From 405249e19f7ab1e18ad011e1c09c0480ed7bdca1 Mon Sep 17 00:00:00 2001 From: Mark Laing Date: Thu, 14 Mar 2024 15:46:32 +0000 Subject: [PATCH 1/4] lxd/auth: Remove no-op methods from authorizer interface. Signed-off-by: Mark Laing --- lxd/auth/authorization.go | 44 ----------- lxd/auth/driver_common.go | 161 -------------------------------------- 2 files changed, 205 deletions(-) diff --git a/lxd/auth/authorization.go b/lxd/auth/authorization.go index d338f4a3e343..aeaea75cc0ff 100644 --- a/lxd/auth/authorization.go +++ b/lxd/auth/authorization.go @@ -32,53 +32,9 @@ type PermissionChecker func(entityURL *api.URL) bool // Authorizer is the primary external API for this package. type Authorizer interface { Driver() string - StopService(ctx context.Context) error CheckPermission(ctx context.Context, r *http.Request, entityURL *api.URL, entitlement Entitlement) error GetPermissionChecker(ctx context.Context, r *http.Request, entitlement Entitlement, entityType entity.Type) (PermissionChecker, error) - - AddProject(ctx context.Context, projectID int64, projectName string) error - DeleteProject(ctx context.Context, projectID int64, projectName string) error - RenameProject(ctx context.Context, projectID int64, oldName string, newName string) error - - AddCertificate(ctx context.Context, fingerprint string) error - DeleteCertificate(ctx context.Context, fingerprint string) error - - AddStoragePool(ctx context.Context, storagePoolName string) error - DeleteStoragePool(ctx context.Context, storagePoolName string) error - - AddImage(ctx context.Context, projectName string, fingerprint string) error - DeleteImage(ctx context.Context, projectName string, fingerprint string) error - - AddImageAlias(ctx context.Context, projectName string, imageAliasName string) error - DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error - RenameImageAlias(ctx context.Context, projectName string, oldAliasName string, newAliasName string) error - - AddInstance(ctx context.Context, projectName string, instanceName string) error - DeleteInstance(ctx context.Context, projectName string, instanceName string) error - RenameInstance(ctx context.Context, projectName string, oldInstanceName string, newInstanceName string) error - - AddNetwork(ctx context.Context, projectName string, networkName string) error - DeleteNetwork(ctx context.Context, projectName string, networkName string) error - RenameNetwork(ctx context.Context, projectName string, oldNetworkName string, newNetworkName string) error - - AddNetworkZone(ctx context.Context, projectName string, networkZoneName string) error - DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error - - AddNetworkACL(ctx context.Context, projectName string, networkACLName string) error - DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error - RenameNetworkACL(ctx context.Context, projectName string, oldNetworkACLName string, newNetworkACLName string) error - - AddProfile(ctx context.Context, projectName string, profileName string) error - DeleteProfile(ctx context.Context, projectName string, profileName string) error - RenameProfile(ctx context.Context, projectName string, oldProfileName string, newProfileName string) error - - AddStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error - DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error - RenameStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, oldStorageVolumeName string, newStorageVolumeName string) error - - AddStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error - DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error } // Opts is used as part of the LoadAuthorizer function so that only the relevant configuration fields are passed into a diff --git a/lxd/auth/driver_common.go b/lxd/auth/driver_common.go index 4785691c0484..bfd1aa82ae92 100644 --- a/lxd/auth/driver_common.go +++ b/lxd/auth/driver_common.go @@ -3,7 +3,6 @@ package auth import ( - "context" "fmt" "net/http" "net/url" @@ -132,163 +131,3 @@ func (c *commonAuthorizer) requestDetails(r *http.Request) (*requestDetails, err func (c *commonAuthorizer) Driver() string { return c.driverName } - -// StopService is a no-op. -func (c *commonAuthorizer) StopService(ctx context.Context) error { - return nil -} - -// AddProject is a