acl: remove authz == nil checks
These case are already impossible conditions, because most of these functions already start with a check for ACLs being disabled. So the code path being removed could never be reached. The one other case (ConnectAuthorized) was already changed in a previous commit. This commit removes an impossible branch because authz == nil can never be true.
This commit is contained in:
parent
b6d9d0d9f7
commit
fbaeac9ecf
|
@ -1156,8 +1156,6 @@ func (s *HTTPHandlers) ACLAuthorize(resp http.ResponseWriter, req *http.Request)
|
||||||
authz, err := s.agent.delegate.ResolveTokenAndDefaultMeta(request.Token, nil, nil)
|
authz, err := s.agent.delegate.ResolveTokenAndDefaultMeta(request.Token, nil, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
} else if authz == nil {
|
|
||||||
return nil, fmt.Errorf("Failed to initialize authorizer")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
responses, err = structs.CreateACLAuthorizationResponses(authz, request.Requests)
|
responses, err = structs.CreateACLAuthorizationResponses(authz, request.Requests)
|
||||||
|
|
|
@ -132,14 +132,6 @@ func (a *Agent) ConnectAuthorize(token string,
|
||||||
return false, reason, &meta, nil
|
return false, reason, &meta, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// No match, we need to determine the default behavior. We do this by
|
|
||||||
// fetching the default intention behavior from the resolved authorizer. The
|
|
||||||
// default behavior if ACLs are disabled is to allow connections to mimic the
|
|
||||||
// behavior of Consul itself: everything is allowed if ACLs are disabled.
|
|
||||||
if authz == nil {
|
|
||||||
// ACLs not enabled at all, the default is allow all.
|
|
||||||
return true, "ACLs disabled, access is allowed by default", &meta, nil
|
|
||||||
}
|
|
||||||
reason = "Default behavior configured by ACLs"
|
reason = "Default behavior configured by ACLs"
|
||||||
return authz.IntentionDefaultAllow(nil) == acl.Allow, reason, &meta, nil
|
return authz.IntentionDefaultAllow(nil) == acl.Allow, reason, &meta, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -981,8 +981,6 @@ func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *struc
|
||||||
authz, err := a.srv.ResolveToken(args.Token)
|
authz, err := a.srv.ResolveToken(args.Token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
} else if authz == nil {
|
|
||||||
return acl.ErrPermissionDenied
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return a.srv.blockingQuery(&args.QueryOptions, &reply.QueryMeta,
|
return a.srv.blockingQuery(&args.QueryOptions, &reply.QueryMeta,
|
||||||
|
@ -1073,8 +1071,6 @@ func (a *ACL) PolicyBatchRead(args *structs.ACLPolicyBatchGetRequest, reply *str
|
||||||
authz, err := a.srv.ResolveToken(args.Token)
|
authz, err := a.srv.ResolveToken(args.Token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
} else if authz == nil {
|
|
||||||
return acl.ErrPermissionDenied
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return a.srv.blockingQuery(&args.QueryOptions, &reply.QueryMeta,
|
return a.srv.blockingQuery(&args.QueryOptions, &reply.QueryMeta,
|
||||||
|
@ -1507,8 +1503,6 @@ func (a *ACL) RoleBatchRead(args *structs.ACLRoleBatchGetRequest, reply *structs
|
||||||
authz, err := a.srv.ResolveToken(args.Token)
|
authz, err := a.srv.ResolveToken(args.Token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
} else if authz == nil {
|
|
||||||
return acl.ErrPermissionDenied
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return a.srv.blockingQuery(&args.QueryOptions, &reply.QueryMeta,
|
return a.srv.blockingQuery(&args.QueryOptions, &reply.QueryMeta,
|
||||||
|
@ -2565,8 +2559,6 @@ func (a *ACL) Authorize(args *structs.RemoteACLAuthorizationRequest, reply *[]st
|
||||||
authz, err := a.srv.ResolveToken(args.Token)
|
authz, err := a.srv.ResolveToken(args.Token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
} else if authz == nil {
|
|
||||||
return fmt.Errorf("Failed to initialize authorizer")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
responses, err := structs.CreateACLAuthorizationResponses(authz, args.Requests)
|
responses, err := structs.CreateACLAuthorizationResponses(authz, args.Requests)
|
||||||
|
|
Loading…
Reference in New Issue