services/internal/fs/simplestore.go - release.go.x.ref - Git at Google

 // Copyright 2015 The Vanadium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // Implements a map-based store substitute that implements the legacy store API.
 package fs

 import (
 	"encoding/gob"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"reflect"
 	"sort"
 	"strings"
 	"sync"

 	"v.io/x/ref/services/profile"

 	"v.io/v23/security"
 	"v.io/v23/security/access"
 	"v.io/v23/services/application"
 	"v.io/v23/verror"
 	"v.io/v23/vom"
 )

 // TODO(rjkroege@google.com) Switch Memstore to the mid-August 2014
 // style store API.

 const pkgPath = "v.io/x/ref/services/internal/fs"

 // Errors
 var (
 	ErrNoRecursiveCreateTransaction = verror.Register(pkgPath+".ErrNoRecursiveCreateTransaction", verror.NoRetry, "{1:}{2:} recursive CreateTransaction() not permitted{:_}")
 	ErrDoubleCommit                 = verror.Register(pkgPath+".ErrDoubleCommit", verror.NoRetry, "{1:}{2:} illegal attempt to commit previously committed or abandonned transaction{:_}")
 	ErrAbortWithoutTransaction      = verror.Register(pkgPath+".ErrAbortWithoutTransaction", verror.NoRetry, "{1:}{2:} illegal attempt to abort non-existent transaction{:_}")
 	ErrWithoutTransaction           = verror.Register(pkgPath+".ErrRemoveWithoutTransaction", verror.NoRetry, "{1:}{2:} call without a transaction{:_}")
 	ErrNotInMemStore                = verror.Register(pkgPath+".ErrNotInMemStore", verror.NoRetry, "{1:}{2:} not in Memstore{:_}")
 	ErrUnsupportedType              = verror.Register(pkgPath+".ErrUnsupportedType", verror.NoRetry, "{1:}{2:} attempted Put to Memstore of unsupported type{:_}")
 	ErrChildrenWithoutLock          = verror.Register(pkgPath+".ErrChildrenWithoutLock", verror.NoRetry, "{1:}{2:} Children() without a lock{:_}")

 	errTempFileFailed          = verror.Register(pkgPath+".errTempFileFailed", verror.NoRetry, "{1:}{2:} TempFile({3}, {4}) failed{:_}")
 	errCantOpenOrCreate        = verror.Register(pkgPath+".errCantOpenOrCreate", verror.NoRetry, "{1:}{2:} File ({3}) could neither be opened ({4}) nor created ({5}){:_}")
 	errDecodeFailedFileMissing = verror.Register(pkgPath+".errDecodeFailedFileMissing", verror.NoRetry, "{1:}{2:} Decode() failed, file went missing{:_}")
 	errDecodeFailedBadData     = verror.Register(pkgPath+".errDecodeFailedBadData", verror.NoRetry, "{1:}{2:} Decode() failed: data format mismatch or backing file truncated{:_}")
 	errCreateFailed            = verror.Register(pkgPath+".errCreateFailed", verror.NoRetry, "{1:}{2:} Create({3}) failed{:_}")
 	errEncodeFailed            = verror.Register(pkgPath+".errEncodeFailed", verror.NoRetry, "{1:}{2:} Encode() failed{:_}")
 )

 // Memstore contains the state of the memstore. It supports a single
 // transaction at a time. The current state of a Memstore under a
 // transactional name binding is the contents of puts then the contents
 // of (data - removes). puts and removes will be empty at the beginning
 // of a transaction and after an Unlock operation.
 type Memstore struct {
 	sync.Mutex
 	persistedFile              string
 	haveTransactionNameBinding bool
 	locked                     bool
 	data                       map[string]interface{}
 	puts                       map[string]interface{}
 	removes                    map[string]struct{}
 }

 const (
 	startingMemstoreSize  = 10
 	transactionNamePrefix = "memstore-transaction"
 )

 var keyExists = struct{}{}

 // TODO(ashankar,rjkroege): Once we switch from gob to vom, this hack won't be
 // necessary (will be able to Put/Get application.Envelope without translating
 // to this applicationEnvelope type). But in the mean time, required because
 // security.Blessings is not gob-encodeable (and gob doesn't have the ability
 // to convert between native and wire types like security.Blessings ->
 // security.WireBlessings)
 //
 // This mirrors application.Envelope with the type of "Publsher" changed to
 // security.WireBlessings.
 //
 // See https://vanadium-review.googlesource.com/6300
 type applicationEnvelope struct {
 	Title     string
 	Args      []string
 	Binary    application.SignedFile
 	Publisher security.WireBlessings
 	Env       []string
 	Packages  application.Packages
 }

 func translateToGobEncodeable(in interface{}) interface{} {
 	env, ok := in.(application.Envelope)
 	if !ok {
 		return in
 	}
 	return applicationEnvelope{
 		Title:     env.Title,
 		Args:      env.Args,
 		Binary:    env.Binary,
 		Publisher: security.MarshalBlessings(env.Publisher),
 		Env:       env.Env,
 		Packages:  env.Packages,
 	}
 }

 func translateFromGobEncodeable(in interface{}) (interface{}, error) {
 	env, ok := in.(applicationEnvelope)
 	if !ok {
 		return in, nil
 	}
 	// Have to roundtrip through vom to convert from WireBlessings to Blessings.
 	// This may seem silly, but this whole translation business is silly too :)
 	// and will go away once we switch this package to using 'vom' instead of 'gob'.
 	// So for now, live with the funkiness.
 	bytes, err := vom.Encode(env.Publisher)
 	if err != nil {
 		return nil, err
 	}
 	var publisher security.Blessings
 	if err := vom.Decode(bytes, &publisher); err != nil {
 		return nil, err
 	}
 	return application.Envelope{
 		Title:     env.Title,
 		Args:      env.Args,
 		Binary:    env.Binary,
 		Publisher: publisher,
 		Env:       env.Env,
 		Packages:  env.Packages,
 	}, nil
 }

 // The implementation of set requires gob instead of json.
 func init() {
 	gob.Register(profile.Specification{})
 	gob.Register(applicationEnvelope{})
 	gob.Register(access.Permissions{})
 	// Ensure that no fields have been added to application.Envelope,
 	// because if so, then applicationEnvelope defined in this package
 	// needs to change
 	if n := reflect.TypeOf(application.Envelope{}).NumField(); n != 6 {
 		panic(fmt.Sprintf("It appears that fields have been added to or removed from application.Envelope before the hack in this file around gob-encodeability was removed. Please also update applicationEnvelope, translateToGobEncodeable and translateToGobDecodeable in this file"))
 	}
 }

 // NewMemstore persists the Memstore to os.TempDir() if no file is
 // configured.
 func NewMemstore(configuredPersistentFile string) (*Memstore, error) {
 	data := make(map[string]interface{}, startingMemstoreSize)
 	if configuredPersistentFile == "" {
 		f, err := ioutil.TempFile(os.TempDir(), "memstore-gob")
 		if err != nil {
 			return nil, verror.New(errTempFileFailed, nil, os.TempDir(), "memstore-gob", err)
 		}
 		defer f.Close()
 		configuredPersistentFile = f.Name()
 		return &Memstore{
 			data:          data,
 			persistedFile: configuredPersistentFile,
 		}, nil
 	}

 	file, err := os.Open(configuredPersistentFile)
 	if err != nil {
 		// The file doesn't exist. Attempt to create it instead.
 		file, cerr := os.Create(configuredPersistentFile)
 		if cerr != nil {
 			return nil, verror.New(errCantOpenOrCreate, nil, configuredPersistentFile, err, cerr)
 		}
 		defer file.Close()
 	} else {
 		decoder := gob.NewDecoder(file)
 		if err := decoder.Decode(&data); err != nil {
 			// Two situations. One is not an error.
 			fi, serr := os.Stat(configuredPersistentFile)
 			if serr != nil {
 				// Someone probably deleted the file out from underneath us. Give up.
 				return nil, verror.New(errDecodeFailedFileMissing, nil, serr)
 			}
 			if fi.Size() != 0 {
 				return nil, verror.New(errDecodeFailedBadData, nil, err)
 			}
 			// An empty backing file deserializes to an empty memstore.
 		}
 	}
 	return &Memstore{
 		data:          data,
 		persistedFile: configuredPersistentFile,
 	}, nil
 }

 type MemstoreObject interface {
 	Remove(_ interface{}) error
 	Exists(_ interface{}) (bool, error)
 }

 type boundObject struct {
 	path  string
 	ms    *Memstore
 	Value interface{}
 }

 // BindObject sets the path string for subsequent operations.
 func (ms *Memstore) BindObject(path string) *boundObject {
 	pathParts := strings.SplitN(path, "/", 2)
 	if pathParts[0] == transactionNamePrefix {
 		ms.haveTransactionNameBinding = true
 	} else {
 		ms.haveTransactionNameBinding = false
 	}
 	return &boundObject{path: pathParts[1], ms: ms}
 }

 func (ms *Memstore) removeChildren(path string) bool {
 	deleted := false
 	for k, _ := range ms.data {
 		if strings.HasPrefix(k, path) {
 			deleted = true
 			ms.removes[k] = keyExists
 		}
 	}
 	for k, _ := range ms.puts {
 		if strings.HasPrefix(k, path) {
 			deleted = true
 			delete(ms.puts, k)
 		}
 	}
 	return deleted
 }

 type Transaction interface {
 	CreateTransaction(_ interface{}) (string, error)
 	Commit(_ interface{}) error
 }

 // BindTransactionRoot on a Memstore always operates over the
 // entire Memstore. As a result, the root parameter is ignored.
 func (ms *Memstore) BindTransactionRoot(_ string) Transaction {
 	return ms
 }

 // BindTransaction on a Memstore can only use the single Memstore
 // transaction.
 func (ms *Memstore) BindTransaction(_ string) Transaction {
 	return ms
 }

 func (ms *Memstore) newTransactionState() {
 	ms.puts = make(map[string]interface{}, startingMemstoreSize)
 	ms.removes = make(map[string]struct{}, startingMemstoreSize)
 }

 func (ms *Memstore) clearTransactionState() {
 	ms.puts = nil
 	ms.removes = nil
 }

 // Unlock abandons an in-progress transaction before releasing the lock.
 func (ms *Memstore) Unlock() {
 	ms.locked = false
 	ms.clearTransactionState()
 	ms.Mutex.Unlock()
 }

 // Lock acquires a lock and caches the state of the lock.
 func (ms *Memstore) Lock() {
 	ms.Mutex.Lock()
 	ms.clearTransactionState()
 	ms.locked = true
 }

 // CreateTransaction requires the caller to acquire a lock on the Memstore.
 func (ms *Memstore) CreateTransaction(_ interface{}) (string, error) {
 	if ms.puts != nil || ms.removes != nil {
 		return "", verror.New(ErrNoRecursiveCreateTransaction, nil)
 	}
 	ms.newTransactionState()
 	return transactionNamePrefix, nil
 }

 // Commit updates the store and persists the result.
 func (ms *Memstore) Commit(_ interface{}) error {
 	if !ms.locked || ms.puts == nil || ms.removes == nil {
 		return verror.New(ErrDoubleCommit, nil)
 	}
 	for k, v := range ms.puts {
 		ms.data[k] = v
 	}
 	for k, _ := range ms.removes {
 		delete(ms.data, k)
 	}
 	return ms.persist()
 }

 func (ms *Memstore) Abort(_ interface{}) error {
 	if !ms.locked {
 		return verror.New(ErrAbortWithoutTransaction, nil)
 	}
 	return nil
 }

 func (o *boundObject) Remove(_ interface{}) error {
 	if !o.ms.locked {
 		return verror.New(ErrWithoutTransaction, nil, "Remove()")
 	}

 	if _, pendingRemoval := o.ms.removes[o.path]; pendingRemoval {
 		return verror.New(ErrNotInMemStore, nil, o.path)
 	}

 	_, found := o.ms.data[o.path]
 	if !found && !o.ms.removeChildren(o.path) {
 		return verror.New(ErrNotInMemStore, nil, o.path)
 	}
 	delete(o.ms.puts, o.path)
 	o.ms.removes[o.path] = keyExists
 	return nil
 }

 // transactionExists implements Exists() for bound names that have the
 // transaction prefix.
 func (o *boundObject) transactionExists() bool {
 	// Determine if the bound name point to a real object.
 	_, inBase := o.ms.data[o.path]
 	_, inPuts := o.ms.puts[o.path]
 	_, inRemoves := o.ms.removes[o.path]

 	// not yet committed.
 	if inPuts || (inBase && !inRemoves) {
 		return true
 	}

 	// The bound names might be a prefix of the path for a real object. For
 	// example, BindObject("/test/a"). Put(o) creates a real object o at path
 	/// test/a so the code above will cause BindObject("/test/a").Exists() to
 	// return true. Testing this is however not sufficient because
 	// BindObject(any prefix of on object path).Exists() needs to also be
 	// true. For example, here BindObject("/test").Exists() is true.
 	//
 	// Consequently, transactionExists scans all object names in the Memstore
 	// to determine if any of their names have the bound name as a prefix.
 	// Puts take precedence over removes so we scan it first.

