Auth: Remove no-op authorizer interface methods.

lxd/api_project.go

@@ -320,11 +320,6 @@ func projectsPost(d *Daemon, r *http.Request) response.Response {
 		return response.SmartError(fmt.Errorf("Failed creating project %q: %w", project.Name, err))
 	}
 
-	err = s.Authorizer.AddProject(r.Context(), id, project.Name)
-	if err != nil {
-		return response.SmartError(err)
-	}
-
 	requestor := request.CreateRequestor(r)
 	lc := lifecycle.ProjectCreated.Event(project.Name, requestor, nil)
 	s.Events.SendLifecycle(project.Name, lc)
@@ -775,7 +770,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response {
 
 	// Perform the rename.
 	run := func(op *operations.Operation) error {
-		var id int64
 		err := s.DB.Cluster.Transaction(context.TODO(), func(ctx context.Context, tx *db.ClusterTx) error {
 			project, err := cluster.GetProject(ctx, tx.Tx(), req.Name)
 			if err != nil && !response.IsNotFoundError(err) {
@@ -800,11 +794,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response {
 				return fmt.Errorf("Only empty projects can be renamed")
 			}
 
-			id, err = cluster.GetProjectID(ctx, tx.Tx(), name)
-			if err != nil {
-				return fmt.Errorf("Failed getting project ID for project %q: %w", name, err)
-			}
-
 			err = projectValidateName(req.Name)
 			if err != nil {
 				return err
@@ -816,11 +805,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response {
 			return err
 		}
 
-		err = s.Authorizer.RenameProject(r.Context(), id, name, req.Name)
-		if err != nil {
-			return err
-		}
-
 		requestor := request.CreateRequestor(r)
 		s.Events.SendLifecycle(req.Name, lifecycle.ProjectRenamed.Event(req.Name, requestor, logger.Ctx{"old_name": name}))
 
@@ -866,7 +850,6 @@ func projectDelete(d *Daemon, r *http.Request) response.Response {
 		return response.Forbidden(fmt.Errorf("The 'default' project cannot be deleted"))
 	}
 
-	var id int64
 	err = s.DB.Cluster.Transaction(context.TODO(), func(ctx context.Context, tx *db.ClusterTx) error {
 		project, err := cluster.GetProject(ctx, tx.Tx(), name)
 		if err != nil {
@@ -882,23 +865,13 @@ func projectDelete(d *Daemon, r *http.Request) response.Response {
 			return fmt.Errorf("Only empty projects can be removed")
 		}
 
-		id, err = cluster.GetProjectID(ctx, tx.Tx(), name)
-		if err != nil {
-			return fmt.Errorf("Fetch project id %q: %w", name, err)
-		}
-
 		return cluster.DeleteProject(ctx, tx.Tx(), name)
 	})
 
 	if err != nil {
 		return response.SmartError(err)
 	}
 
-	err = s.Authorizer.DeleteProject(r.Context(), id, name)
-	if err != nil {
-		return response.SmartError(err)
-	}
-
 	requestor := request.CreateRequestor(r)
 	s.Events.SendLifecycle(name, lifecycle.ProjectDeleted.Event(name, requestor, nil))
 

lxd/auth/authorization.go

@@ -32,53 +32,9 @@ type PermissionChecker func(entityURL *api.URL) bool
 // Authorizer is the primary external API for this package.
 type Authorizer interface {
 	Driver() string
-	StopService(ctx context.Context) error
 
