acl: remove unused error return

filterACLWithAuthorizer could never return an error. This change moves us a little bit
closer to being able to enable errcheck and catch problems caused by unhandled error
return values.
This commit is contained in:
Daniel Nephin 2021-07-30 17:08:58 -04:00
parent c0100543d0
commit 111f3620a8
6 changed files with 16 additions and 28 deletions

View File

@ -1928,9 +1928,9 @@ func (f *aclFilter) filterGatewayServices(mappings *structs.GatewayServices) {
*mappings = ret
}
func (r *ACLResolver) filterACLWithAuthorizer(authorizer acl.Authorizer, subj interface{}) error {
func (r *ACLResolver) filterACLWithAuthorizer(authorizer acl.Authorizer, subj interface{}) {
if authorizer == nil {
return nil
return
}
// Create the filter
filt := newACLFilter(authorizer, r.logger)
@ -2028,8 +2028,6 @@ func (r *ACLResolver) filterACLWithAuthorizer(authorizer acl.Authorizer, subj in
default:
panic(fmt.Errorf("Unhandled type passed to ACL filter: %T %#v", subj, subj))
}
return nil
}
// filterACL is used to filter results from our service catalog based on the
@ -2040,11 +2038,6 @@ func (r *ACLResolver) filterACL(token string, subj interface{}) error {
if err != nil {
return err
}
// Fast path if ACLs are not enabled
if authorizer == nil {
return nil
}
return r.filterACLWithAuthorizer(authorizer, subj)
r.filterACLWithAuthorizer(authorizer, subj)
return nil
}

View File

@ -956,9 +956,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok
}
// filter down to just the tokens that the requester has permissions to read
if err := a.srv.filterACLWithAuthorizer(authz, &stubs); err != nil {
return err
}
a.srv.filterACLWithAuthorizer(authz, &stubs)
reply.Index, reply.Tokens = index, stubs
return nil

View File

@ -271,6 +271,6 @@ func (s *Server) filterACL(token string, subj interface{}) error {
return s.acls.filterACL(token, subj)
}
func (s *Server) filterACLWithAuthorizer(authorizer acl.Authorizer, subj interface{}) error {
return s.acls.filterACLWithAuthorizer(authorizer, subj)
func (s *Server) filterACLWithAuthorizer(authorizer acl.Authorizer, subj interface{}) {
s.acls.filterACLWithAuthorizer(authorizer, subj)
}

View File

@ -545,7 +545,8 @@ func (c *Catalog) ListServices(args *structs.DCSpecificRequest, reply *structs.I
return nil
}
return c.srv.filterACLWithAuthorizer(authz, reply)
c.srv.filterACLWithAuthorizer(authz, reply)
return nil
})
}
@ -573,7 +574,8 @@ func (c *Catalog) ServiceList(args *structs.DCSpecificRequest, reply *structs.In
}
reply.Index, reply.Services = index, services
return c.srv.filterACLWithAuthorizer(authz, reply)
c.srv.filterACLWithAuthorizer(authz, reply)
return nil
})
}

View File

@ -222,7 +222,8 @@ func (m *Internal) IntentionUpstreams(args *structs.ServiceSpecificRequest, repl
}
reply.Index, reply.Services = index, services
return m.srv.filterACLWithAuthorizer(authz, reply)
m.srv.filterACLWithAuthorizer(authz, reply)
return nil
})
}

View File

@ -199,9 +199,7 @@ func (s *Session) Get(args *structs.SessionSpecificRequest,
} else {
reply.Sessions = nil
}
if err := s.srv.filterACLWithAuthorizer(authz, reply); err != nil {
return err
}
s.srv.filterACLWithAuthorizer(authz, reply)
return nil
})
}
@ -233,9 +231,7 @@ func (s *Session) List(args *structs.SessionSpecificRequest,
}
reply.Index, reply.Sessions = index, sessions
if err := s.srv.filterACLWithAuthorizer(authz, reply); err != nil {
return err
}
s.srv.filterACLWithAuthorizer(authz, reply)
return nil
})
}
@ -267,9 +263,7 @@ func (s *Session) NodeSessions(args *structs.NodeSpecificRequest,
}
reply.Index, reply.Sessions = index, sessions
if err := s.srv.filterACLWithAuthorizer(authz, reply); err != nil {
return err
}
s.srv.filterACLWithAuthorizer(authz, reply)
return nil
})
}