TBR: security: Use VDL support for wire<->native conversions for Discharge.
(This change is accompanied by
https://vanadium-review.googlesource.com/6440)
VDL now supports automatic wire type <-> native type conversions
for union types, so use it for WireDischarge <-> Discharge.
Go developers can now naturally use, encode, decode Discharge objects
and not have to manually translate using the (now removed) functions
NewDischarge and MarshalDischarge.
MultiPart: 2/2
Change-Id: I2258b137138c54342562228b0229ea779b3d2131
diff --git a/profiles/internal/ipc/client.go b/profiles/internal/ipc/client.go
index 38bc2b5..2a32fd4 100644
--- a/profiles/internal/ipc/client.go
+++ b/profiles/internal/ipc/client.go
@@ -714,11 +714,6 @@
if fc.flow.LocalPrincipal() != nil {
blessingsRequest = clientEncodeBlessings(fc.flow.VCDataCache(), fc.blessings)
}
-
- discharges := make([]security.WireDischarge, len(fc.discharges))
- for i, d := range fc.discharges {
- discharges[i] = security.MarshalDischarge(d)
- }
req := ipc.Request{
Suffix: suffix,
Method: method,
@@ -726,7 +721,7 @@
Deadline: vtime.Deadline{deadline},
GrantedBlessings: fc.grantedBlessings,
Blessings: blessingsRequest,
- Discharges: discharges,
+ Discharges: fc.discharges,
TraceRequest: ivtrace.Request(fc.ctx),
}
if err := fc.enc.Encode(req); err != nil {
diff --git a/profiles/internal/ipc/discharges.go b/profiles/internal/ipc/discharges.go
index 88f25f7..3919a02 100644
--- a/profiles/internal/ipc/discharges.go
+++ b/profiles/internal/ipc/discharges.go
@@ -127,12 +127,11 @@
vlog.VI(3).Infof("Discharge fetch for %v failed: %v", tp, err)
return
}
- var wire security.WireDischarge
- if err := call.Finish(&wire); err != nil {
+ var d security.Discharge
+ if err := call.Finish(&d); err != nil {
vlog.VI(3).Infof("Discharge fetch for %v failed: (%v)", cav, err)
return
}
- d := security.NewDischarge(wire)
discharges <- fetched{i, &d}
}(i, ctx, caveats[i])
}
diff --git a/profiles/internal/ipc/full_test.go b/profiles/internal/ipc/full_test.go
index 593684f..80a8be4 100644
--- a/profiles/internal/ipc/full_test.go
+++ b/profiles/internal/ipc/full_test.go
@@ -182,27 +182,23 @@
called bool
}
-func (ds *dischargeServer) Discharge(call ipc.StreamServerCall, cav security.Caveat, _ security.DischargeImpetus) (security.WireDischarge, error) {
+func (ds *dischargeServer) Discharge(call ipc.StreamServerCall, cav security.Caveat, _ security.DischargeImpetus) (security.Discharge, error) {
ds.mu.Lock()
ds.called = true
ds.mu.Unlock()
tp := cav.ThirdPartyDetails()
if tp == nil {
- return nil, fmt.Errorf("discharger: %v does not represent a third-party caveat", cav)
+ return security.Discharge{}, fmt.Errorf("discharger: %v does not represent a third-party caveat", cav)
}
if err := tp.Dischargeable(call); err != nil {
- return nil, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", cav, err)
+ return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", cav, err)
}
// Add a fakeTimeCaveat to be able to control discharge expiration via 'clock'.
