Rename EnterpriseAuthorizerContext -> AuthorizerContext

acl/acl_test.go

@@ -36,315 +36,315 @@ func legacyPolicy(policy *Policy) *Policy {
 // nicer in the embedded struct within TestACL
 //
 
-func checkAllowACLRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowACLRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.ACLRead(entCtx))
 }
 
-func checkAllowACLWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowACLWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.ACLWrite(entCtx))
 }
 
-func checkAllowAgentRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowAgentRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.AgentRead(prefix, entCtx))
 }
 
-func checkAllowAgentWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowAgentWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.AgentWrite(prefix, entCtx))
 }
 
-func checkAllowEventRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowEventRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.EventRead(prefix, entCtx))
 }
 
-func checkAllowEventWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowEventWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.EventWrite(prefix, entCtx))
 }
 
-func checkAllowIntentionDefaultAllow(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowIntentionDefaultAllow(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.IntentionDefaultAllow(entCtx))
 }
 
-func checkAllowIntentionRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowIntentionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.IntentionRead(prefix, entCtx))
 }
 
-func checkAllowIntentionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowIntentionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.IntentionWrite(prefix, entCtx))
 }
 
-func checkAllowKeyRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowKeyRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.KeyRead(prefix, entCtx))
 }
 
-func checkAllowKeyList(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowKeyList(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.KeyList(prefix, entCtx))
 }
 
-func checkAllowKeyringRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowKeyringRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.KeyringRead(entCtx))
 }
 
-func checkAllowKeyringWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowKeyringWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.KeyringWrite(entCtx))
 }
 
-func checkAllowKeyWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowKeyWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.KeyWrite(prefix, entCtx))
 }
 
-func checkAllowKeyWritePrefix(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowKeyWritePrefix(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.KeyWritePrefix(prefix, entCtx))
 }
 
-func checkAllowNodeRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowNodeRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.NodeRead(prefix, entCtx))
 }
 
-func checkAllowNodeWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowNodeWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.NodeWrite(prefix, entCtx))
 }
 
-func checkAllowOperatorRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowOperatorRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.OperatorRead(entCtx))
 }
 
-func checkAllowOperatorWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowOperatorWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.OperatorWrite(entCtx))
 }
 
-func checkAllowPreparedQueryRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowPreparedQueryRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.PreparedQueryRead(prefix, entCtx))
 }
 
-func checkAllowPreparedQueryWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowPreparedQueryWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.PreparedQueryWrite(prefix, entCtx))
 }
 
-func checkAllowServiceRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowServiceRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.ServiceRead(prefix, entCtx))
 }
 
-func checkAllowServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.ServiceWrite(prefix, entCtx))
 }
 
-func checkAllowSessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowSessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.SessionRead(prefix, entCtx))
 }
 
-func checkAllowSessionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowSessionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.SessionWrite(prefix, entCtx))
 }
 
-func checkAllowSnapshot(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkAllowSnapshot(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Allow, authz.Snapshot(entCtx))
 }
 
-func checkDenyACLRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyACLRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.ACLRead(entCtx))
 }
 
-func checkDenyACLWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyACLWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.ACLWrite(entCtx))
 }
 
-func checkDenyAgentRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyAgentRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.AgentRead(prefix, entCtx))
 }
 
-func checkDenyAgentWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyAgentWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.AgentWrite(prefix, entCtx))
 }
 
-func checkDenyEventRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyEventRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.EventRead(prefix, entCtx))
 }
 
-func checkDenyEventWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyEventWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.EventWrite(prefix, entCtx))
 }
 
-func checkDenyIntentionDefaultAllow(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyIntentionDefaultAllow(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.IntentionDefaultAllow(entCtx))
 }
 
-func checkDenyIntentionRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyIntentionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.IntentionRead(prefix, entCtx))
 }
 
-func checkDenyIntentionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyIntentionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.IntentionWrite(prefix, entCtx))
 }
 
-func checkDenyKeyRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyKeyRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.KeyRead(prefix, entCtx))
 }
 
-func checkDenyKeyList(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyKeyList(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.KeyList(prefix, entCtx))
 }
 
-func checkDenyKeyringRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyKeyringRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.KeyringRead(entCtx))
 }
 
-func checkDenyKeyringWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyKeyringWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.KeyringWrite(entCtx))
 }
 
-func checkDenyKeyWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyKeyWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.KeyWrite(prefix, entCtx))
 }
 
-func checkDenyKeyWritePrefix(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyKeyWritePrefix(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.KeyWritePrefix(prefix, entCtx))
 }
 
-func checkDenyNodeRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyNodeRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.NodeRead(prefix, entCtx))
 }
 
-func checkDenyNodeWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyNodeWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.NodeWrite(prefix, entCtx))
 }
 
-func checkDenyOperatorRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyOperatorRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.OperatorRead(entCtx))
 }
 
-func checkDenyOperatorWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyOperatorWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.OperatorWrite(entCtx))
 }
 
-func checkDenyPreparedQueryRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyPreparedQueryRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.PreparedQueryRead(prefix, entCtx))
 }
 
-func checkDenyPreparedQueryWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyPreparedQueryWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.PreparedQueryWrite(prefix, entCtx))
 }
 
-func checkDenyServiceRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyServiceRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.ServiceRead(prefix, entCtx))
 }
 
-func checkDenyServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenyServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.ServiceWrite(prefix, entCtx))
 }
 
-func checkDenySessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenySessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.SessionRead(prefix, entCtx))
 }
 
-func checkDenySessionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenySessionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.SessionWrite(prefix, entCtx))
 }
 
-func checkDenySnapshot(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDenySnapshot(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Deny, authz.Snapshot(entCtx))
 }
 
-func checkDefaultACLRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultACLRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.ACLRead(entCtx))
 }
 
-func checkDefaultACLWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultACLWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.ACLWrite(entCtx))
 }
 
-func checkDefaultAgentRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultAgentRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.AgentRead(prefix, entCtx))
 }
 
-func checkDefaultAgentWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultAgentWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.AgentWrite(prefix, entCtx))
 }
 
-func checkDefaultEventRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultEventRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.EventRead(prefix, entCtx))
 }
 
-func checkDefaultEventWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultEventWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.EventWrite(prefix, entCtx))
 }
 
-func checkDefaultIntentionDefaultAllow(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultIntentionDefaultAllow(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.IntentionDefaultAllow(entCtx))
 }
 
-func checkDefaultIntentionRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultIntentionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.IntentionRead(prefix, entCtx))
 }
 
-func checkDefaultIntentionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultIntentionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.IntentionWrite(prefix, entCtx))
 }
 
-func checkDefaultKeyRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultKeyRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.KeyRead(prefix, entCtx))
 }
 
-func checkDefaultKeyList(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultKeyList(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.KeyList(prefix, entCtx))
 }
 
-func checkDefaultKeyringRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultKeyringRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.KeyringRead(entCtx))
 }
 
-func checkDefaultKeyringWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultKeyringWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.KeyringWrite(entCtx))
 }
 
-func checkDefaultKeyWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultKeyWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.KeyWrite(prefix, entCtx))
 }
 
-func checkDefaultKeyWritePrefix(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultKeyWritePrefix(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.KeyWritePrefix(prefix, entCtx))
 }
 
-func checkDefaultNodeRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultNodeRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.NodeRead(prefix, entCtx))
 }
 
-func checkDefaultNodeWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultNodeWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.NodeWrite(prefix, entCtx))
 }
 
-func checkDefaultOperatorRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultOperatorRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.OperatorRead(entCtx))
 }
 
-func checkDefaultOperatorWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultOperatorWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.OperatorWrite(entCtx))
 }
 
-func checkDefaultPreparedQueryRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultPreparedQueryRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.PreparedQueryRead(prefix, entCtx))
 }
 
-func checkDefaultPreparedQueryWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultPreparedQueryWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.PreparedQueryWrite(prefix, entCtx))
 }
 
-func checkDefaultServiceRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultServiceRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.ServiceRead(prefix, entCtx))
 }
 
-func checkDefaultServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultServiceWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.ServiceWrite(prefix, entCtx))
 }
 
