[go: up one dir, main page]

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth: Remove no-op authorizer interface methods. #13153

Merged
merged 4 commits into from
Mar 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 0 additions & 27 deletions lxd/api_project.go
Original file line number Diff line number Diff line change
Expand Up @@ -320,11 +320,6 @@ func projectsPost(d *Daemon, r *http.Request) response.Response {
return response.SmartError(fmt.Errorf("Failed creating project %q: %w", project.Name, err))
}

err = s.Authorizer.AddProject(r.Context(), id, project.Name)
if err != nil {
return response.SmartError(err)
}

requestor := request.CreateRequestor(r)
lc := lifecycle.ProjectCreated.Event(project.Name, requestor, nil)
s.Events.SendLifecycle(project.Name, lc)
Expand Down Expand Up @@ -775,7 +770,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response {

// Perform the rename.
run := func(op *operations.Operation) error {
var id int64
err := s.DB.Cluster.Transaction(context.TODO(), func(ctx context.Context, tx *db.ClusterTx) error {
project, err := cluster.GetProject(ctx, tx.Tx(), req.Name)
if err != nil && !response.IsNotFoundError(err) {
Expand All @@ -800,11 +794,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response {
return fmt.Errorf("Only empty projects can be renamed")
}

id, err = cluster.GetProjectID(ctx, tx.Tx(), name)
if err != nil {
return fmt.Errorf("Failed getting project ID for project %q: %w", name, err)
}

err = projectValidateName(req.Name)
if err != nil {
return err
Expand All @@ -816,11 +805,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response {
return err
}

err = s.Authorizer.RenameProject(r.Context(), id, name, req.Name)
if err != nil {
return err
}

requestor := request.CreateRequestor(r)
s.Events.SendLifecycle(req.Name, lifecycle.ProjectRenamed.Event(req.Name, requestor, logger.Ctx{"old_name": name}))

Expand Down Expand Up @@ -866,7 +850,6 @@ func projectDelete(d *Daemon, r *http.Request) response.Response {
return response.Forbidden(fmt.Errorf("The 'default' project cannot be deleted"))
}

var id int64
err = s.DB.Cluster.Transaction(context.TODO(), func(ctx context.Context, tx *db.ClusterTx) error {
project, err := cluster.GetProject(ctx, tx.Tx(), name)
if err != nil {
Expand All @@ -882,23 +865,13 @@ func projectDelete(d *Daemon, r *http.Request) response.Response {
return fmt.Errorf("Only empty projects can be removed")
}

id, err = cluster.GetProjectID(ctx, tx.Tx(), name)
if err != nil {
return fmt.Errorf("Fetch project id %q: %w", name, err)
}

return cluster.DeleteProject(ctx, tx.Tx(), name)
})

if err != nil {
return response.SmartError(err)
}

err = s.Authorizer.DeleteProject(r.Context(), id, name)
if err != nil {
return response.SmartError(err)
}

requestor := request.CreateRequestor(r)
s.Events.SendLifecycle(name, lifecycle.ProjectDeleted.Event(name, requestor, nil))

Expand Down
44 changes: 0 additions & 44 deletions lxd/auth/authorization.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,53 +32,9 @@ type PermissionChecker func(entityURL *api.URL) bool
// Authorizer is the primary external API for this package.
type Authorizer interface {
Driver() string
StopService(ctx context.Context) error

CheckPermission(ctx context.Context, r *http.Request, entityURL *api.URL, entitlement Entitlement) error
GetPermissionChecker(ctx context.Context, r *http.Request, entitlement Entitlement, entityType entity.Type) (PermissionChecker, error)

AddProject(ctx context.Context, projectID int64, projectName string) error
DeleteProject(ctx context.Context, projectID int64, projectName string) error
RenameProject(ctx context.Context, projectID int64, oldName string, newName string) error

AddCertificate(ctx context.Context, fingerprint string) error
DeleteCertificate(ctx context.Context, fingerprint string) error

AddStoragePool(ctx context.Context, storagePoolName string) error
DeleteStoragePool(ctx context.Context, storagePoolName string) error

AddImage(ctx context.Context, projectName string, fingerprint string) error
DeleteImage(ctx context.Context, projectName string, fingerprint string) error

AddImageAlias(ctx context.Context, projectName string, imageAliasName string) error
DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error
RenameImageAlias(ctx context.Context, projectName string, oldAliasName string, newAliasName string) error

AddInstance(ctx context.Context, projectName string, instanceName string) error
DeleteInstance(ctx context.Context, projectName string, instanceName string) error
RenameInstance(ctx context.Context, projectName string, oldInstanceName string, newInstanceName string) error

AddNetwork(ctx context.Context, projectName string, networkName string) error
DeleteNetwork(ctx context.Context, projectName string, networkName string) error
RenameNetwork(ctx context.Context, projectName string, oldNetworkName string, newNetworkName string) error

AddNetworkZone(ctx context.Context, projectName string, networkZoneName string) error
DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error

