TBR: "x/ref": Remove security.CallSide
Update w.r.t CL: https://vanadium-review.googlesource.com/#/c/8524/
MultiPart: 2/3
Change-Id: Ifb894c088d2aa73b30adc373f1136529117beb16
diff --git a/profiles/internal/rpc/full_test.go b/profiles/internal/rpc/full_test.go
index dcbcfa9..bd5f0fe 100644
--- a/profiles/internal/rpc/full_test.go
+++ b/profiles/internal/rpc/full_test.go
@@ -207,7 +207,7 @@
if tp == nil {
return security.Discharge{}, fmt.Errorf("discharger: %v does not represent a third-party caveat", cav)
}
- if err := tp.Dischargeable(call, security.CallSideRemote); err != nil {
+ if err := tp.Dischargeable(call); err != nil {
return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", cav, err)
}
// Add a fakeTimeCaveat to be able to control discharge expiration via 'clock'.
@@ -1969,7 +1969,7 @@
if tp == nil {
return security.Discharge{}, fmt.Errorf("discharger: %v does not represent a third-party caveat", cav)
}
- if err := tp.Dischargeable(call, security.CallSideRemote); err != nil {
+ if err := tp.Dischargeable(call); err != nil {
return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", cav, err)
}
expDur := 10 * time.Millisecond
@@ -2039,7 +2039,7 @@
func init() {
rpc.RegisterUnknownProtocol("wsh", websocket.HybridDial, websocket.HybridListener)
- security.RegisterCaveatValidator(fakeTimeCaveat, func(_ security.Call, _ security.CallSide, t int64) error {
+ security.RegisterCaveatValidator(fakeTimeCaveat, func(_ security.Call, t int64) error {
if now := clock.Now(); now > t {
return fmt.Errorf("fakeTimeCaveat expired: now=%d > then=%d", now, t)
}
diff --git a/profiles/internal/rt/ipc_test.go b/profiles/internal/rt/ipc_test.go
index f613e3d..2fdcdab 100644
--- a/profiles/internal/rt/ipc_test.go
+++ b/profiles/internal/rt/ipc_test.go
@@ -264,7 +264,7 @@
if tp == nil {
return security.Discharge{}, fmt.Errorf("discharger: not a third party caveat (%v)", cav)
}
- if err := tp.Dischargeable(call, security.CallSideRemote); err != nil {
+ if err := tp.Dischargeable(call); err != nil {
return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
}
// If its the first time being called, add an expiry caveat and a MethodCaveat for "EchoBlessings".
diff --git a/services/identity/internal/revocation/revocation_manager.go b/services/identity/internal/revocation/revocation_manager.go
index a3068a8..9cd28e1 100644
--- a/services/identity/internal/revocation/revocation_manager.go
+++ b/services/identity/internal/revocation/revocation_manager.go
@@ -78,7 +78,7 @@
return timestamp
}
-func isRevoked(_ security.Call, _ security.CallSide, key []byte) error {
+func isRevoked(_ security.Call, key []byte) error {
revocationLock.RLock()
if revocationDB == nil {
revocationLock.RUnlock()
diff --git a/services/mgmt/device/impl/app_service.go b/services/mgmt/device/impl/app_service.go
index 5f13379..3a64b89 100644
--- a/services/mgmt/device/impl/app_service.go
+++ b/services/mgmt/device/impl/app_service.go
@@ -725,7 +725,7 @@
}
// TODO(rjkroege): Divide the permission lists into those used by the device manager
// and those used by the application itself.