expiry, err := security.NewCaveat(fakeTimeCaveat, clock.Now())
if err != nil {
- return nil, fmt.Errorf("failed to create an expiration on the discharge: %v", err)
+ return security.Discharge{}, fmt.Errorf("failed to create an expiration on the discharge: %v", err)
}
- d, err := call.LocalPrincipal().MintDischarge(cav, expiry)
- if err != nil {
- return nil, err
- }
- return security.MarshalDischarge(d), nil
+ return call.LocalPrincipal().MintDischarge(cav, expiry)
}
func startServer(t *testing.T, principal security.Principal, sm stream.Manager, ns ns.Namespace, name string, disp ipc.Dispatcher, opts ...ipc.ServerOpt) (naming.Endpoint, ipc.Server) {
@@ -837,10 +833,10 @@
traceid []uniqueid.Id
}
-func (s *dischargeTestServer) Discharge(call ipc.ServerCall, cav security.Caveat, impetus security.DischargeImpetus) (security.WireDischarge, error) {
+func (s *dischargeTestServer) Discharge(call ipc.ServerCall, cav security.Caveat, impetus security.DischargeImpetus) (security.Discharge, error) {
s.impetus = append(s.impetus, impetus)
s.traceid = append(s.traceid, vtrace.GetSpan(call.Context()).Trace())
- return nil, fmt.Errorf("discharges not issued")
+ return security.Discharge{}, fmt.Errorf("discharges not issued")
}
func (s *dischargeTestServer) Release() ([]security.DischargeImpetus, []uniqueid.Id) {
@@ -1756,13 +1752,13 @@
called bool
}
-func (ed *expiryDischarger) Discharge(call ipc.StreamServerCall, cav security.Caveat, _ security.DischargeImpetus) (security.WireDischarge, error) {
+func (ed *expiryDischarger) Discharge(call ipc.StreamServerCall, cav security.Caveat, _ security.DischargeImpetus) (security.Discharge, error) {
tp := cav.ThirdPartyDetails()
if tp == nil {
- return nil, fmt.Errorf("discharger: %v does not represent a third-party caveat", cav)
+ return security.Discharge{}, fmt.Errorf("discharger: %v does not represent a third-party caveat", cav)
}
if err := tp.Dischargeable(call); err != nil {
- return nil, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", cav, err)
+ return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", cav, err)
}
expDur := 10 * time.Millisecond
if ed.called {
@@ -1770,14 +1766,14 @@
}
expiry, err := security.ExpiryCaveat(time.Now().Add(expDur))
if err != nil {
- return nil, fmt.Errorf("failed to create an expiration on the discharge: %v", err)
+ return security.Discharge{}, fmt.Errorf("failed to create an expiration on the discharge: %v", err)
}
d, err := call.LocalPrincipal().MintDischarge(cav, expiry)
if err != nil {
- return nil, err
+ return security.Discharge{}, err
}
ed.called = true
- return security.MarshalDischarge(d), nil
+ return d, nil
}
func TestDischargeClientFetchExpiredDischarges(t *testing.T) {
diff --git a/profiles/internal/ipc/server.go b/profiles/internal/ipc/server.go
index dac6a19..48a318a 100644
--- a/profiles/internal/ipc/server.go
+++ b/profiles/internal/ipc/server.go
@@ -1158,8 +1158,7 @@
fs.ackBlessings = true
for _, d := range req.Discharges {
- dis := security.NewDischarge(d)
- fs.discharges[dis.ID()] = dis
+ fs.discharges[d.ID()] = d
}
return nil
}
diff --git a/profiles/internal/ipc/stream/vc/auth.go b/profiles/internal/ipc/stream/vc/auth.go
index d29edc2..beb8773 100644
--- a/profiles/internal/ipc/stream/vc/auth.go
+++ b/profiles/internal/ipc/stream/vc/auth.go
@@ -95,11 +95,7 @@
if err := enc.Encode(b); err != nil {
return err
}
- if v >= version.IPCVersion7 {
- if err := enc.Encode(marshalDischarges(discharges)); err != nil {
- return err
- }
- } else if v >= version.IPCVersion5 {
+ if v >= version.IPCVersion5 {
if err := enc.Encode(discharges); err != nil {
return err
}
@@ -147,20 +143,9 @@
return noBlessings, nil, err
}
var discharges map[string]security.Discharge
- if v >= version.IPCVersion7 {
- var wired []security.WireDischarge
- if err = dec.Decode(&wired); err != nil {