-func checkDefaultSessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultSessionRead(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.SessionRead(prefix, entCtx))
 }
 
-func checkDefaultSessionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultSessionWrite(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.SessionWrite(prefix, entCtx))
 }
 
-func checkDefaultSnapshot(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext) {
+func checkDefaultSnapshot(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext) {
 	require.Equal(t, Default, authz.Snapshot(entCtx))
 }
 
@@ -352,7 +352,7 @@ func TestACL(t *testing.T) {
 	type aclCheck struct {
 		name   string
 		prefix string
-		check  func(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext)
+		check  func(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext)
 	}
 
 	type aclTest struct {

acl/authorizer.go

@@ -53,102 +53,102 @@ const (
 // Authorizer is the interface for policy enforcement.
 type Authorizer interface {
 	// ACLRead checks for permission to list all the ACLs
-	ACLRead(*EnterpriseAuthorizerContext) EnforcementDecision
+	ACLRead(*AuthorizerContext) EnforcementDecision
 
 	// ACLWrite checks for permission to manipulate ACLs
-	ACLWrite(*EnterpriseAuthorizerContext) EnforcementDecision
+	ACLWrite(*AuthorizerContext) EnforcementDecision
 
 	// AgentRead checks for permission to read from agent endpoints for a
 	// given node.
-	AgentRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	AgentRead(string, *AuthorizerContext) EnforcementDecision
 
 	// AgentWrite checks for permission to make changes via agent endpoints
 	// for a given node.
-	AgentWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	AgentWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// EventRead determines if a specific event can be queried.
-	EventRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	EventRead(string, *AuthorizerContext) EnforcementDecision
 
 	// EventWrite determines if a specific event may be fired.
-	EventWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	EventWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// IntentionDefaultAllow determines the default authorized behavior
 	// when no intentions match a Connect request.
-	IntentionDefaultAllow(*EnterpriseAuthorizerContext) EnforcementDecision
+	IntentionDefaultAllow(*AuthorizerContext) EnforcementDecision
 
 	// IntentionRead determines if a specific intention can be read.
-	IntentionRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	IntentionRead(string, *AuthorizerContext) EnforcementDecision
 
 	// IntentionWrite determines if a specific intention can be
 	// created, modified, or deleted.
-	IntentionWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	IntentionWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// KeyList checks for permission to list keys under a prefix
-	KeyList(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	KeyList(string, *AuthorizerContext) EnforcementDecision
 
 	// KeyRead checks for permission to read a given key
-	KeyRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	KeyRead(string, *AuthorizerContext) EnforcementDecision
 
 	// KeyWrite checks for permission to write a given key
-	KeyWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	KeyWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// KeyWritePrefix checks for permission to write to an
 	// entire key prefix. This means there must be no sub-policies
 	// that deny a write.
-	KeyWritePrefix(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	KeyWritePrefix(string, *AuthorizerContext) EnforcementDecision
 
 	// KeyringRead determines if the encryption keyring used in
 	// the gossip layer can be read.
-	KeyringRead(*EnterpriseAuthorizerContext) EnforcementDecision
+	KeyringRead(*AuthorizerContext) EnforcementDecision
 
 	// KeyringWrite determines if the keyring can be manipulated
-	KeyringWrite(*EnterpriseAuthorizerContext) EnforcementDecision
+	KeyringWrite(*AuthorizerContext) EnforcementDecision
 
 	// NodeRead checks for permission to read (discover) a given node.
-	NodeRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	NodeRead(string, *AuthorizerContext) EnforcementDecision
 
 	// NodeWrite checks for permission to create or update (register) a
 	// given node.
-	NodeWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	NodeWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// OperatorRead determines if the read-only Consul operator functions
 	// can be used.
-	OperatorRead(*EnterpriseAuthorizerContext) EnforcementDecision
+	OperatorRead(*AuthorizerContext) EnforcementDecision
 
 	// OperatorWrite determines if the state-changing Consul operator
 	// functions can be used.
-	OperatorWrite(*EnterpriseAuthorizerContext) EnforcementDecision
+	OperatorWrite(*AuthorizerContext) EnforcementDecision
 
 	// PreparedQueryRead determines if a specific prepared query can be read
 	// to show its contents (this is not used for execution).
-	PreparedQueryRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	PreparedQueryRead(string, *AuthorizerContext) EnforcementDecision
 
 	// PreparedQueryWrite determines if a specific prepared query can be
 	// created, modified, or deleted.
-	PreparedQueryWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	PreparedQueryWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// ServiceRead checks for permission to read a given service
-	ServiceRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	ServiceRead(string, *AuthorizerContext) EnforcementDecision
 
 	// ServiceWrite checks for permission to create or update a given
 	// service
-	ServiceWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	ServiceWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// SessionRead checks for permission to read sessions for a given node.
-	SessionRead(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	SessionRead(string, *AuthorizerContext) EnforcementDecision
 
 	// SessionWrite checks for permission to create sessions for a given
 	// node.
-	SessionWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision
+	SessionWrite(string, *AuthorizerContext) EnforcementDecision
 
 	// Snapshot checks for permission to take and restore snapshots.
-	Snapshot(*EnterpriseAuthorizerContext) EnforcementDecision
+	Snapshot(*AuthorizerContext) EnforcementDecision
 
 	// Embedded Interface for Consul Enterprise specific ACL enforcement
 	EnterpriseAuthorizer
 }
 
-func Enforce(authz Authorizer, rsc Resource, segment string, access string, ctx *EnterpriseAuthorizerContext) (EnforcementDecision, error) {
+func Enforce(authz Authorizer, rsc Resource, segment string, access string, ctx *AuthorizerContext) (EnforcementDecision, error) {
 	lowerAccess := strings.ToLower(access)
 
 	switch rsc {

acl/authorizer_oss.go

@@ -2,12 +2,12 @@
 
 package acl
 
-// EnterpriseAuthorizerContext stub
+// AuthorizerContext stub
-type EnterpriseAuthorizerContext struct{}
+type AuthorizerContext struct{}
 
 // EnterpriseAuthorizer stub interface
 type EnterpriseAuthorizer interface{}
 
-func EnforceEnterprise(_ Authorizer, _ Resource, _ string, _ string, _ *EnterpriseAuthorizerContext) (bool, EnforcementDecision, error) {
+func EnforceEnterprise(_ Authorizer, _ Resource, _ string, _ string, _ *AuthorizerContext) (bool, EnforcementDecision, error) {
 	return false, Deny, nil
 }

