moved main accessList methods to centralAuth

central_auth_acl_handling.go

@@ -43,20 +43,15 @@ type accessLists struct {
 	pki             *pki
 }
 
-func newAccessLists(pki *pki, errorKernel *errorKernel, configuration *Configuration) *accessLists {
+func newAccessLists(errorKernel *errorKernel, configuration *Configuration) *accessLists {
 	a := accessLists{
 		schemaMain:      newSchemaMain(configuration),
 		schemaGenerated: newSchemaGenerated(),
 		validator:       validator.New(),
 		errorKernel:     errorKernel,
 		configuration:   configuration,
-		pki:             pki,
 	}
 
-	// The main acl map gets loaded from disk in the newSchemaMain function, but since that
-	// function do not have access to the generated map we have to generate it here.
-	a.generateACLsForAllNodes()
-
 	return &a
 }
 
@@ -208,25 +203,25 @@ func (a *accessLists) commandAsSlice(c command) []command {
 // If the node or the fromNode do not exist they will be created.
 // The json encoded schema for a node and the hash of those data
 // will also be generated.
-func (a *accessLists) aclAddCommand(host Node, source Node, cmd command) {
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
+func (c *centralAuth) aclAddCommand(host Node, source Node, cmd command) {
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
 
 	// Check if node exists in map.
-	if _, ok := a.schemaMain.ACLMap[host]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap[host]; !ok {
 		// log.Printf("info: did not find node=%v in map, creating map[fromnode]map[command]struct{}\n", n)
-		a.schemaMain.ACLMap[host] = make(map[Node]map[command]struct{})
+		c.accessLists.schemaMain.ACLMap[host] = make(map[Node]map[command]struct{})
 	}
 
 	// Check if also source node exists in map
-	if _, ok := a.schemaMain.ACLMap[host][source]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap[host][source]; !ok {
 		// log.Printf("info: did not find node=%v in map, creating map[fromnode]map[command]struct{}\n", fn)
-		a.schemaMain.ACLMap[host][source] = make(map[command]struct{})
+		c.accessLists.schemaMain.ACLMap[host][source] = make(map[command]struct{})
 	}
 
-	a.schemaMain.ACLMap[host][source][cmd] = struct{}{}
+	c.accessLists.schemaMain.ACLMap[host][source][cmd] = struct{}{}
 	// err := a.generateJSONForHostOrGroup(n)
-	err := a.generateACLsForAllNodes()
+	err := c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: addCommandForFromNode: %v", err)
 		log.Printf("%v\n", er)
@@ -237,26 +232,26 @@ func (a *accessLists) aclAddCommand(host Node, source Node, cmd command) {
 }
 
 // aclDeleteCommand will delete the specified command from the fromnode.
-func (a *accessLists) aclDeleteCommand(host Node, source Node, cmd command) error {
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
+func (c *centralAuth) aclDeleteCommand(host Node, source Node, cmd command) error {
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
 
 	// Check if node exists in map.
-	if _, ok := a.schemaMain.ACLMap[host]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap[host]; !ok {
 		return fmt.Errorf("authSchema: no such node=%v to delete on in schema exists", host)
 	}
 
-	if _, ok := a.schemaMain.ACLMap[host][source]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap[host][source]; !ok {
 		return fmt.Errorf("authSchema: no such fromnode=%v to delete on in schema for node=%v exists", source, host)
 	}
 
-	if _, ok := a.schemaMain.ACLMap[host][source][cmd]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap[host][source][cmd]; !ok {
 		return fmt.Errorf("authSchema: no such command=%v from fromnode=%v to delete on in schema for node=%v exists", cmd, source, host)
 	}
 
-	delete(a.schemaMain.ACLMap[host][source], cmd)
+	delete(c.accessLists.schemaMain.ACLMap[host][source], cmd)
 
-	err := a.generateACLsForAllNodes()
+	err := c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: aclNodeFromNodeCommandDelete: %v", err)
 		log.Printf("%v\n", er)
@@ -266,22 +261,22 @@ func (a *accessLists) aclDeleteCommand(host Node, source Node, cmd command) erro
 }
 
 // aclDeleteSource will delete specified source node and all commands specified for it.
-func (a *accessLists) aclDeleteSource(host Node, source Node) error {
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
+func (c *centralAuth) aclDeleteSource(host Node, source Node) error {
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
 
 	// Check if node exists in map.
-	if _, ok := a.schemaMain.ACLMap[host]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap[host]; !ok {
 		return fmt.Errorf("authSchema: no such node=%v to delete on in schema exists", host)
 	}
 
-	if _, ok := a.schemaMain.ACLMap[host][source]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap[host][source]; !ok {
 		return fmt.Errorf("authSchema: no such fromnode=%v to delete on in schema for node=%v exists", source, host)
 	}
 
-	delete(a.schemaMain.ACLMap[host], source)
+	delete(c.accessLists.schemaMain.ACLMap[host], source)
 
