mirror of
https://github.com/status-im/consul.git
synced 2025-01-15 00:04:47 +00:00
acl: remove duplicate methods
Now that ACLResolver is embedded we don't need ResolveTokenToIdentity on Client and Server. Moving ResolveTokenAndDefaultMeta to ACLResolver removes the duplicate implementation.
This commit is contained in:
parent
241663a046
commit
8c9c48e219
@ -1158,6 +1158,30 @@ func (r *ACLResolver) ACLsEnabled() bool {
|
|||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) {
|
||||||
|
identity, authz, err := r.ResolveTokenToIdentityAndAuthorizer(token)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if entMeta == nil {
|
||||||
|
entMeta = &structs.EnterpriseMeta{}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Default the EnterpriseMeta based on the Tokens meta or actual defaults
|
||||||
|
// in the case of unknown identity
|
||||||
|
if identity != nil {
|
||||||
|
entMeta.Merge(identity.EnterpriseMetadata())
|
||||||
|
} else {
|
||||||
|
entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
|
||||||
|
}
|
||||||
|
|
||||||
|
// Use the meta to fill in the ACL authorization context
|
||||||
|
entMeta.FillAuthzContext(authzContext)
|
||||||
|
|
||||||
|
return authz, err
|
||||||
|
}
|
||||||
|
|
||||||
// aclFilter is used to filter results from our state store based on ACL rules
|
// aclFilter is used to filter results from our state store based on ACL rules
|
||||||
// configured for the provided token.
|
// configured for the provided token.
|
||||||
type aclFilter struct {
|
type aclFilter struct {
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
package consul
|
package consul
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/hashicorp/consul/acl"
|
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -43,35 +42,3 @@ func (c *Client) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error
|
|||||||
// clients do no local role resolution at the moment
|
// clients do no local role resolution at the moment
|
||||||
return false, nil, nil
|
return false, nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error) {
|
|
||||||
// not using ResolveTokenToIdentityAndAuthorizer because in this case we don't
|
|
||||||
// need to resolve the roles, policies and namespace but just want the identity
|
|
||||||
// information such as accessor id.
|
|
||||||
return c.ACLResolver.ResolveTokenToIdentity(token)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: Server has an identical implementation, remove duplication
|
|
||||||
func (c *Client) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) {
|
|
||||||
identity, authz, err := c.ACLResolver.ResolveTokenToIdentityAndAuthorizer(token)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
if entMeta == nil {
|
|
||||||
entMeta = &structs.EnterpriseMeta{}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Default the EnterpriseMeta based on the Tokens meta or actual defaults
|
|
||||||
// in the case of unknown identity
|
|
||||||
if identity != nil {
|
|
||||||
entMeta.Merge(identity.EnterpriseMetadata())
|
|
||||||
} else {
|
|
||||||
entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
|
|
||||||
}
|
|
||||||
|
|
||||||
// Use the meta to fill in the ACL authorization context
|
|
||||||
entMeta.FillAuthzContext(authzContext)
|
|
||||||
|
|
||||||
return authz, err
|
|
||||||
}
|
|
||||||
|
@ -164,37 +164,7 @@ func (s *Server) ResolveToken(token string) (acl.Authorizer, error) {
|
|||||||
return authz, err
|
return authz, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error) {
|
|
||||||
// not using ResolveTokenToIdentityAndAuthorizer because in this case we don't
|
|
||||||
// need to resolve the roles, policies and namespace but just want the identity
|
|
||||||
// information such as accessor id.
|
|
||||||
return s.ACLResolver.ResolveTokenToIdentity(token)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: Client has an identical implementation, remove duplication
|
// TODO: Client has an identical implementation, remove duplication
|
||||||
func (s *Server) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) {
|
|
||||||
identity, authz, err := s.ACLResolver.ResolveTokenToIdentityAndAuthorizer(token)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
if entMeta == nil {
|
|
||||||
entMeta = &structs.EnterpriseMeta{}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Default the EnterpriseMeta based on the Tokens meta or actual defaults
|
|
||||||
// in the case of unknown identity
|
|
||||||
if identity != nil {
|
|
||||||
entMeta.Merge(identity.EnterpriseMetadata())
|
|
||||||
} else {
|
|
||||||
entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
|
|
||||||
}
|
|
||||||
|
|
||||||
// Use the meta to fill in the ACL authorization context
|
|
||||||
entMeta.FillAuthzContext(authzContext)
|
|
||||||
|
|
||||||
return authz, err
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) filterACL(token string, subj interface{}) error {
|
func (s *Server) filterACL(token string, subj interface{}) error {
|
||||||
return filterACL(s.ACLResolver, token, subj)
|
return filterACL(s.ACLResolver, token, subj)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user