acl/authorizer_test.go

@@ -13,77 +13,77 @@ type mockAuthorizer struct {
 }
 
 // ACLRead checks for permission to list all the ACLs
-func (m *mockAuthorizer) ACLRead(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) ACLRead(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // ACLWrite checks for permission to manipulate ACLs
-func (m *mockAuthorizer) ACLWrite(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) ACLWrite(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // AgentRead checks for permission to read from agent endpoints for a
 // given node.
-func (m *mockAuthorizer) AgentRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) AgentRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // AgentWrite checks for permission to make changes via agent endpoints
 // for a given node.
-func (m *mockAuthorizer) AgentWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) AgentWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // EventRead determines if a specific event can be queried.
-func (m *mockAuthorizer) EventRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) EventRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // EventWrite determines if a specific event may be fired.
-func (m *mockAuthorizer) EventWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) EventWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // IntentionDefaultAllow determines the default authorized behavior
 // when no intentions match a Connect request.
-func (m *mockAuthorizer) IntentionDefaultAllow(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) IntentionDefaultAllow(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // IntentionRead determines if a specific intention can be read.
-func (m *mockAuthorizer) IntentionRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) IntentionRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // IntentionWrite determines if a specific intention can be
 // created, modified, or deleted.
-func (m *mockAuthorizer) IntentionWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) IntentionWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // KeyList checks for permission to list keys under a prefix
-func (m *mockAuthorizer) KeyList(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) KeyList(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // KeyRead checks for permission to read a given key
-func (m *mockAuthorizer) KeyRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) KeyRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // KeyWrite checks for permission to write a given key
-func (m *mockAuthorizer) KeyWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) KeyWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
@@ -91,93 +91,93 @@ func (m *mockAuthorizer) KeyWrite(segment string, ctx *EnterpriseAuthorizerConte
 // KeyWritePrefix checks for permission to write to an
 // entire key prefix. This means there must be no sub-policies
 // that deny a write.
-func (m *mockAuthorizer) KeyWritePrefix(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) KeyWritePrefix(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // KeyringRead determines if the encryption keyring used in
 // the gossip layer can be read.
-func (m *mockAuthorizer) KeyringRead(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) KeyringRead(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // KeyringWrite determines if the keyring can be manipulated
-func (m *mockAuthorizer) KeyringWrite(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) KeyringWrite(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // NodeRead checks for permission to read (discover) a given node.
-func (m *mockAuthorizer) NodeRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) NodeRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // NodeWrite checks for permission to create or update (register) a
 // given node.
-func (m *mockAuthorizer) NodeWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) NodeWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // OperatorRead determines if the read-only Consul operator functions
 // can be used.	ret := m.Called(segment, ctx)
-func (m *mockAuthorizer) OperatorRead(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) OperatorRead(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // OperatorWrite determines if the state-changing Consul operator
 // functions can be used.
-func (m *mockAuthorizer) OperatorWrite(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) OperatorWrite(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // PreparedQueryRead determines if a specific prepared query can be read
 // to show its contents (this is not used for execution).
-func (m *mockAuthorizer) PreparedQueryRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) PreparedQueryRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // PreparedQueryWrite determines if a specific prepared query can be
 // created, modified, or deleted.
-func (m *mockAuthorizer) PreparedQueryWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) PreparedQueryWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // ServiceRead checks for permission to read a given service
-func (m *mockAuthorizer) ServiceRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) ServiceRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // ServiceWrite checks for permission to create or update a given
 // service
-func (m *mockAuthorizer) ServiceWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) ServiceWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // SessionRead checks for permission to read sessions for a given node.
-func (m *mockAuthorizer) SessionRead(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) SessionRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // SessionWrite checks for permission to create sessions for a given
 // node.
-func (m *mockAuthorizer) SessionWrite(segment string, ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) SessionWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 
 // Snapshot checks for permission to take and restore snapshots.
-func (m *mockAuthorizer) Snapshot(ctx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (m *mockAuthorizer) Snapshot(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
@@ -599,7 +599,7 @@ func TestACL_Enforce(t *testing.T) {
 			m := &mockAuthorizer{}
 
 			if tcase.err == "" {
-				var nilCtx *EnterpriseAuthorizerContext
+				var nilCtx *AuthorizerContext
 				if tcase.segment != "" {
 					m.On(tcase.method, tcase.segment, nilCtx).Return(tcase.ret)
 				} else {

acl/chained_authorizer.go

@@ -34,14 +34,14 @@ func (c *ChainedAuthorizer) executeChain(enforce func(authz Authorizer) Enforcem
 }
 
 // ACLRead checks for permission to list all the ACLs
-func (c *ChainedAuthorizer) ACLRead(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) ACLRead(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.ACLRead(entCtx)
 	})
 }
 
 // ACLWrite checks for permission to manipulate ACLs
-func (c *ChainedAuthorizer) ACLWrite(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) ACLWrite(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.ACLWrite(entCtx)
 	})
@@ -49,7 +49,7 @@ func (c *ChainedAuthorizer) ACLWrite(entCtx *EnterpriseAuthorizerContext) Enforc
 
 // AgentRead checks for permission to read from agent endpoints for a
 // given node.
-func (c *ChainedAuthorizer) AgentRead(node string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) AgentRead(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.AgentRead(node, entCtx)
 	})
@@ -57,21 +57,21 @@ func (c *ChainedAuthorizer) AgentRead(node string, entCtx *EnterpriseAuthorizerC
 
 // AgentWrite checks for permission to make changes via agent endpoints
 // for a given node.
-func (c *ChainedAuthorizer) AgentWrite(node string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) AgentWrite(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.AgentWrite(node, entCtx)
 	})
 }
 
 // EventRead determines if a specific event can be queried.
-func (c *ChainedAuthorizer) EventRead(name string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) EventRead(name string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.EventRead(name, entCtx)
 	})
 }
 
 // EventWrite determines if a specific event may be fired.
-func (c *ChainedAuthorizer) EventWrite(name string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) EventWrite(name string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.EventWrite(name, entCtx)
 	})
@@ -79,14 +79,14 @@ func (c *ChainedAuthorizer) EventWrite(name string, entCtx *EnterpriseAuthorizer
 
 // IntentionDefaultAllow determines the default authorized behavior
 // when no intentions match a Connect request.
-func (c *ChainedAuthorizer) IntentionDefaultAllow(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) IntentionDefaultAllow(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.IntentionDefaultAllow(entCtx)
 	})
 }
 
 // IntentionRead determines if a specific intention can be read.
-func (c *ChainedAuthorizer) IntentionRead(prefix string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) IntentionRead(prefix string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.IntentionRead(prefix, entCtx)
 	})
@@ -94,28 +94,28 @@ func (c *ChainedAuthorizer) IntentionRead(prefix string, entCtx *EnterpriseAutho
 
 // IntentionWrite determines if a specific intention can be
 // created, modified, or deleted.
-func (c *ChainedAuthorizer) IntentionWrite(prefix string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) IntentionWrite(prefix string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.IntentionWrite(prefix, entCtx)
 	})
 }
 
 // KeyList checks for permission to list keys under a prefix
-func (c *ChainedAuthorizer) KeyList(keyPrefix string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) KeyList(keyPrefix string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.KeyList(keyPrefix, entCtx)
 	})
 }
 
 // KeyRead checks for permission to read a given key
-func (c *ChainedAuthorizer) KeyRead(key string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) KeyRead(key string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.KeyRead(key, entCtx)
 	})
 }
 
 // KeyWrite checks for permission to write a given key
-func (c *ChainedAuthorizer) KeyWrite(key string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) KeyWrite(key string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.KeyWrite(key, entCtx)
 	})
@@ -124,7 +124,7 @@ func (c *ChainedAuthorizer) KeyWrite(key string, entCtx *EnterpriseAuthorizerCon
 // KeyWritePrefix checks for permission to write to an
 // entire key prefix. This means there must be no sub-policies
 // that deny a write.
-func (c *ChainedAuthorizer) KeyWritePrefix(keyPrefix string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) KeyWritePrefix(keyPrefix string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.KeyWritePrefix(keyPrefix, entCtx)
 	})
@@ -132,21 +132,21 @@ func (c *ChainedAuthorizer) KeyWritePrefix(keyPrefix string, entCtx *EnterpriseA
 
 // KeyringRead determines if the encryption keyring used in
 // the gossip layer can be read.
-func (c *ChainedAuthorizer) KeyringRead(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) KeyringRead(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.KeyringRead(entCtx)
 	})
 }
 
 // KeyringWrite determines if the keyring can be manipulated
-func (c *ChainedAuthorizer) KeyringWrite(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) KeyringWrite(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.KeyringWrite(entCtx)
 	})
 }
 
 // NodeRead checks for permission to read (discover) a given node.
-func (c *ChainedAuthorizer) NodeRead(node string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) NodeRead(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.NodeRead(node, entCtx)
 	})
@@ -154,7 +154,7 @@ func (c *ChainedAuthorizer) NodeRead(node string, entCtx *EnterpriseAuthorizerCo
 
 // NodeWrite checks for permission to create or update (register) a
 // given node.
-func (c *ChainedAuthorizer) NodeWrite(node string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) NodeWrite(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.NodeWrite(node, entCtx)
 	})
@@ -162,7 +162,7 @@ func (c *ChainedAuthorizer) NodeWrite(node string, entCtx *EnterpriseAuthorizerC
 
 // OperatorRead determines if the read-only Consul operator functions
 // can be used.
-func (c *ChainedAuthorizer) OperatorRead(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) OperatorRead(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.OperatorRead(entCtx)
 	})
@@ -170,7 +170,7 @@ func (c *ChainedAuthorizer) OperatorRead(entCtx *EnterpriseAuthorizerContext) En
 