-	err := a.generateACLsForAllNodes()
+	err := c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: aclNodeFromnodeDelete: %v", err)
 		log.Printf("%v\n", er)
@@ -297,12 +292,12 @@ func (a *accessLists) aclDeleteSource(host Node, source Node) error {
 // and run a small state machine on each element to create the final ACL result to be used at host
 // nodes.
 // The result will be written to the schemaGenerated.ACLsToConvert map.
-func (a *accessLists) generateACLsForAllNodes() error {
+func (c *centralAuth) generateACLsForAllNodes() error {
 	// We first one to save the current main ACLMap.
 	func() {
-		fh, err := os.OpenFile(a.schemaMain.ACLMapFilePath, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0600)
+		fh, err := os.OpenFile(c.accessLists.schemaMain.ACLMapFilePath, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0600)
 		if err != nil {
-			er := fmt.Errorf("error: generateACLsForAllNodes: opening file for writing: %v, err: %v", a.schemaMain.ACLMapFilePath, err)
+			er := fmt.Errorf("error: generateACLsForAllNodes: opening file for writing: %v, err: %v", c.accessLists.schemaMain.ACLMapFilePath, err)
 			log.Printf("%v\n", er)
 			return
 		}
@@ -311,18 +306,18 @@ func (a *accessLists) generateACLsForAllNodes() error {
 		// a.schemaMain.mu.Lock()
 		// defer a.schemaMain.mu.Unlock()
 		enc := json.NewEncoder(fh)
-		enc.Encode(a.schemaMain.ACLMap)
+		enc.Encode(c.accessLists.schemaMain.ACLMap)
 		if err != nil {
-			er := fmt.Errorf("error: generateACLsForAllNodes: encoding json to file failed: %v, err: %v", a.schemaMain.ACLMapFilePath, err)
+			er := fmt.Errorf("error: generateACLsForAllNodes: encoding json to file failed: %v, err: %v", c.accessLists.schemaMain.ACLMapFilePath, err)
 			log.Printf("%v\n", er)
 			return
 		}
 	}()
 
-	a.schemaGenerated.mu.Lock()
-	defer a.schemaGenerated.mu.Unlock()
+	c.accessLists.schemaGenerated.mu.Lock()
+	defer c.accessLists.schemaGenerated.mu.Unlock()
 
-	a.schemaGenerated.ACLsToConvert = make(map[Node]map[Node]map[command]struct{})
+	c.accessLists.schemaGenerated.ACLsToConvert = make(map[Node]map[Node]map[command]struct{})
 
 	// Rangle all ACL's. Both for single hosts, and group of hosts.
 	// ACL's that are for a group of hosts will be generated split
@@ -330,14 +325,14 @@ func (a *accessLists) generateACLsForAllNodes() error {
 	// be added to the individual host in the ACLsToConvert map to
 	// built a complete picture of what the ACL's looks like for each
 	// individual hosts.
-	for n := range a.schemaMain.ACLMap {
+	for n := range c.accessLists.schemaMain.ACLMap {
 		//a.schemaGenerated.ACLsToConvert = make(map[node]map[node]map[command]struct{})
-		ap := newAuthParser(n, a)
+		ap := newAuthParser(n, c.accessLists)
 		ap.parse()
 	}
 
-	inf := fmt.Errorf("generateACLsFor all nodes, ACLsToConvert contains: %#v", a.schemaGenerated.ACLsToConvert)
-	a.errorKernel.logConsoleOnlyIfDebug(inf, a.configuration)
+	inf := fmt.Errorf("generateACLsFor all nodes, ACLsToConvert contains: %#v", c.accessLists.schemaGenerated.ACLsToConvert)
+	c.accessLists.errorKernel.logConsoleOnlyIfDebug(inf, c.accessLists.configuration)
 
 	// ACLsToConvert got the complete picture of what ACL's that
 	// are defined for each individual host node.
@@ -346,12 +341,12 @@ func (a *accessLists) generateACLsForAllNodes() error {
 	func() {
 		// If the map to generate from map is empty we want to also set the generatedACLsMap
 		// to empty so we can make sure that no more generated ACL's exists to be distributed.
-		if len(a.schemaGenerated.ACLsToConvert) == 0 {
-			a.schemaGenerated.GeneratedACLsMap = make(map[Node]HostACLsSerializedWithHash)
+		if len(c.accessLists.schemaGenerated.ACLsToConvert) == 0 {
+			c.accessLists.schemaGenerated.GeneratedACLsMap = make(map[Node]HostACLsSerializedWithHash)
 
 		}
 
-		for n, m := range a.schemaGenerated.ACLsToConvert {
+		for n, m := range c.accessLists.schemaGenerated.ACLsToConvert {
 			//fmt.Printf("\n ################ DEBUG: RANGE in generate: n=%v, m=%v\n", n, m)
 
 			// cbor marshal the data of the ACL map to store for the host node.
@@ -364,7 +359,7 @@ func (a *accessLists) generateACLsForAllNodes() error {
 
 			// Create the hash for the data for the host node.
 			hash := func() [32]byte {
-				sns := a.nodeMapToSlice(n)
+				sns := c.accessLists.nodeMapToSlice(n)
 
 				b, err := cbor.Marshal(sns)
 				if err != nil {
@@ -384,13 +379,13 @@ func (a *accessLists) generateACLsForAllNodes() error {
 			}
 
 			// and then store the cbor encoded data and the hash in the generated map.
-			a.schemaGenerated.GeneratedACLsMap[n] = hostSerialized
+			c.accessLists.schemaGenerated.GeneratedACLsMap[n] = hostSerialized
 
 		}
 	}()
 
