/rt/mgmt_test.go
@@ -284,7 +284,7 @@
// refer to the global rt.R() function), but we take care to make sure
// that the "google" runtime we are trying to test in this package is
// the one being used.
- r, _ := rt.New(profileOpt, options.GoogleRuntime, options.ForceNewSecurityModel{})
+ r, _ := rt.New(profileOpt, options.GoogleRuntime)
childcreds := security.NewVeyronCredentials(r.Principal(), appCmd)
configServer, configServiceName, ch := createConfigServer(t, r)
diff --git a/runtimes/google/rt/rt.go b/runtimes/google/rt/rt.go
index 7c8c85a..d106b7f 100644
--- a/runtimes/google/rt/rt.go
+++ b/runtimes/google/rt/rt.go
@@ -43,10 +43,6 @@
nServers int // GUARDED_BY(mu)
cleaningUp bool // GUARDED_BY(mu)
- // TODO(ashankar,ataly): Variables to help with the transition between the
- // old and new security model. Will be removed once the transition is complete.
- useNewSecurityModelInIPCClients bool
-
lang i18n.LangID // Language, from environment variables.
program string // Program name, from os.Args[0].
}
@@ -77,7 +73,7 @@
return nil, fmt.Errorf("%q is the wrong name for this runtime", v)
}
case options.ForceNewSecurityModel:
- rt.useNewSecurityModelInIPCClients = true
+ // noop
default:
return nil, fmt.Errorf("option has wrong type %T", o)
}
diff --git a/runtimes/google/rt/sectransition/sectransition.go b/runtimes/google/rt/sectransition/sectransition.go
deleted file mode 100644
index 54c0677..0000000
--- a/runtimes/google/rt/sectransition/sectransition.go
+++ /dev/null
@@ -1,73 +0,0 @@
-// This package provides a shell test during the security model transition.
-package main
-
-import (
- "flag"
- "fmt"
- "time"
-
- "veyron.io/veyron/veyron/lib/signals"
- "veyron.io/veyron/veyron/profiles"
-
- "veyron.io/veyron/veyron2/ipc"
- "veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/rt"
- "veyron.io/veyron/veyron2/security"
- "veyron.io/veyron/veyron2/vlog"
-)
-
-var runServer = flag.Bool("server", false, "If true, start a server. If false, start a client")
-
-type service struct{}
-
-func (service) Ping(call ipc.ServerCall) (string, error) {
- return fmt.Sprintf("ClientBlessings: %v\nClientPublicID: %v", call.RemoteBlessings(), call.RemoteID()), nil
-}
-
-type authorizer struct{}
-
-func (authorizer) Authorize(security.Context) error { return nil }
-
-func main() {
- r := rt.Init()
- defer r.Cleanup()
-
- if *runServer {
- startServer(r.NewServer())
- } else if len(flag.Args()) != 1 {
- vlog.Fatalf("Expected exactly 1 argument, got %d (%v)", len(flag.Args()), flag.Args())
- } else {
- ctx, _ := r.NewContext().WithDeadline(time.Now().Add(10 * time.Second))
- startClient(r.Client().StartCall(ctx, flag.Arg(0), "Ping", nil))
- }
-}
-
-func startServer(server ipc.Server, err error) {
- if err != nil {
- vlog.Fatal(err)
- }
- defer server.Stop()
-
- ep, err := server.Listen(profiles.LocalListenSpec)
- if err != nil {
- vlog.Fatal(err)
- }
- fmt.Println("SERVER:", naming.JoinAddressName(ep.String(), ""))
- server.Serve("", ipc.LeafDispatcher(service{}, authorizer{}))
- <-signals.ShutdownOnSignals()
-}
-
-func startClient(call ipc.Call, err error) {
- if err != nil {
- vlog.Fatal(err)
- }
- var result string
- var apperr error
- if err = call.Finish(&result, &apperr); err != nil {
- vlog.Fatalf("ipc.Call.Finish error: %v", err)
- }
- if apperr != nil {
- vlog.Fatalf("Application error: %v", apperr)
- }
- fmt.Println(result)
-}
diff --git a/runtimes/google/rt/sectransition/test.sh b/runtimes/google/rt/sectransition/test.sh
deleted file mode 100755
index 242da08..0000000
--- a/runtimes/google/rt/sectransition/test.sh
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/bin/bash
-
-# Test compatibility of clients and servers using a combination of the old
-# and new security models (triggered by environment variables).