no-op. -func (c *commonAuthorizer) AddProject(ctx context.Context, projectID int64, name string) error { - return nil -} - -// DeleteProject is a no-op. -func (c *commonAuthorizer) DeleteProject(ctx context.Context, projectID int64, name string) error { - return nil -} - -// RenameProject is a no-op. -func (c *commonAuthorizer) RenameProject(ctx context.Context, projectID int64, oldName string, newName string) error { - return nil -} - -// AddCertificate is a no-op. -func (c *commonAuthorizer) AddCertificate(ctx context.Context, fingerprint string) error { - return nil -} - -// DeleteCertificate is a no-op. -func (c *commonAuthorizer) DeleteCertificate(ctx context.Context, fingerprint string) error { - return nil -} - -// AddStoragePool is a no-op. -func (c *commonAuthorizer) AddStoragePool(ctx context.Context, storagePoolName string) error { - return nil -} - -// DeleteStoragePool is a no-op. -func (c *commonAuthorizer) DeleteStoragePool(ctx context.Context, storagePoolName string) error { - return nil -} - -// AddImage is a no-op. -func (c *commonAuthorizer) AddImage(ctx context.Context, projectName string, fingerprint string) error { - return nil -} - -// DeleteImage is a no-op. -func (c *commonAuthorizer) DeleteImage(ctx context.Context, projectName string, fingerprint string) error { - return nil -} - -// AddImageAlias is a no-op. -func (c *commonAuthorizer) AddImageAlias(ctx context.Context, projectName string, imageAliasName string) error { - return nil -} - -// DeleteImageAlias is a no-op. -func (c *commonAuthorizer) DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error { - return nil -} - -// RenameImageAlias is a no-op. -func (c *commonAuthorizer) RenameImageAlias(ctx context.Context, projectName string, oldAliasName string, newAliasName string) error { - return nil -} - -// AddInstance is a no-op. -func (c *commonAuthorizer) AddInstance(ctx context.Context, projectName string, instanceName string) error { - return nil -} - -// DeleteInstance is a no-op. -func (c *commonAuthorizer) DeleteInstance(ctx context.Context, projectName string, instanceName string) error { - return nil -} - -// RenameInstance is a no-op. -func (c *commonAuthorizer) RenameInstance(ctx context.Context, projectName string, oldInstanceName string, newInstanceName string) error { - return nil -} - -// AddNetwork is a no-op. -func (c *commonAuthorizer) AddNetwork(ctx context.Context, projectName string, networkName string) error { - return nil -} - -// DeleteNetwork is a no-op. -func (c *commonAuthorizer) DeleteNetwork(ctx context.Context, projectName string, networkName string) error { - return nil -} - -// RenameNetwork is a no-op. -func (c *commonAuthorizer) RenameNetwork(ctx context.Context, projectName string, oldNetworkName string, newNetworkName string) error { - return nil -} - -// AddNetworkZone is a no-op. -func (c *commonAuthorizer) AddNetworkZone(ctx context.Context, projectName string, networkZoneName string) error { - return nil -} - -// DeleteNetworkZone is a no-op. -func (c *commonAuthorizer) DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error { - return nil -} - -// AddNetworkACL is a no-op. -func (c *commonAuthorizer) AddNetworkACL(ctx context.Context, projectName string, networkACLName string) error { - return nil -} - -// DeleteNetworkACL is a no-op. -func (c *commonAuthorizer) DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error { - return nil -} - -// RenameNetworkACL is a no-op. -func (c *commonAuthorizer) RenameNetworkACL(ctx context.Context, projectName string, oldNetworkACLName string, newNetworkACLName string) error { - return nil -} - -// AddProfile is a no-op. -func (c *commonAuthorizer) AddProfile(ctx context.Context, projectName string, profileName string) error { - return nil -} - -// DeleteProfile is a no-op. -func (c *commonAuthorizer) DeleteProfile(ctx context.Context, projectName string, profileName string) error { - return nil -} - -// RenameProfile is a no-op. -func (c *commonAuthorizer) RenameProfile(ctx context.Context, projectName string, oldProfileName string, newProfileName string) error { - return nil -} - -// AddStoragePoolVolume is a no-op. -func (c *commonAuthorizer) AddStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error { - return nil -} - -// DeleteStoragePoolVolume is a no-op. -func (c *commonAuthorizer) DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string) error { - return nil -} - -// RenameStoragePoolVolume is a no-op. -func (c *commonAuthorizer) RenameStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, oldStorageVolumeName string, newStorageVolumeName string) error { - return nil -} - -// AddStorageBucket is a no-op. -func (c *commonAuthorizer) AddStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error { - return nil -} - -// DeleteStorageBucket is a no-op. -func (c *commonAuthorizer) DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string) error { - return nil -} From 290c689282c1ebc5c8f8ce64e31bb38cf0efad36 Mon Sep 17 00:00:00 2001 From: Mark Laing Date: Thu, 14 Mar 2024 15:47:46 +0000 Subject: [PATCH 2/4] lxd/instance/drivers: Remove authorizer calls to no-op methods. Signed-off-by: Mark Laing --- lxd/instance/drivers/driver_lxc.go | 16 ---------------- lxd/instance/drivers/driver_qemu.go | 15 --------------- 2 files changed, 31 deletions(-) diff --git a/lxd/instance/drivers/driver_lxc.go b/lxd/instance/drivers/driver_lxc.go index fb80905aca9c..5e5e20059995 100644 --- a/lxd/instance/drivers/driver_lxc.go +++ b/lxd/instance/drivers/driver_lxc.go @@ -327,12 +327,6 @@ func lxcCreate(s *state.State, args db.InstanceArgs, p api.Project) (instance.In if d.isSnapshot { d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceSnapshotCreated.Event(d, nil)) } else { - // Add instance to authorizer. - err = d.state.Authorizer.AddInstance(d.state.ShutdownCtx, d.project.Name, d.Name()) - if err != nil { - logger.Error("Failed to add instance to authorizer", logger.Ctx{"instanceName": d.Name(), "projectName": d.project.Name, "error": err}) - } - d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceCreated.Event(d, map[string]any{ "type": api.InstanceTypeContainer, "storage-pool": d.storagePool.Name(), @@ -3803,11 +3797,6 @@ func (d *lxc) delete(force bool) error { if d.isSnapshot { d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceSnapshotDeleted.Event(d, nil)) } else { - err = d.state.Authorizer.DeleteInstance(d.state.ShutdownCtx, d.project.Name, d.Name()) - if err != nil { - logger.Error("Failed to remove instance from authorizer", logger.Ctx{"name": d.Name(), "project": d.project.Name, "error": err}) - } - d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceDeleted.Event(d, nil)) } @@ -3993,11 +3982,6 @@ func (d *lxc) Rename(newName string, applyTemplateTrigger bool) error { if d.isSnapshot { d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceSnapshotRenamed.Event(d, map[string]any{"old_name": oldName})) } else { - err = d.state.Authorizer.RenameInstance(d.state.ShutdownCtx, d.project.Name, oldName, newName) - if err != nil { - logger.Error("Failed to rename instance in authorizer", logger.Ctx{"old_name": oldName, "new_name": newName, "project": d.project.Name, "error": err}) - } - d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceRenamed.Event(d, map[string]any{"old_name": oldName})) } diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 22fe3e7cc096..2c1d8c9b4017 100644 --- a/lxd/instance/drivers/driver_qemu.go +++ b/lxd/instance/drivers/driver_qemu.go @@ -338,11 +338,6 @@ func qemuCreate(s *state.State, args db.InstanceArgs, p api.Project) (instance.I if d.isSnapshot { d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceSnapshotCreated.Event(d, nil)) } else { - err = d.state.Authorizer.AddInstance(d.state.ShutdownCtx, d.project.Name, d.Name()) - if err != nil { - logger.Error("Failed to add instance to authorizer", logger.Ctx{"name": d.Name(), "project": d.project.Name, "error": err}) - } - d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceCreated.Event(d, map[string]any{ "type": api.InstanceTypeVM, "storage-pool": d.storagePool.Name(), @@ -5317,11 +5312,6 @@ func (d *qemu) Rename(newName string, applyTemplateTrigger bool) error { if d.isSnapshot { d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceSnapshotRenamed.Event(d, map[string]any{"old_name": oldName})) } else { - err = d.state.Authorizer.RenameInstance(d.state.ShutdownCtx, d.project.Name, oldName, newName) - if err != nil { - logger.Error("Failed to rename instance in