 // OperatorWrite determines if the state-changing Consul operator
 // functions can be used.
-func (c *ChainedAuthorizer) OperatorWrite(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) OperatorWrite(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.OperatorWrite(entCtx)
 	})
@@ -178,7 +178,7 @@ func (c *ChainedAuthorizer) OperatorWrite(entCtx *EnterpriseAuthorizerContext) E
 
 // PreparedQueryRead determines if a specific prepared query can be read
 // to show its contents (this is not used for execution).
-func (c *ChainedAuthorizer) PreparedQueryRead(query string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) PreparedQueryRead(query string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.PreparedQueryRead(query, entCtx)
 	})
@@ -186,14 +186,14 @@ func (c *ChainedAuthorizer) PreparedQueryRead(query string, entCtx *EnterpriseAu
 
 // PreparedQueryWrite determines if a specific prepared query can be
 // created, modified, or deleted.
-func (c *ChainedAuthorizer) PreparedQueryWrite(query string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) PreparedQueryWrite(query string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.PreparedQueryWrite(query, entCtx)
 	})
 }
 
 // ServiceRead checks for permission to read a given service
-func (c *ChainedAuthorizer) ServiceRead(name string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) ServiceRead(name string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.ServiceRead(name, entCtx)
 	})
@@ -201,14 +201,14 @@ func (c *ChainedAuthorizer) ServiceRead(name string, entCtx *EnterpriseAuthorize
 
 // ServiceWrite checks for permission to create or update a given
 // service
-func (c *ChainedAuthorizer) ServiceWrite(name string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) ServiceWrite(name string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.ServiceWrite(name, entCtx)
 	})
 }
 
 // SessionRead checks for permission to read sessions for a given node.
-func (c *ChainedAuthorizer) SessionRead(node string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) SessionRead(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.SessionRead(node, entCtx)
 	})
@@ -216,14 +216,14 @@ func (c *ChainedAuthorizer) SessionRead(node string, entCtx *EnterpriseAuthorize
 
 // SessionWrite checks for permission to create sessions for a given
 // node.
-func (c *ChainedAuthorizer) SessionWrite(node string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) SessionWrite(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.SessionWrite(node, entCtx)
 	})
 }
 
 // Snapshot checks for permission to take and restore snapshots.
-func (c *ChainedAuthorizer) Snapshot(entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (c *ChainedAuthorizer) Snapshot(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.Snapshot(entCtx)
 	})

acl/chained_authorizer_test.go

@@ -6,82 +6,82 @@ import (
 
 type testAuthorizer EnforcementDecision
 
-func (authz testAuthorizer) ACLRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) ACLRead(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) ACLWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) ACLWrite(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) AgentRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) AgentRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) AgentWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) AgentWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) EventRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) EventRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) EventWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) EventWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) IntentionDefaultAllow(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) IntentionDefaultAllow(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) IntentionRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) IntentionRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) IntentionWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) IntentionWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) KeyList(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) KeyList(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) KeyRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) KeyRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) KeyWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) KeyWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) KeyWritePrefix(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) KeyWritePrefix(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) KeyringRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) KeyringRead(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) KeyringWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) KeyringWrite(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) NodeRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) NodeRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) NodeWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) NodeWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) OperatorRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) OperatorRead(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) OperatorWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) OperatorWrite(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) PreparedQueryRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) PreparedQueryRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) PreparedQueryWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) PreparedQueryWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) ServiceRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) ServiceRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) ServiceWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) SessionRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) SessionWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) SessionWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
-func (authz testAuthorizer) Snapshot(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz testAuthorizer) Snapshot(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
 

acl/policy_authorizer.go

@@ -341,7 +341,7 @@ func newPolicyAuthorizerFromRules(rules *PolicyRules, ent *EnterpriseACLConfig)
 }
 
 // ACLRead checks if listing of ACLs is allowed
-func (p *policyAuthorizer) ACLRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) ACLRead(*AuthorizerContext) EnforcementDecision {
 	if p.aclRule != nil {
 		return enforce(p.aclRule.access, AccessRead)
 	}
@@ -349,7 +349,7 @@ func (p *policyAuthorizer) ACLRead(*EnterpriseAuthorizerContext) EnforcementDeci
 }
 
 // ACLWrite checks if modification of ACLs is allowed
-func (p *policyAuthorizer) ACLWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) ACLWrite(*AuthorizerContext) EnforcementDecision {
 	if p.aclRule != nil {
 		return enforce(p.aclRule.access, AccessWrite)
 	}
@@ -358,7 +358,7 @@ func (p *policyAuthorizer) ACLWrite(*EnterpriseAuthorizerContext) EnforcementDec
 
 // AgentRead checks for permission to read from agent endpoints for a given
 // node.
-func (p *policyAuthorizer) AgentRead(node string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) AgentRead(node string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(node, p.agentRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -367,7 +367,7 @@ func (p *policyAuthorizer) AgentRead(node string, _ *EnterpriseAuthorizerContext
 
 // AgentWrite checks for permission to make changes via agent endpoints for a
 // given node.
-func (p *policyAuthorizer) AgentWrite(node string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) AgentWrite(node string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(node, p.agentRules); ok {
 		return enforce(rule.access, AccessWrite)
 	}
@@ -375,7 +375,7 @@ func (p *policyAuthorizer) AgentWrite(node string, _ *EnterpriseAuthorizerContex
 }
 
 // Snapshot checks if taking and restoring snapshots is allowed.
-func (p *policyAuthorizer) Snapshot(_ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) Snapshot(_ *AuthorizerContext) EnforcementDecision {
 	if p.aclRule != nil {
 		return enforce(p.aclRule.access, AccessWrite)
 	}
@@ -384,7 +384,7 @@ func (p *policyAuthorizer) Snapshot(_ *EnterpriseAuthorizerContext) EnforcementD
 
 // EventRead is used to determine if the policy allows for a
 // specific user event to be read.
-func (p *policyAuthorizer) EventRead(name string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) EventRead(name string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(name, p.eventRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -393,7 +393,7 @@ func (p *policyAuthorizer) EventRead(name string, _ *EnterpriseAuthorizerContext
 
 // EventWrite is used to determine if new events can be created
 // (fired) by the policy.
-func (p *policyAuthorizer) EventWrite(name string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) EventWrite(name string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(name, p.eventRules); ok {
 		return enforce(rule.access, AccessWrite)
 	}
@@ -402,14 +402,14 @@ func (p *policyAuthorizer) EventWrite(name string, _ *EnterpriseAuthorizerContex
 
 // IntentionDefaultAllow returns whether the default behavior when there are
 // no matching intentions is to allow or deny.
-func (p *policyAuthorizer) IntentionDefaultAllow(_ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) IntentionDefaultAllow(_ *AuthorizerContext) EnforcementDecision {
 	// We always go up, this can't be determined by a policy.
 	return Default
 }
 
 // IntentionRead checks if writing (creating, updating, or deleting) of an
 // intention is allowed.
-func (p *policyAuthorizer) IntentionRead(prefix string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) IntentionRead(prefix string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(prefix, p.intentionRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -418,7 +418,7 @@ func (p *policyAuthorizer) IntentionRead(prefix string, _ *EnterpriseAuthorizerC
 
 // IntentionWrite checks if writing (creating, updating, or deleting) of an
 // intention is allowed.
-func (p *policyAuthorizer) IntentionWrite(prefix string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) IntentionWrite(prefix string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(prefix, p.intentionRules); ok {
 		return enforce(rule.access, AccessWrite)
 	}
@@ -426,7 +426,7 @@ func (p *policyAuthorizer) IntentionWrite(prefix string, _ *EnterpriseAuthorizer
 }
 
 // KeyRead returns if a key is allowed to be read
-func (p *policyAuthorizer) KeyRead(key string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) KeyRead(key string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(key, p.keyRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -434,7 +434,7 @@ func (p *policyAuthorizer) KeyRead(key string, _ *EnterpriseAuthorizerContext) E
 }
 
 // KeyList returns if a key is allowed to be listed
-func (p *policyAuthorizer) KeyList(key string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) KeyList(key string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(key, p.keyRules); ok {
 		return enforce(rule.access, AccessList)
 	}
@@ -442,7 +442,7 @@ func (p *policyAuthorizer) KeyList(key string, _ *EnterpriseAuthorizerContext) E
 }
 
