From 17ca8ad0835c3614b4a9d9c00c8755512a3b9160 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Sat, 24 Mar 2018 08:39:43 -1000 Subject: [PATCH] agent/connect: rename SpiffeID to CertURI --- agent/connect/testing_ca.go | 4 ++-- agent/connect/{spiffe.go => uri.go} | 15 ++++++++++----- agent/connect/{spiffe_test.go => uri_test.go} | 10 +++++----- agent/consul/connect_ca_endpoint.go | 2 +- 4 files changed, 18 insertions(+), 13 deletions(-) rename agent/connect/{spiffe.go => uri.go} (64%) rename agent/connect/{spiffe_test.go => uri_test.go} (81%) diff --git a/agent/connect/testing_ca.go b/agent/connect/testing_ca.go index 95115536e4..6ce5362ac6 100644 --- a/agent/connect/testing_ca.go +++ b/agent/connect/testing_ca.go @@ -197,9 +197,9 @@ func TestLeaf(t testing.T, service string, root *structs.CARoot) string { // TestCSR returns a CSR to sign the given service along with the PEM-encoded // private key for this certificate. -func TestCSR(t testing.T, id SpiffeID) (string, string) { +func TestCSR(t testing.T, uri CertURI) (string, string) { template := &x509.CertificateRequest{ - URIs: []*url.URL{id.URI()}, + URIs: []*url.URL{uri.URI()}, SignatureAlgorithm: x509.ECDSAWithSHA256, } diff --git a/agent/connect/spiffe.go b/agent/connect/uri.go similarity index 64% rename from agent/connect/spiffe.go rename to agent/connect/uri.go index 58a6b83e32..b33fb10ef6 100644 --- a/agent/connect/spiffe.go +++ b/agent/connect/uri.go @@ -6,9 +6,14 @@ import ( "regexp" ) -// SpiffeID represents a Connect-valid SPIFFE ID. The user should type switch -// on the various implementations in this package to determine the type of ID. -type SpiffeID interface { +// CertURI represents a Connect-valid URI value for a TLS certificate. +// The user should type switch on the various implementations in this +// package to determine the type of URI and the data encoded within it. +// +// Note that the current implementations of this are all also SPIFFE IDs. +// However, we anticipate that we may accept URIs that are also not SPIFFE +// compliant and therefore the interface is named as such. +type CertURI interface { URI() *url.URL } @@ -17,8 +22,8 @@ var ( `^/ns/(\w+)/dc/(\w+)/svc/(\w+)$`) ) -// ParseSpiffeID parses a SPIFFE ID from the input URI. -func ParseSpiffeID(input *url.URL) (SpiffeID, error) { +// ParseCertURI parses a the URI value from a TLS certificate. +func ParseCertURI(input *url.URL) (CertURI, error) { if input.Scheme != "spiffe" { return nil, fmt.Errorf("SPIFFE ID must have 'spiffe' scheme") } diff --git a/agent/connect/spiffe_test.go b/agent/connect/uri_test.go similarity index 81% rename from agent/connect/spiffe_test.go rename to agent/connect/uri_test.go index 861a4fa638..370e3c4200 100644 --- a/agent/connect/spiffe_test.go +++ b/agent/connect/uri_test.go @@ -7,9 +7,9 @@ import ( "github.com/stretchr/testify/assert" ) -// testSpiffeIDCases contains the test cases for parsing and encoding +// testCertURICases contains the test cases for parsing and encoding // the SPIFFE IDs. This is a global since it is used in multiple test functions. -var testSpiffeIDCases = []struct { +var testCertURICases = []struct { Name string URI string Struct interface{} @@ -35,8 +35,8 @@ var testSpiffeIDCases = []struct { }, } -func TestParseSpiffeID(t *testing.T) { - for _, tc := range testSpiffeIDCases { +func TestParseCertURI(t *testing.T) { + for _, tc := range testCertURICases { t.Run(tc.Name, func(t *testing.T) { assert := assert.New(t) @@ -45,7 +45,7 @@ func TestParseSpiffeID(t *testing.T) { assert.Nil(err) // Parse the ID and check the error/return value - actual, err := ParseSpiffeID(uri) + actual, err := ParseCertURI(uri) assert.Equal(tc.ParseError != "", err != nil, "error value") if err != nil { assert.Contains(err.Error(), tc.ParseError) diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go index b3aca757e4..4efdafc067 100644 --- a/agent/consul/connect_ca_endpoint.go +++ b/agent/consul/connect_ca_endpoint.go @@ -171,7 +171,7 @@ func (s *ConnectCA) Sign( } // Parse the SPIFFE ID - spiffeId, err := connect.ParseSpiffeID(csr.URIs[0]) + spiffeId, err := connect.ParseCertURI(csr.URIs[0]) if err != nil { return err }