Couple changes in response to PR

- add skipInit option to skip authority initialization - check admin API status when removing provisioners - no need to check admins when not using Admin API
2022-05-11 17:04:43 -07:00 · 2022-05-11 17:04:43 -07:00 · 25b8d196d8
commit 25b8d196d8
parent 4cb74e7d8b
3 changed files with 38 additions and 33 deletions
--- a/authority/authority.go
+++ b/authority/authority.go
@ -78,8 +78,12 @@ type Authority struct {
 	authorizeSSHRenewFunc provisioner.AuthorizeSSHRenewFunc

 	adminMutex sync.RWMutex
+
+	// Do Not initialize the authority
+	skipInit bool
 }

+// Info contains information about the authority.
 type Info struct {
 	StartTime          time.Time
 	RootX509Certs      []*x509.Certificate
@ -107,25 +111,13 @@ func New(cfg *config.Config, opts ...Option) (*Authority, error) {
 		}
 	}

+	if !a.skipInit {
 		// Initialize authority from options or configuration.
 		if err := a.init(); err != nil {
 			return nil, err
 		}
-
-	return a, nil
 	}

-// FromOptions creates an Authority exclusively using the passed in options
-// and does not initialize the Authority.
-func FromOptions(opts ...Option) (*Authority, error) {
-	var a = new(Authority)
-
-	// Apply options.
-	for _, fn := range opts {
-		if err := fn(a); err != nil {
-			return nil, err
-		}
-	}
 	return a, nil
 }

@ -159,10 +151,12 @@ func NewEmbedded(opts ...Option) (*Authority, error) {
 	// Initialize config required fields.
 	a.config.Init()

+	if !a.skipInit {
 		// Initialize authority from options or configuration.
 		if err := a.init(); err != nil {
 			return nil, err
 		}
+	}

 	return a, nil
 }
--- a/authority/options.go
+++ b/authority/options.go
@ -284,6 +284,15 @@ func WithX509Enforcers(ces ...provisioner.CertificateEnforcer) Option {
 	}
 }

+// WithSkipInit is an option that allows the constructor to skip initializtion
+// of the authority.
+func WithSkipInit() Option {
+	return func(a *Authority) error {
+		a.skipInit = true
+		return nil
+	}
+}
+
 func readCertificateBundle(pemCerts []byte) ([]*x509.Certificate, error) {
 	var block *pem.Block
 	var certs []*x509.Certificate
--- a/authority/provisioners.go
+++ b/authority/provisioners.go
@ -243,10 +243,11 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error {
 	}

 	provName, provID := p.GetName(), p.GetID()
+	if a.IsAdminAPIEnabled() {
 		// Validate
 		//  - Check that there will be SUPER_ADMINs that remain after we
 		//    remove this provisioner.
-	if a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) {
+		if a.IsAdminAPIEnabled() && a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) {
 			return admin.NewError(admin.ErrorBadRequestType,
 				"cannot remove provisioner %s because no super admins will remain", provName)
 		}
@ -260,10 +261,11 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error {
 				}
 			}
 		}
+	}

 	// Remove provisioner from authority caches.
 	if err := a.provisioners.Remove(provID); err != nil {
-		return admin.WrapErrorISE(err, "error removing admin from authority cache")
+		return admin.WrapErrorISE(err, "error removing provisioner from authority cache")
 	}
 	// Remove provisioner from database.
 	if err := a.adminDB.DeleteProvisioner(ctx, provID); err != nil {