 // KeyWrite returns if a key is allowed to be written
-func (p *policyAuthorizer) KeyWrite(key string, entCtx *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) KeyWrite(key string, entCtx *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(key, p.keyRules); ok {
 		decision := enforce(rule.access, AccessWrite)
 		if decision == Allow {
@@ -459,7 +459,7 @@ func (p *policyAuthorizer) KeyWrite(key string, entCtx *EnterpriseAuthorizerCont
 // the KV can be removed. For that reason we must be able to
 // delete everything under the prefix. First we must have "write"
 // on the prefix itself
-func (p *policyAuthorizer) KeyWritePrefix(prefix string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) KeyWritePrefix(prefix string, _ *AuthorizerContext) EnforcementDecision {
 	// Conditions for Allow:
 	//   * The longest prefix match rule that would apply to the given prefix
 	//     grants AccessWrite
@@ -537,7 +537,7 @@ func (p *policyAuthorizer) KeyWritePrefix(prefix string, _ *EnterpriseAuthorizer
 
 // KeyringRead is used to determine if the keyring can be
 // read by the current ACL token.
-func (p *policyAuthorizer) KeyringRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) KeyringRead(*AuthorizerContext) EnforcementDecision {
 	if p.keyringRule != nil {
 		return enforce(p.keyringRule.access, AccessRead)
 	}
@@ -545,7 +545,7 @@ func (p *policyAuthorizer) KeyringRead(*EnterpriseAuthorizerContext) Enforcement
 }
 
 // KeyringWrite determines if the keyring can be manipulated.
-func (p *policyAuthorizer) KeyringWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) KeyringWrite(*AuthorizerContext) EnforcementDecision {
 	if p.keyringRule != nil {
 		return enforce(p.keyringRule.access, AccessWrite)
 	}
@@ -553,7 +553,7 @@ func (p *policyAuthorizer) KeyringWrite(*EnterpriseAuthorizerContext) Enforcemen
 }
 
 // OperatorRead determines if the read-only operator functions are allowed.
-func (p *policyAuthorizer) OperatorRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) OperatorRead(*AuthorizerContext) EnforcementDecision {
 	if p.operatorRule != nil {
 		return enforce(p.operatorRule.access, AccessRead)
 	}
@@ -562,7 +562,7 @@ func (p *policyAuthorizer) OperatorRead(*EnterpriseAuthorizerContext) Enforcemen
 
 // OperatorWrite determines if the state-changing operator functions are
 // allowed.
-func (p *policyAuthorizer) OperatorWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) OperatorWrite(*AuthorizerContext) EnforcementDecision {
 	if p.operatorRule != nil {
 		return enforce(p.operatorRule.access, AccessWrite)
 	}
@@ -570,7 +570,7 @@ func (p *policyAuthorizer) OperatorWrite(*EnterpriseAuthorizerContext) Enforceme
 }
 
 // NodeRead checks if reading (discovery) of a node is allowed
-func (p *policyAuthorizer) NodeRead(name string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) NodeRead(name string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(name, p.nodeRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -578,7 +578,7 @@ func (p *policyAuthorizer) NodeRead(name string, _ *EnterpriseAuthorizerContext)
 }
 
 // NodeWrite checks if writing (registering) a node is allowed
-func (p *policyAuthorizer) NodeWrite(name string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) NodeWrite(name string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(name, p.nodeRules); ok {
 		return enforce(rule.access, AccessWrite)
 	}
@@ -587,7 +587,7 @@ func (p *policyAuthorizer) NodeWrite(name string, _ *EnterpriseAuthorizerContext
 
 // PreparedQueryRead checks if reading (listing) of a prepared query is
 // allowed - this isn't execution, just listing its contents.
-func (p *policyAuthorizer) PreparedQueryRead(prefix string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) PreparedQueryRead(prefix string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(prefix, p.preparedQueryRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -596,7 +596,7 @@ func (p *policyAuthorizer) PreparedQueryRead(prefix string, _ *EnterpriseAuthori
 
 // PreparedQueryWrite checks if writing (creating, updating, or deleting) of a
 // prepared query is allowed.
-func (p *policyAuthorizer) PreparedQueryWrite(prefix string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) PreparedQueryWrite(prefix string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(prefix, p.preparedQueryRules); ok {
 		return enforce(rule.access, AccessWrite)
 	}
@@ -604,7 +604,7 @@ func (p *policyAuthorizer) PreparedQueryWrite(prefix string, _ *EnterpriseAuthor
 }
 
 // ServiceRead checks if reading (discovery) of a service is allowed
-func (p *policyAuthorizer) ServiceRead(name string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) ServiceRead(name string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(name, p.serviceRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -612,7 +612,7 @@ func (p *policyAuthorizer) ServiceRead(name string, _ *EnterpriseAuthorizerConte
 }
 
 // ServiceWrite checks if writing (registering) a service is allowed
-func (p *policyAuthorizer) ServiceWrite(name string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) ServiceWrite(name string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(name, p.serviceRules); ok {
 		return enforce(rule.access, AccessWrite)
 	}
@@ -620,7 +620,7 @@ func (p *policyAuthorizer) ServiceWrite(name string, _ *EnterpriseAuthorizerCont
 }
 
 // SessionRead checks for permission to read sessions for a given node.
-func (p *policyAuthorizer) SessionRead(node string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) SessionRead(node string, _ *AuthorizerContext) EnforcementDecision {
 	if rule, ok := getPolicy(node, p.sessionRules); ok {
 		return enforce(rule.access, AccessRead)
 	}
@@ -628,7 +628,7 @@ func (p *policyAuthorizer) SessionRead(node string, _ *EnterpriseAuthorizerConte
 }
 
 // SessionWrite checks for permission to create sessions for a given node.
-func (p *policyAuthorizer) SessionWrite(node string, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) SessionWrite(node string, _ *AuthorizerContext) EnforcementDecision {
 	// Check for an exact rule or catch-all
 	if rule, ok := getPolicy(node, p.sessionRules); ok {
 		return enforce(rule.access, AccessWrite)

acl/policy_authorizer_oss.go

@@ -9,7 +9,7 @@ func (authz *enterprisePolicyAuthorizer) init(*EnterpriseACLConfig) {
 	// nothing to do
 }
 
-func (authz *enterprisePolicyAuthorizer) enforce(_ *EnterpriseRule, _ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (authz *enterprisePolicyAuthorizer) enforce(_ *EnterpriseRule, _ *AuthorizerContext) EnforcementDecision {
 	return Default
 }
 

acl/policy_authorizer_test.go

@@ -17,7 +17,7 @@ func TestPolicyAuthorizer(t *testing.T) {
 	type aclCheck struct {
 		name   string
 		prefix string
-		check  func(t *testing.T, authz Authorizer, prefix string, entCtx *EnterpriseAuthorizerContext)
+		check  func(t *testing.T, authz Authorizer, prefix string, entCtx *AuthorizerContext)
 	}
 
 	type aclTest struct {

acl/static_authorizer.go

@@ -32,182 +32,182 @@ type StaticAuthorizer struct {
 	defaultAllow bool
 }
 
-func (s *StaticAuthorizer) ACLRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) ACLRead(*AuthorizerContext) EnforcementDecision {
 	if s.allowManage {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) ACLWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) ACLWrite(*AuthorizerContext) EnforcementDecision {
 	if s.allowManage {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) AgentRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) AgentRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) AgentWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) AgentWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) EventRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) EventRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) EventWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) EventWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) IntentionDefaultAllow(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) IntentionDefaultAllow(*AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) IntentionRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) IntentionRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) IntentionWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) IntentionWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) KeyRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) KeyRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) KeyList(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) KeyList(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) KeyWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) KeyWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) KeyWritePrefix(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) KeyWritePrefix(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) KeyringRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) KeyringRead(*AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) KeyringWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) KeyringWrite(*AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) NodeRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) NodeRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) NodeWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) NodeWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) OperatorRead(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) OperatorRead(*AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) OperatorWrite(*EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) OperatorWrite(*AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) PreparedQueryRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) PreparedQueryRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) PreparedQueryWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) PreparedQueryWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) ServiceRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) ServiceRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) ServiceWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) SessionRead(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) SessionWrite(string, *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) SessionWrite(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 
-func (s *StaticAuthorizer) Snapshot(_ *EnterpriseAuthorizerContext) EnforcementDecision {
+func (s *StaticAuthorizer) Snapshot(_ *AuthorizerContext) EnforcementDecision {
 	if s.allowManage {
 		return Allow
 	}