-	inf = fmt.Errorf("generateACLsFor all nodes, GeneratedACLsMap contains: %#v", a.schemaGenerated.GeneratedACLsMap)
-	a.errorKernel.logConsoleOnlyIfDebug(inf, a.configuration)
+	inf = fmt.Errorf("generateACLsFor all nodes, GeneratedACLsMap contains: %#v", c.accessLists.schemaGenerated.GeneratedACLsMap)
+	c.accessLists.errorKernel.logConsoleOnlyIfDebug(inf, c.accessLists.configuration)
 
 	return nil
 }
@@ -450,24 +445,24 @@ func (a *accessLists) nodeMapToSlice(host Node) sourceNode {
 
 // groupNodesAddNode adds a node to a group. If the group does
 // not exist it will be created.
-func (a *accessLists) groupNodesAddNode(ng nodeGroup, n Node) {
-	err := a.validator.Var(ng, "startswith=grp_nodes_")
+func (c *centralAuth) groupNodesAddNode(ng nodeGroup, n Node) {
+	err := c.accessLists.validator.Var(ng, "startswith=grp_nodes_")
 	if err != nil {
 		log.Printf("error: group name do not start with grp_nodes_: %v\n", err)
 		return
 	}
 
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
-	if _, ok := a.schemaMain.NodeGroupMap[ng]; !ok {
-		a.schemaMain.NodeGroupMap[ng] = make(map[Node]struct{})
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
+	if _, ok := c.accessLists.schemaMain.NodeGroupMap[ng]; !ok {
+		c.accessLists.schemaMain.NodeGroupMap[ng] = make(map[Node]struct{})
 	}
 
-	a.schemaMain.NodeGroupMap[ng][n] = struct{}{}
+	c.accessLists.schemaMain.NodeGroupMap[ng][n] = struct{}{}
 
 	// fmt.Printf(" * groupNodesAddNode: After adding to group node looks like: %+v\n", a.schemaMain.NodeGroupMap)
 
-	err = a.generateACLsForAllNodes()
+	err = c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: groupNodesAddNode: %v", err)
 		log.Printf("%v\n", er)
@@ -476,19 +471,19 @@ func (a *accessLists) groupNodesAddNode(ng nodeGroup, n Node) {
 }
 
 // groupNodesDeleteNode deletes a node from a group in the map.
-func (a *accessLists) groupNodesDeleteNode(ng nodeGroup, n Node) {
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
-	if _, ok := a.schemaMain.NodeGroupMap[ng][n]; !ok {
+func (c *centralAuth) groupNodesDeleteNode(ng nodeGroup, n Node) {
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
+	if _, ok := c.accessLists.schemaMain.NodeGroupMap[ng][n]; !ok {
 		log.Printf("info: no such node with name=%v found in group=%v\n", ng, n)
 		return
 	}
 
-	delete(a.schemaMain.NodeGroupMap[ng], n)
+	delete(c.accessLists.schemaMain.NodeGroupMap[ng], n)
 
 	//fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap)
 
-	err := a.generateACLsForAllNodes()
+	err := c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: groupNodesDeleteNode: %v", err)
 		log.Printf("%v\n", er)
@@ -497,19 +492,19 @@ func (a *accessLists) groupNodesDeleteNode(ng nodeGroup, n Node) {
 }
 
 // groupNodesDeleteGroup deletes a nodeGroup from map.
-func (a *accessLists) groupNodesDeleteGroup(ng nodeGroup) {
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
-	if _, ok := a.schemaMain.NodeGroupMap[ng]; !ok {
+func (c *centralAuth) groupNodesDeleteGroup(ng nodeGroup) {
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
+	if _, ok := c.accessLists.schemaMain.NodeGroupMap[ng]; !ok {
 		log.Printf("info: no such group found: %v\n", ng)
 		return
 	}
 
-	delete(a.schemaMain.NodeGroupMap, ng)
+	delete(c.accessLists.schemaMain.NodeGroupMap, ng)
 
 	//fmt.Printf(" * After deleting nodeGroup map looks like: %+v\n", a.schemaMain.NodeGroupMap)
 
-	err := a.generateACLsForAllNodes()
+	err := c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: groupNodesDeleteGroup: %v", err)
 		log.Printf("%v\n", er)
@@ -521,24 +516,24 @@ func (a *accessLists) groupNodesDeleteGroup(ng nodeGroup) {
 
 // groupCommandsAddCommand adds a command to a group. If the group does
 // not exist it will be created.
-func (a *accessLists) groupCommandsAddCommand(cg commandGroup, c command) {
-	err := a.validator.Var(cg, "startswith=grp_commands_")
+func (c *centralAuth) groupCommandsAddCommand(cg commandGroup, cmd command) {
+	err := c.accessLists.validator.Var(cg, "startswith=grp_commands_")
 	if err != nil {
 		log.Printf("error: group name do not start with grp_commands_ : %v\n", err)
 		return
 	}
 
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
-	if _, ok := a.schemaMain.CommandGroupMap[cg]; !ok {
-		a.schemaMain.CommandGroupMap[cg] = make(map[command]struct{})
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
+	if _, ok := c.accessLists.schemaMain.CommandGroupMap[cg]; !ok {
+		c.accessLists.schemaMain.CommandGroupMap[cg] = make(map[command]struct{})
 	}
 
-	a.schemaMain.CommandGroupMap[cg][c] = struct{}{}
+	c.accessLists.schemaMain.CommandGroupMap[cg][cmd] = struct{}{}
 
