"veyron/services/mgmt": Prevent credentials sharing in shell tests
This CL modifies the shell tests in veyron/services/mgmt/...,
veyron/tools/debug, and veyron/tools/principal to prevent them from
simultaeneously running multiple processes that share the same
credential directories.
Change-Id: I2a42bd1efdd29a375c5460e4e1830d75ac5a9a00
diff --git a/services/mgmt/application/applicationd/testdata/integration_test.go b/services/mgmt/application/applicationd/testdata/integration_test.go
index aa0f440..2c68229 100644
--- a/services/mgmt/application/applicationd/testdata/integration_test.go
+++ b/services/mgmt/application/applicationd/testdata/integration_test.go
@@ -76,8 +76,10 @@
// Generate credentials.
root := security.NewPrincipal("root")
- credentials := security.NewVeyronCredentials(root, "test-credentials")
- defer os.RemoveAll(credentials)
+ serverCred := security.NewVeyronCredentials(root, "server")
+ defer os.RemoveAll(serverCred)
+ clientCred := security.NewVeyronCredentials(root, "server/client")
+ defer os.RemoveAll(clientCred)
// Start the application repository.
appRepoBin := filepath.Join(binDir, "applicationd")
@@ -91,7 +93,7 @@
"-name=" + appRepoName,
"-store=" + appRepoStore,
"-veyron.tcp.address=127.0.0.1:0",
- "-veyron.credentials=" + credentials,
+ "-veyron.credentials=" + serverCred,
"-veyron.namespace.root=" + mt,
}
serverProcess, err := integration.StartServer(appRepoBin, args)
@@ -118,17 +120,17 @@
if _, err := appEnvelopeFile.Write([]byte(wantEnvelope)); err != nil {
t.Fatalf("Write() failed: %v", err)
}
- putEnvelope(t, binDir, credentials, mt, appRepoName, appRepoSuffix, appEnvelopeFile.Name())
+ putEnvelope(t, binDir, clientCred, mt, appRepoName, appRepoSuffix, appEnvelopeFile.Name())
// Match the application envelope.
- gotEnvelope := matchEnvelope(t, false, binDir, credentials, mt, appRepoName, appRepoSuffix)
+ gotEnvelope := matchEnvelope(t, false, binDir, clientCred, mt, appRepoName, appRepoSuffix)
if gotEnvelope != wantEnvelope {
t.Fatalf("unexpected output: got %v, want %v", gotEnvelope, wantEnvelope)
}
// Remove the application envelope.
- removeEnvelope(t, binDir, credentials, mt, appRepoName, appRepoSuffix)
+ removeEnvelope(t, binDir, clientCred, mt, appRepoName, appRepoSuffix)
// Check that the application envelope no longer exists.
- matchEnvelope(t, true, binDir, credentials, mt, appRepoName, appRepoSuffix)
+ matchEnvelope(t, true, binDir, clientCred, mt, appRepoName, appRepoSuffix)
}
diff --git a/services/mgmt/binary/binaryd/testdata/integration_test.go b/services/mgmt/binary/binaryd/testdata/integration_test.go
index 7bd82f6..b69c2bf 100644
--- a/services/mgmt/binary/binaryd/testdata/integration_test.go
+++ b/services/mgmt/binary/binaryd/testdata/integration_test.go
@@ -150,9 +150,11 @@
defer handle.CloseStdin()
// Generate credentials.
- principal := security.NewPrincipal("root")
- credentials := security.NewVeyronCredentials(principal, "test-credentials")
- defer os.RemoveAll(credentials)
+ rootPrin := security.NewPrincipal("root")
+ serverCred := security.NewVeyronCredentials(rootPrin, "server")
+ defer os.RemoveAll(serverCred)
+ clientCred := security.NewVeyronCredentials(rootPrin, "server/client")
+ defer os.RemoveAll(clientCred)
// Start the build server.