agent/acl.go

@@ -75,7 +75,7 @@ func (a *Agent) vetServiceRegister(token string, service *structs.NodeService) e
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	service.FillAuthzContext(&authzContext)
 	// Vet the service itself.
 	if rule.ServiceWrite(service.Service, &authzContext) != acl.Allow {
@@ -114,7 +114,7 @@ func (a *Agent) vetServiceUpdate(token string, serviceID structs.ServiceID) erro
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 
 	// Vet any changes based on the existing services's info.
 	if existing := a.State.Service(serviceID); existing != nil {
@@ -141,7 +141,7 @@ func (a *Agent) vetCheckRegister(token string, check *structs.HealthCheck) error
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	check.FillAuthzContext(&authzContext)
 	// Vet the check itself.
 	if len(check.ServiceName) > 0 {
@@ -181,7 +181,7 @@ func (a *Agent) vetCheckUpdate(token string, checkID structs.CheckID) error {
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	checkID.FillAuthzContext(&authzContext)
 
 	// Vet any changes based on the existing check's info.
@@ -213,7 +213,7 @@ func (a *Agent) filterMembers(token string, members *[]serf.Member) error {
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	structs.DefaultEnterpriseMeta().FillAuthzContext(&authzContext)
 	// Filter out members based on the node policy.
 	m := *members
@@ -241,7 +241,7 @@ func (a *Agent) filterServices(token string, services *map[structs.ServiceID]*st
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	// Filter out services based on the service policy.
 	for id, service := range *services {
 		service.FillAuthzContext(&authzContext)
@@ -265,7 +265,7 @@ func (a *Agent) filterChecks(token string, checks *map[structs.CheckID]*structs.
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	// Filter out checks based on the node or service policy.
 	for id, check := range *checks {
 		if len(check.ServiceName) > 0 {

agent/agent_endpoint.go

@@ -295,7 +295,7 @@ func (s *HTTPServer) AgentService(resp http.ResponseWriter, req *http.Request) (
 			if err != nil {
 				return "", nil, err
 			}
-			var authzContext acl.EnterpriseAuthorizerContext
+			var authzContext acl.AuthorizerContext
 			svc.FillAuthzContext(&authzContext)
 			if rule != nil && rule.ServiceRead(svc.Service, &authzContext) != acl.Allow {
 				return "", nil, acl.ErrPermissionDenied

agent/consul/acl.go

@@ -1092,7 +1092,7 @@ func newACLFilter(authorizer acl.Authorizer, logger *log.Logger, enforceVersion8
 }
 
 // allowNode is used to determine if a node is accessible for an ACL.
-func (f *aclFilter) allowNode(node string, ent *acl.EnterpriseAuthorizerContext) bool {
+func (f *aclFilter) allowNode(node string, ent *acl.AuthorizerContext) bool {
 	if !f.enforceVersion8 {
 		return true
 	}
@@ -1101,7 +1101,7 @@ func (f *aclFilter) allowNode(node string, ent *acl.EnterpriseAuthorizerContext)
 }
 
 // allowService is used to determine if a service is accessible for an ACL.
-func (f *aclFilter) allowService(service string, ent *acl.EnterpriseAuthorizerContext) bool {
+func (f *aclFilter) allowService(service string, ent *acl.AuthorizerContext) bool {
 	if service == "" {
 		return true
 	}
@@ -1114,7 +1114,7 @@ func (f *aclFilter) allowService(service string, ent *acl.EnterpriseAuthorizerCo
 
 // allowSession is used to determine if a session for a node is accessible for
 // an ACL.
-func (f *aclFilter) allowSession(node string, ent *acl.EnterpriseAuthorizerContext) bool {
+func (f *aclFilter) allowSession(node string, ent *acl.AuthorizerContext) bool {
 	if !f.enforceVersion8 {
 		return true
 	}
@@ -1125,7 +1125,7 @@ func (f *aclFilter) allowSession(node string, ent *acl.EnterpriseAuthorizerConte
 // the configured ACL rules for a token.
 func (f *aclFilter) filterHealthChecks(checks *structs.HealthChecks) {
 	hc := *checks
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 
 	for i := 0; i < len(hc); i++ {
 		check := hc[i]
@@ -1143,7 +1143,7 @@ func (f *aclFilter) filterHealthChecks(checks *structs.HealthChecks) {
 
 // filterServices is used to filter a set of services based on ACLs.
 func (f *aclFilter) filterServices(services structs.Services, entMeta *structs.EnterpriseMeta) {
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	entMeta.FillAuthzContext(&authzContext)
 
 	for svc := range services {
@@ -1159,7 +1159,7 @@ func (f *aclFilter) filterServices(services structs.Services, entMeta *structs.E
 // based on the configured ACL rules.
 func (f *aclFilter) filterServiceNodes(nodes *structs.ServiceNodes) {
 	sn := *nodes
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 
 	for i := 0; i < len(sn); i++ {
 		node := sn[i]
@@ -1181,7 +1181,7 @@ func (f *aclFilter) filterNodeServices(services **structs.NodeServices) {
 		return
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	structs.WildcardEnterpriseMeta().FillAuthzContext(&authzContext)
 	if !f.allowNode((*services).Node.Node, &authzContext) {
 		*services = nil
@@ -1205,7 +1205,7 @@ func (f *aclFilter) filterNodeServiceList(services **structs.NodeServiceList) {
 		return
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	structs.WildcardEnterpriseMeta().FillAuthzContext(&authzContext)
 	if !f.allowNode((*services).Node.Node, &authzContext) {
 		*services = nil
@@ -1238,7 +1238,7 @@ func (f *aclFilter) filterNodeServiceList(services **structs.NodeServiceList) {
 // filterCheckServiceNodes is used to filter nodes based on ACL rules.
 func (f *aclFilter) filterCheckServiceNodes(nodes *structs.CheckServiceNodes) {
 	csn := *nodes
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 
 	for i := 0; i < len(csn); i++ {
 		node := csn[i]
@@ -1259,7 +1259,7 @@ func (f *aclFilter) filterSessions(sessions *structs.Sessions) {
 	for i := 0; i < len(s); i++ {
 		session := s[i]
 
-		var entCtx acl.EnterpriseAuthorizerContext
+		var entCtx acl.AuthorizerContext
 		session.FillAuthzContext(&entCtx)
 
 		if f.allowSession(session.Node, &entCtx) {
@@ -1276,7 +1276,7 @@ func (f *aclFilter) filterSessions(sessions *structs.Sessions) {
 // rules.
 func (f *aclFilter) filterCoordinates(coords *structs.Coordinates) {
 	c := *coords
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	structs.WildcardEnterpriseMeta().FillAuthzContext(&authzContext)
 
 	for i := 0; i < len(c); i++ {
@@ -1325,7 +1325,7 @@ func (f *aclFilter) filterIntentions(ixns *structs.Intentions) {
 func (f *aclFilter) filterNodeDump(dump *structs.NodeDump) {
 	nd := *dump
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	for i := 0; i < len(nd); i++ {
 		info := nd[i]
 