 	//fmt.Printf(" * groupCommandsAddCommand: After adding command=%v to command group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap)
 
-	err = a.generateACLsForAllNodes()
+	err = c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: groupCommandsAddCommand: %v", err)
 		log.Printf("%v\n", er)
@@ -547,19 +542,19 @@ func (a *accessLists) groupCommandsAddCommand(cg commandGroup, c command) {
 }
 
 // groupCommandsDeleteCommand deletes a command from a group in the map.
-func (a *accessLists) groupCommandsDeleteCommand(cg commandGroup, c command) {
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
-	if _, ok := a.schemaMain.CommandGroupMap[cg][c]; !ok {
+func (c *centralAuth) groupCommandsDeleteCommand(cg commandGroup, cmd command) {
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
+	if _, ok := c.accessLists.schemaMain.CommandGroupMap[cg][cmd]; !ok {
 		log.Printf("info: no such command with name=%v found in group=%v\n", c, cg)
 		return
 	}
 
-	delete(a.schemaMain.CommandGroupMap[cg], c)
+	delete(c.accessLists.schemaMain.CommandGroupMap[cg], cmd)
 
 	//fmt.Printf(" * After deleting command=%v from group=%v map looks like: %+v\n", c, cg, a.schemaMain.CommandGroupMap)
 
-	err := a.generateACLsForAllNodes()
+	err := c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: groupCommandsDeleteCommand: %v", err)
 		log.Printf("%v\n", er)
@@ -568,19 +563,19 @@ func (a *accessLists) groupCommandsDeleteCommand(cg commandGroup, c command) {
 }
 
 // groupCommandDeleteGroup deletes a commandGroup map.
-func (a *accessLists) groupCommandDeleteGroup(cg commandGroup) {
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
-	if _, ok := a.schemaMain.CommandGroupMap[cg]; !ok {
+func (c *centralAuth) groupCommandDeleteGroup(cg commandGroup) {
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
+	if _, ok := c.accessLists.schemaMain.CommandGroupMap[cg]; !ok {
 		log.Printf("info: no such group found: %v\n", cg)
 		return
 	}
 
-	delete(a.schemaMain.CommandGroupMap, cg)
+	delete(c.accessLists.schemaMain.CommandGroupMap, cg)
 
 	//fmt.Printf(" * After deleting commandGroup=%v map looks like: %+v\n", cg, a.schemaMain.CommandGroupMap)
 
-	err := a.generateACLsForAllNodes()
+	err := c.generateACLsForAllNodes()
 	if err != nil {
 		er := fmt.Errorf("error: groupCommandDeleteGroup: %v", err)
 		log.Printf("%v\n", er)
@@ -589,12 +584,12 @@ func (a *accessLists) groupCommandDeleteGroup(cg commandGroup) {
 }
 
 // exportACLs will export the current content of the main ACLMap in JSON format.
-func (a *accessLists) exportACLs() ([]byte, error) {
+func (c *centralAuth) exportACLs() ([]byte, error) {
 
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
 
-	js, err := json.Marshal(a.schemaMain.ACLMap)
+	js, err := json.Marshal(c.accessLists.schemaMain.ACLMap)
 	if err != nil {
 		return nil, fmt.Errorf("error: failed to marshal schemaMain.ACLMap: %v", err)
 
@@ -605,10 +600,10 @@ func (a *accessLists) exportACLs() ([]byte, error) {
 }
 
 // importACLs will import and replace all current ACL's with the ACL's provided as input.
-func (a *accessLists) importACLs(js []byte) error {
+func (c *centralAuth) importACLs(js []byte) error {
 
-	a.schemaMain.mu.Lock()
-	defer a.schemaMain.mu.Unlock()
+	c.accessLists.schemaMain.mu.Lock()
+	defer c.accessLists.schemaMain.mu.Unlock()
 
 	m := make(map[Node]map[Node]map[command]struct{})
 
@@ -617,7 +612,7 @@ func (a *accessLists) importACLs(js []byte) error {
 		return fmt.Errorf("error: failed to unmarshal into ACLMap: %v", err)
 	}
 
-	a.schemaMain.ACLMap = m
+	c.accessLists.schemaMain.ACLMap = m
 
 	return nil
 

central_auth_key_handling.go

@@ -26,7 +26,9 @@ type centralAuth struct {
 func newCentralAuth(configuration *Configuration, errorKernel *errorKernel) *centralAuth {
 	c := centralAuth{}
 	c.pki = newPKI(configuration, errorKernel)
-	c.accessLists = newAccessLists(c.pki, errorKernel, configuration)
+	c.accessLists = newAccessLists(errorKernel, configuration)
+
+	c.generateACLsForAllNodes()
 
 	return &c
 }

central_auth_test.go

@@ -15,14 +15,15 @@ func TestACLSingleNode(t *testing.T) {
 		log.SetOutput(io.Discard)
 	}
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
-	a.aclAddCommand("ship101", "admin", "HORSE")
-	a.aclAddCommand("ship101", "admin", "PIG")
+	c := newCentralAuth(tstConf, &errorKernel{})
+
+	c.aclAddCommand("ship101", "admin", "HORSE")
+	c.aclAddCommand("ship101", "admin", "PIG")
 
