File

usermanager: Remove concept of global authz provider Rationale: - Removes a bunch of code! - We don't have many cases where an actor is not bound to one of our hosts - A notable exception is the admin shell, but if we ever attempt to lock those sessions down, there is a load of other work that also has to be done. And it's not clear if we would need a global authz provider for that anyway. - Removes an extra edge case from the necessary mental model for operators - Sessions that aren't bound to a host generally are anonymous or have an alternative auth model (such as by IP addres). - With the encapsulation now provided by util.roles, ad-hoc "detached roles" can still be created anyway by code that needs them.

+
−local methods = {};
+
−local resolver_mt = { __index = methods };
+
−local unpack = table.unpack;
+
−
+
−-- Find the next target to connect to, and
+
−-- pass it to cb()
+
−function methods:next(cb)
+
−	if #self.targets == 0 then
+
−		cb(nil);
+
−		return;
+
−	end
+
−	local next_target = table.remove(self.targets, 1);
+
−	cb(unpack(next_target, 1, 4));
+
−end
+
−
+
−local function new(targets, conn_type, extra)
+
−	return setmetatable({
+
−		conn_type = conn_type;
+
−		extra = extra;
+
−		targets = targets or {};
+
−	}, resolver_mt);
+
−end
+
−
+
−return {
+
−	new = new;
+
−};