Merge "x/ref: Flatten v23/services/security/{groups,object}"diff --git a/cmd/principal/doc.go b/cmd/principal/doc.go
index fc65e1b..5385f29 100644
--- a/cmd/principal/doc.go
+++ b/cmd/principal/doc.go
@@ -26,7 +26,8 @@
blessself Generate a self-signed blessing
bless Bless another principal
store Manipulate and inspect the principal's blessing store
- addtoroots Add provided blessings to root set
+ addtoroots Add to the set of identity providers recognized by this
+ principal
help Display help for commands or topics
Run "principal help [command]" for command usage.
@@ -378,22 +379,31 @@
Principal Addtoroots
-Adds the provided blessings to the set of trusted roots for this principal.
+Adds an identity provider to the set of recognized roots public keys for this
+principal.
-'addtoroots b' adds blessings b to the trusted root set.
+It accepts either a single argument (which points to a file containing a
+blessing) or two arguments (a name and a base64-encoded DER-encoded public key).
-For example, to make the principal in credentials directory A trust the root of
-the default blessing in credentials directory B:
+For example, to make the principal in credentials directory A recognize the root
+of the default blessing in credentials directory B:
principal -veyron.credentials=B bless A some_extension |
principal -veyron.credentials=A addtoroots -
-
The extension 'some_extension' has no effect in the command above.
-Usage:
- principal addtoroots <file>
+Or to make the principal in credentials director A recognize the base64-encoded
+public key KEY for blessing patterns P:
+ principal -veyron.credentials=A addtoroots KEY P
-<file> is the path to a file containing a blessing typically obtained from this
-tool. - is used for STDIN.
+Usage:
+ principal addtoroots <key|blessing> [<blessing pattern>]
+
+<blessing> is the path to a file containing a blessing typically obtained from
+this tool. - is used for STDIN.
+
+<key> is a base64-encoded, DER-encoded public key.
+
+<blessing pattern> is the blessing pattern for which <key> should be recognized.
Principal Help
diff --git a/cmd/principal/main.go b/cmd/principal/main.go
index 0a79e3b..8cf43f4 100644
--- a/cmd/principal/main.go
+++ b/cmd/principal/main.go
@@ -365,41 +365,60 @@
cmdAddToRoots = &cmdline.Command{
Name: "addtoroots",
- Short: "Add provided blessings to root set",
+ Short: "Add to the set of identity providers recognized by this principal",
Long: `
-Adds the provided blessings to the set of trusted roots for this principal.
+Adds an identity provider to the set of recognized roots public keys for this principal.
-'addtoroots b' adds blessings b to the trusted root set.
+It accepts either a single argument (which points to a file containing a blessing)
+or two arguments (a name and a base64-encoded DER-encoded public key).
-For example, to make the principal in credentials directory A trust the
+For example, to make the principal in credentials directory A recognize the
root of the default blessing in credentials directory B:
principal -veyron.credentials=B bless A some_extension |
principal -veyron.credentials=A addtoroots -
-
The extension 'some_extension' has no effect in the command above.
+
+Or to make the principal in credentials director A recognize the base64-encoded
+public key KEY for blessing patterns P:
+ principal -veyron.credentials=A addtoroots KEY P
`,
- ArgsName: "<file>",
+ ArgsName: "<key|blessing> [<blessing pattern>]",
ArgsLong: `
-<file> is the path to a file containing a blessing typically obtained
-from this tool. - is used for STDIN.
+<blessing> is the path to a file containing a blessing typically obtained from
+this tool. - is used for STDIN.
+
+<key> is a base64-encoded, DER-encoded public key.
+
+<blessing pattern> is the blessing pattern for which <key> should be recognized.