authorizer", logger.Ctx{"old_name": oldName, "new_name": newName, "project": d.project.Name, "error": err}) - } - d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceRenamed.Event(d, map[string]any{"old_name": oldName})) } @@ -6217,11 +6207,6 @@ func (d *qemu) delete(force bool) error { if d.isSnapshot { d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceSnapshotDeleted.Event(d, nil)) } else { - err = d.state.Authorizer.DeleteInstance(d.state.ShutdownCtx, d.project.Name, d.Name()) - if err != nil { - logger.Error("Failed to remove instance from authorizer", logger.Ctx{"name": d.Name(), "project": d.project.Name, "error": err}) - } - d.state.Events.SendLifecycle(d.project.Name, lifecycle.InstanceDeleted.Event(d, nil)) } From 2baa42e2ee4572a9329076207f50cfecab517843 Mon Sep 17 00:00:00 2001 From: Mark Laing Date: Thu, 14 Mar 2024 15:47:58 +0000 Subject: [PATCH 3/4] lxd/storage: Remove authorizer calls to no-op methods. Signed-off-by: Mark Laing --- lxd/storage/backend_lxd.go | 35 ----------------------------------- 1 file changed, 35 deletions(-) diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go index 982e82bb83d0..2593b00eecc7 100644 --- a/lxd/storage/backend_lxd.go +++ b/lxd/storage/backend_lxd.go @@ -4748,11 +4748,6 @@ func (b *lxdBackend) CreateCustomVolume(projectName string, volName string, desc eventCtx["location"] = b.state.ServerName } - err = b.state.Authorizer.AddStoragePoolVolume(b.state.ShutdownCtx, projectName, b.Name(), string(vol.Type()), volName) - if err != nil { - logger.Error("Failed to add storage volume to authorizer", logger.Ctx{"name": volName, "type": vol.Type(), "pool": b.Name(), "project": projectName, "error": err}) - } - b.state.Events.SendLifecycle(projectName, lifecycle.StorageVolumeCreated.Event(vol, string(vol.Type()), projectName, op, eventCtx)) revert.Success() @@ -4912,11 +4907,6 @@ func (b *lxdBackend) CreateCustomVolumeFromCopy(projectName string, srcProjectNa eventCtx["location"] = b.state.ServerName } - err = b.state.Authorizer.AddStoragePoolVolume(b.state.ShutdownCtx, projectName, b.Name(), string(vol.Type()), volName) - if err != nil { - logger.Error("Failed to add storage volume to authorizer", logger.Ctx{"name": volName, "type": vol.Type(), "pool": b.Name(), "project": projectName, "error": err}) - } - b.state.Events.SendLifecycle(projectName, lifecycle.StorageVolumeCreated.Event(vol, string(vol.Type()), projectName, op, eventCtx)) revert.Success() @@ -5347,11 +5337,6 @@ func (b *lxdBackend) CreateCustomVolumeFromMigration(projectName string, conn io eventCtx["location"] = b.state.ServerName } - err = b.state.Authorizer.AddStoragePoolVolume(b.state.ShutdownCtx, projectName, b.Name(), string(vol.Type()), args.Name) - if err != nil { - logger.Error("Failed to add storage volume to authorizer", logger.Ctx{"name": args.Name, "type": vol.Type(), "pool": b.Name(), "project": projectName, "error": err}) - } - b.state.Events.SendLifecycle(projectName, lifecycle.StorageVolumeCreated.Event(vol, string(vol.Type()), projectName, op, eventCtx)) revert.Success() @@ -5454,11 +5439,6 @@ func (b *lxdBackend) RenameCustomVolume(projectName string, volName string, newV return err } - err = b.state.Authorizer.RenameStoragePoolVolume(b.state.ShutdownCtx, projectName, b.Name(), string(vol.Type()), volName, newVolStorageName) - if err != nil { - logger.Error("Failed to rename storage volume in authorizer", logger.Ctx{"old_name": volName, "new_name": newVolStorageName, "type": vol.Type(), "pool": b.Name(), "project": projectName, "error": err}) - } - vol = b.GetVolume(drivers.VolumeTypeCustom, drivers.ContentType(volume.ContentType), newVolStorageName, nil) b.state.Events.SendLifecycle(projectName, lifecycle.StorageVolumeRenamed.Event(vol, string(vol.Type()), projectName, op, logger.Ctx{"old_name": volName})) @@ -5727,11 +5707,6 @@ func (b *lxdBackend) DeleteCustomVolume(projectName string, volName string, op * return err } - err = b.state.Authorizer.DeleteStoragePoolVolume(b.state.ShutdownCtx, projectName, b.Name(), string(vol.Type()), volName) - if err != nil { - logger.Error("Failed to remove storage volume from authorizer", logger.Ctx{"name": volName, "type": vol.Type(), "pool": b.Name(), "project": projectName, "error": err}) - } - b.state.Events.SendLifecycle(projectName, lifecycle.StorageVolumeDeleted.Event(vol, string(vol.Type()), projectName, op, nil)) return