-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSS-5672 Adds declared caveats to the discharge macaroon. #1047
CSS-5672 Adds declared caveats to the discharge macaroon. #1047
Conversation
|
||
if allowed { | ||
return []checkers.Caveat{ | ||
checkers.DeclaredCaveat(relationString, objectTagString), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the main bit that changed right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
c.Check(ms, qt.HasLen, 2) | ||
c.Assert(ms, qt.HasLen, 2) | ||
|
||
declaredCaveats := checkers.InferDeclared(macaroon.MacaroonNamespace, ms) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Out of interest is this a mock checker that will always validate the caveat or something? Or where do we setup the permissions for the test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh nvm, I see the setup
function in all the tests is how that's done.
jimmnames "github.com/canonical/jimm/pkg/names" | ||
) | ||
|
||
var defaultDischargeExpiry = 15 * time.Minute |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much better having these functions moved out
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm but i'm rusty on macaroons again honestly
Description
Adds declared caveats to the discharge macaroon.
Engineering checklist
Check only items that apply
Test instructions
Notes for code reviewers