- dmBlessings, _ := security.BlessingNames(call.Context(), security.CallSideLocal)
+ dmBlessings := security.LocalBlessingNames(call.Context())
if err := setACLsForDebugging(dmBlessings, aclCopy, instanceDir, i.aclstore); err != nil {
return instanceDir, instanceID, err
}
@@ -1346,7 +1346,7 @@
return err
}
if isInstance {
- dmBlessings, _ := security.BlessingNames(call.Context(), security.CallSideLocal)
+ dmBlessings := security.LocalBlessingNames(call.Context())
if err := setACLsForDebugging(dmBlessings, acl, dir, i.aclstore); err != nil {
return err
}
diff --git a/services/security/discharger/discharger.go b/services/security/discharger/discharger.go
index 68a5100..9738c23 100644
--- a/services/security/discharger/discharger.go
+++ b/services/security/discharger/discharger.go
@@ -18,7 +18,7 @@
if tp == nil {
return security.Discharge{}, fmt.Errorf("Caveat %v does not represent a third party caveat", caveat)
}
- if err := tp.Dischargeable(call, security.CallSideRemote); err != nil {
+ if err := tp.Dischargeable(call); err != nil {
return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
}
expiry, err := security.ExpiryCaveat(time.Now().Add(15 * time.Minute))
diff --git a/services/wsprd/rpc/server/server.go b/services/wsprd/rpc/server/server.go
index 43e390b..01f7df4 100644
--- a/services/wsprd/rpc/server/server.go
+++ b/services/wsprd/rpc/server/server.go
@@ -331,14 +331,11 @@
// wsprCaveatValidator validates caveats in javascript.
// It resolves each []security.Caveat in cavs to an error (or nil) and collects them in a slice.
-// TODO(ataly, ashankar, bprosnitz): Update this method so tha it also conveys the CallSide to
-// JavaScript.
-func (s *Server) validateCavsInJavascript(call security.Call, callSide security.CallSide, cavs [][]security.Caveat) []error {
+func (s *Server) validateCavsInJavascript(call security.Call, cavs [][]security.Caveat) []error {
flow := s.helper.CreateNewFlow(s, nil)
req := CaveatValidationRequest{
- Call: s.convertSecurityCall(call, false),
- CallSide: callSide,
- Cavs: cavs,
+ Call: s.convertSecurityCall(call, false),
+ Cavs: cavs,
}
replyChan := make(chan []error, 1)
@@ -380,7 +377,7 @@
// wsprCaveatValidator validates caveats for javascript.
// Certain caveats (PublicKeyThirdPartyCaveatX) are intercepted and handled in go.
// This call validateCavsInJavascript to process the remaining caveats in javascript.
-func (s *Server) wsprCaveatValidator(call security.Call, callSide security.CallSide, cavs [][]security.Caveat) []error {
+func (s *Server) wsprCaveatValidator(call security.Call, cavs [][]security.Caveat) []error {
type validationStatus struct {
err error
isSet bool
@@ -394,7 +391,7 @@
for _, cav := range chainCavs {
switch cav.Id {
case security.PublicKeyThirdPartyCaveatX.Id:
- res := cav.Validate(call, callSide)
+ res := cav.Validate(call)
if res != nil {
valStatus[i] = validationStatus{
err: res,
@@ -416,7 +413,7 @@
}
}
- jsRes := s.validateCavsInJavascript(call, callSide, caveatChainsToValidate)
+ jsRes := s.validateCavsInJavascript(call, caveatChainsToValidate)
outResults := make([]error, len(cavs))
jsIndex := 0
diff --git a/services/wsprd/rpc/server/server.vdl b/services/wsprd/rpc/server/server.vdl
index 507dfdf..3872b16 100644
--- a/services/wsprd/rpc/server/server.vdl
+++ b/services/wsprd/rpc/server/server.vdl
@@ -19,7 +19,6 @@
type CaveatValidationRequest struct {
Call SecurityCall
- CallSide security.CallSide
Cavs [][]security.Caveat
}
diff --git a/services/wsprd/rpc/server/server.vdl.go b/services/wsprd/rpc/server/server.vdl.go
index b97a125..b1127b2 100644
--- a/services/wsprd/rpc/server/server.vdl.go
+++ b/services/wsprd/rpc/server/server.vdl.go
@@ -33,9 +33,8 @@
}
type CaveatValidationRequest struct {
- Call SecurityCall
- CallSide security.CallSide
- Cavs [][]security.Caveat
+ Call SecurityCall
+ Cavs [][]security.Caveat
}
func (CaveatValidationRequest) __VDLReflect(struct {
