diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index a6b67816d2..7229094679 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -906,7 +906,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R } // Parse the certificate URI from the client ID - uriRaw, err := url.Parse(authReq.ClientID) + uriRaw, err := url.Parse(authReq.ClientCertURI) if err != nil { return &connectAuthorizeResp{ Authorized: false, diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index bc59f37002..1b017fa78b 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -2172,8 +2172,8 @@ func TestAgentConnectAuthorize_idInvalidFormat(t *testing.T) { defer a.Shutdown() args := &structs.ConnectAuthorizeRequest{ - Target: "web", - ClientID: "tubes", + Target: "web", + ClientCertURI: "tubes", } req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) resp := httptest.NewRecorder() @@ -2195,8 +2195,8 @@ func TestAgentConnectAuthorize_idNotService(t *testing.T) { defer a.Shutdown() args := &structs.ConnectAuthorizeRequest{ - Target: "web", - ClientID: "spiffe://1234.consul", + Target: "web", + ClientCertURI: "spiffe://1234.consul", } req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) resp := httptest.NewRecorder() @@ -2237,8 +2237,8 @@ func TestAgentConnectAuthorize_allow(t *testing.T) { } args := &structs.ConnectAuthorizeRequest{ - Target: target, - ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), + Target: target, + ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(), } req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) resp := httptest.NewRecorder() @@ -2279,8 +2279,8 @@ func TestAgentConnectAuthorize_deny(t *testing.T) { } args := &structs.ConnectAuthorizeRequest{ - Target: target, - ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), + Target: target, + ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(), } req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) resp := httptest.NewRecorder() @@ -2320,8 +2320,8 @@ func TestAgentConnectAuthorize_serviceWrite(t *testing.T) { } args := &structs.ConnectAuthorizeRequest{ - Target: "foo", - ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), + Target: "foo", + ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(), } req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token="+token, jsonReader(args)) @@ -2339,8 +2339,8 @@ func TestAgentConnectAuthorize_defaultDeny(t *testing.T) { defer a.Shutdown() args := &structs.ConnectAuthorizeRequest{ - Target: "foo", - ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), + Target: "foo", + ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(), } req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args)) resp := httptest.NewRecorder() @@ -2369,8 +2369,8 @@ func TestAgentConnectAuthorize_defaultAllow(t *testing.T) { defer a.Shutdown() args := &structs.ConnectAuthorizeRequest{ - Target: "foo", - ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), + Target: "foo", + ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(), } req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args)) resp := httptest.NewRecorder() diff --git a/agent/structs/connect.go b/agent/structs/connect.go index 1a2e03da8b..7f08615d39 100644 --- a/agent/structs/connect.go +++ b/agent/structs/connect.go @@ -6,12 +6,12 @@ type ConnectAuthorizeRequest struct { // Target is the name of the service that is being requested. Target string - // ClientID is a unique identifier for the requesting client. This + // ClientCertURI is a unique identifier for the requesting client. This // is currently the URI SAN from the TLS client certificate. // // ClientCertSerial is a colon-hex-encoded of the serial number for // the requesting client cert. This is used to check against revocation // lists. - ClientID string + ClientCertURI string ClientCertSerial string }