binaryRepoBin := filepath.Join(binDir, "binaryd")
@@ -161,7 +163,7 @@
"-name=" + binaryRepoName,
"-http=127.0.0.1:0",
"-veyron.tcp.address=127.0.0.1:0",
- "-veyron.credentials=" + credentials,
+ "-veyron.credentials=" + serverCred,
"-veyron.namespace.root=" + mt,
}
serverProcess, err := integration.StartServer(binaryRepoBin, args)
@@ -181,7 +183,7 @@
t.Fatalf("Write() failed: %v", err)
}
binSuffix := "test-binary"
- uploadFile(t, binDir, credentials, mt, binaryRepoName, binFile.Name(), binSuffix)
+ uploadFile(t, binDir, clientCred, mt, binaryRepoName, binFile.Name(), binSuffix)
// Upload a compressed version of the binary file.
tarFile := binFile.Name() + ".tar.gz"
@@ -194,13 +196,13 @@
}
defer os.Remove(tarFile)
tarSuffix := "test-compressed-file"
- uploadFile(t, binDir, credentials, mt, binaryRepoName, tarFile, tarSuffix)
+ uploadFile(t, binDir, clientCred, mt, binaryRepoName, tarFile, tarSuffix)
// Download the binary file and check that it matches the
// original one and that it has the right file type.
downloadedBinFile := binFile.Name() + "-downloaded"
defer os.Remove(downloadedBinFile)
- downloadFile(t, false, binDir, credentials, mt, binaryRepoName, downloadedBinFile, binSuffix)
+ downloadFile(t, false, binDir, clientCred, mt, binaryRepoName, downloadedBinFile, binSuffix)
compareFiles(t, binFile.Name(), downloadedBinFile)
checkFileType(t, downloadedBinFile, `{"Type":"application/octet-stream","Encoding":""}`)
@@ -209,13 +211,13 @@
// right file type.
downloadedTarFile := binFile.Name() + "-downloaded.tar.gz"
defer os.Remove(downloadedTarFile)
- downloadFile(t, false, binDir, credentials, mt, binaryRepoName, downloadedTarFile, tarSuffix)
+ downloadFile(t, false, binDir, clientCred, mt, binaryRepoName, downloadedTarFile, tarSuffix)
compareFiles(t, tarFile, downloadedTarFile)
checkFileType(t, downloadedTarFile, `{"Type":"application/x-tar","Encoding":"gzip"}`)
// Fetch the root URL of the HTTP server used by the binary
// repository to serve URLs.
- root := rootURL(t, binDir, credentials, mt, binaryRepoName)
+ root := rootURL(t, binDir, clientCred, mt, binaryRepoName)
// Download the binary file using the HTTP protocol and check
// that it matches the original one.
@@ -233,10 +235,10 @@
compareFiles(t, downloadedTarFile, downloadedTarFileURL)
// Delete the files.
- deleteFile(t, binDir, credentials, mt, binaryRepoName, binSuffix)
- deleteFile(t, binDir, credentials, mt, binaryRepoName, tarSuffix)
+ deleteFile(t, binDir, clientCred, mt, binaryRepoName, binSuffix)
+ deleteFile(t, binDir, clientCred, mt, binaryRepoName, tarSuffix)
// Check the files no longer exist.
- downloadFile(t, true, binDir, credentials, mt, binaryRepoName, downloadedBinFile, binSuffix)
- downloadFile(t, true, binDir, credentials, mt, binaryRepoName, downloadedTarFile, tarSuffix)
+ downloadFile(t, true, binDir, clientCred, mt, binaryRepoName, downloadedBinFile, binSuffix)
+ downloadFile(t, true, binDir, clientCred, mt, binaryRepoName, downloadedTarFile, tarSuffix)
}
diff --git a/services/mgmt/build/buildd/testdata/integration_test.go b/services/mgmt/build/buildd/testdata/integration_test.go
index cbcb948..304f9a0 100644
--- a/services/mgmt/build/buildd/testdata/integration_test.go
+++ b/services/mgmt/build/buildd/testdata/integration_test.go
@@ -69,8 +69,10 @@
// Generate credentials.
