Merge pull request #22357 from vespa-engine/vekterli/rename-authorization-result

Rename AuthorizationResult to VerificationResult

8 files changed, 101 insertions, 101 deletions

diff --git a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp
index e20cd30c597..1de10939bea 100644
--- a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp
+++ b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp
@@ -535,35 +535,35 @@ struct CertFixture : Fixture {
 CertFixture::~CertFixture() = default;
 
 struct PrintingCertificateCallback : CertificateVerificationCallback {
-    AuthorizationResult verify(const PeerCredentials& peer_creds) const override {
+    VerificationResult verify(const PeerCredentials& peer_creds) const override {
         if (!peer_creds.common_name.empty())  {
             fprintf(stderr, "Got a CN: %s\n", peer_creds.common_name.c_str());
         }
         for (auto& dns : peer_creds.dns_sans) {
             fprintf(stderr, "Got a DNS SAN entry: %s\n", dns.c_str());
         }
-        return AuthorizationResult::make_authorized_for_all_roles();
+        return VerificationResult::make_authorized_for_all_roles();
     }
 };
 
 // Single-use mock verifier
 struct MockCertificateCallback : CertificateVerificationCallback {
     mutable PeerCredentials creds; // only used in single thread testing context
-    AuthorizationResult verify(const PeerCredentials& peer_creds) const override {
+    VerificationResult verify(const PeerCredentials& peer_creds) const override {
         creds = peer_creds;
-        return AuthorizationResult::make_authorized_for_all_roles();
+        return VerificationResult::make_authorized_for_all_roles();
     }
 };
 
 struct AlwaysFailVerifyCallback : CertificateVerificationCallback {
-    AuthorizationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override {
+    VerificationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override {
         fprintf(stderr, "Rejecting certificate, none shall pass!\n");
-        return AuthorizationResult::make_not_authorized();
+        return VerificationResult::make_not_authorized();
     }
 };
 
 struct ExceptionThrowingCallback : CertificateVerificationCallback {
-    AuthorizationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override {
+    VerificationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override {
         throw std::runtime_error("oh no what is going on");
     }
 };
diff --git a/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp b/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp
index 8c9e50f17b4..fa2bc1a2eaf 100644
--- a/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp
+++ b/vespalib/src/tests/net/tls/policy_checking_certificate_verifier/policy_checking_certificate_verifier_test.cpp
@@ -338,27 +338,27 @@ TEST("AssumedRolesBuilder builds union set of added roles") {
     EXPECT_EQUAL(roles, AssumedRoles::make_for_roles({"hello", "goodbye", "moon", "world"}));
 }
 
-TEST("AuthorizationResult is not authorized by default") {
-    AuthorizationResult result;
+TEST("VerificationResult is not authorized by default") {
+    VerificationResult result;
     EXPECT_FALSE(result.success());
     EXPECT_TRUE(result.assumed_roles().empty());
 }
 
-TEST("AuthorizationResult can be explicitly created as not authorzed") {
-    auto result = AuthorizationResult::make_not_authorized();
+TEST("VerificationResult can be explicitly created as not authorized") {
+    auto result = VerificationResult::make_not_authorized();
     EXPECT_FALSE(result.success());
     EXPECT_TRUE(result.assumed_roles().empty());
 }
 
-TEST("AuthorizationResult can be pre-authorized for all roles") {
-    auto result = AuthorizationResult::make_authorized_for_all_roles();
+TEST("VerificationResult can be pre-authorized for all roles") {
+    auto result = VerificationResult::make_authorized_for_all_roles();
     EXPECT_TRUE(result.success());
     EXPECT_FALSE(result.assumed_roles().empty());
     EXPECT_TRUE(result.assumed_roles().can_assume_role("foo"));
 }
 
