Do not use deprecated AuthorizeSign

2022-05-04 17:35:34 -07:00 · 2022-05-04 17:35:34 -07:00 · 43ddcf2efe
commit 43ddcf2efe
parent 62d93a644e
6 changed files with 15 additions and 18 deletions
--- a/api/api.go
+++ b/api/api.go
@ -35,7 +35,6 @@ type Authority interface {
 	SSHAuthority
 	// context specifies the Authorize[Sign|Revoke|etc.] method.
 	Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error)
 	AuthorizeSign(ott string) ([]provisioner.SignOption, error)
 	AuthorizeRenewToken(ctx context.Context, ott string) (*x509.Certificate, error)
 	GetTLSOptions() *config.TLSOptions
 	Root(shasum string) (*x509.Certificate, error)
--- a/api/api_test.go
+++ b/api/api_test.go
@ -185,7 +185,7 @@ func mockMustAuthority(t *testing.T, a Authority) {
 type mockAuthority struct {
 	ret1, ret2                   interface{}
 	err                          error
-	authorizeSign                func(ott string) ([]provisioner.SignOption, error)
+	authorize                    func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
 	authorizeRenewToken          func(ctx context.Context, ott string) (*x509.Certificate, error)
 	getTLSOptions                func() *authority.TLSOptions
 	root                         func(shasum string) (*x509.Certificate, error)
@ -214,12 +214,8 @@ type mockAuthority struct {
 // TODO: remove once Authorize is deprecated.
 func (m *mockAuthority) Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
-	return m.AuthorizeSign(ott)
+	if m.authorize != nil {
-}
+		return m.authorize(ctx, ott)
 func (m *mockAuthority) AuthorizeSign(ott string) ([]provisioner.SignOption, error) {
 	if m.authorizeSign != nil {
 		return m.authorizeSign(ott)
 	}
 	return m.ret1.([]provisioner.SignOption), m.err
 }
@ -908,7 +904,7 @@ func Test_Sign(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			mockMustAuthority(t, &mockAuthority{
 				ret1: tt.cert, ret2: tt.root, err: tt.signErr,
-				authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
+				authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
 					return tt.certAttrOpts, tt.autherr
 				},
 				getTLSOptions: func() *authority.TLSOptions {
--- a/api/revoke_test.go
+++ b/api/revoke_test.go
@ -108,7 +108,7 @@ func Test_caHandler_Revoke(t *testing.T) {
 				input:      string(input),
 				statusCode: http.StatusOK,
 				auth: &mockAuthority{
-					authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
+					authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
 						return nil, nil
 					},
 					revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
@ -152,7 +152,7 @@ func Test_caHandler_Revoke(t *testing.T) {
 				statusCode: http.StatusOK,
 				tls:        cs,
 				auth: &mockAuthority{
-					authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
+					authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
 						return nil, nil
 					},
 					revoke: func(ctx context.Context, ri *authority.RevokeOptions) error {
@ -187,7 +187,7 @@ func Test_caHandler_Revoke(t *testing.T) {
 				input:      string(input),
 				statusCode: http.StatusInternalServerError,
 				auth: &mockAuthority{
-					authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
+					authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
 						return nil, nil
 					},
 					revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
@ -209,7 +209,7 @@ func Test_caHandler_Revoke(t *testing.T) {
 				input:      string(input),
 				statusCode: http.StatusForbidden,
 				auth: &mockAuthority{
-					authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
+					authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
 						return nil, nil
 					},
 					revoke: func(ctx context.Context, opts *authority.RevokeOptions) error {
--- a/api/sign.go
+++ b/api/sign.go
@ -68,8 +68,11 @@ func Sign(w http.ResponseWriter, r *http.Request) {
 		TemplateData: body.TemplateData,
 	}
-	a := mustAuthority(r.Context())
+	ctx := r.Context()
-	signOpts, err := a.AuthorizeSign(body.OTT)
+	a := mustAuthority(ctx)
 	ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
 	signOpts, err := a.Authorize(ctx, body.OTT)
 	if err != nil {
 		render.Error(w, errs.UnauthorizedErr(err))
 		return
--- a/api/ssh_test.go
+++ b/api/ssh_test.go
@ -316,7 +316,7 @@ func Test_SSHSign(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			mockMustAuthority(t, &mockAuthority{
-				authorizeSign: func(ott string) ([]provisioner.SignOption, error) {
+				authorize: func(ctx context.Context, ott string) ([]provisioner.SignOption, error) {
 					return []provisioner.SignOption{}, tt.authErr
 				},
 				signSSH: func(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) {
--- a/authority/authorize.go
+++ b/authority/authorize.go
@ -251,8 +251,7 @@ func (a *Authority) authorizeSign(ctx context.Context, token string) ([]provisio
 // AuthorizeSign authorizes a signature request by validating and authenticating
 // a token that must be sent w/ the request.
 //
-// NOTE: This method is deprecated and should not be used. We make it available
+// Deprecated: Use Authorize(context.Context, string) ([]provisioner.SignOption, error).
 // in the short term os as not to break existing clients.
 func (a *Authority) AuthorizeSign(token string) ([]provisioner.SignOption, error) {
 	ctx := provisioner.NewContextWithMethod(context.Background(), provisioner.SignMethod)
 	return a.Authorize(ctx, token)