nil @@ -7154,11 +7129,6 @@ func (b *lxdBackend) CreateCustomVolumeFromISO(projectName string, volName strin eventCtx["location"] = b.state.ServerName } - err = b.state.Authorizer.AddStoragePoolVolume(b.state.ShutdownCtx, projectName, b.Name(), string(vol.Type()), volName) - if err != nil { - logger.Error("Failed to add storage volume to authorizer", logger.Ctx{"name": volName, "type": vol.Type(), "pool": b.Name(), "project": projectName, "error": err}) - } - b.state.Events.SendLifecycle(projectName, lifecycle.StorageVolumeCreated.Event(vol, string(vol.Type()), projectName, op, eventCtx)) revert.Success() @@ -7264,11 +7234,6 @@ func (b *lxdBackend) CreateCustomVolumeFromBackup(srcBackup backup.Info, srcData eventCtx["location"] = b.state.ServerName } - err = b.state.Authorizer.AddStoragePoolVolume(b.state.ShutdownCtx, srcBackup.Project, b.Name(), string(vol.Type()), srcBackup.Name) - if err != nil { - logger.Error("Failed to add storage volume to authorizer", logger.Ctx{"name": srcBackup.Name, "type": vol.Type(), "pool": b.Name(), "project": srcBackup.Project, "error": err}) - } - b.state.Events.SendLifecycle(srcBackup.Project, lifecycle.StorageVolumeCreated.Event(vol, string(vol.Type()), srcBackup.Project, op, eventCtx)) revert.Success() From 53bd124b5887f92f68110812b5aef21f2117e204 Mon Sep 17 00:00:00 2001 From: Mark Laing Date: Thu, 14 Mar 2024 15:48:04 +0000 Subject: [PATCH 4/4] lxd: Remove authorizer calls to no-op methods. Signed-off-by: Mark Laing --- lxd/api_project.go | 27 --------------------------- lxd/certificates.go | 12 ------------ lxd/images.go | 30 ------------------------------ lxd/network_acls.go | 15 --------------- lxd/network_zones.go | 11 ----------- lxd/networks.go | 15 --------------- lxd/profiles.go | 15 --------------- lxd/storage_buckets.go | 11 ----------- lxd/storage_pools.go | 12 ------------ 9 files changed, 148 deletions(-) diff --git a/lxd/api_project.go b/lxd/api_project.go index f6fe65a0b71e..65b54297bf2f 100644 --- a/lxd/api_project.go +++ b/lxd/api_project.go @@ -320,11 +320,6 @@ func projectsPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(fmt.Errorf("Failed creating project %q: %w", project.Name, err)) } - err = s.Authorizer.AddProject(r.Context(), id, project.Name) - if err != nil { - return response.SmartError(err) - } - requestor := request.CreateRequestor(r) lc := lifecycle.ProjectCreated.Event(project.Name, requestor, nil) s.Events.SendLifecycle(project.Name, lc) @@ -775,7 +770,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response { // Perform the rename. run := func(op *operations.Operation) error { - var id int64 err := s.DB.Cluster.Transaction(context.TODO(), func(ctx context.Context, tx *db.ClusterTx) error { project, err := cluster.GetProject(ctx, tx.Tx(), req.Name) if err != nil && !response.IsNotFoundError(err) { @@ -800,11 +794,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response { return fmt.Errorf("Only empty projects can be renamed") } - id, err = cluster.GetProjectID(ctx, tx.Tx(), name) - if err != nil { - return fmt.Errorf("Failed getting project ID for project %q: %w", name, err) - } - err = projectValidateName(req.Name) if err != nil { return err @@ -816,11 +805,6 @@ func projectPost(d *Daemon, r *http.Request) response.Response { return err } - err = s.Authorizer.RenameProject(r.Context(), id, name, req.Name) - if err != nil { - return err - } - requestor := request.CreateRequestor(r) s.Events.SendLifecycle(req.Name, lifecycle.ProjectRenamed.Event(req.Name, requestor, logger.Ctx{"old_name": name})) @@ -866,7 +850,6 @@ func projectDelete(d *Daemon, r *http.Request) response.Response { return response.Forbidden(fmt.Errorf("The 'default' project cannot be deleted")) } - var id int64 err = s.DB.Cluster.Transaction(context.TODO(), func(ctx context.Context, tx *db.ClusterTx) error { project, err := cluster.GetProject(ctx, tx.Tx(), name) if err != nil { @@ -882,11 +865,6 @@ func projectDelete(d *Daemon, r *http.Request) response.Response { return fmt.Errorf("Only empty projects can be removed") } - id, err = cluster.GetProjectID(ctx, tx.Tx(), name) - if err != nil { - return fmt.Errorf("Fetch project id %q: %w", name, err) - } - return