acl: rename acl.Authorizer vars to authz

For consistency
This commit is contained in:
Daniel Nephin 2021-08-04 18:36:48 -04:00
parent 37c67cb280
commit c80b9565e2
2 changed files with 16 additions and 16 deletions

View File

@ -227,7 +227,7 @@ func (c *Catalog) Register(args *structs.RegisterRequest, reply *struct{}) error
// worst let a service update revert a recent node update, so it doesn't open up
// too much abuse).
func vetRegisterWithACL(
rule acl.Authorizer,
authz acl.Authorizer,
subj *structs.RegisterRequest,
ns *structs.NodeServices,
) error {
@ -239,7 +239,7 @@ func vetRegisterWithACL(
// privileges.
needsNode := ns == nil || subj.ChangesNode(ns.Node)
if needsNode && rule.NodeWrite(subj.Node, &authzContext) != acl.Allow {
if needsNode && authz.NodeWrite(subj.Node, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
@ -247,7 +247,7 @@ func vetRegisterWithACL(
// the given service, and that we can write to any existing service that
// is being modified by id (if any).
if subj.Service != nil {
if rule.ServiceWrite(subj.Service.Service, &authzContext) != acl.Allow {
if authz.ServiceWrite(subj.Service.Service, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
@ -261,7 +261,7 @@ func vetRegisterWithACL(
var secondaryCtx acl.AuthorizerContext
other.FillAuthzContext(&secondaryCtx)
if rule.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
if authz.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
return acl.ErrPermissionDenied
}
}
@ -291,7 +291,7 @@ func vetRegisterWithACL(
// Node-level check.
if check.ServiceID == "" {
if rule.NodeWrite(subj.Node, &authzContext) != acl.Allow {
if authz.NodeWrite(subj.Node, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
continue
@ -322,7 +322,7 @@ func vetRegisterWithACL(
var secondaryCtx acl.AuthorizerContext
other.FillAuthzContext(&secondaryCtx)
if rule.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
if authz.ServiceWrite(other.Service, &secondaryCtx) != acl.Allow {
return acl.ErrPermissionDenied
}
}
@ -385,7 +385,7 @@ func (c *Catalog) Deregister(args *structs.DeregisterRequest, reply *struct{}) e
// endpoint. The NodeService for the referenced service must be supplied, and can
// be nil; similar for the HealthCheck for the referenced health check.
func vetDeregisterWithACL(
rule acl.Authorizer,
authz acl.Authorizer,
subj *structs.DeregisterRequest,
ns *structs.NodeService,
nc *structs.HealthCheck,
@ -400,7 +400,7 @@ func vetDeregisterWithACL(
// Allow service deregistration if the token has write permission for the node.
// This accounts for cases where the agent no longer has a token with write permission
// on the service to deregister it.
if rule.NodeWrite(subj.Node, &authzContext) == acl.Allow {
if authz.NodeWrite(subj.Node, &authzContext) == acl.Allow {
return nil
}
@ -415,7 +415,7 @@ func vetDeregisterWithACL(
ns.FillAuthzContext(&authzContext)
if rule.ServiceWrite(ns.Service, &authzContext) != acl.Allow {
if authz.ServiceWrite(ns.Service, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
} else if subj.CheckID != "" {
@ -426,11 +426,11 @@ func vetDeregisterWithACL(
nc.FillAuthzContext(&authzContext)
if nc.ServiceID != "" {
if rule.ServiceWrite(nc.ServiceName, &authzContext) != acl.Allow {
if authz.ServiceWrite(nc.ServiceName, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
} else {
if rule.NodeWrite(subj.Node, &authzContext) != acl.Allow {
if authz.NodeWrite(subj.Node, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
}

View File

@ -109,29 +109,29 @@ func (t *Txn) preCheck(authorizer acl.Authorizer, ops structs.TxnOps) structs.Tx
}
// vetNodeTxnOp applies the given ACL policy to a node transaction operation.
func vetNodeTxnOp(op *structs.TxnNodeOp, rule acl.Authorizer) error {
func vetNodeTxnOp(op *structs.TxnNodeOp, authz acl.Authorizer) error {
var authzContext acl.AuthorizerContext
op.FillAuthzContext(&authzContext)
if rule.NodeWrite(op.Node.Node, &authzContext) != acl.Allow {
if authz.NodeWrite(op.Node.Node, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
return nil
}
// vetCheckTxnOp applies the given ACL policy to a check transaction operation.
func vetCheckTxnOp(op *structs.TxnCheckOp, rule acl.Authorizer) error {
func vetCheckTxnOp(op *structs.TxnCheckOp, authz acl.Authorizer) error {
var authzContext acl.AuthorizerContext
op.FillAuthzContext(&authzContext)
if op.Check.ServiceID == "" {
// Node-level check.
if rule.NodeWrite(op.Check.Node, &authzContext) != acl.Allow {
if authz.NodeWrite(op.Check.Node, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
} else {
// Service-level check.
if rule.ServiceWrite(op.Check.ServiceName, &authzContext) != acl.Allow {
if authz.ServiceWrite(op.Check.ServiceName, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}
}