 	for k, _ := range o.ms.puts {
 		if strings.HasPrefix(k, o.path) {
 			return true
 		}
 	}

 	// Then we scan data for matches and verify that at least one of the
 	// object names with the bound prefix have not been removed.

 	for k, _ := range o.ms.data {
 		if _, inRemoves := o.ms.removes[k]; strings.HasPrefix(k, o.path) && !inRemoves {
 			return true
 		}
 	}
 	return false
 }

 func (o *boundObject) Exists(_ interface{}) (bool, error) {
 	if o.ms.haveTransactionNameBinding {
 		return o.transactionExists(), nil
 	} else {
 		_, inBase := o.ms.data[o.path]
 		if inBase {
 			return true, nil
 		}
 		for k, _ := range o.ms.data {
 			if strings.HasPrefix(k, o.path) {
 				return true, nil
 			}
 		}
 	}
 	return false, nil
 }

 // transactionBoundGet implements Get while the bound name has the
 // transaction prefix.
 func (o *boundObject) transactionBoundGet() (*boundObject, error) {
 	bv, inBase := o.ms.data[o.path]
 	_, inRemoves := o.ms.removes[o.path]
 	pv, inPuts := o.ms.puts[o.path]

 	found := inPuts || (inBase && !inRemoves)
 	if !found {
 		return nil, verror.New(ErrNotInMemStore, nil, o.path)
 	}

 	if inPuts {
 		o.Value = pv
 	} else {
 		o.Value = bv
 	}
 	var err error
 	if o.Value, err = translateFromGobEncodeable(o.Value); err != nil {
 		return nil, err
 	}
 	return o, nil
 }

 func (o *boundObject) bareGet() (*boundObject, error) {
 	bv, inBase := o.ms.data[o.path]

 	if !inBase {
 		return nil, verror.New(ErrNotInMemStore, nil, o.path)
 	}

 	var err error
 	if o.Value, err = translateFromGobEncodeable(bv); err != nil {
 		return nil, err
 	}
 	return o, nil
 }

 func (o *boundObject) Get(_ interface{}) (*boundObject, error) {
 	if o.ms.haveTransactionNameBinding {
 		return o.transactionBoundGet()
 	} else {
 		return o.bareGet()
 	}
 }

 func (o *boundObject) Put(_ interface{}, envelope interface{}) (*boundObject, error) {
 	if !o.ms.locked {
 		return nil, verror.New(ErrWithoutTransaction, nil, "Put()")
 	}
 	envelope = translateToGobEncodeable(envelope)
 	switch v := envelope.(type) {
 	case applicationEnvelope, profile.Specification, access.Permissions:
 		o.ms.puts[o.path] = v
 		delete(o.ms.removes, o.path)
 		o.Value = o.path
 		return o, nil
 	default:
 		return o, verror.New(ErrUnsupportedType, nil)
 	}
 }

 func (o *boundObject) Children() ([]string, error) {
 	if !o.ms.locked {
 		return nil, verror.New(ErrChildrenWithoutLock, nil)
 	}
 	found := false
 	set := make(map[string]struct{})
 	for k, _ := range o.ms.data {
 		if strings.HasPrefix(k, o.path) || o.path == "" {
 			name := strings.TrimPrefix(k, o.path)
 			// Found the object itself.
 			if len(name) == 0 {
 				found = true
 				continue
 			}
 			// This was only a prefix match, not what we're looking for.
 			if name[0] != '/' && o.path != "" {
 				continue
 			}
 			found = true
 			name = strings.TrimLeft(name, "/")
 			if idx := strings.Index(name, "/"); idx != -1 {
 				name = name[:idx]
 			}
 			set[name] = keyExists
 		}
 	}
 	if !found {
 		return nil, verror.New(verror.ErrNoExist, nil, o.path)
 	}
 	children := make([]string, len(set))
 	i := 0
 	for k, _ := range set {
 		children[i] = k
 		i++
 	}
 	sort.Strings(children)
 	return children, nil
 }

 // persist() writes the state of the Memstore to persistent storage.
 func (ms *Memstore) persist() error {
 	file, err := os.Create(ms.persistedFile)
 	if err != nil {
 		return verror.New(errCreateFailed, nil, ms.persistedFile, err)
 	}
 	defer file.Close()

