From 2a35de81dcc25749fdd663e48de68a25ac271092 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Wed, 9 Mar 2016 06:23:31 -0500 Subject: [PATCH] AccessorID --> Accessor, accessor_id --> accessor --- api/secret.go | 2 +- command/format.go | 2 +- http/logical.go | 4 ++-- http/sys_capabilities.go | 6 +++--- logical/auth.go | 6 +++--- vault/capabilities.go | 10 ++++----- vault/token_store.go | 44 ++++++++++++++++++++-------------------- 7 files changed, 37 insertions(+), 37 deletions(-) diff --git a/api/secret.go b/api/secret.go index 5c77da2b7409c..7e10f1ff0cea5 100644 --- a/api/secret.go +++ b/api/secret.go @@ -28,7 +28,7 @@ type Secret struct { // SecretAuth is the structure containing auth information if we have it. type SecretAuth struct { ClientToken string `json:"client_token"` - AccessorID string `json:"accessor_id"` + Accessor string `json:"accessor"` Policies []string `json:"policies"` Metadata map[string]string `json:"metadata"` diff --git a/command/format.go b/command/format.go index 800930b5131cd..93b812312ecf2 100644 --- a/command/format.go +++ b/command/format.go @@ -143,7 +143,7 @@ func (t TableFormatter) OutputSecret(ui cli.Ui, secret, s *api.Secret) error { if s.Auth != nil { input = append(input, fmt.Sprintf("token %s %s", config.Delim, s.Auth.ClientToken)) - input = append(input, fmt.Sprintf("token_accessor %s %s", config.Delim, s.Auth.AccessorID)) + input = append(input, fmt.Sprintf("token_accessor %s %s", config.Delim, s.Auth.Accessor)) input = append(input, fmt.Sprintf("token_duration %s %d", config.Delim, s.Auth.LeaseDuration)) input = append(input, fmt.Sprintf("token_renewable %s %v", config.Delim, s.Auth.Renewable)) input = append(input, fmt.Sprintf("token_policies %s %v", config.Delim, s.Auth.Policies)) diff --git a/http/logical.go b/http/logical.go index 1b30c0781a392..816df95c0c4ce 100644 --- a/http/logical.go +++ b/http/logical.go @@ -124,7 +124,7 @@ func respondLogical(w http.ResponseWriter, r *http.Request, path string, dataOnl if resp.Auth != nil { logicalResp.Auth = &Auth{ ClientToken: resp.Auth.ClientToken, - AccessorID: resp.Auth.AccessorID, + Accessor: resp.Auth.Accessor, Policies: resp.Auth.Policies, Metadata: resp.Auth.Metadata, LeaseDuration: int(resp.Auth.TTL.Seconds()), @@ -219,7 +219,7 @@ type LogicalResponse struct { type Auth struct { ClientToken string `json:"client_token"` - AccessorID string `json:"accessor_id"` + Accessor string `json:"accessor"` Policies []string `json:"policies"` Metadata map[string]string `json:"metadata"` LeaseDuration int `json:"lease_duration"` diff --git a/http/sys_capabilities.go b/http/sys_capabilities.go index 701bad8274e15..93d135ed3f2dd 100644 --- a/http/sys_capabilities.go +++ b/http/sys_capabilities.go @@ -25,7 +25,7 @@ func handleSysCapabilitiesAccessor(core *vault.Core) http.Handler { return } - capabilities, err := core.CapabilitiesAccessor(data.AccessorID, data.Path) + capabilities, err := core.CapabilitiesAccessor(data.Accessor, data.Path) if err != nil { respondErrorStatus(w, err) return @@ -84,6 +84,6 @@ type capabilitiesRequest struct { } type capabilitiesAccessorRequest struct { - AccessorID string `json:"accessor_id"` - Path string `json:"path"` + Accessor string `json:"accessor"` + Path string `json:"path"` } diff --git a/logical/auth.go b/logical/auth.go index 129fecc145a93..1636fb5bdfe09 100644 --- a/logical/auth.go +++ b/logical/auth.go @@ -34,12 +34,12 @@ type Auth struct { // returned. Setting this manually will have no effect. ClientToken string - // AccessorID is the identifier for the ClientToken. This can be used + // Accessor is the identifier for the ClientToken. This can be used // to perform management functionalities (especially revocation) when - // ClientToken in the audit logs are obfuscated. AccessorID can be used + // ClientToken in the audit logs are obfuscated. Accessor can be used // to revoke a ClientToken and to lookup the capabilities of the ClientToken, // both without actually knowing the ClientToken. - AccessorID string + Accessor string } func (a *Auth) GoString() string { diff --git a/vault/capabilities.go b/vault/capabilities.go index ab7dd4f52a6ee..9c0164ed823b4 100644 --- a/vault/capabilities.go +++ b/vault/capabilities.go @@ -13,17 +13,17 @@ func (s *StatusBadRequest) Error() string { } // CapabilitiesAccessor is used to fetch the capabilities of the token -// which associated with the given accessorID on the given path -func (c *Core) CapabilitiesAccessor(accessorID, path string) ([]string, error) { +// which associated with the given accessor on the given path +func (c *Core) CapabilitiesAccessor(accessor, path string) ([]string, error) { if path == "" { return nil, &StatusBadRequest{Err: "missing path"} } - if accessorID == "" { - return nil, &StatusBadRequest{Err: "missing accessor_id"} + if accessor == "" { + return nil, &StatusBadRequest{Err: "missing accessor"} } - token, err := c.tokenStore.lookupByAccessorID(accessorID) + token, err := c.tokenStore.lookupByAccessor(accessor) if err != nil { return nil, err } diff --git a/vault/token_store.go b/vault/token_store.go index 948ca32f98cd0..ea8e852fd60bf 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -131,7 +131,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) Pattern: "lookup-accessor$", Fields: map[string]*framework.FieldSchema{ - "accessor_id": &framework.FieldSchema{ + "accessor": &framework.FieldSchema{ Type: framework.TypeString, Description: "Accessor ID to lookup", }, @@ -167,7 +167,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) Pattern: "revoke-accessor$", Fields: map[string]*framework.FieldSchema{ - "accessor_id": &framework.FieldSchema{ + "accessor": &framework.FieldSchema{ Type: framework.TypeString, Description: "Accessor ID of the token", }, @@ -300,7 +300,7 @@ func NewTokenStore(c *Core, config *logical.BackendConfig) (*TokenStore, error) // TokenEntry is used to represent a given token type TokenEntry struct { ID string // ID of this entry, generally a random UUID - AccessorID string // Accessor ID for this token, a random UUID + Accessor string // Accessor ID for this token, a random UUID Parent string // Parent token, used for revocation trees Policies []string // Which named policies should be used Path string // Used for audit trails, this is something like "auth/user/login" @@ -337,20 +337,20 @@ func (ts *TokenStore) rootToken() (*TokenEntry, error) { return te, nil } -// CreateAccessorID is used to create an identifier for the token ID. +// CreateAccessor is used to create an identifier for the token ID. // An storage index, mapping the accessor ID to the token ID is also created. -func (ts *TokenStore) createAccessorID(entry *TokenEntry) error { - defer metrics.MeasureSince([]string{"token", "createAccessorID"}, time.Now()) +func (ts *TokenStore) createAccessor(entry *TokenEntry) error { + defer metrics.MeasureSince([]string{"token", "createAccessor"}, time.Now()) // Create a random accessor ID accessorUUID, err := uuid.GenerateUUID() if err != nil { return err } - entry.AccessorID = accessorUUID + entry.Accessor = accessorUUID // Create index entry, mapping the Accessor ID to the Token ID - path := lookupPrefix + ts.SaltID(entry.AccessorID) + path := lookupPrefix + ts.SaltID(entry.Accessor) le := &logical.StorageEntry{Key: path, Value: []byte(entry.ID)} if err := ts.view.Put(le); err != nil { return fmt.Errorf("failed to persist accessor ID index entry: %v", err) @@ -371,7 +371,7 @@ func (ts *TokenStore) create(entry *TokenEntry) error { entry.ID = entryUUID } - err := ts.createAccessorID(entry) + err := ts.createAccessor(entry) if err != nil { return err } @@ -533,8 +533,8 @@ func (ts *TokenStore) revokeSalted(saltedId string) error { } // Clear the accessor ID index if any - if entry != nil && entry.AccessorID != "" { - path := lookupPrefix + ts.SaltID(entry.AccessorID) + if entry != nil && entry.Accessor != "" { + path := lookupPrefix + ts.SaltID(entry.Accessor) if ts.view.Delete(path); err != nil { return fmt.Errorf("failed to delete entry: %v", err) } @@ -601,8 +601,8 @@ func (ts *TokenStore) revokeTreeSalted(saltedId string) error { return nil } -func (ts *TokenStore) lookupByAccessorID(accessorID string) (string, error) { - entry, err := ts.view.Get(lookupPrefix + ts.SaltID(accessorID)) +func (ts *TokenStore) lookupByAccessor(accessor string) (string, error) { + entry, err := ts.view.Get(lookupPrefix + ts.SaltID(accessor)) if err != nil { return "", fmt.Errorf("failed to read index using accessor ID: %s", err) } @@ -616,12 +616,12 @@ func (ts *TokenStore) lookupByAccessorID(accessorID string) (string, error) { // handleLookupAccessor handles the auth/token/lookup-accessor path for returning // the properties of the token associated with the accessor ID func (ts *TokenStore) handleLookupAccessor(req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - accessorID := data.Get("accessor_id").(string) - if accessorID == "" { - return nil, &StatusBadRequest{Err: "missing accessor_id"} + accessor := data.Get("accessor").(string) + if accessor == "" { + return nil, &StatusBadRequest{Err: "missing accessor"} } - tokenID, err := ts.lookupByAccessorID(accessorID) + tokenID, err := ts.lookupByAccessor(accessor) if err != nil { return nil, err } @@ -661,12 +661,12 @@ func (ts *TokenStore) handleLookupAccessor(req *logical.Request, data *framework // handleRevokeAccessor handles the auth/token/revoke-accessor path for revoking // the token associated with the accessor ID func (ts *TokenStore) handleRevokeAccessor(req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - accessorID := data.Get("accessor_id").(string) - if accessorID == "" { - return nil, &StatusBadRequest{Err: "missing accessor_id"} + accessor := data.Get("accessor").(string) + if accessor == "" { + return nil, &StatusBadRequest{Err: "missing accessor"} } - tokenID, err := ts.lookupByAccessorID(accessorID) + tokenID, err := ts.lookupByAccessor(accessor) if err != nil { return nil, err } @@ -853,7 +853,7 @@ func (ts *TokenStore) handleCreateCommon( Renewable: true, }, ClientToken: te.ID, - AccessorID: te.AccessorID, + Accessor: te.Accessor, }, }