 	CheckPermission(ctx context.Context, r *http.Request, entityURL *api.URL, entitlement Entitlement) error
 	GetPermissionChecker(ctx context.Context, r *http.Request, entitlement Entitlement, entityType entity.Type) (PermissionChecker, error)
-
-	AddProject(ctx context.Context, projectID int64, projectName string) error
-	DeleteProject(ctx context.Context, projectID int64, projectName string) error
-	RenameProject(ctx context.Context, projectID int64, oldName string, newName string) error
-
-	AddCertificate(ctx context.Context, fingerprint string) error
-	DeleteCertificate(ctx context.Context, fingerprint string) error
-
-	AddStoragePool(ctx context.Context, storagePoolName string) error
-	DeleteStoragePool(ctx context.Context, storagePoolName string) error
-
-	AddImage(ctx context.Context, projectName string, fingerprint string) error
-	DeleteImage(ctx context.Context, projectName string, fingerprint string) error
-
-	AddImageAlias(ctx context.Context, projectName string, imageAliasName string) error
-	DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error
-	RenameImageAlias(ctx context.Context, projectName string, oldAliasName string, newAliasName string) error
-
-	AddInstance(ctx context.Context, projectName string, instanceName string) error
-	DeleteInstance(ctx context.Context, projectName string, instanceName string) error
-	RenameInstance(ctx context.Context, projectName string, oldInstanceName string, newInstanceName string) error
-
-	AddNetwork(ctx context.Context, projectName string, networkName string) error
-	DeleteNetwork(ctx context.Context, projectName string, networkName string) error
-	RenameNetwork(ctx context.Context, projectName string, oldNetworkName string, newNetworkName string) error
-
-	AddNetworkZone(ctx context.Context, projectName string, networkZoneName string) error
-	DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error
-
-	AddNetworkACL(ctx context.Context, projectName string, networkACLName string) error
-	DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error
-	RenameNetworkACL(ctx context.Context, projectName string, oldNetworkACLName string, newNetworkACLName string) error
-
-	AddProfile(ctx context.Context, projectName string, profileName string) error
-	DeleteProfile(ctx context.Context, projectName string, profileName string) error
-	RenameProfile(ctx context.Context, projectName string, oldProfileName string, newProfileName string) error
-
-	AddStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error
-	DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error
-	RenameStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, oldStorageVolumeName string, newStorageVolumeName string) error
-
-	AddStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error
-	DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error
 }
 
 // Opts is used as part of the LoadAuthorizer function so that only the relevant configuration fields are passed into a