 	// TODO(rjkroege): Switch to the vom encoder.
 	enc := gob.NewEncoder(file)
 	err = enc.Encode(ms.data)
 	if err := enc.Encode(ms.data); err != nil {
 		return verror.New(errEncodeFailed, nil, err)
 	}
 	ms.clearTransactionState()
 	return nil
 }
	// Copyright 2015 The Vanadium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// Implements a map-based store substitute that implements the legacy store API.
	package fs

	import (
	"encoding/gob"
	"fmt"
	"io/ioutil"
	"os"
	"reflect"
	"sort"
	"strings"
	"sync"

	"v.io/x/ref/services/profile"

	"v.io/v23/security"
	"v.io/v23/security/access"
	"v.io/v23/services/application"
	"v.io/v23/verror"
	"v.io/v23/vom"
	)

	// TODO(rjkroege@google.com) Switch Memstore to the mid-August 2014
	// style store API.

	const pkgPath = "v.io/x/ref/services/internal/fs"

	// Errors
	var (
	ErrNoRecursiveCreateTransaction = verror.Register(pkgPath+".ErrNoRecursiveCreateTransaction", verror.NoRetry, "{1:}{2:} recursive CreateTransaction() not permitted{:_}")
	ErrDoubleCommit = verror.Register(pkgPath+".ErrDoubleCommit", verror.NoRetry, "{1:}{2:} illegal attempt to commit previously committed or abandonned transaction{:_}")
	ErrAbortWithoutTransaction = verror.Register(pkgPath+".ErrAbortWithoutTransaction", verror.NoRetry, "{1:}{2:} illegal attempt to abort non-existent transaction{:_}")
	ErrWithoutTransaction = verror.Register(pkgPath+".ErrRemoveWithoutTransaction", verror.NoRetry, "{1:}{2:} call without a transaction{:_}")
	ErrNotInMemStore = verror.Register(pkgPath+".ErrNotInMemStore", verror.NoRetry, "{1:}{2:} not in Memstore{:_}")
	ErrUnsupportedType = verror.Register(pkgPath+".ErrUnsupportedType", verror.NoRetry, "{1:}{2:} attempted Put to Memstore of unsupported type{:_}")
	ErrChildrenWithoutLock = verror.Register(pkgPath+".ErrChildrenWithoutLock", verror.NoRetry, "{1:}{2:} Children() without a lock{:_}")

	errTempFileFailed = verror.Register(pkgPath+".errTempFileFailed", verror.NoRetry, "{1:}{2:} TempFile({3}, {4}) failed{:_}")
	errCantOpenOrCreate = verror.Register(pkgPath+".errCantOpenOrCreate", verror.NoRetry, "{1:}{2:} File ({3}) could neither be opened ({4}) nor created ({5}){:_}")
	errDecodeFailedFileMissing = verror.Register(pkgPath+".errDecodeFailedFileMissing", verror.NoRetry, "{1:}{2:} Decode() failed, file went missing{:_}")
	errDecodeFailedBadData = verror.Register(pkgPath+".errDecodeFailedBadData", verror.NoRetry, "{1:}{2:} Decode() failed: data format mismatch or backing file truncated{:_}")
	errCreateFailed = verror.Register(pkgPath+".errCreateFailed", verror.NoRetry, "{1:}{2:} Create({3}) failed{:_}")
	errEncodeFailed = verror.Register(pkgPath+".errEncodeFailed", verror.NoRetry, "{1:}{2:} Encode() failed{:_}")
	)

	// Memstore contains the state of the memstore. It supports a single
	// transaction at a time. The current state of a Memstore under a
	// transactional name binding is the contents of puts then the contents
	// of (data - removes). puts and removes will be empty at the beginning
	// of a transaction and after an Unlock operation.
	type Memstore struct {
	sync.Mutex
	persistedFile string
	haveTransactionNameBinding bool
	locked bool
	data map[string]interface{}
	puts map[string]interface{}
	removes map[string]struct{}
	}

	const (
	startingMemstoreSize = 10
	transactionNamePrefix = "memstore-transaction"
	)