-TEST("AuthorizationResult can be pre-authorized for an explicit set of roles") {
-    auto result = AuthorizationResult::make_authorized_for_roles(AssumedRoles::make_for_roles({"elden", "ring"}));
+TEST("VerificationResult can be pre-authorized for an explicit set of roles") {
+    auto result = VerificationResult::make_authorized_for_roles(AssumedRoles::make_for_roles({"elden", "ring"}));
     EXPECT_TRUE(result.success());
     EXPECT_FALSE(result.assumed_roles().empty());
     EXPECT_TRUE(result.assumed_roles().can_assume_role("elden"));
diff --git a/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt b/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt
index 424c2bd672f..a94d088b6a8 100644
--- a/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt
+++ b/vespalib/src/vespa/vespalib/net/tls/CMakeLists.txt
@@ -3,7 +3,6 @@ vespa_add_library(vespalib_vespalib_net_tls OBJECT
     SOURCES
     assumed_roles.cpp
     authorization_mode.cpp
-    authorization_result.cpp
     auto_reloading_tls_crypto_engine.cpp
     crypto_codec.cpp
     crypto_codec_adapter.cpp
@@ -19,6 +18,7 @@ vespa_add_library(vespalib_vespalib_net_tls OBJECT
     tls_crypto_socket.cpp
     transport_security_options.cpp
     transport_security_options_reading.cpp
+    verification_result.cpp
     DEPENDS
 )
 find_package(OpenSSL)
diff --git a/vespalib/src/vespa/vespalib/net/tls/authorization_result.cpp b/vespalib/src/vespa/vespalib/net/tls/authorization_result.cpp
deleted file mode 100644
index 069e971833c..00000000000
--- a/vespalib/src/vespa/vespalib/net/tls/authorization_result.cpp
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-
-#include "authorization_result.h"
-#include <vespa/vespalib/stllike/asciistream.h>
-#include <ostream>
-
-namespace vespalib::net::tls {
-
-AuthorizationResult::AuthorizationResult() = default;
-
-AuthorizationResult::AuthorizationResult(AssumedRoles assumed_roles)
-    : _assumed_roles(std::move(assumed_roles))
-{}
-
-AuthorizationResult::AuthorizationResult(const AuthorizationResult&) = default;
-AuthorizationResult& AuthorizationResult::operator=(const AuthorizationResult&) = default;
-AuthorizationResult::AuthorizationResult(AuthorizationResult&&) noexcept = default;
-AuthorizationResult& AuthorizationResult::operator=(AuthorizationResult&&) noexcept = default;
-AuthorizationResult::~AuthorizationResult() = default;
-
-void AuthorizationResult::print(asciistream& os) const {
-    os << "AuthorizationResult(";
-    if (!success()) {
-        os << "NOT AUTHORIZED";
-    } else {
-        os << _assumed_roles;
-    }
-    os << ')';
-}
-
-AuthorizationResult
-AuthorizationResult::make_authorized_for_roles(AssumedRoles assumed_roles) {
-    return AuthorizationResult(std::move(assumed_roles));
-}
-
-AuthorizationResult
-AuthorizationResult::make_authorized_for_all_roles() {
-    return AuthorizationResult(AssumedRoles::make_wildcard_role());
-}
-
-AuthorizationResult
-AuthorizationResult::make_not_authorized() {
-    return {};
-}
-
-asciistream& operator<<(asciistream& os, const AuthorizationResult& res) {
-    res.print(os);
-    return os;
-}
-
-std::ostream& operator<<(std::ostream& os, const AuthorizationResult& res) {
-    os << to_string(res);
-    return os;
-}
-
-string to_string(const AuthorizationResult& res) {
-    asciistream os;
-    os << res;
-    return os.str();
-}
-
-}
diff --git a/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h b/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h
index 0c18ba1a789..f4d8d39206b 100644
--- a/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h
+++ b/vespalib/src/vespa/vespalib/net/tls/certificate_verification_callback.h
@@ -1,7 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 #pragma once
 