- return noBlessings, nil, err
- }
- if len(wired) > 0 {
- discharges = make(map[string]security.Discharge)
- for _, d := range unmarshalDischarges(wired) {
- discharges[d.ID()] = d
- }
- }
- } else if v >= version.IPCVersion5 {
+ if v >= version.IPCVersion5 {
var list []security.Discharge
- if err = dec.Decode(&list); err != nil {
+ if err := dec.Decode(&list); err != nil {
return noBlessings, nil, err
}
if len(list) > 0 {
@@ -175,19 +160,3 @@
}
return blessings, discharges, nil
}
-
-func marshalDischarges(discharges []security.Discharge) []security.WireDischarge {
- wire := make([]security.WireDischarge, len(discharges))
- for i, d := range discharges {
- wire[i] = security.MarshalDischarge(d)
- }
- return wire
-}
-
-func unmarshalDischarges(wire []security.WireDischarge) []security.Discharge {
- discharges := make([]security.Discharge, len(wire))
- for i, w := range wire {
- discharges[i] = security.NewDischarge(w)
- }
- return discharges
-}
diff --git a/profiles/internal/ipc/stream/vc/vc.go b/profiles/internal/ipc/stream/vc/vc.go
index 042044a..9d6ce00 100644
--- a/profiles/internal/ipc/stream/vc/vc.go
+++ b/profiles/internal/ipc/stream/vc/vc.go
@@ -612,7 +612,7 @@
}
enc, err := vom.NewEncoder(conn)
if err != nil {
- vlog.Errorf("failed to create new encoder(conn=%v): %v", conn, err)
+ vlog.Errorf("failed to create new encoder for discharges on VC %v: %v", vc, err)
return
}
discharges := dc.PrepareDischarges(nil, tpCavs, security.DischargeImpetus{})
@@ -620,12 +620,12 @@
select {
case <-time.After(fetchDuration(expiry)):
discharges = dc.PrepareDischarges(nil, tpCavs, security.DischargeImpetus{})
- if err := enc.Encode(marshalDischarges(discharges)); err != nil {
- vlog.Errorf("encoding discharge(%v) failed: %v", discharges, err)
+ if err := enc.Encode(discharges); err != nil {
+ vlog.Errorf("encoding discharges on VC %v failed: %v", vc, err)
return
}
case <-vc.closeCh:
- vlog.VI(3).Infof("closing sendDischargesLoop")
+ vlog.VI(3).Infof("closing sendDischargesLoop on VC %v", vc)
return
}
}
@@ -655,17 +655,16 @@
defer conn.Close()
dec, err := vom.NewDecoder(conn)
if err != nil {
- vlog.Errorf("failed to create new decoder: %v", err)
+ vlog.Errorf("failed to create new decoder for discharges on %v: %v", vc, err)
return
}
for {
- var wire []security.WireDischarge
- if err := dec.Decode(&wire); err != nil {
- vlog.VI(3).Infof("decoding discharge failed: %v", err)
+ var discharges []security.Discharge
+ if err := dec.Decode(&discharges); err != nil {
+ vlog.VI(3).Infof("decoding discharges on %v failed: %v", vc, err)
return
}
- discharges := unmarshalDischarges(wire)
vc.mu.Lock()
for _, d := range discharges {
vc.remoteDischarges[d.ID()] = d
diff --git a/profiles/internal/rt/ipc_test.go b/profiles/internal/rt/ipc_test.go
index c106c42..559e7ca 100644
--- a/profiles/internal/rt/ipc_test.go
+++ b/profiles/internal/rt/ipc_test.go
@@ -38,13 +38,13 @@
mu sync.Mutex
}
-func (ds *dischargeService) Discharge(call ipc.StreamServerCall, cav security.Caveat, _ security.DischargeImpetus) (security.WireDischarge, error) {
+func (ds *dischargeService) Discharge(call ipc.StreamServerCall, cav security.Caveat, _ security.DischargeImpetus) (security.Discharge, error) {
tp := cav.ThirdPartyDetails()
if tp == nil {
- return nil, fmt.Errorf("discharger: not a third party caveat (%v)", cav)
+ return security.Discharge{}, fmt.Errorf("discharger: not a third party caveat (%v)", cav)
}
if err := tp.Dischargeable(call); err != nil {
- return nil, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
+ return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
}
// If its the first time being called, add an expiry caveat and a MethodCaveat for "EchoBlessings".
// Otherwise, just add a MethodCaveat for "Foo".
@@ -59,11 +59,7 @@
}
}
- d, err := call.LocalPrincipal().MintDischarge(cav, caveats[0], caveats[1:]...)
