Prefer concrete policyAuthorizer type

There will only ever be policyAuthorizers embedded in namespaceAuthorizers, this commit swaps out the interface in favor of the concrete type.
2021-10-26 19:21:31 -06:00 · 2021-10-26 19:21:31 -06:00 · 0a4ff4bb91
parent ec7e94d129
commit 0a4ff4bb91
6 changed files with 3 additions and 27 deletions
--- a/acl/authorizer.go
+++ b/acl/authorizer.go
@ -149,9 +149,6 @@ type Authorizer interface {
 	// service
 	ServiceWrite(string, *AuthorizerContext) EnforcementDecision
 	// ServiceWriteAny checks for permission to read any service
 	ServiceWriteAny(*AuthorizerContext) EnforcementDecision
 	// SessionRead checks for permission to read sessions for a given node.
 	SessionRead(string, *AuthorizerContext) EnforcementDecision
--- a/acl/authorizer_test.go
+++ b/acl/authorizer_test.go
@ -185,11 +185,6 @@ func (m *mockAuthorizer) ServiceWrite(segment string, ctx *AuthorizerContext) En
 	return ret.Get(0).(EnforcementDecision)
 }
 func (m *mockAuthorizer) ServiceWriteAny(ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(ctx)
 	return ret.Get(0).(EnforcementDecision)
 }
 // SessionRead checks for permission to read sessions for a given node.
 func (m *mockAuthorizer) SessionRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
 	ret := m.Called(segment, ctx)
--- a/acl/chained_authorizer.go
+++ b/acl/chained_authorizer.go
@ -235,12 +235,6 @@ func (c *ChainedAuthorizer) ServiceWrite(name string, entCtx *AuthorizerContext)
 	})
 }
 func (c *ChainedAuthorizer) ServiceWriteAny(entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
 		return authz.ServiceWriteAny(entCtx)
 	})
 }
 // SessionRead checks for permission to read sessions for a given node.
 func (c *ChainedAuthorizer) SessionRead(node string, entCtx *AuthorizerContext) EnforcementDecision {
 	return c.executeChain(func(authz Authorizer) EnforcementDecision {
--- a/acl/chained_authorizer_test.go
+++ b/acl/chained_authorizer_test.go
@ -89,9 +89,6 @@ func (authz testAuthorizer) ServiceReadAll(*AuthorizerContext) EnforcementDecisi
 func (authz testAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
 func (authz testAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
 func (authz testAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	return EnforcementDecision(authz)
 }
--- a/acl/policy_authorizer.go
+++ b/acl/policy_authorizer.go
@ -325,13 +325,13 @@ func (p *policyAuthorizer) loadRules(policy *PolicyRules) error {
 	return nil
 }
-func newPolicyAuthorizer(policies []*Policy, ent *Config) (Authorizer, error) {
+func newPolicyAuthorizer(policies []*Policy, ent *Config) (*policyAuthorizer, error) {
 	policy := MergePolicies(policies)
 	return newPolicyAuthorizerFromRules(&policy.PolicyRules, ent)
 }
-func newPolicyAuthorizerFromRules(rules *PolicyRules, ent *Config) (Authorizer, error) {
+func newPolicyAuthorizerFromRules(rules *PolicyRules, ent *Config) (*policyAuthorizer, error) {
 	p := &policyAuthorizer{
 		agentRules:         radix.New(),
 		intentionRules:     radix.New(),
@ -767,7 +767,7 @@ func (p *policyAuthorizer) ServiceWrite(name string, _ *AuthorizerContext) Enfor
 	return Default
 }
-func (p *policyAuthorizer) ServiceWriteAny(_ *AuthorizerContext) EnforcementDecision {
+func (p *policyAuthorizer) serviceWriteAny(_ *AuthorizerContext) EnforcementDecision {
 	return p.anyAllowed(p.serviceRules, AccessWrite)
 }
--- a/acl/static_authorizer.go
+++ b/acl/static_authorizer.go
@ -219,13 +219,6 @@ func (s *staticAuthorizer) ServiceWrite(string, *AuthorizerContext) EnforcementD
 	return Deny
 }
 func (s *staticAuthorizer) ServiceWriteAny(*AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow
 	}
 	return Deny
 }
 func (s *staticAuthorizer) SessionRead(string, *AuthorizerContext) EnforcementDecision {
 	if s.defaultAllow {
 		return Allow