-#include "authorization_result.h"
+#include "verification_result.h"
 #include "peer_credentials.h"
 
 namespace vespalib::net::tls {
@@ -14,15 +14,15 @@ struct CertificateVerificationCallback {
     virtual ~CertificateVerificationCallback() = default;
     // Return true iff the peer credentials pass verification, false otherwise.
     // Must be thread safe.
-    [[nodiscard]] virtual AuthorizationResult verify(const PeerCredentials& peer_creds) const = 0;
+    [[nodiscard]] virtual VerificationResult verify(const PeerCredentials& peer_creds) const = 0;
 };
 
 // Simplest possible certificate verification callback which accepts the certificate
 // iff all its pre-verification by OpenSSL has passed. This means its chain is valid
 // and it is signed by a trusted CA.
 struct AcceptAllPreVerifiedCertificates : CertificateVerificationCallback {
-    AuthorizationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override {
-        return AuthorizationResult::make_authorized_for_all_roles(); // yolo
+    VerificationResult verify([[maybe_unused]] const PeerCredentials& peer_creds) const override {
+        return VerificationResult::make_authorized_for_all_roles(); // yolo
     }
 };
 
diff --git a/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp b/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp
index 65e14434ff1..4018e20225e 100644
--- a/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp
+++ b/vespalib/src/vespa/vespalib/net/tls/policy_checking_certificate_verifier.cpp
@@ -61,7 +61,7 @@ public:
 
     ~PolicyConfiguredCertificateVerifier() override;
 
-    AuthorizationResult verify(const PeerCredentials& peer_creds) const override;
+    VerificationResult verify(const PeerCredentials& peer_creds) const override;
 };
 
 PolicyConfiguredCertificateVerifier::PolicyConfiguredCertificateVerifier(AuthorizedPeers authorized_peers) noexcept
@@ -69,9 +69,9 @@ PolicyConfiguredCertificateVerifier::PolicyConfiguredCertificateVerifier(Authori
 
 PolicyConfiguredCertificateVerifier::~PolicyConfiguredCertificateVerifier() = default;
 
-AuthorizationResult PolicyConfiguredCertificateVerifier::verify(const PeerCredentials& peer_creds) const {
+VerificationResult PolicyConfiguredCertificateVerifier::verify(const PeerCredentials& peer_creds) const {
     if (_authorized_peers.allows_all_authenticated()) {
-        return AuthorizationResult::make_authorized_for_all_roles();
+        return VerificationResult::make_authorized_for_all_roles();
     }
     AssumedRolesBuilder roles_builder;
     for (const auto& policy : _authorized_peers.peer_policies()) {
@@ -80,9 +80,9 @@ AuthorizationResult PolicyConfiguredCertificateVerifier::verify(const PeerCreden
         }
     }
     if (!roles_builder.empty()) {
-        return AuthorizationResult::make_authorized_for_roles(roles_builder.build_with_move());
+        return VerificationResult::make_authorized_for_roles(roles_builder.build_with_move());
     } else {
-        return AuthorizationResult::make_not_authorized();
+        return VerificationResult::make_not_authorized();
     }
 }
 
diff --git a/vespalib/src/vespa/vespalib/net/tls/verification_result.cpp b/vespalib/src/vespa/vespalib/net/tls/verification_result.cpp
new file mode 100644
index 00000000000..e4833f59f47
--- /dev/null
+++ b/vespalib/src/vespa/vespalib/net/tls/verification_result.cpp
@@ -0,0 +1,62 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+#include "verification_result.h"
+#include <vespa/vespalib/stllike/asciistream.h>
+#include <ostream>
+
+namespace vespalib::net::tls {
+
+VerificationResult::VerificationResult() = default;
+
+VerificationResult::VerificationResult(AssumedRoles assumed_roles)
+    : _assumed_roles(std::move(assumed_roles))
+{}
+
+VerificationResult::VerificationResult(const VerificationResult&) = default;
+VerificationResult& VerificationResult::operator=(const VerificationResult&) = default;
+VerificationResult::VerificationResult(VerificationResult&&) noexcept = default;
+VerificationResult& VerificationResult::operator=(VerificationResult&&) noexcept = default;
+VerificationResult::~VerificationResult() = default;
+
+void VerificationResult::print(asciistream& os) const {
+    os << "VerificationResult(";
+    if (!success()) {
+        os << "NOT AUTHORIZED";
+    } else {
+        os << _assumed_roles;
+    }
+    os << ')';
+}
+
+VerificationResult
+VerificationResult::make_authorized_for_roles(AssumedRoles assumed_roles) {
+    return VerificationResult(std::move(assumed_roles));
+}
+
+VerificationResult
+VerificationResult::make_authorized_for_all_roles() {
+    return VerificationResult(AssumedRoles::make_wildcard_role());
+}
+
+VerificationResult
+VerificationResult::make_not_authorized() {
+    return {};
+}
+
+asciistream& operator<<(asciistream& os, const VerificationResult& res) {
+    res.print(os);
+    return os;
+}
+
+std::ostream& operator<<(std::ostream& os, const VerificationResult& res) {
+    os << to_string(res);
+    return os;
+}
+
+string to_string(const VerificationResult& res) {
+    asciistream os;
+    os << res;
+    return os.str();
+}
+
+}
diff --git a/vespalib/src/vespa/vespalib/net/tls/authorization_result.h b/vespalib/src/vespa/vespalib/net/tls/verification_result.h
index b92bbbca9dd..2de89269ba4 100644
--- a/vespalib/src/vespa/vespalib/net/tls/authorization_result.h
+++ b/vespalib/src/vespa/vespalib/net/tls/verification_result.h
@@ -17,17 +17,17 @@ namespace vespalib::net::tls {
  * authorization rules. If no rules matched, the set will be empty. The role
  * set will also be empty for a default-constructed instance.
  */
-class AuthorizationResult {
+class VerificationResult {
     AssumedRoles _assumed_roles;
 
-    explicit AuthorizationResult(AssumedRoles assumed_roles);
+    explicit VerificationResult(AssumedRoles assumed_roles);
 public:
-    AuthorizationResult();
-    AuthorizationResult(const AuthorizationResult&);
-    AuthorizationResult& operator=(const AuthorizationResult&);
-    AuthorizationResult(AuthorizationResult&&) noexcept;
-    AuthorizationResult& operator=(AuthorizationResult&&) noexcept;
-    ~AuthorizationResult();
+    VerificationResult();
+    VerificationResult(const VerificationResult&);
+    VerificationResult& operator=(const VerificationResult&);
+    VerificationResult(VerificationResult&&) noexcept;
+    VerificationResult& operator=(VerificationResult&&) noexcept;
+    ~VerificationResult();
 
     // Returns true iff at least one assumed role has been granted.
     [[nodiscard]] bool success() const noexcept {
@@ -43,13 +43,13 @@ public:
 
     void print(asciistream& os) const;
 
-    static AuthorizationResult make_authorized_for_roles(AssumedRoles assumed_roles);
-    static AuthorizationResult make_authorized_for_all_roles();
-    static AuthorizationResult make_not_authorized();
+    static VerificationResult make_authorized_for_roles(AssumedRoles assumed_roles);
+    static VerificationResult make_authorized_for_all_roles();
+    static VerificationResult make_not_authorized();
 };
 
-asciistream& operator<<(asciistream&, const AuthorizationResult&);
-std::ostream& operator<<(std::ostream&, const AuthorizationResult&);
-string to_string(const AuthorizationResult&);
+asciistream& operator<<(asciistream&, const VerificationResult&);
+std::ostream& operator<<(std::ostream&, const VerificationResult&);
+string to_string(const VerificationResult&);
 
 }