- if err != nil {
- return nil, err
- }
- return security.MarshalDischarge(d), nil
+ return call.LocalPrincipal().MintDischarge(cav, caveats[0], caveats[1:]...)
}
func newCtx(rootCtx *context.T) *context.T {
diff --git a/security/agent/client.go b/security/agent/client.go
index f8cb435..2458fd5 100644
--- a/security/agent/client.go
+++ b/security/agent/client.go
@@ -126,11 +126,11 @@
}
func (c *client) MintDischarge(forCaveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge ...security.Caveat) (security.Discharge, error) {
- var discharge security.WireDischarge
+ var discharge security.Discharge
if err := c.caller.call("MintDischarge", results(&discharge), forCaveat, caveatOnDischarge, additionalCaveatsOnDischarge); err != nil {
return security.Discharge{}, err
}
- return security.NewDischarge(discharge), nil
+ return discharge, nil
}
func (c *client) PublicKey() security.PublicKey {
diff --git a/security/agent/server/server.go b/security/agent/server/server.go
index 1879093..580449b 100644
--- a/security/agent/server/server.go
+++ b/security/agent/server/server.go
@@ -287,12 +287,8 @@
return a.principal.Sign(message)
}
-func (a agentd) MintDischarge(_ ipc.ServerCall, forCaveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat) (security.WireDischarge, error) {
- d, err := a.principal.MintDischarge(forCaveat, caveatOnDischarge, additionalCaveatsOnDischarge...)
- if err != nil {
- return nil, err
- }
- return security.MarshalDischarge(d), nil
+func (a agentd) MintDischarge(_ ipc.ServerCall, forCaveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat) (security.Discharge, error) {
+ return a.principal.MintDischarge(forCaveat, caveatOnDischarge, additionalCaveatsOnDischarge...)
}
func (a keymgr) newKey(in_memory bool) (id []byte, data *keyData, err error) {
diff --git a/security/agent/server/wire.vdl.go b/security/agent/server/wire.vdl.go
index 2f23811..401a360 100644
--- a/security/agent/server/wire.vdl.go
+++ b/security/agent/server/wire.vdl.go
@@ -20,7 +20,7 @@
Bless(ctx *context.T, key []byte, wit security.Blessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat, opts ...ipc.CallOpt) (security.Blessings, error)
BlessSelf(ctx *context.T, name string, caveats []security.Caveat, opts ...ipc.CallOpt) (security.Blessings, error)
Sign(ctx *context.T, message []byte, opts ...ipc.CallOpt) (security.Signature, error)
- MintDischarge(ctx *context.T, forCaveat security.Caveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat, opts ...ipc.CallOpt) (security.WireDischarge, error)
+ MintDischarge(ctx *context.T, forCaveat security.Caveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat, opts ...ipc.CallOpt) (security.Discharge, error)
PublicKey(*context.T, ...ipc.CallOpt) ([]byte, error)
BlessingsByName(ctx *context.T, name security.BlessingPattern, opts ...ipc.CallOpt) ([]security.Blessings, error)
BlessingsInfo(ctx *context.T, blessings security.Blessings, opts ...ipc.CallOpt) (map[string][]security.Caveat, error)
@@ -97,7 +97,7 @@
return
}
-func (c implAgentClientStub) MintDischarge(ctx *context.T, i0 security.Caveat, i1 security.Caveat, i2 []security.Caveat, opts ...ipc.CallOpt) (o0 security.WireDischarge, err error) {
+func (c implAgentClientStub) MintDischarge(ctx *context.T, i0 security.Caveat, i1 security.Caveat, i2 []security.Caveat, opts ...ipc.CallOpt) (o0 security.Discharge, err error) {
var call ipc.ClientCall
if call, err = c.c(ctx).StartCall(ctx, c.name, "MintDischarge", []interface{}{i0, i1, i2}, opts...); err != nil {
return
@@ -306,7 +306,7 @@
Bless(ctx ipc.ServerCall, key []byte, wit security.Blessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.Blessings, error)
BlessSelf(ctx ipc.ServerCall, name string, caveats []security.Caveat) (security.Blessings, error)
