Prefer concrete policyAuthorizer type

There will only ever be policyAuthorizers embedded in namespaceAuthorizers, this commit swaps out the interface in favor of the concrete type.
2021-10-26 19:21:31 -06:00 · 2021-10-26 19:21:31 -06:00 · b290dbba89
parent 9bbeea0432
commit b290dbba89
6 changed files with 3 additions and 27 deletions
--- a/acl/authorizer.go
+++ b/acl/authorizer.go
@ -149,9 +149,6 @@ type Authorizer interface {
 	// service
 	ServiceWrite(string, *AuthorizerContext) EnforcementDecision

-	// ServiceWriteAny checks for permission to read any service
-	ServiceWriteAny(*AuthorizerContext) EnforcementDecision
-
 	// SessionRead checks for permission to read sessions for a given node.
 	SessionRead(string, *AuthorizerContext) EnforcementDecision

--- a/acl/authorizer_test.go
+++ b/acl/authorizer_test.go
@ -185,11 +185,6 @@ func (m *mockAuthorizer) ServiceWrite(segment string, ctx *AuthorizerContext) En
 	return ret.Get(0).(EnforcementDecision)
 }

-func (m *mockAuthorizer) ServiceWriteAny(ctx *AuthorizerContext) EnforcementDecision {
-	ret := m.Called(ctx)
-	return ret.Get(0).(EnforcementDecision)
-}
-
 // SessionRead checks for permission to read sessions for a given node.
 func (m *mockAuthorizer) SessionRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
--- a/acl/chained_authorizer.go
+++ b/acl/chained_authorizer.go
@ -235,12 +235,6 @@ func (c *ChainedAuthorizer) ServiceWrite(name string, entCtx *AuthorizerContext)
 	})
 }

-func (c *ChainedAuthorizer) ServiceWriteAny(entCtx *AuthorizerContext) EnforcementDecision {
-	return c.executeChain(func(authz Authorizer) EnforcementDecision {
-		return authz.ServiceWriteAny(entCtx)
-	})
-}
-
 // SessionRead checks for permission to read sessions for a given node.
 func (c *ChainedAuthorizer) SessionRead(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
--- a/acl/chained_authorizer_test.go
+++ b/acl/chained_authorizer_test.go
@ -89,9 +89,6 @@ func (authz testAuthorizer) ServiceReadAll(*AuthorizerContext) EnforcementDecisi
 func (authz testAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision {
-	return EnforcementDecision(authz)
-}
 func (authz testAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
--- a/acl/policy_authorizer.go
+++ b/acl/policy_authorizer.go
@ -325,13 +325,13 @@ func (p *policyAuthorizer) loadRules(policy *PolicyRules) error {
 	return nil
 }

-func newPolicyAuthorizer(policies []*Policy, ent *Config) (Authorizer, error) {
+func newPolicyAuthorizer(policies []*Policy, ent *Config) (*policyAuthorizer, error) {
 	policy := MergePolicies(policies)

 	return newPolicyAuthorizerFromRules(&policy.PolicyRules, ent)
 }

-func newPolicyAuthorizerFromRules(rules *PolicyRules, ent *Config) (Authorizer, error) {
+func newPolicyAuthorizerFromRules(rules *PolicyRules, ent *Config) (*policyAuthorizer, error) {
 	p := &policyAuthorizer{
 		agentRules:         radix.New(),
 		intentionRules:     radix.New(),
@ -767,7 +767,7 @@ func (p *policyAuthorizer) ServiceWrite(name string, _ *AuthorizerContext) Enfor
 	return Default
 }

-func (p *policyAuthorizer) ServiceWriteAny(_ *AuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) serviceWriteAny(_ *AuthorizerContext) EnforcementDecision {
 	return p.anyAllowed(p.serviceRules, AccessWrite)
 }

--- a/acl/static_authorizer.go
+++ b/acl/static_authorizer.go
@ -219,13 +219,6 @@ func (s *staticAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementD
 	return Deny
 }

-func (s *staticAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision {
-	if s.defaultAllow {
-		return Allow
-	}
-	return Deny
-}
-
 func (s *staticAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow