Removed the variadic username

Could be useful later on, but for the current PR changes should be minimized
3 years ago · 1d2445e1d8
parent 9e00b82bdf
commit 1d2445e1d8
4 changed files with 6 additions and 7 deletions
--- a/authority/options.go
+++ b/authority/options.go
@ -47,7 +47,7 @@ func WithDatabase(db db.AuthDB) Option {

 // WithGetIdentityFunc sets a custom function to retrieve the identity from
 // an external resource.
-func WithGetIdentityFunc(fn func(ctx context.Context, p provisioner.Interface, email string, usernames ...string) (*provisioner.Identity, error)) Option {
+func WithGetIdentityFunc(fn func(ctx context.Context, p provisioner.Interface, email string) (*provisioner.Identity, error)) Option {
 	return func(a *Authority) error {
 		a.getIdentityFunc = fn
 		return nil
--- a/authority/provisioner/oidc.go
+++ b/authority/provisioner/oidc.go
@ -44,7 +44,6 @@ type openIDPayload struct {
 	AuthorizedParty   string   `json:"azp"`
 	Email             string   `json:"email"`
 	EmailVerified     bool     `json:"email_verified"`
-	PreferredUsername string   `json:"preferred_username"`
 	Hd                string   `json:"hd"`
 	Nonce             string   `json:"nonce"`
 	Groups            []string `json:"groups"`
--- a/authority/provisioner/oidc_test.go
+++ b/authority/provisioner/oidc_test.go
@ -500,10 +500,10 @@ func TestOIDC_AuthorizeSSHSign(t *testing.T) {
 	assert.FatalError(t, p4.Init(config))
 	assert.FatalError(t, p5.Init(config))

-	p4.getIdentityFunc = func(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error) {
+	p4.getIdentityFunc = func(ctx context.Context, p Interface, email string) (*Identity, error) {
 		return &Identity{Usernames: []string{"max", "mariano"}}, nil
 	}
-	p5.getIdentityFunc = func(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error) {
+	p5.getIdentityFunc = func(ctx context.Context, p Interface, email string) (*Identity, error) {
 		return nil, errors.New("force")
 	}
 	// Additional test needed for empty usernames and duplicate email and usernames
--- a/authority/provisioner/provisioner.go
+++ b/authority/provisioner/provisioner.go
@ -337,12 +337,12 @@ type Permissions struct {
 }

 // GetIdentityFunc is a function that returns an identity.
-type GetIdentityFunc func(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error)
+type GetIdentityFunc func(ctx context.Context, p Interface, email string) (*Identity, error)

 // DefaultIdentityFunc return a default identity depending on the provisioner
 // type. For OIDC email is always present and the usernames might
 // contain empty strings.
-func DefaultIdentityFunc(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error) {
+func DefaultIdentityFunc(ctx context.Context, p Interface, email string) (*Identity, error) {
 	switch k := p.(type) {
 	case *OIDC:
 		// OIDC principals would be:
@ -354,7 +354,7 @@ func DefaultIdentityFunc(ctx context.Context, p Interface, email string, usernam
 		if !sshUserRegex.MatchString(name) {
 			return nil, errors.Errorf("invalid principal '%s' from email '%s'", name, email)
 		}
-		usernames = append(usernames, name)
+		usernames := []string{name}
 		if i := strings.LastIndex(email, "@"); i >= 0 {
 			usernames = append(usernames, email[:i])
 		}