Sign(ctx ipc.ServerCall, message []byte) (security.Signature, error)
- MintDischarge(ctx ipc.ServerCall, forCaveat security.Caveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat) (security.WireDischarge, error)
+ MintDischarge(ctx ipc.ServerCall, forCaveat security.Caveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat) (security.Discharge, error)
PublicKey(ipc.ServerCall) ([]byte, error)
BlessingsByName(ctx ipc.ServerCall, name security.BlessingPattern) ([]security.Blessings, error)
BlessingsInfo(ctx ipc.ServerCall, blessings security.Blessings) (map[string][]security.Caveat, error)
@@ -335,7 +335,7 @@
Bless(ctx ipc.ServerCall, key []byte, wit security.Blessings, extension string, caveat security.Caveat, additionalCaveats []security.Caveat) (security.Blessings, error)
BlessSelf(ctx ipc.ServerCall, name string, caveats []security.Caveat) (security.Blessings, error)
Sign(ctx ipc.ServerCall, message []byte) (security.Signature, error)
- MintDischarge(ctx ipc.ServerCall, forCaveat security.Caveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat) (security.WireDischarge, error)
+ MintDischarge(ctx ipc.ServerCall, forCaveat security.Caveat, caveatOnDischarge security.Caveat, additionalCaveatsOnDischarge []security.Caveat) (security.Discharge, error)
PublicKey(ipc.ServerCall) ([]byte, error)
BlessingsByName(ctx ipc.ServerCall, name security.BlessingPattern) ([]security.Blessings, error)
BlessingsInfo(ctx ipc.ServerCall, blessings security.Blessings) (map[string][]security.Caveat, error)
@@ -397,7 +397,7 @@
return s.impl.Sign(ctx, i0)
}
-func (s implAgentServerStub) MintDischarge(ctx ipc.ServerCall, i0 security.Caveat, i1 security.Caveat, i2 []security.Caveat) (security.WireDischarge, error) {
+func (s implAgentServerStub) MintDischarge(ctx ipc.ServerCall, i0 security.Caveat, i1 security.Caveat, i2 []security.Caveat) (security.Discharge, error) {
return s.impl.MintDischarge(ctx, i0, i1, i2)
}
@@ -513,7 +513,7 @@
{"additionalCaveatsOnDischarge", ``}, // []security.Caveat
},
OutArgs: []ipc.ArgDesc{
- {"", ``}, // security.WireDischarge
+ {"", ``}, // security.Discharge
},
},
{
diff --git a/services/identity/revocation/revocation_test.go b/services/identity/revocation/revocation_test.go
index df6d5f5..04daac0 100644
--- a/services/identity/revocation/revocation_test.go
+++ b/services/identity/revocation/revocation_test.go
@@ -53,19 +53,19 @@
}
var impetus security.DischargeImpetus
- if _, err = discharger.Discharge(ctx, caveat, impetus); err != nil {
+ if _, err := discharger.Discharge(ctx, caveat, impetus); err != nil {
t.Fatalf("failed to get discharge: %s", err)
}
- if err = revoker.Revoke(tp.ID()); err != nil {
+ if err := revoker.Revoke(tp.ID()); err != nil {
t.Fatalf("failed to revoke: %s", err)
}
- if discharge, err := discharger.Discharge(ctx, caveat, impetus); err == nil || discharge != nil {
+ if _, err := discharger.Discharge(ctx, caveat, impetus); err == nil {
t.Fatalf("got a discharge for a revoked caveat: %s", err)
}
- if err = revoker.Revoke(tp.ID()); err != nil {
+ if err := revoker.Revoke(tp.ID()); err != nil {
t.Fatalf("failed to revoke again: %s", err)
}
- if discharge, err := discharger.Discharge(ctx, caveat, impetus); err == nil || discharge != nil {
+ if _, err := discharger.Discharge(ctx, caveat, impetus); err == nil {
t.Fatalf("got a discharge for a doubly revoked caveat: %s", err)
}
}
diff --git a/services/security/discharger.vdl.go b/services/security/discharger.vdl.go
index 9c4f1e1..3ea61b1 100644
--- a/services/security/discharger.vdl.go
+++ b/services/security/discharger.vdl.go
@@ -21,7 +21,7 @@
// Discharge is called by a principal that holds a blessing with a third
// party caveat and seeks to get a discharge that proves the fulfillment of
// this caveat.