	var keyExists = struct{}{}

	// TODO(ashankar,rjkroege): Once we switch from gob to vom, this hack won't be
	// necessary (will be able to Put/Get application.Envelope without translating
	// to this applicationEnvelope type). But in the mean time, required because
	// security.Blessings is not gob-encodeable (and gob doesn't have the ability
	// to convert between native and wire types like security.Blessings ->
	// security.WireBlessings)
	//
	// This mirrors application.Envelope with the type of "Publsher" changed to
	// security.WireBlessings.
	//
	// See https://vanadium-review.googlesource.com/6300
	type applicationEnvelope struct {
	Title string
	Args []string
	Binary application.SignedFile
	Publisher security.WireBlessings
	Env []string
	Packages application.Packages
	}

	func translateToGobEncodeable(in interface{}) interface{} {
	env, ok := in.(application.Envelope)
	if !ok {
	return in
	}
	return applicationEnvelope{
	Title: env.Title,
	Args: env.Args,
	Binary: env.Binary,
	Publisher: security.MarshalBlessings(env.Publisher),
	Env: env.Env,
	Packages: env.Packages,
	}
	}

	func translateFromGobEncodeable(in interface{}) (interface{}, error) {
	env, ok := in.(applicationEnvelope)
	if !ok {
	return in, nil
	}
	// Have to roundtrip through vom to convert from WireBlessings to Blessings.
	// This may seem silly, but this whole translation business is silly too :)
	// and will go away once we switch this package to using 'vom' instead of 'gob'.
	// So for now, live with the funkiness.
	bytes, err := vom.Encode(env.Publisher)
	if err != nil {
	return nil, err
	}
	var publisher security.Blessings
	if err := vom.Decode(bytes, &publisher); err != nil {
	return nil, err
	}
	return application.Envelope{
	Title: env.Title,
	Args: env.Args,
	Binary: env.Binary,
	Publisher: publisher,
	Env: env.Env,
	Packages: env.Packages,
	}, nil
	}

	// The implementation of set requires gob instead of json.
	func init() {
	gob.Register(profile.Specification{})
	gob.Register(applicationEnvelope{})
	gob.Register(access.Permissions{})
	// Ensure that no fields have been added to application.Envelope,
	// because if so, then applicationEnvelope defined in this package
	// needs to change
	if n := reflect.TypeOf(application.Envelope{}).NumField(); n != 6 {
	panic(fmt.Sprintf("It appears that fields have been added to or removed from application.Envelope before the hack in this file around gob-encodeability was removed. Please also update applicationEnvelope, translateToGobEncodeable and translateToGobDecodeable in this file"))
	}
	}

	// NewMemstore persists the Memstore to os.TempDir() if no file is
	// configured.
	func NewMemstore(configuredPersistentFile string) (*Memstore, error) {
	data := make(map[string]interface{}, startingMemstoreSize)
	if configuredPersistentFile == "" {
	f, err := ioutil.TempFile(os.TempDir(), "memstore-gob")
	if err != nil {
	return nil, verror.New(errTempFileFailed, nil, os.TempDir(), "memstore-gob", err)
	}
	defer f.Close()
	configuredPersistentFile = f.Name()
	return &Memstore{
	data: data,
	persistedFile: configuredPersistentFile,
	}, nil
	}

	file, err := os.Open(configuredPersistentFile)
	if err != nil {
	// The file doesn't exist. Attempt to create it instead.
	file, cerr := os.Create(configuredPersistentFile)
	if cerr != nil {
	return nil, verror.New(errCantOpenOrCreate, nil, configuredPersistentFile, err, cerr)
	}
	defer file.Close()
	} else {
	decoder := gob.NewDecoder(file)
	if err := decoder.Decode(&data); err != nil {
	// Two situations. One is not an error.
	fi, serr := os.Stat(configuredPersistentFile)
	if serr != nil {
	// Someone probably deleted the file out from underneath us. Give up.
	return nil, verror.New(errDecodeFailedFileMissing, nil, serr)
	}
	if fi.Size() != 0 {
	return nil, verror.New(errDecodeFailedBadData, nil, err)
	}
	// An empty backing file deserializes to an empty memstore.
	}
	}
	return &Memstore{
	data: data,
	persistedFile: configuredPersistentFile,
	}, nil
	}

	type MemstoreObject interface {
	Remove(_ interface{}) error
	Exists(_ interface{}) (bool, error)
	}

	type boundObject struct {
	path string
	ms *Memstore
	Value interface{}
	}

	// BindObject sets the path string for subsequent operations.
	func (ms Memstore) BindObject(path string) boundObject {
	pathParts := strings.SplitN(path, "/", 2)
	if pathParts[0] == transactionNamePrefix {
	ms.haveTransactionNameBinding = true
	} else {
	ms.haveTransactionNameBinding = false
	}
	return &boundObject{path: pathParts[1], ms: ms}
	}

	func (ms *Memstore) removeChildren(path string) bool {
	deleted := false
	for k, _ := range ms.data {
	if strings.HasPrefix(k, path) {
	deleted = true
	ms.removes[k] = keyExists
	}
	}
	for k, _ := range ms.puts {
	if strings.HasPrefix(k, path) {
	deleted = true
	delete(ms.puts, k)
	}
	}
	return deleted
	}

	type Transaction interface {
	CreateTransaction(_ interface{}) (string, error)
	Commit(_ interface{}) error
	}

	// BindTransactionRoot on a Memstore always operates over the
	// entire Memstore. As a result, the root parameter is ignored.
	func (ms *Memstore) BindTransactionRoot(_ string) Transaction {
	return ms
	}

	// BindTransaction on a Memstore can only use the single Memstore
	// transaction.
	func (ms *Memstore) BindTransaction(_ string) Transaction {
	return ms
	}

	func (ms *Memstore) newTransactionState() {
	ms.puts = make(map[string]interface{}, startingMemstoreSize)
	ms.removes = make(map[string]struct{}, startingMemstoreSize)
	}

	func (ms *Memstore) clearTransactionState() {
	ms.puts = nil
	ms.removes = nil
	}

	// Unlock abandons an in-progress transaction before releasing the lock.
	func (ms *Memstore) Unlock() {
	ms.locked = false
	ms.clearTransactionState()
	ms.Mutex.Unlock()
	}

	// Lock acquires a lock and caches the state of the lock.
	func (ms *Memstore) Lock() {
	ms.Mutex.Lock()
	ms.clearTransactionState()
	ms.locked = true
	}

	// CreateTransaction requires the caller to acquire a lock on the Memstore.
	func (ms *Memstore) CreateTransaction(_ interface{}) (string, error) {
	if ms.puts != nil \|\| ms.removes != nil {
	return "", verror.New(ErrNoRecursiveCreateTransaction, nil)
	}
	ms.newTransactionState()
	return transactionNamePrefix, nil
	}

	// Commit updates the store and persists the result.
	func (ms *Memstore) Commit(_ interface{}) error {
	if !ms.locked \|\| ms.puts == nil \|\| ms.removes == nil {
	return verror.New(ErrDoubleCommit, nil)
	}
	for k, v := range ms.puts {
	ms.data[k] = v
	}
	for k, _ := range ms.removes {
	delete(ms.data, k)
	}
	return ms.persist()
	}

	func (ms *Memstore) Abort(_ interface{}) error {
	if !ms.locked {
	return verror.New(ErrAbortWithoutTransaction, nil)
	}
	return nil
	}

	func (o *boundObject) Remove(_ interface{}) error {
	if !o.ms.locked {
	return verror.New(ErrWithoutTransaction, nil, "Remove()")
	}

	if _, pendingRemoval := o.ms.removes[o.path]; pendingRemoval {
	return verror.New(ErrNotInMemStore, nil, o.path)
	}

	_, found := o.ms.data[o.path]
	if !found && !o.ms.removeChildren(o.path) {
	return verror.New(ErrNotInMemStore, nil, o.path)
	}
	delete(o.ms.puts, o.path)
	o.ms.removes[o.path] = keyExists
	return nil
	}

	// transactionExists implements Exists() for bound names that have the
	// transaction prefix.
	func (o *boundObject) transactionExists() bool {
	// Determine if the bound name point to a real object.
	_, inBase := o.ms.data[o.path]
	_, inPuts := o.ms.puts[o.path]
	_, inRemoves := o.ms.removes[o.path]

	// not yet committed.
	if inPuts \|\| (inBase && !inRemoves) {
	return true
	}

	// The bound names might be a prefix of the path for a real object. For
	// example, BindObject("/test/a"). Put(o) creates a real object o at path
	/// test/a so the code above will cause BindObject("/test/a").Exists() to
	// return true. Testing this is however not sufficient because
	// BindObject(any prefix of on object path).Exists() needs to also be
	// true. For example, here BindObject("/test").Exists() is true.
	//
	// Consequently, transactionExists scans all object names in the Memstore
	// to determine if any of their names have the bound name as a prefix.
	// Puts take precedence over removes so we scan it first.