cluster.DeleteProject(ctx, tx.Tx(), name) }) @@ -894,11 +872,6 @@ func projectDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.DeleteProject(r.Context(), id, name) - if err != nil { - return response.SmartError(err) - } - requestor := request.CreateRequestor(r) s.Events.SendLifecycle(name, lifecycle.ProjectDeleted.Event(name, requestor, nil)) diff --git a/lxd/certificates.go b/lxd/certificates.go index e6b8cd5e35ff..da1564a5e8b2 100644 --- a/lxd/certificates.go +++ b/lxd/certificates.go @@ -641,12 +641,6 @@ func certificatesPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - // Add the certificate resource to the authorizer. - err = s.Authorizer.AddCertificate(r.Context(), fingerprint) - if err != nil { - logger.Error("Failed to add certificate to authorizer", logger.Ctx{"fingerprint": fingerprint, "error": err}) - } - // Reload the identity cache to add the new certificate. s.UpdateIdentityCache() @@ -1086,12 +1080,6 @@ func certificateDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - // Remove the certificate from the authorizer. - err = s.Authorizer.DeleteCertificate(r.Context(), certInfo.Fingerprint) - if err != nil { - logger.Error("Failed to remove certificate from authorizer", logger.Ctx{"fingerprint": certInfo.Fingerprint, "error": err}) - } - // Reload the cache. s.UpdateIdentityCache() diff --git a/lxd/images.go b/lxd/images.go index 826174973145..62f111f61f6a 100644 --- a/lxd/images.go +++ b/lxd/images.go @@ -1206,12 +1206,6 @@ func imagesPost(d *Daemon, r *http.Request) response.Response { return fmt.Errorf("Failed syncing image between nodes: %w", err) } - // Add the image to the authorizer. - err = s.Authorizer.AddImage(r.Context(), projectName, info.Fingerprint) - if err != nil { - logger.Error("Failed to add image to authorizer", logger.Ctx{"fingerprint": info.Fingerprint, "project": projectName, "error": err}) - } - s.Events.SendLifecycle(projectName, lifecycle.ImageCreated.Event(info.Fingerprint, projectName, op.Requestor(), logger.Ctx{"type": info.Type})) return nil @@ -2803,12 +2797,6 @@ func imageDelete(d *Daemon, r *http.Request) response.Response { // Remove main image file from disk. imageDeleteFromDisk(imgInfo.Fingerprint) - // Remove image from authorizer. - err = s.Authorizer.DeleteImage(r.Context(), projectName, imgInfo.Fingerprint) - if err != nil { - logger.Error("Failed to remove image from authorizer", logger.Ctx{"fingerprint": imgInfo.Fingerprint, "project": projectName, "error": err}) - } - s.Events.SendLifecycle(projectName, lifecycle.ImageDeleted.Event(imgInfo.Fingerprint, projectName, op.Requestor(), nil)) return nil @@ -3338,12 +3326,6 @@ func imageAliasesPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - // Add the image alias to the authorizer. - err = s.Authorizer.AddImageAlias(r.Context(), projectName, req.Name) - if err != nil { - logger.Error("Failed to add image alias to authorizer", logger.Ctx{"name": req.Name, "project": projectName, "error": err}) - } - requestor := request.CreateRequestor(r) lc := lifecycle.ImageAliasCreated.Event(req.Name, projectName, requestor, logger.Ctx{"target": req.Target}) s.Events.SendLifecycle(projectName, lc) @@ -3680,12 +3662,6 @@ func imageAliasDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - // Remove image alias from authorizer. - err = s.Authorizer.DeleteImageAlias(r.Context(), projectName, name) - if err != nil { - logger.Error("Failed to remove image alias from authorizer", logger.Ctx{"name": name, "project": projectName, "error": err}) - } - requestor := request.CreateRequestor(r) s.Events.SendLifecycle(projectName, lifecycle.ImageAliasDeleted.Event(name, projectName, requestor, nil)) @@ -3958,12 +3934,6 @@ func imageAliasPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - // Rename image alias in authorizer. - err = s.Authorizer.RenameImageAlias(r.Context(), projectName, name, req.Name) - if err != nil { - logger.Error("Failed to rename image alias in authorizer", logger.Ctx{"old_name": name, "new_name": req.Name, "project": projectName}) - } - requestor := request.CreateRequestor(r) lc := lifecycle.ImageAliasRenamed.Event(req.Name, projectName, requestor, logger.Ctx{"old_name": name}) s.Events.SendLifecycle(projectName, lc) diff --git a/lxd/network_acls.go b/lxd/network_acls.go index