lxd/auth/driver_common.go

@@ -3,7 +3,6 @@
 package auth
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -132,163 +131,3 @@ func (c *commonAuthorizer) requestDetails(r *http.Request) (*requestDetails, err
 func (c *commonAuthorizer) Driver() string {
 	return c.driverName
 }
-
-// StopService is a no-op.
-func (c *commonAuthorizer) StopService(ctx context.Context) error {
-	return nil
-}
-
-// AddProject is a no-op.
-func (c *commonAuthorizer) AddProject(ctx context.Context, projectID int64, name string) error {
-	return nil
-}
-
-// DeleteProject is a no-op.
-func (c *commonAuthorizer) DeleteProject(ctx context.Context, projectID int64, name string) error {
-	return nil
-}
-
-// RenameProject is a no-op.
-func (c *commonAuthorizer) RenameProject(ctx context.Context, projectID int64, oldName string, newName string) error {
-	return nil
-}
-
-// AddCertificate is a no-op.
-func (c *commonAuthorizer) AddCertificate(ctx context.Context, fingerprint string) error {
-	return nil
-}
-
-// DeleteCertificate is a no-op.
-func (c *commonAuthorizer) DeleteCertificate(ctx context.Context, fingerprint string) error {
-	return nil
-}
-
-// AddStoragePool is a no-op.
-func (c *commonAuthorizer) AddStoragePool(ctx context.Context, storagePoolName string) error {
-	return nil
-}
-
-// DeleteStoragePool is a no-op.
-func (c *commonAuthorizer) DeleteStoragePool(ctx context.Context, storagePoolName string) error {
-	return nil
-}
-
-// AddImage is a no-op.
-func (c *commonAuthorizer) AddImage(ctx context.Context, projectName string, fingerprint string) error {
-	return nil
-}
-
-// DeleteImage is a no-op.
-func (c *commonAuthorizer) DeleteImage(ctx context.Context, projectName string, fingerprint string) error {
-	return nil
-}
-
-// AddImageAlias is a no-op.
-func (c *commonAuthorizer) AddImageAlias(ctx context.Context, projectName string, imageAliasName string) error {
-	return nil
-}
-
-// DeleteImageAlias is a no-op.
-func (c *commonAuthorizer) DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error {
-	return nil
-}
-
-// RenameImageAlias is a no-op.
-func (c *commonAuthorizer) RenameImageAlias(ctx context.Context, projectName string, oldAliasName string, newAliasName string) error {
-	return nil
-}
-
-// AddInstance is a no-op.
-func (c *commonAuthorizer) AddInstance(ctx context.Context, projectName string, instanceName string) error {
-	return nil
-}
-
-// DeleteInstance is a no-op.
-func (c *commonAuthorizer) DeleteInstance(ctx context.Context, projectName string, instanceName string) error {
-	return nil
-}
-
-// RenameInstance is a no-op.
-func (c *commonAuthorizer) RenameInstance(ctx context.Context, projectName string, oldInstanceName string, newInstanceName string) error {
-	return nil
-}
-
-// AddNetwork is a no-op.
-func (c *commonAuthorizer) AddNetwork(ctx context.Context, projectName string, networkName string) error {
-	return nil
-}
-
-// DeleteNetwork is a no-op.
-func (c *commonAuthorizer) DeleteNetwork(ctx context.Context, projectName string, networkName string) error {
-	return nil
-}
-
-// RenameNetwork is a no-op.
-func (c *commonAuthorizer) RenameNetwork(ctx context.Context, projectName string, oldNetworkName string, newNetworkName string) error {
-	return nil
-}
-
-// AddNetworkZone is a no-op.
-func (c *commonAuthorizer) AddNetworkZone(ctx context.Context, projectName string, networkZoneName string) error {
-	return nil
-}
-
-// DeleteNetworkZone is a no-op.
-func (c *commonAuthorizer) DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error {
-	return nil
-}
-
-// AddNetworkACL is a no-op.
-func (c *commonAuthorizer) AddNetworkACL(ctx context.Context, projectName string, networkACLName string) error {
-	return nil
-}
-
-// DeleteNetworkACL is a no-op.
-func (c *commonAuthorizer) DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error {
-	return nil
-}
-
-// RenameNetworkACL is a no-op.
-func (c *commonAuthorizer) RenameNetworkACL(ctx context.Context, projectName string, oldNetworkACLName string, newNetworkACLName string) error {
-	return nil
-}
-
-// AddProfile is a no-op.
-func (c *commonAuthorizer) AddProfile(ctx context.Context, projectName string, profileName string) error {
-	return nil
-}
-
-// DeleteProfile is a no-op.
-func (c *commonAuthorizer) DeleteProfile(ctx context.Context, projectName string, profileName string) error {
-	return nil
-}
-
-// RenameProfile is a no-op.
-func (c *commonAuthorizer) RenameProfile(ctx context.Context, projectName string, oldProfileName string, newProfileName string) error {
-	return nil
-}
-
-// AddStoragePoolVolume is a no-op.
-func (c *commonAuthorizer) AddStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error {
-	return nil
-}
-
-// DeleteStoragePoolVolume is a no-op.
-func (c *commonAuthorizer) DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error {
-	return nil
-}
-
-// RenameStoragePoolVolume is a no-op.
-func (c *commonAuthorizer) RenameStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, oldStorageVolumeName string, newStorageVolumeName string) error {
-	return nil
-}
-
-// AddStorageBucket is a no-op.
-func (c *commonAuthorizer) AddStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error {
-	return nil
-}
-
-// DeleteStorageBucket is a no-op.
-func (c *commonAuthorizer) DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error {
-	return nil
-}

lxd/certificates.go

@@ -641,12 +641,6 @@ func certificatesPost(d *Daemon, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
-	// Add the certificate resource to the authorizer.
-	err = s.Authorizer.AddCertificate(r.Context(), fingerprint)
-	if err != nil {
-		logger.Error("Failed to add certificate to authorizer", logger.Ctx{"fingerprint": fingerprint, "error": err})
-	}
-
 	// Reload the identity cache to add the new certificate.
 	s.UpdateIdentityCache()
 
