From 43ddcf2efe96d6bbf41a92c6f59ad9442e5c3f48 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 4 May 2022 17:35:34 -0700 Subject: [PATCH] Do not use deprecated AuthorizeSign --- api/api.go | 1 - api/api_test.go | 12 ++++-------- api/revoke_test.go | 8 ++++---- api/sign.go | 7 +++++-- api/ssh_test.go | 2 +- authority/authorize.go | 3 +-- 6 files changed, 15 insertions(+), 18 deletions(-) diff --git a/api/api.go b/api/api.go index 0ca4a5ef..75d26237 100644 --- a/api/api.go +++ b/api/api.go @@ -35,7 +35,6 @@ type Authority interface { SSHAuthority // context specifies the Authorize[Sign|Revoke|etc.] method. Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error) - AuthorizeSign(ott string) ([]provisioner.SignOption, error) AuthorizeRenewToken(ctx context.Context, ott string) (*x509.Certificate, error) GetTLSOptions() *config.TLSOptions Root(shasum string) (*x509.Certificate, error) diff --git a/api/api_test.go b/api/api_test.go index 698b629c..1f27ab8c 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -185,7 +185,7 @@ func mockMustAuthority(t *testing.T, a Authority) { type mockAuthority struct { ret1, ret2 interface{} err error - authorizeSign func(ott string) ([]provisioner.SignOption, error) + authorize func(ctx context.Context, ott string) ([]provisioner.SignOption, error) authorizeRenewToken func(ctx context.Context, ott string) (*x509.Certificate, error) getTLSOptions func() *authority.TLSOptions root func(shasum string) (*x509.Certificate, error) @@ -214,12 +214,8 @@ type mockAuthority struct { // TODO: remove once Authorize is deprecated. func (m *mockAuthority) Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error) { - return m.AuthorizeSign(ott) -} - -func (m *mockAuthority) AuthorizeSign(ott string) ([]provisioner.SignOption, error) { - if m.authorizeSign != nil { - return m.authorizeSign(ott) + if m.authorize != nil { + return m.authorize(ctx, ott) } return m.ret1.([]provisioner.SignOption), m.err } @@ -908,7 +904,7 @@ func Test_Sign(t *testing.T) { t.Run(tt.name, func(t *testing.T) { mockMustAuthority(t, &mockAuthority{ ret1: tt.cert, ret2: tt.root, err: tt.signErr, - authorizeSign: func(ott string) ([]provisioner.SignOption, error) { + authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) { return tt.certAttrOpts, tt.autherr }, getTLSOptions: func() *authority.TLSOptions { diff --git a/api/revoke_test.go b/api/revoke_test.go index fa46dd90..c3fa6ceb 100644 --- a/api/revoke_test.go +++ b/api/revoke_test.go @@ -108,7 +108,7 @@ func Test_caHandler_Revoke(t *testing.T) { input: string(input), statusCode: http.StatusOK, auth: &mockAuthority{ - authorizeSign: func(ott string) ([]provisioner.SignOption, error) { + authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) { return nil, nil }, revoke: func(ctx context.Context, opts *authority.RevokeOptions) error { @@ -152,7 +152,7 @@ func Test_caHandler_Revoke(t *testing.T) { statusCode: http.StatusOK, tls: cs, auth: &mockAuthority{ - authorizeSign: func(ott string) ([]provisioner.SignOption, error) { + authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) { return nil, nil }, revoke: func(ctx context.Context, ri *authority.RevokeOptions) error { @@ -187,7 +187,7 @@ func Test_caHandler_Revoke(t *testing.T) { input: string(input), statusCode: http.StatusInternalServerError, auth: &mockAuthority{ - authorizeSign: func(ott string) ([]provisioner.SignOption, error) { + authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) { return nil, nil }, revoke: func(ctx context.Context, opts *authority.RevokeOptions) error { @@ -209,7 +209,7 @@ func Test_caHandler_Revoke(t *testing.T) { input: string(input), statusCode: http.StatusForbidden, auth: &mockAuthority{ - authorizeSign: func(ott string) ([]provisioner.SignOption, error) { + authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) { return nil, nil }, revoke: func(ctx context.Context, opts *authority.RevokeOptions) error { diff --git a/api/sign.go b/api/sign.go index b263e2e9..f7c3cc5a 100644 --- a/api/sign.go +++ b/api/sign.go @@ -68,8 +68,11 @@ func Sign(w http.ResponseWriter, r *http.Request) { TemplateData: body.TemplateData, } - a := mustAuthority(r.Context()) - signOpts, err := a.AuthorizeSign(body.OTT) + ctx := r.Context() + a := mustAuthority(ctx) + + ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod) + signOpts, err := a.Authorize(ctx, body.OTT) if err != nil { render.Error(w, errs.UnauthorizedErr(err)) return diff --git a/api/ssh_test.go b/api/ssh_test.go index c6fee2de..57dd6775 100644 --- a/api/ssh_test.go +++ b/api/ssh_test.go @@ -316,7 +316,7 @@ func Test_SSHSign(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { mockMustAuthority(t, &mockAuthority{ - authorizeSign: func(ott string) ([]provisioner.SignOption, error) { + authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) { return []provisioner.SignOption{}, tt.authErr }, signSSH: func(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) { diff --git a/authority/authorize.go b/authority/authorize.go index 7f9f456c..c0722a1b 100644 --- a/authority/authorize.go +++ b/authority/authorize.go @@ -251,8 +251,7 @@ func (a *Authority) authorizeSign(ctx context.Context, token string) ([]provisio // AuthorizeSign authorizes a signature request by validating and authenticating // a token that must be sent w/ the request. // -// NOTE: This method is deprecated and should not be used. We make it available -// in the short term os as not to break existing clients. +// Deprecated: Use Authorize(context.Context, string) ([]provisioner.SignOption, error). func (a *Authority) AuthorizeSign(token string) ([]provisioner.SignOption, error) { ctx := provisioner.NewContextWithMethod(context.Background(), provisioner.SignMethod) return a.Authorize(ctx, token)