`,
Run: func(cmd *cmdline.Command, args []string) error {
- if len(args) != 1 {
- return fmt.Errorf("requires exactly one argument <file>, provided %d", len(args))
+ if len(args) != 1 && len(args) != 2 {
+ return fmt.Errorf("requires either one argument <file>, or two arguments <key> <blessing pattern>, provided %d", len(args))
}
- blessings, err := decodeBlessings(args[0])
- if err != nil {
- return fmt.Errorf("failed to decode provided blessings: %v", err)
- }
-
ctx, shutdown := v23.Init()
defer shutdown()
p := v23.GetPrincipal(ctx)
- if err := p.AddToRoots(blessings); err != nil {
- return fmt.Errorf("AddToRoots failed: %v", err)
+ if len(args) == 1 {
+ blessings, err := decodeBlessings(args[0])
+ if err != nil {
+ return fmt.Errorf("failed to decode provided blessings: %v", err)
+ }
+ if err := p.AddToRoots(blessings); err != nil {
+ return fmt.Errorf("AddToRoots failed: %v", err)
+ }
+ return nil
}
- return nil
+ // len(args) == 2
+ der, err := base64.URLEncoding.DecodeString(args[0])
+ if err != nil {
+ return fmt.Errorf("invalid base64 encoding of public key: %v", err)
+ }
+ key, err := security.UnmarshalPublicKey(der)
+ if err != nil {
+ return fmt.Errorf("invalid DER encoding of public key: %v", err)
+ }
+ return p.Roots().Add(key, security.BlessingPattern(args[1]))
},
}
diff --git a/cmd/principal/principal_v23_test.go b/cmd/principal/principal_v23_test.go
index 5f4b522..ac7ff5d 100644
--- a/cmd/principal/principal_v23_test.go
+++ b/cmd/principal/principal_v23_test.go
@@ -475,7 +475,7 @@
}
}
-func V23TestAddToRoots(t *v23tests.T) {
+func V23TestAddBlessingsToRoots(t *v23tests.T) {
var (
bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
aliceDir = t.NewTempDir()
@@ -519,6 +519,32 @@
}
}
+func V23TestAddKeyToRoots(t *v23tests.T) {
+ var (
+ bin = t.BuildGoPkg("v.io/x/ref/cmd/principal")
+ aliceDir = t.NewTempDir()
+ )
+ bin.Start("create", aliceDir, "alice").WaitOrDie(os.Stdout, os.Stderr)
+ // The second argument and the "want" line below were generated by:
+ // import "encoding/base64"
+ // import "v.io/x/ref/security"
+ //
+ // key, _, _ := security.NewPrincipalKey()
+ // der, _ := key.MarshalBinary()
+ // b64 := base64.URLEncoding.EncodeToString(der) // argument to addtoroots
+ // str := fmt.Sprintf("%v", key) // for the "want" line
+ bin.Start("--veyron.credentials="+aliceDir, "addtoroots", "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9iRjaFDoGJI9tarUwWqIW31ti72krThkYByn1v9Lf89D9VA0Mg2oUL7FDDM7qxjZcVM1ktM_W4tBfMVuRZmVCA==", "some_other_provider").WaitOrDie(os.Stdout, os.Stderr)
+ // "foo" should appear in the set of BlessingRoots
+ output := bin.Start("--veyron.credentials="+aliceDir, "dump").Output()
+ want := fmt.Sprintf("41:26:f6:aa:54:f9:31:d4:9d:1f:d2:69:c6:c5:50:70 : [some_other_provider]")
+ for _, line := range strings.Split(output, "\n") {
+ if line == want {
+ return
+ }
+ }
+ t.Errorf("Could not find line:\n%v\nin output:\n%v\n", want, output)
+}
+
func credEnv(dir string) string {
return fmt.Sprintf("%s=%s", envvar.Credentials, dir)
}
diff --git a/cmd/principal/v23_test.go b/cmd/principal/v23_test.go
index b2a9bb3..c0d9525 100644
--- a/cmd/principal/v23_test.go
+++ b/cmd/principal/v23_test.go
@@ -60,6 +60,10 @@
v23tests.RunTest(t, V23TestBless)
}
-func TestV23AddToRoots(t *testing.T) {
- v23tests.RunTest(t, V23TestAddToRoots)
+func TestV23AddBlessingsToRoots(t *testing.T) {
+ v23tests.RunTest(t, V23TestAddBlessingsToRoots)
+}
+
+func TestV23AddKeyToRoots(t *testing.T) {
+ v23tests.RunTest(t, V23TestAddKeyToRoots)
}
diff --git a/lib/flags/flags.go b/lib/flags/flags.go
index 083bb64..bb4d1f9 100644
--- a/lib/flags/flags.go
+++ b/lib/flags/flags.go
@@ -11,10 +11,17 @@
"strings"
"sync"
+ "v.io/v23/verror"
"v.io/x/ref/envvar"
"v.io/x/ref/lib/flags/buildinfo"
)
+const pkgPath = "v.io/x/ref/lib/flags"
+
+var (
+ errNotNameColonFile = verror.Register(pkgPath+".errNotNameColonFile", verror.NoRetry, "{1:}{2:} {3} is not in 'name:file' format{:_}")
+)
+
// FlagGroup is the type for identifying groups of related flags.