AddNetworkACL(ctx context.Context, projectName string, networkACLName string) error
DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error
RenameNetworkACL(ctx context.Context, projectName string, oldNetworkACLName string, newNetworkACLName string) error

AddProfile(ctx context.Context, projectName string, profileName string) error
DeleteProfile(ctx context.Context, projectName string, profileName string) error
RenameProfile(ctx context.Context, projectName string, oldProfileName string, newProfileName string) error

AddStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error
DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error
RenameStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, oldStorageVolumeName string, newStorageVolumeName string) error

AddStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error
DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error
}

// Opts is used as part of the LoadAuthorizer function so that only the relevant configuration fields are passed into a
Expand Down
161 changes: 0 additions & 161 deletions lxd/auth/driver_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
package auth

import (
"context"
"fmt"
"net/http"
"net/url"
Expand Down Expand Up @@ -132,163 +131,3 @@ func (c *commonAuthorizer) requestDetails(r *http.Request) (*requestDetails, err
func (c *commonAuthorizer) Driver() string {
return c.driverName
}

// StopService is a no-op.
func (c *commonAuthorizer) StopService(ctx context.Context) error {
return nil
}

// AddProject is a no-op.
func (c *commonAuthorizer) AddProject(ctx context.Context, projectID int64, name string) error {
return nil
}

// DeleteProject is a no-op.
func (c *commonAuthorizer) DeleteProject(ctx context.Context, projectID int64, name string) error {
return nil
}

// RenameProject is a no-op.
func (c *commonAuthorizer) RenameProject(ctx context.Context, projectID int64, oldName string, newName string) error {
return nil
}

// AddCertificate is a no-op.
func (c *commonAuthorizer) AddCertificate(ctx context.Context, fingerprint string) error {
return nil
}

// DeleteCertificate is a no-op.
func (c *commonAuthorizer) DeleteCertificate(ctx context.Context, fingerprint string) error {
return nil
}

// AddStoragePool is a no-op.
func (c *commonAuthorizer) AddStoragePool(ctx context.Context, storagePoolName string) error {
return nil
}

// DeleteStoragePool is a no-op.
func (c *commonAuthorizer) DeleteStoragePool(ctx context.Context, storagePoolName string) error {
return nil
}

// AddImage is a no-op.
func (c *commonAuthorizer) AddImage(ctx context.Context, projectName string, fingerprint string) error {
return nil
}

// DeleteImage is a no-op.
func (c *commonAuthorizer) DeleteImage(ctx context.Context, projectName string, fingerprint string) error {
return nil
}

// AddImageAlias is a no-op.
func (c *commonAuthorizer) AddImageAlias(ctx context.Context, projectName string, imageAliasName string) error {
return nil
}

// DeleteImageAlias is a no-op.
func (c *commonAuthorizer) DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error {
return nil
}

// RenameImageAlias is a no-op.
func (c *commonAuthorizer) RenameImageAlias(ctx context.Context, projectName string, oldAliasName string, newAliasName string) error {
return nil
}

// AddInstance is a no-op.
func (c *commonAuthorizer) AddInstance(ctx context.Context, projectName string, instanceName string) error {
return nil
}

// DeleteInstance is a no-op.
func (c *commonAuthorizer) DeleteInstance(ctx context.Context, projectName string, instanceName string) error {
return nil
}

// RenameInstance is a no-op.
func (c *commonAuthorizer) RenameInstance(ctx context.Context, projectName string, oldInstanceName string, newInstanceName string) error {
return nil
}

// AddNetwork is a no-op.
func (c *commonAuthorizer) AddNetwork(ctx context.Context, projectName string, networkName string) error {
return nil
}

// DeleteNetwork is a no-op.
func (c *commonAuthorizer) DeleteNetwork(ctx context.Context, projectName string, networkName string) error {
return nil
}

// RenameNetwork is a no-op.
func (c *commonAuthorizer) RenameNetwork(ctx context.Context, projectName string, oldNetworkName string, newNetworkName string) error {
return nil
}

// AddNetworkZone is a no-op.
func (c *commonAuthorizer) AddNetworkZone(ctx context.Context, projectName string, networkZoneName string) error {
return nil
}

// DeleteNetworkZone is a no-op.
func (c *commonAuthorizer) DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error {
return nil
}

// AddNetworkACL is a no-op.
func (c *commonAuthorizer) AddNetworkACL(ctx context.Context, projectName string, networkACLName string) error {
return nil
}

// DeleteNetworkACL is a no-op.
func (c *commonAuthorizer) DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error {
return nil
}

// RenameNetworkACL is a no-op.
func (c *commonAuthorizer) RenameNetworkACL(ctx context.Context, projectName string, oldNetworkACLName string, newNetworkACLName string) error {
return nil
}

// AddProfile is a no-op.
func (c *commonAuthorizer) AddProfile(ctx context.Context, projectName string, profileName string) error {
return nil
}

// DeleteProfile is a no-op.
func (c *commonAuthorizer) DeleteProfile(ctx context.Context, projectName string, profileName string) error {
return nil
}