@@ -1370,7 +1370,7 @@ func (f *aclFilter) filterNodeDump(dump *structs.NodeDump) {
 func (f *aclFilter) filterNodes(nodes *structs.Nodes) {
 	n := *nodes
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	structs.WildcardEnterpriseMeta().FillAuthzContext(&authzContext)
 
 	for i := 0; i < len(n); i++ {
@@ -1393,7 +1393,7 @@ func (f *aclFilter) filterNodes(nodes *structs.Nodes) {
 // captured tokens, but they can at least see whether or not a token is set.
 func (f *aclFilter) redactPreparedQueryTokens(query **structs.PreparedQuery) {
 	// Management tokens can see everything with no filtering.
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	structs.DefaultEnterpriseMeta().FillAuthzContext(&authzContext)
 	if f.authorizer.ACLWrite(&authzContext) == acl.Allow {
 		return
@@ -1419,7 +1419,7 @@ func (f *aclFilter) redactPreparedQueryTokens(query **structs.PreparedQuery) {
 // We prune entries the user doesn't have access to, and we redact any tokens
 // if the user doesn't have a management token.
 func (f *aclFilter) filterPreparedQueries(queries *structs.PreparedQueries) {
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	structs.DefaultEnterpriseMeta().FillAuthzContext(&authzContext)
 	// Management tokens can see everything with no filtering.
 	// TODO  is this check even necessary - this looks like a search replace from
@@ -1451,7 +1451,7 @@ func (f *aclFilter) filterPreparedQueries(queries *structs.PreparedQueries) {
 }
 
 func (f *aclFilter) filterToken(token **structs.ACLToken) {
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	if token == nil || *token == nil || f == nil {
 		return
 	}
@@ -1482,7 +1482,7 @@ func (f *aclFilter) filterTokens(tokens *structs.ACLTokens) {
 }
 
 func (f *aclFilter) filterTokenStub(token **structs.ACLTokenListStub) {
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	if token == nil || *token == nil || f == nil {
 		return
 	}
@@ -1507,7 +1507,7 @@ func (f *aclFilter) filterTokenStubs(tokens *[]*structs.ACLTokenListStub) {
 }
 
 func (f *aclFilter) filterPolicy(policy **structs.ACLPolicy) {
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	if policy == nil || *policy == nil || f == nil {
 		return
 	}
@@ -1533,7 +1533,7 @@ func (f *aclFilter) filterPolicies(policies *structs.ACLPolicies) {
 }
 
 func (f *aclFilter) filterRole(role **structs.ACLRole) {
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	if role == nil || *role == nil || f == nil {
 		return
 	}
@@ -1559,7 +1559,7 @@ func (f *aclFilter) filterRoles(roles *structs.ACLRoles) {
 }
 
 func (f *aclFilter) filterBindingRule(rule **structs.ACLBindingRule) {
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	if rule == nil || *rule == nil || f == nil {
 		return
 	}
@@ -1585,7 +1585,7 @@ func (f *aclFilter) filterBindingRules(rules *structs.ACLBindingRules) {
 }
 
 func (f *aclFilter) filterAuthMethod(method **structs.ACLAuthMethod) {
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	if method == nil || *method == nil || f == nil {
 		return
 	}
@@ -1734,7 +1734,7 @@ func vetRegisterWithACL(rule acl.Authorizer, subj *structs.RegisterRequest,
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	subj.FillAuthzContext(&authzContext)
 
 	// Vet the node info. This allows service updates to re-post the required
@@ -1761,7 +1761,7 @@ func vetRegisterWithACL(rule acl.Authorizer, subj *structs.RegisterRequest,
 				// This is effectively a delete, so we DO NOT apply the
 				// sentinel scope to the service we are overwriting, just
 				// the regular ACL policy.
-				var secondaryCtx acl.EnterpriseAuthorizerContext
+				var secondaryCtx acl.AuthorizerContext
 				other.FillAuthzContext(&secondaryCtx)
 
 				if rule.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
@@ -1822,7 +1822,7 @@ func vetRegisterWithACL(rule acl.Authorizer, subj *structs.RegisterRequest,
 		// We are only adding a check here, so we don't add the scope,
 		// since the sentinel policy doesn't apply to adding checks at
 		// this time.
-		var secondaryCtx acl.EnterpriseAuthorizerContext
+		var secondaryCtx acl.AuthorizerContext
 		other.FillAuthzContext(&secondaryCtx)
 
 		if rule.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
@@ -1849,7 +1849,7 @@ func vetDeregisterWithACL(rule acl.Authorizer, subj *structs.DeregisterRequest,
 	// We don't apply sentinel in this path, since at this time sentinel
 	// only applies to create and update operations.
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	// fill with the defaults for use with the NodeWrite check
 	subj.FillAuthzContext(&authzContext)
 
@@ -1906,7 +1906,7 @@ func vetNodeTxnOp(op *structs.TxnNodeOp, rule acl.Authorizer) error {
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	op.FillAuthzContext(&authzContext)
 
 	if rule != nil && rule.NodeWrite(op.Node.Node, &authzContext) != acl.Allow {
@@ -1923,7 +1923,7 @@ func vetServiceTxnOp(op *structs.TxnServiceOp, rule acl.Authorizer) error {
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	op.FillAuthzContext(&authzContext)
 
 	if rule.ServiceWrite(op.Service.Service, &authzContext) != acl.Allow {
@@ -1940,7 +1940,7 @@ func vetCheckTxnOp(op *structs.TxnCheckOp, rule acl.Authorizer) error {
 		return nil
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	op.FillAuthzContext(&authzContext)
 
 	if op.Check.ServiceID == "" {

agent/consul/acl_endpoint.go

@@ -208,7 +208,7 @@ func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLToke
 	var rule acl.Authorizer
 
 	if args.TokenIDType == structs.ACLTokenAccessor {
-		var entCtx acl.EnterpriseAuthorizerContext
+		var entCtx acl.AuthorizerContext
 		args.FillAuthzContext(&entCtx)
 
 		var err error
@@ -277,7 +277,7 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok
 
 	defer metrics.MeasureSince([]string{"acl", "token", "clone"}, time.Now())
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.ACLToken.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -348,7 +348,7 @@ func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken
 	defer metrics.MeasureSince([]string{"acl", "token", "upsert"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.ACLToken.FillAuthzContext(&entCtx)
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
 		return err
@@ -737,7 +737,7 @@ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) er
 	defer metrics.MeasureSince([]string{"acl", "token", "delete"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -826,7 +826,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := a.srv.ResolveToken(args.Token)
@@ -930,7 +930,7 @@ func (a *ACL) PolicyRead(args *structs.ACLPolicyGetRequest, reply *structs.ACLPo
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -1002,7 +1002,7 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol
 	defer metrics.MeasureSince([]string{"acl", "policy", "upsert"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.Policy.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -1138,7 +1138,7 @@ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string)
 	defer metrics.MeasureSince([]string{"acl", "policy", "delete"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -1195,7 +1195,7 @@ func (a *ACL) PolicyList(args *structs.ACLPolicyListRequest, reply *structs.ACLP
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := a.srv.ResolveToken(args.Token)
@@ -1351,7 +1351,7 @@ func (a *ACL) RoleRead(args *structs.ACLRoleGetRequest, reply *structs.ACLRoleRe
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -1432,7 +1432,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
 	defer metrics.MeasureSince([]string{"acl", "role", "upsert"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.Role.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -1582,7 +1582,7 @@ func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) erro
 	defer metrics.MeasureSince([]string{"acl", "role", "delete"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -1635,7 +1635,7 @@ func (a *ACL) RoleList(args *structs.ACLRoleListRequest, reply *structs.ACLRoleL
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := a.srv.ResolveToken(args.Token)
@@ -1721,7 +1721,7 @@ func (a *ACL) BindingRuleRead(args *structs.ACLBindingRuleGetRequest, reply *str
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := a.srv.ResolveToken(args.Token)
@@ -1763,7 +1763,7 @@ func (a *ACL) BindingRuleSet(args *structs.ACLBindingRuleSetRequest, reply *stru
 
 	defer metrics.MeasureSince([]string{"acl", "bindingrule", "upsert"}, time.Now())
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.BindingRule.FillAuthzContext(&entCtx)
 
 	// Verify token is permitted to modify ACLs
@@ -1894,7 +1894,7 @@ func (a *ACL) BindingRuleDelete(args *structs.ACLBindingRuleDeleteRequest, reply
 
 	defer metrics.MeasureSince([]string{"acl", "bindingrule", "delete"}, time.Now())
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	// Verify token is permitted to modify ACLs
@@ -1948,7 +1948,7 @@ func (a *ACL) BindingRuleList(args *structs.ACLBindingRuleListRequest, reply *st
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := a.srv.ResolveToken(args.Token)
@@ -1989,7 +1989,7 @@ func (a *ACL) AuthMethodRead(args *structs.ACLAuthMethodGetRequest, reply *struc
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -2031,7 +2031,7 @@ func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *struct
 	defer metrics.MeasureSince([]string{"acl", "authmethod", "upsert"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.AuthMethod.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -2119,7 +2119,7 @@ func (a *ACL) AuthMethodDelete(args *structs.ACLAuthMethodDeleteRequest, reply *
 	defer metrics.MeasureSince([]string{"acl", "authmethod", "delete"}, time.Now())
 