type FlagGroup int
@@ -104,7 +111,7 @@
}
parts := strings.SplitN(v, ":", 2)
if len(parts) != 2 {
- return fmt.Errorf("%q is not in 'name:file' format", v)
+ return verror.New(errNotNameColonFile, nil, v)
}
name, file := parts[0], parts[1]
aclf.files[name] = file
diff --git a/lib/flags/listen.go b/lib/flags/listen.go
index 572944f..da8bb90 100644
--- a/lib/flags/listen.go
+++ b/lib/flags/listen.go
@@ -5,9 +5,17 @@
package flags
import (
- "fmt"
"net"
"strconv"
+
+ "v.io/v23/verror"
+)
+
+var (
+ errNotTCP = verror.Register(pkgPath+".errNotTCP", verror.NoRetry, "{1:}{2:} {3} is not a tcp protocol{:_}")
+ errCantParsePort = verror.Register(pkgPath+".errCantParsePort", verror.NoRetry, "{1:}{2:} failed to parse port number from {3}{:_}")
+ errNeedIPOrHostName = verror.Register(pkgPath+".errNeedIPOrHostName", verror.NoRetry, "{1:}{2:} {3} is neither an IP address nor a host name{:_}")
+ errBadIP = verror.Register(pkgPath+".errBadIP", verror.NoRetry, "{1:}{2:} failed to parse {3} as an IP address{:_}")
)
// TCPProtocolFlag implements flag.Value to provide validation of the command
@@ -29,7 +37,7 @@
t.Protocol = s
return nil
default:
- return fmt.Errorf("%q is not a tcp protocol", s)
+ return verror.New(errNotTCP, nil, s)
}
}
@@ -71,7 +79,7 @@
} else {
// have a port in s.
if _, err := strconv.ParseUint(port, 10, 16); err != nil {
- return fmt.Errorf("failed to parse port number from %s", s)
+ return verror.New(errCantParsePort, nil, s)
}
ip.Port = port
}
@@ -81,7 +89,7 @@
// Could be a hostname.
addrs, err := net.LookupIP(host)
if err != nil {
- return fmt.Errorf("%s is neither an IP address nor a host name:%s", host, err)
+ return verror.New(errNeedIPOrHostName, nil, host, err)
}
for _, a := range addrs {
ip.IP = append(ip.IP, &net.IPAddr{IP: a})
@@ -121,7 +129,7 @@
func (ip *IPFlag) Set(s string) error {
t := net.ParseIP(s)
if t == nil {
- return fmt.Errorf("failed to parse %s as an IP address", s)
+ return verror.New(errBadIP, nil, s)
}
ip.IP = t
return nil
diff --git a/lib/flags/listen_test.go b/lib/flags/listen_test.go
index 4563420..e5c23c8 100644
--- a/lib/flags/listen_test.go
+++ b/lib/flags/listen_test.go
@@ -21,7 +21,7 @@
if got, want := ip.IP, net.ParseIP("172.16.1.22"); !got.Equal(want) {
t.Errorf("got %s, expected %s", got, want)
}
- if err := ip.Set("172.16"); err == nil || err.Error() != "failed to parse 172.16 as an IP address" {
+ if err := ip.Set("172.16"); err == nil || !strings.Contains(err.Error(), "failed to parse 172.16 as an IP address") {
