Google Git
Sign in
vanadium / release.go.x.ref / d804828988f57b82347ccb4e626cedac26904f83^! / . / test / modules / shell.go
commitd804828988f57b82347ccb4e626cedac26904f83[log] [tgz]
authorArup Mukherjee <arup@google.com>Fri Jun 26 23:18:44 2015 -0700
committerArup Mukherjee <arup@google.com>Fri Jun 26 23:18:47 2015 -0700
tree03036cd3c758b07f0ee442934ab5ce28cd1764a9
parent67506bcd85e4efaa53134a095ee0c7ef5011def7 [diff] [blame]
services/device/mgmt_v23_test: Use "device publish" and check publisher blessings

Use the "device publish" command instead of binary upload, so that
we publish properly-signed binaries. Check that the device manager
issues a publisher blessing to the signed binary when it's running.

In the process, the test is also made more realistic by using three
principals instead of one -- the device manager is claimed by an
administrator role, the binaries are published by a publisher, and
are run by a user. The device manager also has two blessings now,
representing both a claim from the administrator and a manufacturer
blessing (which is faked for now using the claim).

Using the "device publish" command required changing a few things to
the naming convention that the command expects. This included adding
a known profile for darwin-amd64, which until this point had been
running using "unknown" (!)

Change-Id: I88642cc7117a8db42b5700d463d0062b8d7b3663

diff --git a/test/modules/shell.go b/test/modules/shell.go
index cb0b564..0f4106a 100644
--- a/test/modules/shell.go
+++ b/test/modules/shell.go

@@ -323,11 +323,15 @@
 // Since the Shell type is intended for tests, it is not required to provide
 // caveats.  In production scenarios though, one must think long and hard
 // before blessing anothing principal without any caveats.
-func (sh *Shell) NewChildCredentials(extension string, caveats ...security.Caveat) (c *CustomCredentials, err error) {
+func (sh *Shell) NewChildCredentials(extension string, caveats ...security.Caveat) (*CustomCredentials, error) {
 	creds, err := sh.NewCustomCredentials()
 	if creds == nil {
 		return nil, err
 	}
+	return sh.AddToChildCredentials(creds, extension, caveats...)
+}
+
+func (sh *Shell) AddToChildCredentials(creds *CustomCredentials, extension string, caveats ...security.Caveat) (*CustomCredentials, error) {
 	parent := sh.principal
 	child := creds.p
 	if len(caveats) == 0 {
@@ -340,10 +344,16 @@
 	if err != nil {
 		return nil, err
 	}
-	if err := child.BlessingStore().SetDefault(blessings); err != nil {
+
+	union, err := security.UnionOfBlessings(child.BlessingStore().Default(), blessings)
+	if err != nil {
 		return nil, err
 	}
-	if _, err := child.BlessingStore().Set(blessings, security.AllPrincipals); err != nil {
+
+	if err := child.BlessingStore().SetDefault(union); err != nil {
+		return nil, err
+	}
+	if _, err := child.BlessingStore().Set(union, security.AllPrincipals); err != nil {
 		return nil, err
 	}
 	if err := child.AddToRoots(blessings); err != nil {