security: Make agent integration tests actually test something :)
Somewhere between the transition from shell scripts to the v23tests
package and the "context.T" refactoring and the mounttable
authorization, the agent integration tests were rendered mostly useless
- the tests would pass even if agent credentials are not propagated.
This commit addresses that and hopefully makes the tests easier to
follow.
Some specific changes:
- The pingpong test helper binary now actually performs server
authorization using the default authorization policy instead of
allowing any blessing through.
The binary also does not add any security skipping options
(like SkipResolveAuthorization)
Thus, for a client to successfully ping a server, it needs
to present blessings that are delegations from the server.
- The same binary uses a real runtime/context using v23.Init
instead of test.InitForTest
- The tests do not depend on a running mounttable daemon.
- Use the v23tests library correctly: Calling v23tests.Invocation.Expect*
is mostly futile if the Error method is not going to be called after
waiting for the invocation to terminate.
- No need for a helper binary for testing vrun.
Change-Id: I372ded786357d5e5d46591774626971cc462de79
9 files changed