t.Errorf("expected error %v", err)
}
}
diff --git a/lib/stats/glob.go b/lib/stats/glob.go
index 51b9a83..bcb2997 100644
--- a/lib/stats/glob.go
+++ b/lib/stats/glob.go
@@ -9,6 +9,7 @@
"sort"
"time"
+ "v.io/v23/verror"
"v.io/x/ref/lib/glob"
)
@@ -31,7 +32,7 @@
defer lock.RUnlock()
node := findNodeLocked(root, false)
if node == nil {
- return &GlobIterator{err: ErrNotFound}
+ return &GlobIterator{err: verror.New(verror.ErrNoExist, nil, root)}
}
var out []KeyValue
globStepLocked("", g, node, updatedSince, includeValues, &out)
diff --git a/lib/stats/histogram/histogram.go b/lib/stats/histogram/histogram.go
index 246a3aa..4277d6f 100644
--- a/lib/stats/histogram/histogram.go
+++ b/lib/stats/histogram/histogram.go
@@ -7,13 +7,19 @@
package histogram
import (
- "fmt"
"time"
+ "v.io/v23/verror"
"v.io/x/ref/lib/stats/counter"
"v.io/x/ref/services/mgmt/stats"
)
+const pkgPath = "v.io/x/ref/lib/stats/histogram"
+
+var (
+ errNoBucketForValue = verror.Register(pkgPath+".errNoBucketForValue", verror.NoRetry, "{1:}{2:} no bucket for value{:_}")
+)
+
// A Histogram accumulates values in the form of a histogram. The type of the
// values is int64, which is suitable for keeping track of things like RPC
// latency in milliseconds. New histogram objects should be obtained via the
@@ -192,5 +198,5 @@
}
min = b + 1
}
- return 0, fmt.Errorf("no bucket for value: %f", value)
+ return 0, verror.New(errNoBucketForValue, nil, value)
}
diff --git a/lib/stats/stats.go b/lib/stats/stats.go
index e5932b4..2bdc961 100644
--- a/lib/stats/stats.go
+++ b/lib/stats/stats.go
@@ -16,10 +16,12 @@
package stats
import (
- "errors"
"strings"
"sync"
"time"
+
+ mgmtstats "v.io/v23/services/mgmt/stats"
+ "v.io/v23/verror"
)
// StatsObject is the interface for objects stored in the stats repository.
@@ -36,10 +38,8 @@
}
var (
- lock sync.RWMutex
- repository *node // GUARDED_BY(lock)
- ErrNotFound = errors.New("name not found")
- ErrNoValue = errors.New("object has no value")
+ lock sync.RWMutex
+ repository *node // GUARDED_BY(lock)
)
func init() {
@@ -53,7 +53,7 @@
defer lock.RUnlock()
node := findNodeLocked(name, false)
if node == nil || node.object == nil {
- return nil, ErrNotFound
+ return nil, verror.New(verror.ErrNoExist, nil, name)
}
return node.object, nil
}
@@ -66,7 +66,7 @@
return 0, err
}
if obj == nil {
- return nil, ErrNoValue
+ return nil, verror.New(mgmtstats.ErrNoValue, nil, name)
}
return obj.Value(), nil
}
@@ -74,7 +74,7 @@
// Delete deletes a StatsObject and all its children, if any.