d15c215387d4..ea4e03cea98a 100644 --- a/lxd/network_acls.go +++ b/lxd/network_acls.go @@ -266,11 +266,6 @@ func networkACLsPost(d *Daemon, r *http.Request) response.Response { return response.BadRequest(err) } - err = s.Authorizer.AddNetworkACL(r.Context(), projectName, req.Name) - if err != nil { - logger.Error("Failed to add network ACL to authorizer", logger.Ctx{"name": req.Name, "project": projectName, "error": err}) - } - lc := lifecycle.NetworkACLCreated.Event(netACL, request.CreateRequestor(r), nil) s.Events.SendLifecycle(projectName, lc) @@ -324,11 +319,6 @@ func networkACLDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.DeleteNetworkACL(r.Context(), projectName, aclName) - if err != nil { - logger.Error("Failed to remove network ACL from authorizer", logger.Ctx{"name": aclName, "project": projectName, "error": err}) - } - s.Events.SendLifecycle(projectName, lifecycle.NetworkACLDeleted.Event(netACL, request.CreateRequestor(r), nil)) return response.EmptySyncResponse @@ -591,11 +581,6 @@ func networkACLPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.RenameNetworkACL(r.Context(), projectName, aclName, req.Name) - if err != nil { - logger.Error("Failed to rename network ACL in authorizer", logger.Ctx{"old_name": aclName, "new_name": req.Name, "project": projectName, "error": err}) - } - lc := lifecycle.NetworkACLRenamed.Event(netACL, request.CreateRequestor(r), logger.Ctx{"old_name": aclName}) s.Events.SendLifecycle(projectName, lc) diff --git a/lxd/network_zones.go b/lxd/network_zones.go index 1af63a664988..04dc627ff9dc 100644 --- a/lxd/network_zones.go +++ b/lxd/network_zones.go @@ -20,7 +20,6 @@ import ( "github.com/canonical/lxd/lxd/util" "github.com/canonical/lxd/shared/api" "github.com/canonical/lxd/shared/entity" - "github.com/canonical/lxd/shared/logger" "github.com/canonical/lxd/shared/version" ) @@ -256,11 +255,6 @@ func networkZonesPost(d *Daemon, r *http.Request) response.Response { return response.BadRequest(err) } - err = s.Authorizer.AddNetworkZone(r.Context(), projectName, req.Name) - if err != nil { - logger.Error("Failed to add network zone to authorizer", logger.Ctx{"name": req.Name, "project": projectName, "error": err}) - } - lc := lifecycle.NetworkZoneCreated.Event(netzone, request.CreateRequestor(r), nil) s.Events.SendLifecycle(projectName, lc) @@ -314,11 +308,6 @@ func networkZoneDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.DeleteNetworkZone(r.Context(), projectName, zoneName) - if err != nil { - logger.Error("Failed to remove network zone from authorizer", logger.Ctx{"name": zoneName, "project": projectName, "error": err}) - } - s.Events.SendLifecycle(projectName, lifecycle.NetworkZoneDeleted.Event(netzone, request.CreateRequestor(r), nil)) return response.EmptySyncResponse diff --git a/lxd/networks.go b/lxd/networks.go index e52a48717037..9f97a7e25b49 100644 --- a/lxd/networks.go +++ b/lxd/networks.go @@ -507,11 +507,6 @@ func networksPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.AddNetwork(r.Context(), projectName, req.Name) - if err != nil { - logger.Error("Failed to add network to authorizer", logger.Ctx{"name": req.Name, "project": projectName, "error": err}) - } - requestor := request.CreateRequestor(r) s.Events.SendLifecycle(projectName, lifecycle.NetworkCreated.Event(n, requestor, nil)) @@ -1032,11 +1027,6 @@ func networkDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.DeleteNetwork(r.Context(), projectName, networkName) - if err != nil { - logger.Error("Failed to remove network from authorizer", logger.Ctx{"name": networkName, "project": projectName, "error": err}) - } - requestor := request.CreateRequestor(r) s.Events.SendLifecycle(projectName, lifecycle.NetworkDeleted.Event(n, requestor, nil)) @@ -1164,11 +1154,6 @@ func networkPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.RenameNetwork(r.Context(), projectName, networkName, req.Name) - if err != nil { - logger.Error("Failed to rename network in authorizer", logger.Ctx{"old_name": networkName, "new_name": req.Name, "project": projectName, "error": err}) - } - requestor := request.CreateRequestor(r) lc := lifecycle.NetworkRenamed.Event(n, requestor, map[string]any{"old_name": networkName}) s.Events.SendLifecycle(projectName, lc) diff --git a/lxd/profiles.go