 	// --- TESTS ---
 
 	mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-	err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+	err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -43,7 +44,7 @@ func TestACLWithGroups(t *testing.T) {
 		log.SetOutput(io.Discard)
 	}
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
 	const (
 		grp_nodes_operators      = "grp_nodes_operators"
@@ -51,22 +52,22 @@ func TestACLWithGroups(t *testing.T) {
 		grp_commands_commandset1 = "grp_commands_commandset1"
 	)
 
-	a.groupNodesAddNode(grp_nodes_operators, "operator1")
-	a.groupNodesAddNode(grp_nodes_operators, "operator2")
+	c.groupNodesAddNode(grp_nodes_operators, "operator1")
+	c.groupNodesAddNode(grp_nodes_operators, "operator2")
 
-	a.groupNodesAddNode(grp_nodes_ships, "ship100")
-	a.groupNodesAddNode(grp_nodes_ships, "ship101")
+	c.groupNodesAddNode(grp_nodes_ships, "ship100")
+	c.groupNodesAddNode(grp_nodes_ships, "ship101")
 
-	a.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
-	a.groupCommandsAddCommand(grp_commands_commandset1, "date")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "date")
 
-	a.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
-	a.aclAddCommand("ship101", "admin", "HORSE")
+	c.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
+	c.aclAddCommand("ship101", "admin", "HORSE")
 
-	a.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
+	c.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
 
 	mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-	err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+	err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -104,7 +105,7 @@ func TestACLNodesGroupDeleteNode(t *testing.T) {
 		log.SetOutput(io.Discard)
 	}
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
 	const (
 		grp_nodes_operators      = "grp_nodes_operators"
@@ -112,26 +113,26 @@ func TestACLNodesGroupDeleteNode(t *testing.T) {
 		grp_commands_commandset1 = "grp_commands_commandset1"
 	)
 
-	a.groupNodesAddNode(grp_nodes_operators, "operator1")
-	a.groupNodesAddNode(grp_nodes_operators, "operator2")
+	c.groupNodesAddNode(grp_nodes_operators, "operator1")
+	c.groupNodesAddNode(grp_nodes_operators, "operator2")
 
-	a.groupNodesAddNode(grp_nodes_ships, "ship100")
-	a.groupNodesAddNode(grp_nodes_ships, "ship101")
+	c.groupNodesAddNode(grp_nodes_ships, "ship100")
+	c.groupNodesAddNode(grp_nodes_ships, "ship101")
 
-	a.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
-	a.groupCommandsAddCommand(grp_commands_commandset1, "date")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "date")
 
-	a.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
-	a.aclAddCommand("ship101", "admin", "HORSE")
+	c.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
+	c.aclAddCommand("ship101", "admin", "HORSE")
 
-	a.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
+	c.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
 
-	a.groupNodesDeleteNode(grp_nodes_ships, "ship101")
+	c.groupNodesDeleteNode(grp_nodes_ships, "ship101")
 
 	// Check that we still got the data for ship100.
 	{
 		mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-		err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship100"].Data, &mapOfFromNodeCommands)
+		err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship100"].Data, &mapOfFromNodeCommands)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -144,7 +145,7 @@ func TestACLNodesGroupDeleteNode(t *testing.T) {
 	// Check that we don't have any data for ship101.
 	{
 		mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-		err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+		err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -163,7 +164,7 @@ func TestGroupNodesDeleteGroup(t *testing.T) {
 		log.SetOutput(io.Discard)
 	}
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
 	const (
 		grp_nodes_operators      = "grp_nodes_operators"
@@ -171,26 +172,26 @@ func TestGroupNodesDeleteGroup(t *testing.T) {
 		grp_commands_commandset1 = "grp_commands_commandset1"
 	)
 
-	a.groupNodesAddNode(grp_nodes_operators, "operator1")
-	a.groupNodesAddNode(grp_nodes_operators, "operator2")
+	c.groupNodesAddNode(grp_nodes_operators, "operator1")
+	c.groupNodesAddNode(grp_nodes_operators, "operator2")
 
-	a.groupNodesAddNode(grp_nodes_ships, "ship100")
-	a.groupNodesAddNode(grp_nodes_ships, "ship101")
+	c.groupNodesAddNode(grp_nodes_ships, "ship100")
+	c.groupNodesAddNode(grp_nodes_ships, "ship101")
 
-	a.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
-	a.groupCommandsAddCommand(grp_commands_commandset1, "date")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "date")
 
-	a.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
-	a.aclAddCommand("ship101", "admin", "HORSE")
+	c.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
+	c.aclAddCommand("ship101", "admin", "HORSE")
 
-	a.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
+	c.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
 
-	a.groupNodesDeleteGroup(grp_nodes_operators)
+	c.groupNodesDeleteGroup(grp_nodes_operators)
 
 	// Check that we still got the data for other ACL's.
 	{
 		mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-		err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+		err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -203,7 +204,7 @@ func TestGroupNodesDeleteGroup(t *testing.T) {
 	// Check that we don't have any data for grp_nodes_operators
 	{
 		mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-		err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+		err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -222,7 +223,7 @@ func TestGroupCommandDeleteGroup(t *testing.T) {
 		log.SetOutput(io.Discard)
 	}
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
 	const (
 		grp_nodes_operators      = "grp_nodes_operators"
@@ -230,26 +231,26 @@ func TestGroupCommandDeleteGroup(t *testing.T) {
 		grp_commands_commandset1 = "grp_commands_commandset1"
 	)
 