- Discharge(ctx *context.T, Caveat security.Caveat, Impetus security.DischargeImpetus, opts ...ipc.CallOpt) (Discharge security.WireDischarge, err error)
+ Discharge(ctx *context.T, Caveat security.Caveat, Impetus security.DischargeImpetus, opts ...ipc.CallOpt) (Discharge security.Discharge, err error)
}
// DischargerClientStub adds universal methods to DischargerClientMethods.
@@ -53,7 +53,7 @@
return v23.GetClient(ctx)
}
-func (c implDischargerClientStub) Discharge(ctx *context.T, i0 security.Caveat, i1 security.DischargeImpetus, opts ...ipc.CallOpt) (o0 security.WireDischarge, err error) {
+func (c implDischargerClientStub) Discharge(ctx *context.T, i0 security.Caveat, i1 security.DischargeImpetus, opts ...ipc.CallOpt) (o0 security.Discharge, err error) {
var call ipc.ClientCall
if call, err = c.c(ctx).StartCall(ctx, c.name, "Discharge", []interface{}{i0, i1}, opts...); err != nil {
return
@@ -70,7 +70,7 @@
// Discharge is called by a principal that holds a blessing with a third
// party caveat and seeks to get a discharge that proves the fulfillment of
// this caveat.
- Discharge(ctx ipc.ServerCall, Caveat security.Caveat, Impetus security.DischargeImpetus) (Discharge security.WireDischarge, err error)
+ Discharge(ctx ipc.ServerCall, Caveat security.Caveat, Impetus security.DischargeImpetus) (Discharge security.Discharge, err error)
}
// DischargerServerStubMethods is the server interface containing
@@ -108,7 +108,7 @@
gs *ipc.GlobState
}
-func (s implDischargerServerStub) Discharge(ctx ipc.ServerCall, i0 security.Caveat, i1 security.DischargeImpetus) (security.WireDischarge, error) {
+func (s implDischargerServerStub) Discharge(ctx ipc.ServerCall, i0 security.Caveat, i1 security.DischargeImpetus) (security.Discharge, error) {
return s.impl.Discharge(ctx, i0, i1)
}
@@ -137,7 +137,7 @@
{"Impetus", ``}, // security.DischargeImpetus
},
OutArgs: []ipc.ArgDesc{
- {"Discharge", ``}, // security.WireDischarge
+ {"Discharge", ``}, // security.Discharge
},
},
},
diff --git a/services/security/discharger/discharger.go b/services/security/discharger/discharger.go
index 4f67415..337fdb5 100644
--- a/services/security/discharger/discharger.go
+++ b/services/security/discharger/discharger.go
@@ -13,23 +13,19 @@
// namespace with no additional caveats iff the caveat is valid.
type dischargerd struct{}
-func (dischargerd) Discharge(call ipc.ServerCall, caveat security.Caveat, _ security.DischargeImpetus) (security.WireDischarge, error) {
+func (dischargerd) Discharge(call ipc.ServerCall, caveat security.Caveat, _ security.DischargeImpetus) (security.Discharge, error) {
tp := caveat.ThirdPartyDetails()
if tp == nil {
- return nil, fmt.Errorf("Caveat %v does not represent a third party caveat", caveat)
+ return security.Discharge{}, fmt.Errorf("Caveat %v does not represent a third party caveat", caveat)
}
if err := tp.Dischargeable(call); err != nil {
- return nil, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
+ return security.Discharge{}, fmt.Errorf("third-party caveat %v cannot be discharged for this context: %v", tp, err)
}
expiry, err := security.ExpiryCaveat(time.Now().Add(15 * time.Minute))
if err != nil {
- return nil, fmt.Errorf("unable to create expiration caveat on the discharge: %v", err)
+ return security.Discharge{}, fmt.Errorf("unable to create expiration caveat on the discharge: %v", err)
}
- d, err := call.LocalPrincipal().MintDischarge(caveat, expiry)
- if err != nil {
- return nil, err
- }
- return security.MarshalDischarge(d), nil
+ return call.LocalPrincipal().MintDischarge(caveat, expiry)
}
// NewDischarger returns a discharger service implementation that grants