 	// Verify token is permitted to modify ACLs
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	if rule, err := a.srv.ResolveToken(args.Token); err != nil {
@@ -2173,7 +2173,7 @@ func (a *ACL) AuthMethodList(args *structs.ACLAuthMethodListRequest, reply *stru
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := a.srv.ResolveToken(args.Token)

agent/consul/catalog_endpoint.go

@@ -59,7 +59,7 @@ func servicePreApply(service *structs.NodeService, rule acl.Authorizer) error {
 		return fmt.Errorf("Invalid service address")
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	service.FillAuthzContext(&authzContext)
 
 	// Apply the ACL policy if any. The 'consul' service is excluded
@@ -359,7 +359,7 @@ func (c *Catalog) ServiceNodes(args *structs.ServiceSpecificRequest, reply *stru
 		}
 	}
 
-	var authzContext acl.EnterpriseAuthorizerContext
+	var authzContext acl.AuthorizerContext
 	args.FillAuthzContext(&authzContext)
 	// If we're doing a connect query, we need read access to the service
 	// we're trying to find proxies for, so check that.

agent/consul/filter.go

@@ -14,7 +14,7 @@ func (d *dirEntFilter) Len() int {
 	return len(d.ent)
 }
 func (d *dirEntFilter) Filter(i int) bool {
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	d.ent[i].FillAuthzContext(&entCtx)
 
 	return d.authorizer.KeyRead(d.ent[i].Key, &entCtx) != acl.Allow

agent/consul/kvs_endpoint.go

@@ -31,7 +31,7 @@ func kvsPreApply(srv *Server, rule acl.Authorizer, op api.KVOp, dirEnt *structs.
 	if rule != nil {
 		switch op {
 		case api.KVDeleteTree:
-			var authzContext acl.EnterpriseAuthorizerContext
+			var authzContext acl.AuthorizerContext
 			dirEnt.FillAuthzContext(&authzContext)
 
 			if rule.KeyWritePrefix(dirEnt.Key, &authzContext) != acl.Allow {
@@ -45,7 +45,7 @@ func kvsPreApply(srv *Server, rule acl.Authorizer, op api.KVOp, dirEnt *structs.
 			// These could reveal information based on the outcome
 			// of the transaction, and they operate on individual
 			// keys so we check them here.
-			var authzContext acl.EnterpriseAuthorizerContext
+			var authzContext acl.AuthorizerContext
 			dirEnt.FillAuthzContext(&authzContext)
 
 			if rule.KeyRead(dirEnt.Key, &authzContext) != acl.Allow {
@@ -53,7 +53,7 @@ func kvsPreApply(srv *Server, rule acl.Authorizer, op api.KVOp, dirEnt *structs.
 			}
 
 		default:
-			var authzContext acl.EnterpriseAuthorizerContext
+			var authzContext acl.AuthorizerContext
 			dirEnt.FillAuthzContext(&authzContext)
 
 			if rule.KeyWrite(dirEnt.Key, &authzContext) != acl.Allow {
@@ -132,7 +132,7 @@ func (k *KVS) Get(args *structs.KeyRequest, reply *structs.IndexedDirEntries) er
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := k.srv.ResolveToken(args.Token)
@@ -178,7 +178,7 @@ func (k *KVS) List(args *structs.KeyRequest, reply *structs.IndexedDirEntries) e
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := k.srv.ResolveToken(args.Token)
@@ -230,7 +230,7 @@ func (k *KVS) ListKeys(args *structs.KeyListRequest, reply *structs.IndexedKeyLi
 		return err
 	}
 
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := k.srv.ResolveToken(args.Token)

agent/consul/session_endpoint.go

@@ -41,7 +41,7 @@ func (s *Session) Apply(args *structs.SessionRequest, reply *string) error {
 
 	//  The entMeta to populate is the one in the Session struct, not SessionRequest
 	//  This is because the Session is what is passed to downstream functions like raftApply
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.Session.FillAuthzContext(&entCtx)
 
 	// Fetch the ACL token, if any, and apply the policy.
@@ -162,7 +162,7 @@ func (s *Session) Get(args *structs.SessionSpecificRequest,
 	}
 
 	// TODO (namespaces) TODO (acls) infer args.entmeta if not provided
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := s.srv.ResolveToken(args.Token)
@@ -204,7 +204,7 @@ func (s *Session) List(args *structs.SessionSpecificRequest,
 	}
 
 	// TODO (namespaces) TODO (acls) infer args.entmeta if not provided
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := s.srv.ResolveToken(args.Token)
@@ -241,7 +241,7 @@ func (s *Session) NodeSessions(args *structs.NodeSpecificRequest,
 	}
 
 	// TODO (namespaces) TODO (acls) infer args.entmeta if not provided
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := s.srv.ResolveToken(args.Token)
@@ -292,7 +292,7 @@ func (s *Session) Renew(args *structs.SessionSpecificRequest,
 
 	// TODO (namespaces) (freddy):infer args.entmeta if not provided
 	// Fetch the ACL token, if any, and apply the policy.
-	var entCtx acl.EnterpriseAuthorizerContext
+	var entCtx acl.AuthorizerContext
 	args.FillAuthzContext(&entCtx)
 
 	rule, err := s.srv.ResolveToken(args.Token)

agent/structs/acl.go

@@ -1590,7 +1590,7 @@ func (r *RemoteACLAuthorizationRequest) RequestDatacenter() string {
 
 func CreateACLAuthorizationResponses(authz acl.Authorizer, requests []ACLAuthorizationRequest) ([]ACLAuthorizationResponse, error) {
 	responses := make([]ACLAuthorizationResponse, len(requests))
-	var ctx acl.EnterpriseAuthorizerContext
+	var ctx acl.AuthorizerContext
 
 	for idx, req := range requests {
 		req.FillAuthzContext(&ctx)

agent/structs/structs_oss.go

@@ -49,28 +49,28 @@ func WildcardEnterpriseMeta() *EnterpriseMeta {
 }
 
 // FillAuthzContext stub
-func (_ *EnterpriseMeta) FillAuthzContext(_ *acl.EnterpriseAuthorizerContext) {}
+func (_ *EnterpriseMeta) FillAuthzContext(_ *acl.AuthorizerContext) {}
 
 func (_ *EnterpriseMeta) Normalize() {}
 
 // FillAuthzContext stub
-func (_ *DirEntry) FillAuthzContext(_ *acl.EnterpriseAuthorizerContext) {}
+func (_ *DirEntry) FillAuthzContext(_ *acl.AuthorizerContext) {}
 
 // FillAuthzContext stub
-func (_ *RegisterRequest) FillAuthzContext(_ *acl.EnterpriseAuthorizerContext) {}
+func (_ *RegisterRequest) FillAuthzContext(_ *acl.AuthorizerContext) {}
 
 func (_ *RegisterRequest) GetEnterpriseMeta() *EnterpriseMeta {
 	return nil
 }
 
 // OSS Stub
-func (op *TxnNodeOp) FillAuthzContext(ctx *acl.EnterpriseAuthorizerContext) {}
+func (op *TxnNodeOp) FillAuthzContext(ctx *acl.AuthorizerContext) {}
 
 // OSS Stub
-func (_ *TxnServiceOp) FillAuthzContext(_ *acl.EnterpriseAuthorizerContext) {}
+func (_ *TxnServiceOp) FillAuthzContext(_ *acl.AuthorizerContext) {}
 
 // OSS Stub
-func (_ *TxnCheckOp) FillAuthzContext(_ *acl.EnterpriseAuthorizerContext) {}
+func (_ *TxnCheckOp) FillAuthzContext(_ *acl.AuthorizerContext) {}
 
 func ServiceIDString(id string, _ *EnterpriseMeta) string {
 	return id