mirror of https://github.com/status-im/consul.git
Remove ACLsEnabled from delegate interface
In all cases (oss/ent, client/server) this method was returning a value from config. Since the value is consistent, it doesn't need to be part of the delegate interface.
This commit is contained in:
parent
20d1ea7d2d
commit
5247ef4c70
|
@ -21,7 +21,7 @@ func (a *Agent) resolveToken(id string) (acl.Authorizer, error) {
|
|||
// The defaulted metadata is then used to fill in an acl.AuthorizationContext.
|
||||
func (a *Agent) resolveTokenAndDefaultMeta(id string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) {
|
||||
// ACLs are disabled
|
||||
if !a.delegate.ACLsEnabled() {
|
||||
if !a.config.ACLsEnabled {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ type aclBootstrapResponse struct {
|
|||
// checkACLDisabled will return a standard response if ACLs are disabled. This
|
||||
// returns true if they are disabled and we should not continue.
|
||||
func (s *HTTPServer) checkACLDisabled(resp http.ResponseWriter, _req *http.Request) bool {
|
||||
if s.agent.delegate.ACLsEnabled() {
|
||||
if s.agent.config.ACLsEnabled {
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
|
@ -92,11 +92,6 @@ func NewTestACLAgent(t *testing.T, name string, hcl string, resolveAuthz authzRe
|
|||
return a
|
||||
}
|
||||
|
||||
func (a *TestACLAgent) ACLsEnabled() bool {
|
||||
// the TestACLAgent always has ACLs enabled
|
||||
return true
|
||||
}
|
||||
|
||||
func (a *TestACLAgent) UseLegacyACLs() bool {
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -143,7 +143,6 @@ type delegate interface {
|
|||
ResolveTokenToIdentity(secretID string) (structs.ACLIdentity, error)
|
||||
ResolveTokenAndDefaultMeta(secretID string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error)
|
||||
RPC(method string, args interface{}, reply interface{}) error
|
||||
ACLsEnabled() bool
|
||||
UseLegacyACLs() bool
|
||||
SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error
|
||||
Shutdown() error
|
||||
|
|
|
@ -140,7 +140,6 @@ func tokenSecretCacheID(token string) string {
|
|||
}
|
||||
|
||||
type ACLResolverDelegate interface {
|
||||
ACLsEnabled() bool
|
||||
ACLDatacenter(legacy bool) string
|
||||
UseLegacyACLs() bool
|
||||
ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)
|
||||
|
@ -1196,7 +1195,7 @@ func (r *ACLResolver) ResolveTokenToIdentity(token string) (structs.ACLIdentity,
|
|||
|
||||
func (r *ACLResolver) ACLsEnabled() bool {
|
||||
// Whether we desire ACLs to be enabled according to configuration
|
||||
if !r.delegate.ACLsEnabled() {
|
||||
if !r.config.ACLsEnabled {
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
|
@ -71,10 +71,6 @@ func (c *Client) ACLDatacenter(legacy bool) string {
|
|||
return c.config.Datacenter
|
||||
}
|
||||
|
||||
func (c *Client) ACLsEnabled() bool {
|
||||
return c.config.ACLsEnabled
|
||||
}
|
||||
|
||||
func (c *Client) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error) {
|
||||
// clients do no local identity resolution at the moment
|
||||
return false, nil, nil
|
||||
|
|
|
@ -98,7 +98,7 @@ func (a *ACL) removeBootstrapResetFile() {
|
|||
}
|
||||
|
||||
func (a *ACL) aclPreCheck() error {
|
||||
if !a.srv.ACLsEnabled() {
|
||||
if !a.srv.config.ACLsEnabled {
|
||||
return acl.ErrDisabled
|
||||
}
|
||||
|
||||
|
|
|
@ -159,7 +159,7 @@ func (a *ACL) Apply(args *structs.ACLRequest, reply *string) error {
|
|||
defer metrics.MeasureSince([]string{"acl", "apply"}, time.Now())
|
||||
|
||||
// Verify we are allowed to serve this request
|
||||
if !a.srv.ACLsEnabled() {
|
||||
if !a.srv.config.ACLsEnabled {
|
||||
return acl.ErrDisabled
|
||||
}
|
||||
|
||||
|
@ -208,7 +208,7 @@ func (a *ACL) Get(args *structs.ACLSpecificRequest,
|
|||
// authorization in and of itself.
|
||||
|
||||
// Verify we are allowed to serve this request
|
||||
if !a.srv.ACLsEnabled() {
|
||||
if !a.srv.config.ACLsEnabled {
|
||||
return acl.ErrDisabled
|
||||
}
|
||||
|
||||
|
@ -250,7 +250,7 @@ func (a *ACL) List(args *structs.DCSpecificRequest,
|
|||
}
|
||||
|
||||
// Verify we are allowed to serve this request
|
||||
if !a.srv.ACLsEnabled() {
|
||||
if !a.srv.config.ACLsEnabled {
|
||||
return acl.ErrDisabled
|
||||
}
|
||||
|
||||
|
|
|
@ -167,10 +167,6 @@ func (s *Server) ACLDatacenter(legacy bool) string {
|
|||
return s.config.Datacenter
|
||||
}
|
||||
|
||||
func (s *Server) ACLsEnabled() bool {
|
||||
return s.config.ACLsEnabled
|
||||
}
|
||||
|
||||
// ResolveIdentityFromToken retrieves a token's full identity given its secretID.