b/lxd/profiles.go index 1f38891cac71..df03d4816a48 100644 --- a/lxd/profiles.go +++ b/lxd/profiles.go @@ -341,11 +341,6 @@ func profilesPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(fmt.Errorf("Error inserting %q into database: %w", req.Name, err)) } - err = s.Authorizer.AddProfile(r.Context(), p.Name, req.Name) - if err != nil { - logger.Error("Failed to add profile to authorizer", logger.Ctx{"name": req.Name, "project": p.Name, "error": err}) - } - requestor := request.CreateRequestor(r) lc := lifecycle.ProfileCreated.Event(req.Name, p.Name, requestor, nil) s.Events.SendLifecycle(p.Name, lc) @@ -767,11 +762,6 @@ func profilePost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.RenameProfile(r.Context(), p.Name, name, req.Name) - if err != nil { - logger.Error("Failed to rename profile in authorizer", logger.Ctx{"old_name": name, "new_name": req.Name, "project": p.Name, "error": err}) - } - requestor := request.CreateRequestor(r) lc := lifecycle.ProfileRenamed.Event(req.Name, p.Name, requestor, logger.Ctx{"old_name": name}) s.Events.SendLifecycle(p.Name, lc) @@ -841,11 +831,6 @@ func profileDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - err = s.Authorizer.DeleteProfile(r.Context(), p.Name, name) - if err != nil { - logger.Error("Failed to remove profile from authorizer", logger.Ctx{"name": name, "project": p.Name, "error": err}) - } - requestor := request.CreateRequestor(r) s.Events.SendLifecycle(p.Name, lifecycle.ProfileDeleted.Event(name, p.Name, requestor, nil)) diff --git a/lxd/storage_buckets.go b/lxd/storage_buckets.go index 0448133ebabe..a292a9e323ec 100644 --- a/lxd/storage_buckets.go +++ b/lxd/storage_buckets.go @@ -20,7 +20,6 @@ import ( "github.com/canonical/lxd/lxd/util" "github.com/canonical/lxd/shared/api" "github.com/canonical/lxd/shared/entity" - "github.com/canonical/lxd/shared/logger" "github.com/canonical/lxd/shared/revert" "github.com/canonical/lxd/shared/version" ) @@ -420,11 +419,6 @@ func storagePoolBucketsPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(fmt.Errorf("Failed creating storage bucket admin key: %w", err)) } - err = s.Authorizer.AddStorageBucket(r.Context(), bucketProjectName, poolName, req.Name) - if err != nil { - logger.Error("Failed to add storage bucket to authorizer", logger.Ctx{"name": req.Name, "pool": poolName, "project": bucketProjectName, "error": err}) - } - s.Events.SendLifecycle(bucketProjectName, lifecycle.StorageBucketCreated.Event(pool, bucketProjectName, req.Name, request.CreateRequestor(r), nil)) u := api.NewURL().Path(version.APIVersion, "storage-pools", pool.Name(), "buckets", req.Name) @@ -642,11 +636,6 @@ func storagePoolBucketDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(fmt.Errorf("Failed deleting storage bucket: %w", err)) } - err = s.Authorizer.DeleteStorageBucket(r.Context(), bucketProjectName, poolName, bucketName) - if err != nil { - logger.Error("Failed to add storage bucket to authorizer", logger.Ctx{"name": bucketName, "pool": poolName, "project": bucketProjectName, "error": err}) - } - s.Events.SendLifecycle(bucketProjectName, lifecycle.StorageBucketDeleted.Event(pool, bucketProjectName, bucketName, request.CreateRequestor(r), nil)) return response.EmptySyncResponse diff --git a/lxd/storage_pools.go b/lxd/storage_pools.go index 299bb86b5e11..9f7148dd5c07 100644 --- a/lxd/storage_pools.go +++ b/lxd/storage_pools.go @@ -385,12 +385,6 @@ func storagePoolsPost(d *Daemon, r *http.Request) response.Response { } } - // Add the storage pool to the authorizer. - err = s.Authorizer.AddStoragePool(r.Context(), req.Name) - if err != nil { - logger.Error("Failed to add storage pool to authorizer", logger.Ctx{"name": pool.Name, "error": err}) - } - s.Events.SendLifecycle(api.ProjectDefaultName, lc) return resp @@ -1026,12 +1020,6 @@ func storagePoolDelete(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - // Remove the storage pool from the authorizer. - err = s.Authorizer.DeleteStoragePool(r.Context(), pool.Name()) - if err != nil { - logger.Error("Failed to remove storage pool from authorizer", logger.Ctx{"name": pool.Name(), "error": err}) - } - requestor := request.CreateRequestor(r) s.Events.SendLifecycle(api.ProjectDefaultName, lifecycle.StoragePoolDeleted.Event(pool.Name(), requestor, nil))