	for k, _ := range o.ms.puts {
	if strings.HasPrefix(k, o.path) {
	return true
	}
	}

	// Then we scan data for matches and verify that at least one of the
	// object names with the bound prefix have not been removed.

	for k, _ := range o.ms.data {
	if _, inRemoves := o.ms.removes[k]; strings.HasPrefix(k, o.path) && !inRemoves {
	return true
	}
	}
	return false
	}

	func (o *boundObject) Exists(_ interface{}) (bool, error) {
	if o.ms.haveTransactionNameBinding {
	return o.transactionExists(), nil
	} else {
	_, inBase := o.ms.data[o.path]
	if inBase {
	return true, nil
	}
	for k, _ := range o.ms.data {
	if strings.HasPrefix(k, o.path) {
	return true, nil
	}
	}
	}
	return false, nil
	}

	// transactionBoundGet implements Get while the bound name has the
	// transaction prefix.
	func (o boundObject) transactionBoundGet() (boundObject, error) {
	bv, inBase := o.ms.data[o.path]
	_, inRemoves := o.ms.removes[o.path]
	pv, inPuts := o.ms.puts[o.path]

	found := inPuts \|\| (inBase && !inRemoves)
	if !found {
	return nil, verror.New(ErrNotInMemStore, nil, o.path)
	}

	if inPuts {
	o.Value = pv
	} else {
	o.Value = bv
	}
	var err error
	if o.Value, err = translateFromGobEncodeable(o.Value); err != nil {
	return nil, err
	}
	return o, nil
	}

	func (o boundObject) bareGet() (boundObject, error) {
	bv, inBase := o.ms.data[o.path]

	if !inBase {
	return nil, verror.New(ErrNotInMemStore, nil, o.path)
	}

	var err error
	if o.Value, err = translateFromGobEncodeable(bv); err != nil {
	return nil, err
	}
	return o, nil
	}

	func (o boundObject) Get(_ interface{}) (boundObject, error) {
	if o.ms.haveTransactionNameBinding {
	return o.transactionBoundGet()
	} else {
	return o.bareGet()
	}
	}

	func (o boundObject) Put(_ interface{}, envelope interface{}) (boundObject, error) {
	if !o.ms.locked {
	return nil, verror.New(ErrWithoutTransaction, nil, "Put()")
	}
	envelope = translateToGobEncodeable(envelope)
	switch v := envelope.(type) {
	case applicationEnvelope, profile.Specification, access.Permissions:
	o.ms.puts[o.path] = v
	delete(o.ms.removes, o.path)
	o.Value = o.path
	return o, nil
	default:
	return o, verror.New(ErrUnsupportedType, nil)
	}
	}

	func (o *boundObject) Children() ([]string, error) {
	if !o.ms.locked {
	return nil, verror.New(ErrChildrenWithoutLock, nil)
	}
	found := false
	set := make(map[string]struct{})
	for k, _ := range o.ms.data {
	if strings.HasPrefix(k, o.path) \|\| o.path == "" {
	name := strings.TrimPrefix(k, o.path)
	// Found the object itself.
	if len(name) == 0 {
	found = true
	continue
	}
	// This was only a prefix match, not what we're looking for.
	if name[0] != '/' && o.path != "" {
	continue
	}
	found = true
	name = strings.TrimLeft(name, "/")
	if idx := strings.Index(name, "/"); idx != -1 {
	name = name[:idx]
	}
	set[name] = keyExists
	}
	}
	if !found {
	return nil, verror.New(verror.ErrNoExist, nil, o.path)
	}
	children := make([]string, len(set))
	i := 0
	for k, _ := range set {
	children[i] = k
	i++
	}
	sort.Strings(children)
	return children, nil
	}

	// persist() writes the state of the Memstore to persistent storage.
	func (ms *Memstore) persist() error {
	file, err := os.Create(ms.persistedFile)
	if err != nil {
	return verror.New(errCreateFailed, nil, ms.persistedFile, err)
	}
	defer file.Close()

	// TODO(rjkroege): Switch to the vom encoder.
	enc := gob.NewEncoder(file)
	err = enc.Encode(ms.data)
	if err := enc.Encode(ms.data); err != nil {
	return verror.New(errEncodeFailed, nil, err)
	}
	ms.clearTransactionState()
	return nil
	}