acl: remove Server.ResolveTokenToIdentityAndAuthorizer

This method was an alias for ACLResolver.ResolveTokenToIdentityAndAuthorizer. By removing the
method that does nothing the code becomes easier to trace.
This commit is contained in:
Daniel Nephin 2021-07-30 17:48:26 -04:00
parent cc4f155801
commit 6cf6e7c5fe
4 changed files with 9 additions and 13 deletions

View File

@ -224,7 +224,7 @@ func (s *Server) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error
} }
func (s *Server) ResolveToken(token string) (acl.Authorizer, error) { func (s *Server) ResolveToken(token string) (acl.Authorizer, error) {
_, authz, err := s.ResolveTokenToIdentityAndAuthorizer(token) _, authz, err := s.acls.ResolveTokenToIdentityAndAuthorizer(token)
return authz, err return authz, err
} }
@ -235,14 +235,10 @@ func (s *Server) ResolveTokenToIdentity(token string) (structs.ACLIdentity, erro
return s.acls.ResolveTokenToIdentity(token) return s.acls.ResolveTokenToIdentity(token)
} }
func (s *Server) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error) {
return s.acls.ResolveTokenToIdentityAndAuthorizer(token)
}
// ResolveTokenIdentityAndDefaultMeta retrieves an identity and authorizer for the caller, // ResolveTokenIdentityAndDefaultMeta retrieves an identity and authorizer for the caller,
// and populates the EnterpriseMeta based on the AuthorizerContext. // and populates the EnterpriseMeta based on the AuthorizerContext.
func (s *Server) ResolveTokenIdentityAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (structs.ACLIdentity, acl.Authorizer, error) { func (s *Server) ResolveTokenIdentityAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (structs.ACLIdentity, acl.Authorizer, error) {
identity, authz, err := s.ResolveTokenToIdentityAndAuthorizer(token) identity, authz, err := s.acls.ResolveTokenToIdentityAndAuthorizer(token)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }

View File

@ -440,7 +440,7 @@ func (m *Internal) KeyringOperation(
} }
// Check ACLs // Check ACLs
identity, rule, err := m.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) identity, rule, err := m.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token)
if err != nil { if err != nil {
return err return err
} }

View File

@ -17,7 +17,7 @@ func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, r
} }
// This action requires operator read access. // This action requires operator read access.
identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token)
if err != nil { if err != nil {
return err return err
} }
@ -49,7 +49,7 @@ func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRe
} }
// This action requires operator write access. // This action requires operator write access.
identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token)
if err != nil { if err != nil {
return err return err
} }
@ -84,7 +84,7 @@ func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs
} }
// This action requires operator read access. // This action requires operator read access.
identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token)
if err != nil { if err != nil {
return err return err
} }
@ -151,7 +151,7 @@ func (op *Operator) AutopilotState(args *structs.DCSpecificRequest, reply *autop
} }
// This action requires operator read access. // This action requires operator read access.
identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token)
if err != nil { if err != nil {
return err return err
} }

View File

@ -81,7 +81,7 @@ func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftRemovePeerRequest,
// This is a super dangerous operation that requires operator write // This is a super dangerous operation that requires operator write
// access. // access.
identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token)
if err != nil { if err != nil {
return err return err
} }
@ -134,7 +134,7 @@ func (op *Operator) RaftRemovePeerByID(args *structs.RaftRemovePeerRequest, repl
// This is a super dangerous operation that requires operator write // This is a super dangerous operation that requires operator write
// access. // access.
identity, rule, err := op.srv.ResolveTokenToIdentityAndAuthorizer(args.Token) identity, rule, err := op.srv.acls.ResolveTokenToIdentityAndAuthorizer(args.Token)
if err != nil { if err != nil {
return err return err
} }