-	a.groupNodesAddNode(grp_nodes_operators, "operator1")
-	a.groupNodesAddNode(grp_nodes_operators, "operator2")
+	c.groupNodesAddNode(grp_nodes_operators, "operator1")
+	c.groupNodesAddNode(grp_nodes_operators, "operator2")
 
-	a.groupNodesAddNode(grp_nodes_ships, "ship100")
-	a.groupNodesAddNode(grp_nodes_ships, "ship101")
+	c.groupNodesAddNode(grp_nodes_ships, "ship100")
+	c.groupNodesAddNode(grp_nodes_ships, "ship101")
 
-	a.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
-	a.groupCommandsAddCommand(grp_commands_commandset1, "date")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "dmesg")
+	c.groupCommandsAddCommand(grp_commands_commandset1, "date")
 
-	a.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
-	a.aclAddCommand("ship101", "admin", "HORSE")
+	c.aclAddCommand(grp_nodes_ships, "admin", "useradd -m kongen")
+	c.aclAddCommand("ship101", "admin", "HORSE")
 
-	a.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
+	c.aclAddCommand(grp_nodes_ships, grp_nodes_operators, grp_commands_commandset1)
 
-	a.groupCommandDeleteGroup(grp_commands_commandset1)
+	c.groupCommandDeleteGroup(grp_commands_commandset1)
 
 	// Check that we still got the data for other ACL's.
 	{
 		mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-		err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+		err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -262,7 +263,7 @@ func TestGroupCommandDeleteGroup(t *testing.T) {
 	// Check that we don't have any data for grp_nodes_operators
 	{
 		mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-		err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+		err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -281,23 +282,23 @@ func TestACLGenerated(t *testing.T) {
 		log.SetOutput(io.Discard)
 	}
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
-	a.aclAddCommand("ship101", "admin", "HORSE")
+	c.aclAddCommand("ship101", "admin", "HORSE")
 
-	a.groupNodesAddNode("grp_nodes_ships", "ship101")
-	a.aclAddCommand("grp_nodes_ships", "admin", "HEN")
+	c.groupNodesAddNode("grp_nodes_ships", "ship101")
+	c.aclAddCommand("grp_nodes_ships", "admin", "HEN")
 
-	a.groupCommandsAddCommand("grp_commands_test", "echo")
-	a.groupCommandsAddCommand("grp_commands_test", "dmesg")
-	a.aclAddCommand("grp_nodes_ships", "admin", "grp_commands_test")
+	c.groupCommandsAddCommand("grp_commands_test", "echo")
+	c.groupCommandsAddCommand("grp_commands_test", "dmesg")
+	c.aclAddCommand("grp_nodes_ships", "admin", "grp_commands_test")
 
-	a.groupCommandsDeleteCommand("grp_commands_test", "echo")
+	c.groupCommandsDeleteCommand("grp_commands_test", "echo")
 
 	// --- TESTS ---
 
 	mapOfFromNodeCommands := make(map[Node]map[command]struct{})
-	err := cbor.Unmarshal(a.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
+	err := cbor.Unmarshal(c.accessLists.schemaGenerated.GeneratedACLsMap["ship101"].Data, &mapOfFromNodeCommands)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -332,75 +333,75 @@ func TestACLSchemaMainACLMap(t *testing.T) {
 		log.SetOutput(io.Discard)
 	}
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
 	//a.aclNodeFromnodeCommandAdd("ship101", "admin", "PIG")
 	// fmt.Printf("---------------ADDING COMMAND-------------\n")
-	a.aclAddCommand("ship0", "admin", "systemctl")
-	a.aclAddCommand("ship1", "admin", "tcpdump")
+	c.aclAddCommand("ship0", "admin", "systemctl")
+	c.aclAddCommand("ship1", "admin", "tcpdump")
 
-	if _, ok := a.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship0, admin, systemctl")
 	}
-	if _, ok := a.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
 
 	// fmt.Printf("---------------ADDING COMMAND-------------\n")
-	a.groupNodesAddNode("grp_nodes_ships", "ship1")
-	a.groupNodesAddNode("grp_nodes_ships", "ship2")
-	a.aclAddCommand("grp_nodes_ships", "admin", "dmesg")
+	c.groupNodesAddNode("grp_nodes_ships", "ship1")
+	c.groupNodesAddNode("grp_nodes_ships", "ship2")
+	c.aclAddCommand("grp_nodes_ships", "admin", "dmesg")
 
-	if _, ok := a.schemaMain.ACLMap["grp_nodes_ships"]["admin"]["dmesg"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["grp_nodes_ships"]["admin"]["dmesg"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
 
 	// fmt.Printf("---------------ADDING COMMAND-------------\n")
-	a.aclAddCommand("ship2", "admin", "echo")
+	c.aclAddCommand("ship2", "admin", "echo")
 
-	if _, ok := a.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
 
 	// fmt.Printf("---------------DELETING COMMAND grp_nodes_ships, admin, dmesg-------------\n")
-	a.aclDeleteCommand("grp_nodes_ships", "admin", "dmesg")
+	c.aclDeleteCommand("grp_nodes_ships", "admin", "dmesg")
 