-
-. "${VEYRON_ROOT}/scripts/lib/shell_test.sh"
-
-readonly WORKDIR="${shell_test_WORK_DIR}"
-
-build() {
- SECTRANSITION_BIN="$(shell_test::build_go_binary 'veyron.io/veyron/veyron/runtimes/google/rt/sectransition')"
- IDENTITY_BIN="$(shell_test::build_go_binary 'veyron.io/veyron/veyron/tools/identity')"
-}
-
-startserver() {
- # The server has access to both the old and new security model.
- export VEYRON_IDENTITY="${WORKDIR}/old"
- export VEYRON_CREDENTIALS="${WORKDIR}/new"
- shell::run_server "${shell_test_DEFAULT_SERVER_TIMEOUT}" "${SERVERLOG}" /dev/null \
- "${SECTRANSITION_BIN}" --server --logtostderr &> /dev/null \
- || shell_test::fail "line ${LINENO}: failed to start sectransaction"
- shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" "${SERVERLOG}" "SERVER" \
- || shell_test::fail "line ${LINENO}: failed to read expected output from log file"
- local -r EP=$(grep "SERVER: " "${SERVERLOG}" | sed -e 's/SERVER: //') \
- || shell_test::fail "line ${LINENO}: failed to identify the endpoint"
- echo "${EP}"
-}
-
-runclient() {
- "${SECTRANSITION_BIN}" "${EP}" &>"${CLIENTLOG}"
-}
-
-oldmodel() {
- awk '/ClientPublicID:/ {print $2}' "${CLIENTLOG}"
-}
-
-newmodel() {
- awk '/ClientBlessings:/ {print $2}' "${CLIENTLOG}"
-}
-
-main() {
- cd "${WORKDIR}"
- build
-
- # Generate an identity (old security model) that may be used by the client.
- local -r OLD="${WORKDIR}/old"
- "${IDENTITY_BIN}" generate "old" > "${OLD}"
-
- local -r SERVERLOG="${WORKDIR}/server.log"
- local -r CLIENTLOG="${WORKDIR}/client.log"
- local -r EP=$(startserver)
-
- # No environment variables set: PublicIDs from the old model should be exchanged.
- unset VEYRON_IDENTITY
- unset VEYRON_CREDENTIALS
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo " No environment variables: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID not set when neither environment variable is set"
- fi
- if [[ $(newmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should not be set when neither environment variable is set (was $(newmodel))"
- fi
-
-
- # Old model envvar is set: not the new one: PublicIDs from the old model should be exchanged.
- export VEYRON_IDENTITY="${WORKDIR}/old"
- unset VEYRON_CREDENTIALS
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo " VEYRON_IDENTITY: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID not set when only VEYRON_IDENTITY is set"
- fi
- if [[ $(newmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should not be set when only VEYRON_IDENTITY is set (was $(newmodel))"
- fi
-
- # New model envvar is set: Blessings should be exchanged.
- unset VEYRON_IDENTITY
- export VEYRON_CREDENTIALS="${WORKDIR}/new"
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo " VEYRON_CREDENTIALS: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID should not be exchanged when VEYRON_CREDENTIALS is set (was $(oldmodel))"
- fi
- if [[ $(newmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should be exchanged when VEYRON_CREDENTIALS is set (was $(newmodel))"
- fi
-
- # Both environment variables are set: Blessings should be exchanged.
- export VEYRON_IDENTITY="${WORKDIR}/old"
- export VEYRON_CREDENTIALS="${WORKDIR}/new"
- runclient || shell_test::fail "line ${LINENO}: failed to run client"
- echo "VEYRON_IDENTITY & VEYRON_CREDENTIALS: PublicID:$(oldmodel), Blessings:$(newmodel)"
- if [[ $(oldmodel) != "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: PublicID should not be exchanged when VEYRON_CREDENTIALS is set (was $(oldmodel))"
- fi
- if [[ $(newmodel) == "<nil>" ]]; then
- shell_test::fail "line ${LINENO}: Blessings should be exchanged when VEYRON_CREDENTIALS is set (was $(newmodel))"
- fi
-
- shell_test::pass
-}
-
-main "$@"
\ No newline at end of file
diff --git a/runtimes/google/rt/security.go b/runtimes/google/rt/security.go
index 9295625..0863c04a 100644
--- a/runtimes/google/rt/security.go
+++ b/runtimes/google/rt/security.go
@@ -36,9 +36,6 @@
}
func (rt *vrt) initSecurity() error {
- // Use the new security model in ipc.Client only if it was expicitly specified.