root := security.NewPrincipal("root")
- credentials := security.NewVeyronCredentials(root, "test-credentials")
- defer os.RemoveAll(credentials)
+ serverCred := security.NewVeyronCredentials(root, "server")
+ defer os.RemoveAll(serverCred)
+ clientCred := security.NewVeyronCredentials(root, "server/client")
+ defer os.RemoveAll(clientCred)
// Start the build server.
buildServerBin := filepath.Join(binDir, "buildd")
@@ -86,7 +88,7 @@
args := []string{
"-name=" + buildServerName, "-gobin=" + goBin, "-goroot=" + goRoot,
"-veyron.tcp.address=127.0.0.1:0",
- "-veyron.credentials=" + credentials,
+ "-veyron.credentials=" + serverCred,
"-veyron.namespace.root=" + mtName,
}
serverProcess, err := integration.StartServer(buildServerBin, args)
@@ -116,7 +118,7 @@
}
var buildOut bytes.Buffer
buildArgs := []string{
- "-veyron.credentials=" + credentials,
+ "-veyron.credentials=" + clientCred,
"-veyron.namespace.root=" + mtName,
"build", buildServerName, "test",
}
diff --git a/services/mgmt/profile/profiled/testdata/integration_test.go b/services/mgmt/profile/profiled/testdata/integration_test.go
index 673f07b..7f9dc53 100644
--- a/services/mgmt/profile/profiled/testdata/integration_test.go
+++ b/services/mgmt/profile/profiled/testdata/integration_test.go
@@ -97,8 +97,10 @@
// Generate credentials.
root := security.NewPrincipal("root")
- credentials := security.NewVeyronCredentials(root, "test-credentials")
- defer os.RemoveAll(credentials)
+ serverCred := security.NewVeyronCredentials(root, "server")
+ defer os.RemoveAll(serverCred)
+ clientCred := security.NewVeyronCredentials(root, "server/client")
+ defer os.RemoveAll(clientCred)
// Start the profile repository.
profileRepoBin := filepath.Join(binDir, "profiled")
@@ -111,7 +113,7 @@
args := []string{
"-name=" + profileRepoName, "-store=" + profileRepoStore,
"-veyron.tcp.address=127.0.0.1:0",
- "-veyron.credentials=" + credentials,
+ "-veyron.credentials=" + serverCred,
"-veyron.namespace.root=" + mt,
}
serverProcess, err := integration.StartServer(profileRepoBin, args)
@@ -122,34 +124,34 @@
// Create a profile.
const profile = "test-profile"
- putProfile(t, binDir, credentials, mt, profileRepoName, profile)
+ putProfile(t, binDir, clientCred, mt, profileRepoName, profile)
// Retrieve the profile label and check it matches the
// expected label.
- profileLabel := profileCommandOutput(t, false, "label", binDir, credentials, mt, profileRepoName, profile)
+ profileLabel := profileCommandOutput(t, false, "label", binDir, clientCred, mt, profileRepoName, profile)
if got, want := profileLabel, "example"; got != want {
t.Fatalf("unexpected output: got %v, want %v", got, want)
}
// Retrieve the profile description and check it matches the
// expected description.
- profileDesc := profileCommandOutput(t, false, "description", binDir, credentials, mt, profileRepoName, profile)
+ profileDesc := profileCommandOutput(t, false, "description", binDir, clientCred, mt, profileRepoName, profile)
if got, want := profileDesc, "Example profile to test the profile manager implementation."; got != want {
t.Fatalf("unexpected output: got %v, want %v", got, want)
}
// Retrieve the profile specification and check it matches the
// expected specification.
- profileSpec := profileCommandOutput(t, false, "specification", binDir, credentials, mt, profileRepoName, profile)
+ profileSpec := profileCommandOutput(t, false, "specification", binDir, clientCred, mt, profileRepoName, profile)
if got, want := profileSpec, `profile.Specification{Arch:"amd64", Description:"Example profile to test the profile manager implementation.", Format:"ELF", Libraries:map[profile.Library]struct {}{profile.Library{Name:"foo", MajorVersion:"1", MinorVersion:"0"}:struct {}{}}, Label:"example", OS:"linux"}`; got != want {
t.Fatalf("unexpected output: got %v, want %v", got, want)
}
// Remove the profile.