// RenameProfile is a no-op.
func (c *commonAuthorizer) RenameProfile(ctx context.Context, projectName string, oldProfileName string, newProfileName string) error {
return nil
}

// AddStoragePoolVolume is a no-op.
func (c *commonAuthorizer) AddStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error {
return nil
}

// DeleteStoragePoolVolume is a no-op.
func (c *commonAuthorizer) DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error {
return nil
}

// RenameStoragePoolVolume is a no-op.
func (c *commonAuthorizer) RenameStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, oldStorageVolumeName string, newStorageVolumeName string) error {
return nil
}

// AddStorageBucket is a no-op.
func (c *commonAuthorizer) AddStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error {
return nil
}

// DeleteStorageBucket is a no-op.
func (c *commonAuthorizer) DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error {
return nil
}
12 changes: 0 additions & 12 deletions lxd/certificates.go
Original file line number Diff line number Diff line change
Expand Up @@ -641,12 +641,6 @@ func certificatesPost(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

// Add the certificate resource to the authorizer.
err = s.Authorizer.AddCertificate(r.Context(), fingerprint)
if err != nil {
logger.Error("Failed to add certificate to authorizer", logger.Ctx{"fingerprint": fingerprint, "error": err})
}

// Reload the identity cache to add the new certificate.
s.UpdateIdentityCache()

Expand Down Expand Up @@ -1086,12 +1080,6 @@ func certificateDelete(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

// Remove the certificate from the authorizer.
err = s.Authorizer.DeleteCertificate(r.Context(), certInfo.Fingerprint)
if err != nil {
logger.Error("Failed to remove certificate from authorizer", logger.Ctx{"fingerprint": certInfo.Fingerprint, "error": err})
}

// Reload the cache.
s.UpdateIdentityCache()

Expand Down
30 changes: 0 additions & 30 deletions lxd/images.go
Original file line number Diff line number Diff line change
Expand Up @@ -1206,12 +1206,6 @@ func imagesPost(d *Daemon, r *http.Request) response.Response {
return fmt.Errorf("Failed syncing image between nodes: %w", err)
}

// Add the image to the authorizer.
err = s.Authorizer.AddImage(r.Context(), projectName, info.Fingerprint)
if err != nil {
logger.Error("Failed to add image to authorizer", logger.Ctx{"fingerprint": info.Fingerprint, "project": projectName, "error": err})
}

s.Events.SendLifecycle(projectName, lifecycle.ImageCreated.Event(info.Fingerprint, projectName, op.Requestor(), logger.Ctx{"type": info.Type}))

return nil
Expand Down Expand Up @@ -2803,12 +2797,6 @@ func imageDelete(d *Daemon, r *http.Request) response.Response {
// Remove main image file from disk.
imageDeleteFromDisk(imgInfo.Fingerprint)

// Remove image from authorizer.
err = s.Authorizer.DeleteImage(r.Context(), projectName, imgInfo.Fingerprint)
if err != nil {
logger.Error("Failed to remove image from authorizer", logger.Ctx{"fingerprint": imgInfo.Fingerprint, "project": projectName, "error": err})
}

s.Events.SendLifecycle(projectName, lifecycle.ImageDeleted.Event(imgInfo.Fingerprint, projectName, op.Requestor(), nil))

return nil
Expand Down Expand Up @@ -3338,12 +3326,6 @@ func imageAliasesPost(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

// Add the image alias to the authorizer.
err = s.Authorizer.AddImageAlias(r.Context(), projectName, req.Name)
if err != nil {
logger.Error("Failed to add image alias to authorizer", logger.Ctx{"name": req.Name, "project": projectName, "error": err})
}

requestor := request.CreateRequestor(r)
lc := lifecycle.ImageAliasCreated.Event(req.Name, projectName, requestor, logger.Ctx{"target": req.Target})
s.Events.SendLifecycle(projectName, lc)
Expand Down Expand Up @@ -3680,12 +3662,6 @@ func imageAliasDelete(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

// Remove image alias from authorizer.
err = s.Authorizer.DeleteImageAlias(r.Context(), projectName, name)
if err != nil {
logger.Error("Failed to remove image alias from authorizer", logger.Ctx{"name": name, "project": projectName, "error": err})
}

requestor := request.CreateRequestor(r)
s.Events.SendLifecycle(projectName, lifecycle.ImageAliasDeleted.Event(name, projectName, requestor, nil))

Expand Down Expand Up @@ -3958,12 +3934,6 @@ func imageAliasPost(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

// Rename image alias in authorizer.
err = s.Authorizer.RenameImageAlias(r.Context(), projectName, name, req.Name)
if err != nil {
logger.Error("Failed to rename image alias in authorizer", logger.Ctx{"old_name": name, "new_name": req.Name, "project": projectName})
}

requestor := request.CreateRequestor(r)
lc := lifecycle.ImageAliasRenamed.Event(req.Name, projectName, requestor, logger.Ctx{"old_name": name})
s.Events.SendLifecycle(projectName, lc)
Expand Down
Loading
Loading