-	if _, ok := a.schemaMain.ACLMap["grp_nodes_ships"]["admin"]["dmesg"]; ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["grp_nodes_ships"]["admin"]["dmesg"]; ok {
 		t.Fatalf(" \U0001F631  [FAILED]: found map entry: grp_nodes_ships, admin, dmesg")
 	}
 	// Check that the remaining are still ok.
-	if _, ok := a.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship0, admin, systemctl")
 	}
-	if _, ok := a.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
-	if _, ok := a.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
 
 	// fmt.Printf("---------------DELETING COMMAND ship0, admin, systemctl-------------\n")
-	a.aclDeleteCommand("ship0", "admin", "systemctl")
+	c.aclDeleteCommand("ship0", "admin", "systemctl")
 
-	if _, ok := a.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship0"]["admin"]["systemctl"]; ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship0, admin, systemctl")
 	}
 	// Check that the remaining are ok.
-	if _, ok := a.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship1"]["admin"]["tcpdump"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
-	if _, ok := a.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
 
 	// fmt.Printf("---------------DELETING SOURCE ship1, admin-------------\n")
-	a.aclDeleteSource("ship1", "admin")
+	c.aclDeleteSource("ship1", "admin")
 
-	if _, ok := a.schemaMain.ACLMap["ship1"]["admin"]; ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship1"]["admin"]; ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
 	// Check that the remaining are ok.
-	if _, ok := a.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
+	if _, ok := c.accessLists.schemaMain.ACLMap["ship2"]["admin"]["echo"]; !ok {
 		t.Fatalf(" \U0001F631  [FAILED]: missing map entry: ship1, admin, tcpdump")
 	}
 
@@ -434,7 +435,7 @@ func TestACLSchemaMainACLMap(t *testing.T) {
 // }
 
 func TestACLConcurrent(t *testing.T) {
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
 	// -----------General testing and creation of some data----------------
 
@@ -444,33 +445,33 @@ func TestACLConcurrent(t *testing.T) {
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			a.aclAddCommand("ship1", "operator2", "rm -rf")
-			a.aclAddCommand("ship1", "operator1", "ls -lt")
-			a.aclAddCommand("ship1", "operator1", "ls -lt")
-			a.aclAddCommand("ship1", "operator2", "ls -l")
-			a.aclAddCommand("ship3", "operator3", "ls -lt")
-			a.aclAddCommand("ship3", "operator3", "vi /etc/hostname")
-			a.aclDeleteCommand("ship3", "operator2", "ls -lt")
-			a.aclDeleteSource("ship3", "operator3")
+			c.aclAddCommand("ship1", "operator2", "rm -rf")
+			c.aclAddCommand("ship1", "operator1", "ls -lt")
+			c.aclAddCommand("ship1", "operator1", "ls -lt")
+			c.aclAddCommand("ship1", "operator2", "ls -l")
+			c.aclAddCommand("ship3", "operator3", "ls -lt")
+			c.aclAddCommand("ship3", "operator3", "vi /etc/hostname")
+			c.aclDeleteCommand("ship3", "operator2", "ls -lt")
+			c.aclDeleteSource("ship3", "operator3")
 		}()
 
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
 			// fmt.Println("----schemaMain------")
-			a.schemaMain.mu.Lock()
-			for _, v := range a.schemaMain.ACLMap {
+			c.accessLists.schemaMain.mu.Lock()
+			for _, v := range c.accessLists.schemaMain.ACLMap {
 				_ = fmt.Sprintf("%+v\n", v)
 			}
-			a.schemaMain.mu.Unlock()
+			c.accessLists.schemaMain.mu.Unlock()
 
 			// fmt.Println("----schemaGenerated------")
-			a.schemaGenerated.mu.Lock()
-			for k, v := range a.schemaGenerated.GeneratedACLsMap {
+			c.accessLists.schemaGenerated.mu.Lock()
+			for k, v := range c.accessLists.schemaGenerated.GeneratedACLsMap {
 				_ = fmt.Sprintf("node: %v, NodeDataSerialized: %v\n", k, string(v.Data))
 				_ = fmt.Sprintf("node: %v, Hash: %v\n", k, v.Hash)
 			}
-			a.schemaGenerated.mu.Unlock()
+			c.accessLists.schemaGenerated.mu.Unlock()
 		}()
 	}
 	wg.Wait()
@@ -529,14 +530,14 @@ func TestImportACLs(t *testing.T) {
 
 	want := `map[grp_nodes_ships:map[admin:map[useradd -m kongen:{}] grp_nodes_operators:map[grp_commands_commandset1:{}]] ship101:map[admin:map[HORSE:{}]]]`
 
-	a := newAccessLists(&pki{}, &errorKernel{}, tstConf)
+	c := newCentralAuth(tstConf, &errorKernel{})
 
-	err := a.importACLs(js)
+	err := c.importACLs(js)
 	if err != nil {
 		t.Fatalf("%v", err)
 	}
 
-	if fmt.Sprintf("%v", a.schemaMain.ACLMap) != want {
+	if fmt.Sprintf("%v", c.accessLists.schemaMain.ACLMap) != want {
 		t.Fatalf("error: import does not match with what we want\n")
 	}
 

requests_acl.go

@@ -229,7 +229,7 @@ func (m methodREQAclAddCommand) handler(proc process, message Message, node stri
 			source := message.MethodArgs[1]
 			cmd := message.MethodArgs[2]
 
