From 6cf6e7c5fed82837d2cb0eb7a2a30a657594f3e2 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 30 Jul 2021 17:48:26 -0400 Subject: [PATCH] acl: remove Server.ResolveTokenToIdentityAndAuthorizer This method was an alias for ACLResolver.ResolveTokenToIdentityAndAuthorizer. By removing the method that does nothing the code becomes easier to trace. --- agent/consul/acl_server.go | 8 ++------ agent/consul/internal_endpoint.go | 2 +- agent/consul/operator_autopilot_endpoint.go | 8 ++++---- agent/consul/operator_raft_endpoint.go | 4 ++-- 4 files changed, 9 insertions(+), 13 deletions(-) diff --git a/agent/consul/acl_server.go b/agent/consul/acl_server.go index cc32d89d82..7b753d6801 100644 --- a/agent/consul/acl_server.go +++ b/agent/consul/acl_server.go @@ -224,7 +224,7 @@ func (s *Server) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error } func (s *Server) ResolveToken(token string) (acl.Authorizer, error) { - _, authz, err := s.ResolveTokenToIdentityAndAuthorizer(token) + _, authz, err := s.acls.ResolveTokenToIdentityAndAuthorizer(token) return authz, err } @@ -235,14 +235,10 @@ func (s *Server) ResolveTokenToIdentity(token string) (structs.ACLIdentity, erro return s.acls.ResolveTokenToIdentity(token) } -func (s *Server) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error) { - return s.acls.ResolveTokenToIdentityAndAuthorizer(token) -} - // ResolveTokenIdentityAndDefaultMeta retrieves an identity and authorizer for the caller, // and populates the EnterpriseMeta based on the AuthorizerContext. func (s *Server) ResolveTokenIdentityAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (structs.ACLIdentity, acl.Authorizer, error) { - identity, authz, err := s.ResolveTokenToIdentityAndAuthorizer(token) + identity, authz, err := s.acls.ResolveTokenToIdentityAndAuthorizer(token) if err != nil { return nil, nil, err } diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index 36dc1e8ff8..bcfa3064fe 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -440,7 +440,7 @@ func (m *Internal) KeyringOperation( } // Check ACLs - identity, rule, err := m.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) + identity, rule, err := m.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token) if err != nil { return err } diff --git a/agent/consul/operator_autopilot_endpoint.go b/agent/consul/operator_autopilot_endpoint.go index 53babd0e87..767e898a68 100644 --- a/agent/consul/operator_autopilot_endpoint.go +++ b/agent/consul/operator_autopilot_endpoint.go @@ -17,7 +17,7 @@ func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, r } // This action requires operator read access. - identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) + identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token) if err != nil { return err } @@ -49,7 +49,7 @@ func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRe } // This action requires operator write access. - identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) + identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token) if err != nil { return err } @@ -84,7 +84,7 @@ func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs } // This action requires operator read access. - identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) + identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token) if err != nil { return err } @@ -151,7 +151,7 @@ func (op *Operator) AutopilotState(args *structs.DCSpecificRequest, reply *autop } // This action requires operator read access. - identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) + identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token) if err != nil { return err } diff --git a/agent/consul/operator_raft_endpoint.go b/agent/consul/operator_raft_endpoint.go index 72cd7a3ffd..06a487b472 100644 --- a/agent/consul/operator_raft_endpoint.go +++ b/agent/consul/operator_raft_endpoint.go @@ -81,7 +81,7 @@ func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftRemovePeerRequest, // This is a super dangerous operation that requires operator write // access. - identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) + identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token) if err != nil { return err } @@ -134,7 +134,7 @@ func (op *Operator) RaftRemovePeerByID(args *structs.RaftRemovePeerRequest, repl // This is a super dangerous operation that requires operator write // access. - identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) + identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token) if err != nil { return err }