syncbase: improve test blessing setup & use AllowEveryone dispatcher
Previously in tests we used server blessing "server" and
client blessing "server/client". This CL changes things so
that the server uses blessing "root/server" and the client
uses blessing "root/client".
The previous setup was flawed in the following way:
- Our Dispatcher.Lookup was returning a nil authorizer; the
RPC framework thus defaults to using a
security.DefaultAuthorizer(), and uses that authorizer to
perform an auth check on every request.
- The default authorizer implements a conservative policy,
where the client must present a blessing that extends the
server's blessing, or vice versa. In general, this is not
expected to be the case, and in particular with my JS
todos example app, the blessings I was using did not
satisfy this property, so all RPCs will failing with "no
access" errors.
- Our previous test setup satisfied the above property, so
the DefaultAuthorizer returned by the dispatcher had the
same effect as an AllowEveryone authorizer would've had,
and the tests ended up testing what they were intended to
test.
Returning an AllowEveryone authorizer from the dispatcher
seems like the right thing to do in our case, because the
authorization decision is more complicated than looking up
an ACL based on the tag for the called method. E.g. in some
cases we'll need to consult multiple ACLs, and in other
cases the method tag actually refers to an ACL on a
different object than the RPC receiver (e.g. Database.Create
consults the app's ACL).
Finally, I just want to note that before switching the
dispatcher to return an AllowEveryone authorizer, I verified
that our tests fail with the "root/client" and "root/server"
blessings, as expected.
Change-Id: Idfc895813bbae62c518b728d4d569c04e7a4f753
7 files changed
