mirror of https://github.com/status-im/consul.git
agent: rename authorize param ClientID to ClientCertURI
This commit is contained in:
parent
97f5414d94
commit
95da20ffd7
|
@ -906,7 +906,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R
|
||||||
}
|
}
|
||||||
|
|
||||||
// Parse the certificate URI from the client ID
|
// Parse the certificate URI from the client ID
|
||||||
uriRaw, err := url.Parse(authReq.ClientID)
|
uriRaw, err := url.Parse(authReq.ClientCertURI)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &connectAuthorizeResp{
|
return &connectAuthorizeResp{
|
||||||
Authorized: false,
|
Authorized: false,
|
||||||
|
|
|
@ -2172,8 +2172,8 @@ func TestAgentConnectAuthorize_idInvalidFormat(t *testing.T) {
|
||||||
defer a.Shutdown()
|
defer a.Shutdown()
|
||||||
|
|
||||||
args := &structs.ConnectAuthorizeRequest{
|
args := &structs.ConnectAuthorizeRequest{
|
||||||
Target: "web",
|
Target: "web",
|
||||||
ClientID: "tubes",
|
ClientCertURI: "tubes",
|
||||||
}
|
}
|
||||||
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
|
@ -2195,8 +2195,8 @@ func TestAgentConnectAuthorize_idNotService(t *testing.T) {
|
||||||
defer a.Shutdown()
|
defer a.Shutdown()
|
||||||
|
|
||||||
args := &structs.ConnectAuthorizeRequest{
|
args := &structs.ConnectAuthorizeRequest{
|
||||||
Target: "web",
|
Target: "web",
|
||||||
ClientID: "spiffe://1234.consul",
|
ClientCertURI: "spiffe://1234.consul",
|
||||||
}
|
}
|
||||||
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
|
@ -2237,8 +2237,8 @@ func TestAgentConnectAuthorize_allow(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
args := &structs.ConnectAuthorizeRequest{
|
args := &structs.ConnectAuthorizeRequest{
|
||||||
Target: target,
|
Target: target,
|
||||||
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(),
|
ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
|
||||||
}
|
}
|
||||||
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
|
@ -2279,8 +2279,8 @@ func TestAgentConnectAuthorize_deny(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
args := &structs.ConnectAuthorizeRequest{
|
args := &structs.ConnectAuthorizeRequest{
|
||||||
Target: target,
|
Target: target,
|
||||||
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(),
|
ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
|
||||||
}
|
}
|
||||||
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize", jsonReader(args))
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
|
@ -2320,8 +2320,8 @@ func TestAgentConnectAuthorize_serviceWrite(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
args := &structs.ConnectAuthorizeRequest{
|
args := &structs.ConnectAuthorizeRequest{
|
||||||
Target: "foo",
|
Target: "foo",
|
||||||
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(),
|
ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
|
||||||
}
|
}
|
||||||
req, _ := http.NewRequest("POST",
|
req, _ := http.NewRequest("POST",
|
||||||
"/v1/agent/connect/authorize?token="+token, jsonReader(args))
|
"/v1/agent/connect/authorize?token="+token, jsonReader(args))
|
||||||
|
@ -2339,8 +2339,8 @@ func TestAgentConnectAuthorize_defaultDeny(t *testing.T) {
|
||||||
defer a.Shutdown()
|
defer a.Shutdown()
|
||||||
|
|
||||||
args := &structs.ConnectAuthorizeRequest{
|
args := &structs.ConnectAuthorizeRequest{
|
||||||
Target: "foo",
|
Target: "foo",
|
||||||
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(),
|
ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
|
||||||
}
|
}
|
||||||
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args))
|
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args))
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
|
@ -2369,8 +2369,8 @@ func TestAgentConnectAuthorize_defaultAllow(t *testing.T) {
|
||||||
defer a.Shutdown()
|
defer a.Shutdown()
|
||||||
|
|
||||||
args := &structs.ConnectAuthorizeRequest{
|
args := &structs.ConnectAuthorizeRequest{
|
||||||
Target: "foo",
|
Target: "foo",
|
||||||
ClientID: connect.TestSpiffeIDService(t, "web").URI().String(),
|
ClientCertURI: connect.TestSpiffeIDService(t, "web").URI().String(),
|
||||||
}
|
}
|
||||||
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args))
|
req, _ := http.NewRequest("POST", "/v1/agent/connect/authorize?token=root", jsonReader(args))
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
|
|
|
@ -6,12 +6,12 @@ type ConnectAuthorizeRequest struct {
|
||||||
// Target is the name of the service that is being requested.
|
// Target is the name of the service that is being requested.
|
||||||
Target string
|
Target string
|
||||||
|
|
||||||
// ClientID is a unique identifier for the requesting client. This
|
// ClientCertURI is a unique identifier for the requesting client. This
|
||||||
// is currently the URI SAN from the TLS client certificate.
|
// is currently the URI SAN from the TLS client certificate.
|
||||||
//
|
//
|
||||||
// ClientCertSerial is a colon-hex-encoded of the serial number for
|
// ClientCertSerial is a colon-hex-encoded of the serial number for
|
||||||
// the requesting client cert. This is used to check against revocation
|
// the requesting client cert. This is used to check against revocation
|
||||||
// lists.
|
// lists.
|
||||||
ClientID string
|
ClientCertURI string
|
||||||
ClientCertSerial string
|
ClientCertSerial string
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue