removed types

Signed-off-by: Maia Iyer <[email protected]>

api/agent/config.go

@@ -138,7 +138,6 @@ func NewAuthorizer(authorizerPlugin *ast.ObjectItem) (authorization.Authorizer,
 
 		// decode into role list and apiMapping
 		roleList := make(map[string]string)
-		apiMapping := make(map[string][]string)
 		apiV1Mapping := make(map[string]map[string][]string)
 		for _, role := range config.RoleList {
 			roleList[role.Name] = role.Desc
@@ -147,10 +146,6 @@ func NewAuthorizer(authorizerPlugin *ast.ObjectItem) (authorization.Authorizer,
 				fmt.Println("WARNING: using the empty string for an API enables access to all authenticated users")
 			}
 		}
-		for _, api := range config.APIRoleMappings {
-			apiMapping[api.Name] = api.AllowedRoles
-			fmt.Printf("API name: %s, Allowed Roles: %s \n", api.Name, api.AllowedRoles)
-		}
 		for _, apiV1 := range config.APIv1RoleMappings {
 			arr := strings.Split(apiV1.Name, " ")
 			apiV1.Method = arr[0]
@@ -164,7 +159,7 @@ func NewAuthorizer(authorizerPlugin *ast.ObjectItem) (authorization.Authorizer,
 		}
 		fmt.Printf("API V1 Mapping: %+v\n", apiV1Mapping)
 
-		authorizer, err := authorization.NewRBACAuthorizer(config.Name, roleList, apiMapping, apiV1Mapping)
+		authorizer, err := authorization.NewRBACAuthorizer(config.Name, roleList, apiV1Mapping)
 		if err != nil {
 			return nil, errors.Errorf("Couldn't configure Authorizer: %v", err)
 		}

api/agent/types.go

@@ -118,11 +118,6 @@ type AuthRole struct {
 	Desc string `hcl:"desc"`
 }
 
-type APIRoleMapping struct {
-	Name         string   `hcl:",key"`
-	AllowedRoles []string `hcl:"allowed_roles"`
-}
-
 type APIv1RoleMapping struct {
 	Name string `hcl:",key"`
 	Method string `hcl:"-"`
@@ -133,6 +128,5 @@ type APIv1RoleMapping struct {
 type pluginAuthorizerRBAC struct {
 	Name            string            `hcl:"name"`
 	RoleList        []*AuthRole       `hcl:"role,block"`
-	APIRoleMappings []*APIRoleMapping `hcl:"API,block"`
 	APIv1RoleMappings []*APIv1RoleMapping `hcl:"APIv1,block"`
 }

pkg/agent/authorization/rbac_test.go

@@ -9,7 +9,7 @@ import (
 func TestNewRBACAuthorizer(t *testing.T) {
 	// INIT failures
 	// fail when no roles defined
-	_, err := NewRBACAuthorizer("", nil, nil, nil)
+	_, err := NewRBACAuthorizer("", nil, nil)
 	if err == nil {
 		t.Fatal("ERROR: successfully initialized RBAC without roles")
 	}
@@ -32,7 +32,7 @@ func TestNewRBACAuthorizer(t *testing.T) {
 	apiV1Mapping_5 := map[string]map[string][]string{"/api/v1/spire/serverinfo": {"POST": {"admin", "viewer"}}}
 
 	// fail when roles in apiMapping not in roleList
-	_, err = NewRBACAuthorizer(policyName, roleList_1, nil, apiV1Mapping_1)
+	_, err = NewRBACAuthorizer(policyName, roleList_1, apiV1Mapping_1)
 	expectedErr := "Could not parse policy testPolicy: invalid mapping: API V1  /api/v1/spire/serverinfo lists undefined role viewer"
 	if err == nil {
 		t.Fatal("ERROR: successfully initialized RBAC without roles")
@@ -41,13 +41,13 @@ func TestNewRBACAuthorizer(t *testing.T) {
 	}
 
 	// pass when roles in apiMapping in roleList
-	_, err = NewRBACAuthorizer(policyName, roleList_2, nil, apiV1Mapping_2)
+	_, err = NewRBACAuthorizer(policyName, roleList_2, apiV1Mapping_2)
 	if err != nil {
 		t.Fatalf("ERROR: failed to initialize RBAC: %s", err.Error())
 	}
 
 	// fail when typo in apiMapping
-	_, err = NewRBACAuthorizer(policyName, roleList_3, nil, apiV1Mapping_3)
+	_, err = NewRBACAuthorizer(policyName, roleList_3, apiV1Mapping_3)
 	if err == nil {
         t.Fatalf("expected an error but got nil")
     }
@@ -57,7 +57,7 @@ func TestNewRBACAuthorizer(t *testing.T) {
     }
 
 	// fail when apiV1Mapping has path not in staticAPIV1List
-	_, err = NewRBACAuthorizer(policyName, roleList_4, nil, apiV1Mapping_4)
+	_, err = NewRBACAuthorizer(policyName, roleList_4, apiV1Mapping_4)
     if err == nil {
         t.Fatal("ERROR: successfully initialized RBAC without roles")
     }
@@ -67,7 +67,7 @@ func TestNewRBACAuthorizer(t *testing.T) {
     }
 
 	// fail when apiV1Mapping has method not in staticAPIV1List
-	_, err = NewRBACAuthorizer(policyName, roleList_5, nil, apiV1Mapping_5)
+	_, err = NewRBACAuthorizer(policyName, roleList_5, apiV1Mapping_5)
 	if err == nil {
         t.Fatal("ERROR: successfully initialized RBAC without roles")
     }