diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/policy.go | 13 | ||||
| -rw-r--r-- | actions/policy_test.go | 6 |
2 files changed, 10 insertions, 9 deletions
diff --git a/actions/policy.go b/actions/policy.go index 6c48117..7204380 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -461,14 +461,15 @@ func (policy *Policy) AddProtector(protector *Protector) error { } // RemoveProtector updates the data that is wrapping the Policy Key so that the -// provided Protector is no longer protecting the specified Policy. If an error -// is returned, no data has been changed. Note that no protector links are +// protector with the given descriptor is no longer protecting the specified +// Policy. If an error is returned, no data has been changed. Note that the +// protector itself won't be removed, nor will a link to the protector be // removed (in the case where the protector and policy are on different -// filesystems). The policy and protector can be locked or unlocked. -func (policy *Policy) RemoveProtector(protector *Protector) error { - idx, ok := policy.findWrappedKeyIndex(protector.Descriptor()) +// filesystems). The policy can be locked or unlocked. +func (policy *Policy) RemoveProtector(protectorDescriptor string) error { + idx, ok := policy.findWrappedKeyIndex(protectorDescriptor) if !ok { - return &ErrNotProtected{policy.Descriptor(), protector.Descriptor()} + return &ErrNotProtected{policy.Descriptor(), protectorDescriptor} } if len(policy.data.WrappedPolicyKeys) == 1 { diff --git a/actions/policy_test.go b/actions/policy_test.go index 11c9c3e..07943b8 100644 --- a/actions/policy_test.go +++ b/actions/policy_test.go @@ -114,7 +114,7 @@ func TestPolicyGoodRemoveProtector(t *testing.T) { t.Fatal(err) } - err = pol.RemoveProtector(pro1) + err = pol.RemoveProtector(pro1.Descriptor()) if err != nil { t.Error(err) } @@ -135,11 +135,11 @@ func TestPolicyBadRemoveProtector(t *testing.T) { } defer cleanupProtector(pro2) - if pol.RemoveProtector(pro2) == nil { + if pol.RemoveProtector(pro2.Descriptor()) == nil { t.Error("we should not be able to remove a protector we did not add") } - if pol.RemoveProtector(pro1) == nil { + if pol.RemoveProtector(pro1.Descriptor()) == nil { t.Error("we should not be able to remove all the protectors from a policy") } } |