- // At a later date, we will switch to using the new model always.
- rt.useNewSecurityModelInIPCClients = rt.useNewSecurityModelInIPCClients || len(os.Getenv(VeyronCredentialsEnvVar)) > 0
if err := rt.initOldSecurity(); err != nil {
return err
}
@@ -86,16 +83,9 @@
if err := rt.initPublicIDStore(); err != nil {
return err
}
- // Initialize the runtime's PublicIDStore with the runtime's PublicID.
- // TODO(ashankar,ataly): What should be the tag for the PublicID? Below we use
- // security.AllPrincipals but this means that the PublicID *always* gets used
- // for any peer. This may not be desirable.
if err := rt.store.Add(rt.id.PublicID(), security.AllPrincipals); err != nil {
return fmt.Errorf("could not initialize a PublicIDStore for the runtime: %s", err)
}
-
- // Always trust our own identity providers.
- // TODO(ataly, ashankar): We should trust the identity providers of all PublicIDs in the store.
trustIdentityProviders(rt.id)
return nil
}
diff --git a/services/identity/revocation/revoker_test.go b/services/identity/revocation/revoker_test.go
index 1cb86fa..ad4ad7e 100644
--- a/services/identity/revocation/revoker_test.go
+++ b/services/identity/revocation/revoker_test.go
@@ -8,7 +8,6 @@
"veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/security"
@@ -19,7 +18,7 @@
func revokerSetup(t *testing.T) (dischargerKey security.PublicKey, dischargerEndpoint string, revoker *RevocationManager, closeFunc func(), runtime veyron2.Runtime) {
var dir = filepath.Join(os.TempDir(), "revoker_test_dir")
- r := rt.Init(options.ForceNewSecurityModel{})
+ r := rt.Init()
revokerService, err := NewRevocationManager(dir)
if err != nil {
t.Fatalf("NewRevocationManager failed: %v", err)
diff --git a/services/mgmt/node/impl/impl_test.go b/services/mgmt/node/impl/impl_test.go
index e520c98..e71690e 100644
--- a/services/mgmt/node/impl/impl_test.go
+++ b/services/mgmt/node/impl/impl_test.go
@@ -29,7 +29,6 @@
"veyron.io/veyron/veyron2"
"veyron.io/veyron/veyron2/ipc"
"veyron.io/veyron/veyron2/naming"
- "veyron.io/veyron/veyron2/options"
"veyron.io/veyron/veyron2/rt"
"veyron.io/veyron/veyron2/security"
"veyron.io/veyron/veyron2/services/mgmt/application"
@@ -71,13 +70,11 @@
}
func initRT() {
- rt.Init(options.ForceNewSecurityModel{})
-
+ rt.Init()
// Disable the cache because we will be manipulating/using the namespace
// across multiple processes and want predictable behaviour without
// relying on timeouts.
rt.R().Namespace().CacheCtl(naming.DisableCache(true))
-
}
// TestHelperProcess is the entrypoint for the modules commands in a
@@ -734,7 +731,7 @@
}
func newRuntime(t *testing.T) veyron2.Runtime {
- runtime, err := rt.New(options.ForceNewSecurityModel{})
+ runtime, err := rt.New()
if err != nil {
t.Fatalf("rt.New() failed: %v", err)
}
diff --git a/services/mounttable/lib/mounttable_test.go b/services/mounttable/lib/mounttable_test.go
index 9989fd5..73a6af0 100644
--- a/services/mounttable/lib/mounttable_test.go
+++ b/services/mounttable/lib/mounttable_test.go
@@ -453,12 +453,12 @@
func init() {
testutil.Init()
// Create the runtime for each of the three "processes"
- rootRT = rt.Init(options.ForceNewSecurityModel{})
+ rootRT = rt.Init()
var err error
- if aliceRT, err = rt.New(options.ForceNewSecurityModel{}); err != nil {
+ if aliceRT, err = rt.New(); err != nil {
panic(err)
}
- if bobRT, err = rt.New(options.ForceNewSecurityModel{}); err != nil {
+ if bobRT, err = rt.New(); err != nil {
panic(err)
}