|
||||
func (s *Server) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error) {
|
||||
// only allow remote RPC resolution when token replication is off and
|
||||
|
|
|
@ -509,6 +509,9 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
|||
// ACLResolverTestDelegate is used to test
|
||||
// the ACLResolver without running Agents
|
||||
type ACLResolverTestDelegate struct {
|
||||
// enabled is no longer part of the delegate. It is still here as a field on
|
||||
// the fake delegate because many tests use this field to enable ACLs. This field
|
||||
// is now used to set ACLResolverConfig.Config.ACLsEnabled.
|
||||
enabled bool
|
||||
datacenter string
|
||||
legacy bool
|
||||
|
@ -619,10 +622,6 @@ func (d *ACLResolverTestDelegate) plainRoleResolveFn(args *structs.ACLRoleBatchG
|
|||
return nil
|
||||
}
|
||||
|
||||
func (d *ACLResolverTestDelegate) ACLsEnabled() bool {
|
||||
return d.enabled
|
||||
}
|
||||
|
||||
func (d *ACLResolverTestDelegate) ACLDatacenter(legacy bool) string {
|
||||
return d.datacenter
|
||||
}
|
||||
|
@ -691,10 +690,11 @@ func (d *ACLResolverTestDelegate) RPC(method string, args interface{}, reply int
|
|||
panic("Bad Test Implementation: Was the ACLResolver updated to use new RPC methods")
|
||||
}
|
||||
|
||||
func newTestACLResolver(t *testing.T, delegate ACLResolverDelegate, cb func(*ACLResolverConfig)) *ACLResolver {
|
||||
func newTestACLResolver(t *testing.T, delegate *ACLResolverTestDelegate, cb func(*ACLResolverConfig)) *ACLResolver {
|
||||
config := DefaultConfig()
|
||||
config.ACLDefaultPolicy = "deny"
|
||||
config.ACLDownPolicy = "extend-cache"
|
||||
config.ACLsEnabled = delegate.enabled
|
||||
rconf := &ACLResolverConfig{
|
||||
Config: config,
|
||||
Logger: testutil.LoggerWithName(t, t.Name()),
|
||||
|
|
|
@ -54,7 +54,7 @@ func (s *Server) reapExpiredLocalACLTokens() (int, error) {
|
|||
return s.reapExpiredACLTokens(true, false)
|
||||
}
|
||||
func (s *Server) reapExpiredACLTokens(local, global bool) (int, error) {
|
||||
if !s.ACLsEnabled() {
|
||||
if !s.config.ACLsEnabled {
|
||||
return 0, nil
|
||||
}
|
||||
if s.UseLegacyACLs() {
|
||||
|
|
|
@ -413,7 +413,7 @@ func (c *Client) Stats() map[string]map[string]string {
|
|||
"runtime": runtimeStats(),
|
||||
}
|
||||
|
||||
if c.ACLsEnabled() {
|
||||
if c.config.ACLsEnabled {
|
||||
if c.UseLegacyACLs() {
|
||||
stats["consul"]["acl"] = "legacy"
|
||||
} else {
|
||||
|
|
|
@ -58,7 +58,7 @@ func (s *Server) monitorLeadership() {
|
|||
|
||||
aclModeCheckWait := aclModeCheckMinInterval
|
||||
var aclUpgradeCh <-chan time.Time
|
||||
if s.ACLsEnabled() {
|
||||
if s.config.ACLsEnabled {
|
||||
aclUpgradeCh = time.After(aclModeCheckWait)
|
||||
}
|
||||
var weAreLeaderCh chan struct{}
|
||||
|
@ -384,7 +384,7 @@ func (s *Server) revokeLeadership() {
|
|||
|
||||
// DEPRECATED (ACL-Legacy-Compat) - Remove once old ACL compatibility is removed
|
||||
func (s *Server) initializeLegacyACL() error {
|
||||
if !s.ACLsEnabled() {
|
||||
if !s.config.ACLsEnabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -484,7 +484,7 @@ func (s *Server) initializeLegacyACL() error {
|
|||
// initializeACLs is used to setup the ACLs if we are the leader
|
||||
// and need to do this.
|
||||
func (s *Server) initializeACLs(upgrade bool) error {
|
||||
if !s.ACLsEnabled() {
|
||||
if !s.config.ACLsEnabled {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -1355,7 +1355,7 @@ func (s *Server) Stats() map[string]map[string]string {
|
|||
"runtime": runtimeStats(),
|
||||
}
|
||||
|
||||
if s.ACLsEnabled() {
|
||||
if s.config.ACLsEnabled {
|
||||
if s.UseLegacyACLs() {
|
||||
stats["consul"]["acl"] = "legacy"
|
||||
} else {
|
||||
|
|
|
@ -370,7 +370,7 @@ func (s *HTTPServer) handler(enableDebug bool) http.Handler {
|
|||
func (s *HTTPServer) GenerateHTMLTemplateVars() map[string]interface{} {
|
||||
vars := map[string]interface{}{
|
||||
"ContentPath": s.agent.config.UIContentPath,
|
||||
"ACLsEnabled": s.agent.delegate.ACLsEnabled(),
|
||||
"ACLsEnabled": s.agent.config.ACLsEnabled,
|
||||
}
|
||||
|
||||
s.addEnterpriseHTMLTemplateVars(vars)
|
||||
|
|
Loading…
Reference in New Issue