func Delete(name string) error {
if name == "" {
- return ErrNotFound
+ return verror.New(verror.ErrNoExist, nil, name)
}
elems := strings.Split(name, "/")
last := len(elems) - 1
@@ -83,7 +83,7 @@
defer lock.Unlock()
parent := findNodeLocked(dirname, false)
if parent == nil {
- return ErrNotFound
+ return verror.New(verror.ErrNoExist, nil, name)
}
delete(parent.children, basename)
return nil
diff --git a/lib/stats/stats_test.go b/lib/stats/stats_test.go
index 60aa37d..be5f3ed 100644
--- a/lib/stats/stats_test.go
+++ b/lib/stats/stats_test.go
@@ -9,6 +9,7 @@
"testing"
"time"
+ "v.io/v23/verror"
libstats "v.io/x/ref/lib/stats"
"v.io/x/ref/lib/stats/counter"
"v.io/x/ref/lib/stats/histogram"
@@ -49,11 +50,11 @@
t.Errorf("unexpected result. Got %v, want %v", got, expected)
}
- if _, err := libstats.Value(""); err != libstats.ErrNotFound {
- t.Errorf("expected error, got err=%v", err)
+ if _, err := libstats.Value(""); verror.ErrorID(err) != verror.ErrNoExist.ID {
+ t.Errorf("expected error %s, got err=%s", verror.ErrNoExist.ID, verror.ErrorID(err))
}
- if _, err := libstats.Value("does/not/exist"); err != libstats.ErrNotFound {
- t.Errorf("expected error, got err=%v", err)
+ if _, err := libstats.Value("does/not/exist"); verror.ErrorID(err) != verror.ErrNoExist.ID {
+ t.Errorf("expected error %s, got err=%s", verror.ErrNoExist.ID, verror.ErrorID(err))
}
root := libstats.NewInteger("")
@@ -376,16 +377,16 @@
if err := libstats.Delete("a/b/c/d"); err != nil {
t.Errorf("unexpected error value: %v", err)
}
- if _, err := libstats.GetStatsObject("a/b/c/d"); err != libstats.ErrNotFound {
- t.Errorf("unexpected error value: Got %v, want %v", err, libstats.ErrNotFound)
+ if _, err := libstats.GetStatsObject("a/b/c/d"); verror.ErrorID(err) != verror.ErrNoExist.ID {
+ t.Errorf("unexpected error value: Got %v, want %v", verror.ErrorID(err), verror.ErrNoExist.ID)
}
if err := libstats.Delete("a/b"); err != nil {
t.Errorf("unexpected error value: %v", err)
}
- if _, err := libstats.GetStatsObject("a/b"); err != libstats.ErrNotFound {
- t.Errorf("unexpected error value: Got %v, want %v", err, libstats.ErrNotFound)
+ if _, err := libstats.GetStatsObject("a/b"); verror.ErrorID(err) != verror.ErrNoExist.ID {
+ t.Errorf("unexpected error value: Got %v, want %v", verror.ErrorID(err), verror.ErrNoExist.ID)
}
- if _, err := libstats.GetStatsObject("a/b/c"); err != libstats.ErrNotFound {
- t.Errorf("unexpected error value: Got %v, want %v", err, libstats.ErrNotFound)
+ if _, err := libstats.GetStatsObject("a/b/c"); verror.ErrorID(err) != verror.ErrNoExist.ID {
+ t.Errorf("unexpected error value: Got %v, want %v", verror.ErrorID(err), verror.ErrNoExist.ID)
}
}
diff --git a/lib/vdl/codegen/javascript/gen.go b/lib/vdl/codegen/javascript/gen.go
index 2f0bdf5..c213899 100644
--- a/lib/vdl/codegen/javascript/gen.go
+++ b/lib/vdl/codegen/javascript/gen.go
@@ -390,12 +390,11 @@
// complicated logic is delegated to the helper functions above.
//
// We try to generate code that has somewhat reasonable formatting.
-const genJS = `
-{{with $data := .}}
-// Copyright 2015 The Vanadium Authors. All rights reserved.
+const genJS = `// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+{{with $data := .}}
// This file was auto-generated by the vanadium vdl tool.