@@ -1086,12 +1080,6 @@ func certificateDelete(d *Daemon, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
-	// Remove the certificate from the authorizer.
-	err = s.Authorizer.DeleteCertificate(r.Context(), certInfo.Fingerprint)
-	if err != nil {
-		logger.Error("Failed to remove certificate from authorizer", logger.Ctx{"fingerprint": certInfo.Fingerprint, "error": err})
-	}
-
 	// Reload the cache.
 	s.UpdateIdentityCache()
 

lxd/images.go

@@ -1206,12 +1206,6 @@ func imagesPost(d *Daemon, r *http.Request) response.Response {
 			return fmt.Errorf("Failed syncing image between nodes: %w", err)
 		}
 
-		// Add the image to the authorizer.
-		err = s.Authorizer.AddImage(r.Context(), projectName, info.Fingerprint)
-		if err != nil {
-			logger.Error("Failed to add image to authorizer", logger.Ctx{"fingerprint": info.Fingerprint, "project": projectName, "error": err})
-		}
-
 		s.Events.SendLifecycle(projectName, lifecycle.ImageCreated.Event(info.Fingerprint, projectName, op.Requestor(), logger.Ctx{"type": info.Type}))
 
 		return nil
@@ -2803,12 +2797,6 @@ func imageDelete(d *Daemon, r *http.Request) response.Response {
 		// Remove main image file from disk.
 		imageDeleteFromDisk(imgInfo.Fingerprint)
 
-		// Remove image from authorizer.
-		err = s.Authorizer.DeleteImage(r.Context(), projectName, imgInfo.Fingerprint)
-		if err != nil {
-			logger.Error("Failed to remove image from authorizer", logger.Ctx{"fingerprint": imgInfo.Fingerprint, "project": projectName, "error": err})
-		}
-
 		s.Events.SendLifecycle(projectName, lifecycle.ImageDeleted.Event(imgInfo.Fingerprint, projectName, op.Requestor(), nil))
 
 		return nil
@@ -3338,12 +3326,6 @@ func imageAliasesPost(d *Daemon, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
-	// Add the image alias to the authorizer.
-	err = s.Authorizer.AddImageAlias(r.Context(), projectName, req.Name)
-	if err != nil {
-		logger.Error("Failed to add image alias to authorizer", logger.Ctx{"name": req.Name, "project": projectName, "error": err})
-	}
-
 	requestor := request.CreateRequestor(r)
 	lc := lifecycle.ImageAliasCreated.Event(req.Name, projectName, requestor, logger.Ctx{"target": req.Target})
 	s.Events.SendLifecycle(projectName, lc)
@@ -3680,12 +3662,6 @@ func imageAliasDelete(d *Daemon, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
-	// Remove image alias from authorizer.
-	err = s.Authorizer.DeleteImageAlias(r.Context(), projectName, name)
-	if err != nil {
-		logger.Error("Failed to remove image alias from authorizer", logger.Ctx{"name": name, "project": projectName, "error": err})
-	}
-
 	requestor := request.CreateRequestor(r)
 	s.Events.SendLifecycle(projectName, lifecycle.ImageAliasDeleted.Event(name, projectName, requestor, nil))
 
@@ -3958,12 +3934,6 @@ func imageAliasPost(d *Daemon, r *http.Request) response.Response {
 		return response.SmartError(err)
 	}
 
-	// Rename image alias in authorizer.
-	err = s.Authorizer.RenameImageAlias(r.Context(), projectName, name, req.Name)
-	if err != nil {
-		logger.Error("Failed to rename image alias in authorizer", logger.Ctx{"old_name": name, "new_name": req.Name, "project": projectName})
-	}
-
 	requestor := request.CreateRequestor(r)
 	lc := lifecycle.ImageAliasRenamed.Event(req.Name, projectName, requestor, logger.Ctx{"old_name": name})
 	s.Events.SendLifecycle(projectName, lc)