agent: rename authorize param ClientID to ClientCertURI

This commit is contained in:
Mitchell Hashimoto 2018-03-28 14:29:35 -07:00
parent 97f5414d94
commit 95da20ffd7
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
3 changed files with 17 additions and 17 deletions

View File

@ -906,7 +906,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R
} }
// Parse the certificate URI from the client ID // Parse the certificate URI from the client ID
uriRaw, err := url.Parse(authReq.ClientID) uriRaw, err := url.Parse(authReq.ClientCertURI)
if err != nil { if err != nil {
return &connectAuthorizeResp{ return &connectAuthorizeResp{
Authorized: false, Authorized: false,

View File

@ -2172,8 +2172,8 @@ func TestAgentConnectAuthorize_idInvalidFormat(t *testing.T) {
defer a.Shutdown() defer a.Shutdown()
args := &structs.ConnectAuthorizeRequest{ args := &structs.ConnectAuthorizeRequest{
Target: "web", Target: "web",
ClientID: "tubes", ClientCertURI: "tubes",
} }
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
@ -2195,8 +2195,8 @@ func TestAgentConnectAuthorize_idNotService(t *testing.T) {
defer a.Shutdown() defer a.Shutdown()
args := &structs.ConnectAuthorizeRequest{ args := &structs.ConnectAuthorizeRequest{
Target: "web", Target: "web",
ClientID: "spiffe://1234.consul", ClientCertURI: "spiffe://1234.consul",
} }
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
@ -2237,8 +2237,8 @@ func TestAgentConnectAuthorize_allow(t *testing.T) {
} }
args := &structs.ConnectAuthorizeRequest{ args := &structs.ConnectAuthorizeRequest{
Target: target, Target: target,
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
} }
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
@ -2279,8 +2279,8 @@ func TestAgentConnectAuthorize_deny(t *testing.T) {
} }
args := &structs.ConnectAuthorizeRequest{ args := &structs.ConnectAuthorizeRequest{
Target: target, Target: target,
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
} }
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args)) req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
@ -2320,8 +2320,8 @@ func TestAgentConnectAuthorize_serviceWrite(t *testing.T) {
} }
args := &structs.ConnectAuthorizeRequest{ args := &structs.ConnectAuthorizeRequest{
Target: "foo", Target: "foo",
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
} }
req, _ := http.NewRequest("POST", req, _ := http.NewRequest("POST",
"/v1/agent/connect/authorize?token="+token, jsonReader(args)) "/v1/agent/connect/authorize?token="+token, jsonReader(args))
@ -2339,8 +2339,8 @@ func TestAgentConnectAuthorize_defaultDeny(t *testing.T) {
defer a.Shutdown() defer a.Shutdown()
args := &structs.ConnectAuthorizeRequest{ args := &structs.ConnectAuthorizeRequest{
Target: "foo", Target: "foo",
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
} }
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args)) req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args))
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
@ -2369,8 +2369,8 @@ func TestAgentConnectAuthorize_defaultAllow(t *testing.T) {
defer a.Shutdown() defer a.Shutdown()
args := &structs.ConnectAuthorizeRequest{ args := &structs.ConnectAuthorizeRequest{
Target: "foo", Target: "foo",
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(), ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
} }
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args)) req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args))
resp := httptest.NewRecorder() resp := httptest.NewRecorder()

View File

@ -6,12 +6,12 @@ type ConnectAuthorizeRequest struct {
// Target is the name of the service that is being requested. // Target is the name of the service that is being requested.
Target string Target string
// ClientID is a unique identifier for the requesting client. This // ClientCertURI is a unique identifier for the requesting client. This
// is currently the URI SAN from the TLS client certificate. // is currently the URI SAN from the TLS client certificate.
// //
// ClientCertSerial is a colon-hex-encoded of the serial number for // ClientCertSerial is a colon-hex-encoded of the serial number for
// the requesting client cert. This is used to check against revocation // the requesting client cert. This is used to check against revocation
// lists. // lists.
ClientID string ClientCertURI string
ClientCertSerial string ClientCertSerial string
} }