acl: demonstrate ResolveTokenForRequest #12168
Conversation
dnephin
added
the
pr/no-changelog
| type ACLRequest interface { | ||
| TokenSecret() string | ||
|
|
||
| // Merge sets the fields in this request to the values from source, if the | ||
| // request does not already have a value. | ||
| // TODO: rename | ||
| Merge(source *structs.EnterpriseMeta) | ||
| } |
There was a problem hiding this comment.
Almost every one of our existing request structs already implements this interface (as described in #11690). Some may not have a Merge method if they don't have EnterpriseMeta, but we can easily implement a no-op version to embed in those structs.
| // Merge sets the fields in this request to the values from source, if the | ||
| // request does not already have a value. |
There was a problem hiding this comment.
| // Merge sets the fields in this request to the values from source, if the | |
| // request does not already have a value. | |
| // Merge sets the fields in this request to the values from source, if the | |
| // request does not already have a value for those fields. |
This change allows us to remove one of the last remaining duplicate resolve token methods (Server.ResolveToken). With this change we are down to only 2, where the second one also handles setting the default EnterpriseMeta from the token.
dnephin
force-pushed
the
dnephin/acl-resolve-token-3
branch
from
3785314
to
8ace474
Compare
dnephin
force-pushed
the
dnephin/acl-resolve-token-4
branch
from
c448e1b
to
292e9bc
Compare
dnephin
force-pushed
the
dnephin/acl-resolve-token-3
branch
2 times, most recently
from
e4d0b9f
to
343b6de
Compare
|
|
|
This pull request has been automatically flagged for inactivity because it has not been acted upon in the last 60 days. It will be closed if no new activity occurs in the next 30 days. Please feel free to re-open to resurrect the change if you feel this has happened by mistake. Thank you for your contributions. |
github-actions
bot
added
the
meta/stale
|
Closing due to inactivity. If you feel this was a mistake or you wish to re-open at any time in the future, please leave a comment and it will be re-surfaced for the maintainers to review. |
Branched from #12167, this PR demonstrates the proposed (in #11690) replacement for
ResolveTokenAndDefaultMeta.This new method
ResolveTokenForRequestaccepts a single arg and handles setting the default enterprise meta from the token.It does not set those values in the
AuthorizerContext. Very few calls toResolveTokenAndDefaultMetaactually make use of thisAuthorizerContextarg. As part of the migration we can populate theAuthorizerContextfrom the caller, but in the future we should be able to remove the need forAuthorizerContextby instead accepting an interface to the methods onAuthorizer. An example of that can be seen in #12169.TODO:
ResolveTokenAndDefaultMetawithResolveTokenForRequest