-			proc.centralAuth.accessLists.aclAddCommand(Node(host), Node(source), command(cmd))
+			proc.centralAuth.aclAddCommand(Node(host), Node(source), command(cmd))
 
 			outString := fmt.Sprintf("acl added: host=%v, source=%v, command=%v\n", host, source, cmd)
 			out := []byte(outString)
@@ -299,7 +299,7 @@ func (m methodREQAclDeleteCommand) handler(proc process, message Message, node s
 			source := message.MethodArgs[1]
 			cmd := message.MethodArgs[2]
 
-			proc.centralAuth.accessLists.aclDeleteCommand(Node(host), Node(source), command(cmd))
+			proc.centralAuth.aclDeleteCommand(Node(host), Node(source), command(cmd))
 
 			outString := fmt.Sprintf("acl deleted: host=%v, source=%v, command=%v\n", host, source, cmd)
 			out := []byte(outString)
@@ -368,7 +368,7 @@ func (m methodREQAclDeleteSource) handler(proc process, message Message, node st
 			host := message.MethodArgs[0]
 			source := message.MethodArgs[1]
 
-			proc.centralAuth.accessLists.aclDeleteSource(Node(host), Node(source))
+			proc.centralAuth.aclDeleteSource(Node(host), Node(source))
 
 			outString := fmt.Sprintf("acl deleted: host=%v, source=%v\n", host, source)
 			out := []byte(outString)
@@ -437,7 +437,7 @@ func (m methodREQAclGroupNodesAddNode) handler(proc process, message Message, no
 			ng := message.MethodArgs[0]
 			n := message.MethodArgs[1]
 
-			proc.centralAuth.accessLists.groupNodesAddNode(nodeGroup(ng), Node(n))
+			proc.centralAuth.groupNodesAddNode(nodeGroup(ng), Node(n))
 
 			outString := fmt.Sprintf("added node to nodeGroup: nodeGroup=%v, node=%v\n", ng, n)
 			out := []byte(outString)
@@ -506,7 +506,7 @@ func (m methodREQAclGroupNodesDeleteNode) handler(proc process, message Message,
 			ng := message.MethodArgs[0]
 			n := message.MethodArgs[1]
 
-			proc.centralAuth.accessLists.groupNodesDeleteNode(nodeGroup(ng), Node(n))
+			proc.centralAuth.groupNodesDeleteNode(nodeGroup(ng), Node(n))
 
 			outString := fmt.Sprintf("deleted node from nodeGroup: nodeGroup=%v, node=%v\n", ng, n)
 			out := []byte(outString)
@@ -574,7 +574,7 @@ func (m methodREQAclGroupNodesDeleteGroup) handler(proc process, message Message
 
 			ng := message.MethodArgs[0]
 
-			proc.centralAuth.accessLists.groupNodesDeleteGroup(nodeGroup(ng))
+			proc.centralAuth.groupNodesDeleteGroup(nodeGroup(ng))
 
 			outString := fmt.Sprintf("deleted nodeGroup: nodeGroup=%v\n", ng)
 			out := []byte(outString)
@@ -643,7 +643,7 @@ func (m methodREQAclGroupCommandsAddCommand) handler(proc process, message Messa
 			cg := message.MethodArgs[0]
 			c := message.MethodArgs[1]
 
-			proc.centralAuth.accessLists.groupCommandsAddCommand(commandGroup(cg), command(c))
+			proc.centralAuth.groupCommandsAddCommand(commandGroup(cg), command(c))
 
 			outString := fmt.Sprintf("added command to commandGroup: commandGroup=%v, command=%v\n", cg, c)
 			out := []byte(outString)
@@ -712,7 +712,7 @@ func (m methodREQAclGroupCommandsDeleteCommand) handler(proc process, message Me
 			cg := message.MethodArgs[0]
 			c := message.MethodArgs[1]
 
-			proc.centralAuth.accessLists.groupCommandsDeleteCommand(commandGroup(cg), command(c))
+			proc.centralAuth.groupCommandsDeleteCommand(commandGroup(cg), command(c))
 
 			outString := fmt.Sprintf("deleted command from commandGroup: commandGroup=%v, command=%v\n", cg, c)
 			out := []byte(outString)
@@ -780,7 +780,7 @@ func (m methodREQAclGroupCommandsDeleteGroup) handler(proc process, message Mess
 
 			cg := message.MethodArgs[0]
 
-			proc.centralAuth.accessLists.groupCommandDeleteGroup(commandGroup(cg))
+			proc.centralAuth.groupCommandDeleteGroup(commandGroup(cg))
 
 			outString := fmt.Sprintf("deleted commandGroup: commandGroup=%v\n", cg)
 			out := []byte(outString)
@@ -840,7 +840,7 @@ func (m methodREQAclExport) handler(proc process, message Message, node string)
 		go func() {
 			defer proc.processes.wg.Done()
 
-			out, err := proc.centralAuth.accessLists.exportACLs()
+			out, err := proc.centralAuth.exportACLs()
 			if err != nil {
 				errCh <- fmt.Errorf("error: methodREQAclExport failed: %v", err)
 				return
@@ -915,7 +915,7 @@ func (m methodREQAclImport) handler(proc process, message Message, node string)
 			}
 
 			js := []byte(message.MethodArgs[0])
-			err := proc.centralAuth.accessLists.importACLs(js)
+			err := proc.centralAuth.importACLs(js)
 			if err != nil {
 				errCh <- fmt.Errorf("error: methodREQAclImport failed: %v", err)
 				return