- removeProfile(t, binDir, credentials, mt, profileRepoName, profile)
+ removeProfile(t, binDir, clientCred, mt, profileRepoName, profile)
// Check that the profile no longer exists.
- profileCommandOutput(t, true, "label", binDir, credentials, mt, profileRepoName, profile)
- profileCommandOutput(t, true, "description", binDir, credentials, mt, profileRepoName, profile)
- profileCommandOutput(t, true, "specification", binDir, credentials, mt, profileRepoName, profile)
+ profileCommandOutput(t, true, "label", binDir, clientCred, mt, profileRepoName, profile)
+ profileCommandOutput(t, true, "description", binDir, clientCred, mt, profileRepoName, profile)
+ profileCommandOutput(t, true, "specification", binDir, clientCred, mt, profileRepoName, profile)
}
diff --git a/tools/debug/test.sh b/tools/debug/test.sh
index dc5bdd0..5cfafe4 100755
--- a/tools/debug/test.sh
+++ b/tools/debug/test.sh
@@ -30,9 +30,14 @@
export TMPDIR="${WORKDIR}/tmp"
export VEYRON_CREDENTIALS=$(shell::tmp_dir)
+ # Create specific VeyronCredentials for the debug command forked from the environment's
+ # VeyronCredentials.
+ export DEBUG_CREDENTIALS=$(shell_test::forkcredentials "${VEYRON_CREDENTIALS}" debug)
+
shell_test::setup_server_test || shell_test::fail "setup_server_test failed"
local -r EP="${NAMESPACE_ROOT}"
unset NAMESPACE_ROOT
+ export VEYRON_CREDENTIALS="${DEBUG_CREDENTIALS}"
# Test top level glob.
local -r DBGLOG="${WORKDIR}/debug.log"
diff --git a/tools/principal/test.sh b/tools/principal/test.sh
index 970099e..965e4c9 100755
--- a/tools/principal/test.sh
+++ b/tools/principal/test.sh
@@ -71,8 +71,9 @@
SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
$(${SEND_BLESSINGS_CMD}) || shell_test::fail "line ${LINENO}: ${SEND_BLESSINGS_CMD} failed"
grep "Received blessings: alice/friend/carol/foralice" carol.recvblessings >/dev/null || shell_test::fail "line ${LINENO}: recvblessings did not log any blessings received $(cat carol.recvblessings)"
- # Mucking around with the private key should fail
+ # Mucking around with the public key should fail
"${PRINCIPAL_BIN}" --veyron.credentials=./carol --veyron.tcp.address=127.0.0.1:0 recvblessings >carol.recvblessings&
+ local -r RECV_BLESSINGS_PID="$!"
shell::timed_wait_for "${shell_test_DEFAULT_MESSAGE_TIMEOUT}" carol.recvblessings "bless --remote_key" || shell_test::fail "line ${LINENO}: recvblessings did not print command for sender"
SEND_BLESSINGS_CMD=$(grep "bless --remote_key" carol.recvblessings | sed -e 's|remote_key=|remote_key=BAD|')
SEND_BLESSINGS_CMD="${PRINCIPAL_BIN_DIR}/${SEND_BLESSINGS_CMD}"
@@ -85,6 +86,7 @@
grep "blessings received from unexpected sender" error >/dev/null || shell_test::fail "line ${LINENO}: unexpected sender error not printed"
# Dump carol out, the only blessing that survives should be from the first
# "bless" command. (alice/friend/carol).
+ kill -9 "${RECV_BLESSINGS_PID}"
"${PRINCIPAL_BIN}" --veyron.credentials=./carol dump >carol.dump || shell_test::fail "line ${LINENO}: dump failed"
# Any other commands to be run without VEYRON_CREDENTIALS set.
