agent/connect: rename SpiffeID to CertURI

agent/connect/testing_ca.go

@@ -197,9 +197,9 @@ func TestLeaf(t testing.T, service string, root *structs.CARoot) string {
 
 // TestCSR returns a CSR to sign the given service along with the PEM-encoded
 // private key for this certificate.
-func TestCSR(t testing.T, id SpiffeID) (string, string) {
+func TestCSR(t testing.T, uri CertURI) (string, string) {
 	template := &x509.CertificateRequest{
-		URIs:               []*url.URL{id.URI()},
+		URIs:               []*url.URL{uri.URI()},
 		SignatureAlgorithm: x509.ECDSAWithSHA256,
 	}
 

agent/connect/uri.go

@@ -6,9 +6,14 @@ import (
 	"regexp"
 )
 
-// SpiffeID represents a Connect-valid SPIFFE ID. The user should type switch
+// CertURI represents a Connect-valid URI value for a TLS certificate.
-// on the various implementations in this package to determine the type of ID.
+// The user should type switch on the various implementations in this
-type SpiffeID interface {
+// package to determine the type of URI and the data encoded within it.
+//
+// Note that the current implementations of this are all also SPIFFE IDs.
+// However, we anticipate that we may accept URIs that are also not SPIFFE
+// compliant and therefore the interface is named as such.
+type CertURI interface {
 	URI() *url.URL
 }
 
@@ -17,8 +22,8 @@ var (
 		`^/ns/(\w+)/dc/(\w+)/svc/(\w+)$`)
 )
 
-// ParseSpiffeID parses a SPIFFE ID from the input URI.
+// ParseCertURI parses a the URI value from a TLS certificate.
-func ParseSpiffeID(input *url.URL) (SpiffeID, error) {
+func ParseCertURI(input *url.URL) (CertURI, error) {
 	if input.Scheme != "spiffe" {
 		return nil, fmt.Errorf("SPIFFE ID must have 'spiffe' scheme")
 	}

agent/connect/uri_test.go

@@ -7,9 +7,9 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-// testSpiffeIDCases contains the test cases for parsing and encoding
+// testCertURICases contains the test cases for parsing and encoding
 // the SPIFFE IDs. This is a global since it is used in multiple test functions.
-var testSpiffeIDCases = []struct {
+var testCertURICases = []struct {
 	Name       string
 	URI        string
 	Struct     interface{}
@@ -35,8 +35,8 @@ var testSpiffeIDCases = []struct {
 	},
 }
 
-func TestParseSpiffeID(t *testing.T) {
+func TestParseCertURI(t *testing.T) {
-	for _, tc := range testSpiffeIDCases {
+	for _, tc := range testCertURICases {
 		t.Run(tc.Name, func(t *testing.T) {
 			assert := assert.New(t)
 
@@ -45,7 +45,7 @@ func TestParseSpiffeID(t *testing.T) {
 			assert.Nil(err)
 
 			// Parse the ID and check the error/return value
-			actual, err := ParseSpiffeID(uri)
+			actual, err := ParseCertURI(uri)
 			assert.Equal(tc.ParseError != "", err != nil, "error value")
 			if err != nil {
 				assert.Contains(err.Error(), tc.ParseError)

agent/consul/connect_ca_endpoint.go

@@ -171,7 +171,7 @@ func (s *ConnectCA) Sign(
 	}
 
 	// Parse the SPIFFE ID
-	spiffeId, err := connect.ParseSpiffeID(csr.URIs[0])
+	spiffeId, err := connect.ParseCertURI(csr.URIs[0])
 	if err != nil {
 		return err
 	}