{{generateSystemImports $data}}
diff --git a/profiles/chrome/chromeinit.go b/profiles/chrome/chromeinit.go
index 1db7f3f..5223f6f 100644
--- a/profiles/chrome/chromeinit.go
+++ b/profiles/chrome/chromeinit.go
@@ -25,7 +25,7 @@
var commonFlags *flags.Flags
func init() {
- v23.RegisterProfileInit(Init)
+ v23.RegisterProfile(Init)
rpc.RegisterUnknownProtocol("wsh", websocket.Dial, websocket.Listener)
commonFlags = flags.CreateAndRegister(flag.CommandLine, flags.Runtime)
}
diff --git a/profiles/fake/fake.go b/profiles/fake/fake.go
index 6a92bac..bae6df8 100644
--- a/profiles/fake/fake.go
+++ b/profiles/fake/fake.go
@@ -27,7 +27,7 @@
)
func init() {
- v23.RegisterProfileInit(Init)
+ v23.RegisterProfile(Init)
rpc.RegisterUnknownProtocol("wsh", websocket.HybridDial, websocket.HybridListener)
}
diff --git a/profiles/gce/init.go b/profiles/gce/init.go
index 50c34ca..e192b72 100644
--- a/profiles/gce/init.go
+++ b/profiles/gce/init.go
@@ -33,7 +33,7 @@
var commonFlags *flags.Flags
func init() {
- v23.RegisterProfileInit(Init)
+ v23.RegisterProfile(Init)
rpc.RegisterUnknownProtocol("wsh", websocket.HybridDial, websocket.HybridListener)
commonFlags = flags.CreateAndRegister(flag.CommandLine, flags.Runtime, flags.Listen)
}
diff --git a/profiles/genericinit.go b/profiles/genericinit.go
index 9a8affe..b04189e 100644
--- a/profiles/genericinit.go
+++ b/profiles/genericinit.go
@@ -25,7 +25,7 @@
var commonFlags *flags.Flags
func init() {
- v23.RegisterProfileInit(Init)
+ v23.RegisterProfile(Init)
rpc.RegisterUnknownProtocol("wsh", websocket.HybridDial, websocket.HybridListener)
flags.SetDefaultHostPort(":0")
commonFlags = flags.CreateAndRegister(flag.CommandLine, flags.Runtime, flags.Listen)
diff --git a/profiles/roaming/roaminginit.go b/profiles/roaming/roaminginit.go
index 4d8d6cb..b117402 100644
--- a/profiles/roaming/roaminginit.go
+++ b/profiles/roaming/roaminginit.go
@@ -46,7 +46,7 @@
var commonFlags *flags.Flags
func init() {
- v23.RegisterProfileInit(Init)
+ v23.RegisterProfile(Init)
rpc.RegisterUnknownProtocol("wsh", websocket.HybridDial, websocket.HybridListener)
commonFlags = flags.CreateAndRegister(flag.CommandLine, flags.Runtime, flags.Listen)
}
diff --git a/profiles/static/staticinit.go b/profiles/static/staticinit.go
index b1c1a2a..fca56cd 100644
--- a/profiles/static/staticinit.go
+++ b/profiles/static/staticinit.go
@@ -30,7 +30,7 @@
var commonFlags *flags.Flags
func init() {
- v23.RegisterProfileInit(Init)
+ v23.RegisterProfile(Init)
rpc.RegisterUnknownProtocol("wsh", websocket.HybridDial, websocket.HybridListener)
commonFlags = flags.CreateAndRegister(flag.CommandLine, flags.Runtime, flags.Listen)
}
diff --git a/services/mgmt/stats/impl/stats.go b/services/mgmt/stats/impl/stats.go
index 0ba672d..6a39a45 100644
--- a/services/mgmt/stats/impl/stats.go
+++ b/services/mgmt/stats/impl/stats.go
@@ -78,7 +78,7 @@
changes = append(changes, c)
}
if err := it.Err(); err != nil {
- if err == libstats.ErrNotFound {
+ if verror.ErrorID(err) == verror.ErrNoExist.ID {
return verror.New(verror.ErrNoExist, call.Context(), i.suffix)
}
return verror.New(errOperationFailed, call.Context(), i.suffix)
@@ -103,9 +103,9 @@
rv, err := libstats.Value(i.suffix)
switch {
- case err == libstats.ErrNotFound:
+ case verror.ErrorID(err) == verror.ErrNoExist.ID:
return nil, verror.New(verror.ErrNoExist, call.Context(), i.suffix)
- case err == libstats.ErrNoValue:
+ case verror.ErrorID(err) == stats.ErrNoValue.ID:
return nil, stats.NewErrNoValue(call.Context(), i.suffix)
case err != nil:
return nil, verror.New(errOperationFailed, call.Context(), i.suffix)
