Rename core's 'policy' to 'policyStore' for clarification

2015-11-06 11:52:26 -05:00 · 2015-11-06 11:52:26 -05:00 · 7aa3faa626
parent b987c47c9e
commit 7aa3faa626
7 changed files with 34 additions and 16 deletions
--- a/http/logical_test.go
+++ b/http/logical_test.go
@ -155,6 +155,7 @@ func TestLogical_CreateToken(t *testing.T) {
 	})

 	var actual map[string]interface{}
+	var nilWarnings interface{}
 	expected := map[string]interface{}{
 		"lease_id":       "",
 		"renewable":      false,
@ -166,7 +167,7 @@ func TestLogical_CreateToken(t *testing.T) {
 			"lease_duration": float64(0),
 			"renewable":      false,
 		},
-		"warnings": []interface{}{"policy \"root\" does not exist"},
+		"warnings": nilWarnings,
 	}
 	testResponseStatus(t, resp, 200)
 	testResponseBody(t, resp, &actual)
--- a/vault/core.go
+++ b/vault/core.go
@ -237,7 +237,7 @@ type Core struct {
 	rollback *RollbackManager

 	// policy store is used to manage named ACL policies
-	policy *PolicyStore
+	policyStore *PolicyStore

 	// token store is used to manage authentication tokens
 	tokenStore *TokenStore
@ -697,7 +697,7 @@ func (c *Core) checkToken(
 	}

 	// Construct the corresponding ACL object
-	acl, err := c.policy.ACL(te.Policies...)
+	acl, err := c.policyStore.ACL(te.Policies...)
 	if err != nil {
 		c.logger.Printf("[ERR] core: failed to construct ACL: %v", err)
 		return nil, nil, ErrInternalError
--- a/vault/dynamic_system_view.go
+++ b/vault/dynamic_system_view.go
@ -32,7 +32,7 @@ func (d dynamicSystemView) SudoPrivilege(path string, token string) bool {
 	}

 	// Construct the corresponding ACL object
-	acl, err := d.core.policy.ACL(te.Policies...)
+	acl, err := d.core.policyStore.ACL(te.Policies...)
 	if err != nil {
 		d.core.logger.Printf("[ERR] failed to retrieve ACL for policies [%#v]: %s", te.Policies, err)
 		return false
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -741,7 +741,7 @@ func (b *SystemBackend) handleDisableAuth(
 func (b *SystemBackend) handlePolicyList(
 	req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	// Get all the configured policies
-	policies, err := b.Core.policy.ListPolicies()
+	policies, err := b.Core.policyStore.ListPolicies()

 	// Add the special "root" policy
 	policies = append(policies, "root")
@ -753,7 +753,7 @@ func (b *SystemBackend) handlePolicyRead(
 	req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	name := data.Get("name").(string)

-	policy, err := b.Core.policy.GetPolicy(name)
+	policy, err := b.Core.policyStore.GetPolicy(name)
 	if err != nil {
 		return handleError(err)
 	}
@ -786,7 +786,7 @@ func (b *SystemBackend) handlePolicySet(
 	parse.Name = strings.ToLower(name)

 	// Update the policy
-	if err := b.Core.policy.SetPolicy(parse); err != nil {
+	if err := b.Core.policyStore.SetPolicy(parse); err != nil {
 		return handleError(err)
 	}
 	return nil, nil
@ -796,7 +796,7 @@ func (b *SystemBackend) handlePolicySet(
 func (b *SystemBackend) handlePolicyDelete(
 	req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	name := data.Get("name").(string)
-	if err := b.Core.policy.DeletePolicy(name); err != nil {
+	if err := b.Core.policyStore.DeletePolicy(name); err != nil {
 		return handleError(err)
 	}
 	return nil, nil
--- a/vault/logical_system_test.go
+++ b/vault/logical_system_test.go
@ -682,7 +682,7 @@ func TestSystemBackend_rawWrite(t *testing.T) {
 	}

 	// Read the policy!
-	p, err := c.policy.GetPolicy("test")
+	p, err := c.policyStore.GetPolicy("test")
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@ -709,7 +709,7 @@ func TestSystemBackend_rawDelete(t *testing.T) {

 	// set the policy!
 	p := &Policy{Name: "test"}
-	err := c.policy.SetPolicy(p)
+	err := c.policyStore.SetPolicy(p)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@ -725,8 +725,8 @@ func TestSystemBackend_rawDelete(t *testing.T) {
 	}

 	// Policy should be gone
-	c.policy.lru.Purge()
-	out, err := c.policy.GetPolicy("test")
+	c.policyStore.lru.Purge()
+	out, err := c.policyStore.GetPolicy("test")
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
--- a/vault/policy_store.go
+++ b/vault/policy_store.go
@ -49,14 +49,25 @@ func (c *Core) setupPolicyStore() error {
 	view := c.systemBarrierView.SubView(policySubPath)

 	// Create the policy store
-	c.policy = NewPolicyStore(view)
+	c.policyStore = NewPolicyStore(view)
+
+	/*
+		// Ensure that the default policy exists, and if not, create it
+		policy, err := c.policyStore.GetPolicy("default")
+		if err != nil {
+			return errwrap.Wrapf("error fetching default policy from store: {{err}}", err)
+		}
+		   if policy == nil {
+		   		c.policyStore.createDefaultPolicy()
+		   	}
+	*/
 	return nil
 }

 // teardownPolicyStore is used to reverse setupPolicyStore
 // when the vault is being sealed.
 func (c *Core) teardownPolicyStore() error {
-	c.policy = nil
+	c.policyStore = nil
 	return nil
 }

@ -187,3 +198,9 @@ func (ps *PolicyStore) ACL(names ...string) (*ACL, error) {
 	}
 	return acl, nil
 }
+
+/*
+func (ps *PolicyStore) createDefaultPolicy() error {
+	return nil
+}
+*/
--- a/vault/token_store.go
+++ b/vault/token_store.go
@ -61,8 +61,8 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error)
 		view: view,
 	}

-	if c.policy != nil {
-		t.policyLookupFunc = c.policy.GetPolicy
+	if c.policyStore != nil {
+		t.policyLookupFunc = c.policyStore.GetPolicy
 	}

 	// Setup the salt