From 976f6e1ffbf8906537d7a1b9b2e65d815cf41be6 Mon Sep 17 00:00:00 2001 From: Pascal Fischer Date: Mon, 23 Jun 2025 18:09:11 +0200 Subject: [PATCH] remove store locks --- management/server/account.go | 41 ------------------- management/server/group.go | 16 -------- management/server/integrated_validator.go | 3 -- management/server/nameserver.go | 9 ---- management/server/networks/manager.go | 9 ---- .../server/networks/resources/manager.go | 9 ---- management/server/networks/routers/manager.go | 9 ---- management/server/peer.go | 28 ------------- management/server/policy.go | 6 --- management/server/posture_checks.go | 6 --- management/server/route.go | 9 ---- management/server/setupkey.go | 5 --- management/server/store/store.go | 4 -- management/server/user.go | 21 ---------- 14 files changed, 175 deletions(-) diff --git a/management/server/account.go b/management/server/account.go index b376f6f5e..52809aa5d 100644 --- a/management/server/account.go +++ b/management/server/account.go @@ -280,9 +280,6 @@ func (am *DefaultAccountManager) GetIdpManager() idp.Manager { // User that performs the update has to belong to the account. // Returns an updated Settings func (am *DefaultAccountManager) UpdateAccountSettings(ctx context.Context, accountID, userID string, newSettings *types.Settings) (*types.Settings, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Settings, operations.Update) if err != nil { return nil, fmt.Errorf("failed to validate user permissions: %w", err) @@ -460,8 +457,6 @@ func (am *DefaultAccountManager) peerLoginExpirationJob(ctx context.Context, acc ctx := context.WithValue(ctx, nbcontext.AccountIDKey, accountID) //nolint ctx = context.WithValue(ctx, hook.ExecutionContextKey, fmt.Sprintf("%s-PEER-EXPIRATION", hook.SystemSource)) - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() expiredPeers, err := am.getExpiredPeers(ctx, accountID) if err != nil { @@ -497,9 +492,6 @@ func (am *DefaultAccountManager) schedulePeerLoginExpiration(ctx context.Context // peerInactivityExpirationJob marks login expired for all inactive peers and returns the minimum duration in which the next peer of the account will expire by inactivity if found func (am *DefaultAccountManager) peerInactivityExpirationJob(ctx context.Context, accountID string) func() (time.Duration, bool) { return func() (time.Duration, bool) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - inactivePeers, err := am.getInactivePeers(ctx, accountID) if err != nil { log.WithContext(ctx).Errorf("failed getting inactive peers for account %s", accountID) @@ -640,8 +632,6 @@ func (am *DefaultAccountManager) isCacheCold(ctx context.Context, store cacheSto // DeleteAccount deletes an account and all its users from local store and from the remote IDP if the requester is an admin and account owner func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, userID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() account, err := am.Store.GetAccount(ctx, accountID) if err != nil { return err @@ -1007,9 +997,6 @@ func (am *DefaultAccountManager) updateAccountDomainAttributesIfNotUpToDate(ctx return nil } - unlockAccount := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlockAccount() - accountDomain, domainCategory, err := am.Store.GetAccountDomainAndCategory(ctx, store.LockingStrengthShare, accountID) if err != nil { log.WithContext(ctx).Errorf("error getting account domain and category: %v", err) @@ -1102,9 +1089,6 @@ func (am *DefaultAccountManager) addNewPrivateAccount(ctx context.Context, domai } func (am *DefaultAccountManager) addNewUserToDomainAccount(ctx context.Context, domainAccountID string, userAuth nbcontext.UserAuth) (string, error) { - unlockAccount := am.Store.AcquireWriteLockByUID(ctx, domainAccountID) - defer unlockAccount() - newUser := types.NewRegularUser(userAuth.UserId) newUser.AccountID = domainAccountID err := am.Store.SaveUser(ctx, store.LockingStrengthUpdate, newUser) @@ -1251,13 +1235,6 @@ func (am *DefaultAccountManager) SyncUserJWTGroups(ctx context.Context, userAuth return nil } - unlockAccount := am.Store.AcquireWriteLockByUID(ctx, userAuth.AccountId) - defer func() { - if unlockAccount != nil { - unlockAccount() - } - }() - var addNewGroups []string var removeOldGroups []string var hasChanges bool @@ -1326,8 +1303,6 @@ func (am *DefaultAccountManager) SyncUserJWTGroups(ctx context.Context, userAuth return fmt.Errorf("error incrementing network serial: %w", err) } } - unlockAccount() - unlockAccount = nil return nil }) @@ -1542,11 +1517,6 @@ func (am *DefaultAccountManager) SyncAndMarkPeer(ctx context.Context, accountID log.WithContext(ctx).Debugf("SyncAndMarkPeer: took %v", time.Since(start)) }() - accountUnlock := am.Store.AcquireReadLockByUID(ctx, accountID) - defer accountUnlock() - peerUnlock := am.Store.AcquireWriteLockByUID(ctx, peerPubKey) - defer peerUnlock() - peer, netMap, postureChecks, err := am.SyncPeer(ctx, types.PeerSync{WireGuardPubKey: peerPubKey, Meta: meta}, accountID) if err != nil { return nil, nil, nil, fmt.Errorf("error syncing peer: %w", err) @@ -1561,11 +1531,6 @@ func (am *DefaultAccountManager) SyncAndMarkPeer(ctx context.Context, accountID } func (am *DefaultAccountManager) OnPeerDisconnected(ctx context.Context, accountID string, peerPubKey string) error { - accountUnlock := am.Store.AcquireReadLockByUID(ctx, accountID) - defer accountUnlock() - peerUnlock := am.Store.AcquireWriteLockByUID(ctx, peerPubKey) - defer peerUnlock() - err := am.MarkPeerConnected(ctx, peerPubKey, false, nil, accountID) if err != nil { log.WithContext(ctx).Warnf("failed marking peer as disconnected %s %v", peerPubKey, err) @@ -1581,12 +1546,6 @@ func (am *DefaultAccountManager) SyncPeerMeta(ctx context.Context, peerPubKey st return err } - unlock := am.Store.AcquireReadLockByUID(ctx, accountID) - defer unlock() - - unlockPeer := am.Store.AcquireWriteLockByUID(ctx, peerPubKey) - defer unlockPeer() - _, _, _, err = am.SyncPeer(ctx, types.PeerSync{WireGuardPubKey: peerPubKey, Meta: meta, UpdateAccountPeers: true}, accountID) if err != nil { return mapError(ctx, err) diff --git a/management/server/group.go b/management/server/group.go index 130a67145..e823c2a7e 100644 --- a/management/server/group.go +++ b/management/server/group.go @@ -67,8 +67,6 @@ func (am *DefaultAccountManager) GetGroupByName(ctx context.Context, groupName, // SaveGroup object of the peers func (am *DefaultAccountManager) SaveGroup(ctx context.Context, accountID, userID string, newGroup *types.Group, create bool) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() return am.SaveGroups(ctx, accountID, userID, []*types.Group{newGroup}, create) } @@ -202,8 +200,6 @@ func (am *DefaultAccountManager) prepareGroupEvents(ctx context.Context, transac // DeleteGroup object of the peers. func (am *DefaultAccountManager) DeleteGroup(ctx context.Context, accountID, userID, groupID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() return am.DeleteGroups(ctx, accountID, userID, []string{groupID}) } @@ -262,9 +258,6 @@ func (am *DefaultAccountManager) DeleteGroups(ctx context.Context, accountID, us // GroupAddPeer appends peer to the group func (am *DefaultAccountManager) GroupAddPeer(ctx context.Context, accountID, groupID, peerID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - var group *types.Group var updateAccountPeers bool var err error @@ -303,9 +296,6 @@ func (am *DefaultAccountManager) GroupAddPeer(ctx context.Context, accountID, gr // GroupAddResource appends resource to the group func (am *DefaultAccountManager) GroupAddResource(ctx context.Context, accountID, groupID string, resource types.Resource) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - var group *types.Group var updateAccountPeers bool var err error @@ -344,9 +334,6 @@ func (am *DefaultAccountManager) GroupAddResource(ctx context.Context, accountID // GroupDeletePeer removes peer from the group func (am *DefaultAccountManager) GroupDeletePeer(ctx context.Context, accountID, groupID, peerID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - var group *types.Group var updateAccountPeers bool var err error @@ -385,9 +372,6 @@ func (am *DefaultAccountManager) GroupDeletePeer(ctx context.Context, accountID, // GroupDeleteResource removes resource from the group func (am *DefaultAccountManager) GroupDeleteResource(ctx context.Context, accountID, groupID string, resource types.Resource) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - var group *types.Group var updateAccountPeers bool var err error diff --git a/management/server/integrated_validator.go b/management/server/integrated_validator.go index edb89466c..0e5e5609a 100644 --- a/management/server/integrated_validator.go +++ b/management/server/integrated_validator.go @@ -34,9 +34,6 @@ func (am *DefaultAccountManager) UpdateIntegratedValidatorGroups(ctx context.Con return errors.New("invalid groups") } - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - return am.Store.ExecuteInTransaction(ctx, func(transaction store.Store) error { a, err := transaction.GetAccountByUser(ctx, userID) if err != nil { diff --git a/management/server/nameserver.go b/management/server/nameserver.go index 18339335d..6ef64cd7d 100644 --- a/management/server/nameserver.go +++ b/management/server/nameserver.go @@ -37,9 +37,6 @@ func (am *DefaultAccountManager) GetNameServerGroup(ctx context.Context, account // CreateNameServerGroup creates and saves a new nameserver group func (am *DefaultAccountManager) CreateNameServerGroup(ctx context.Context, accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, primary bool, domains []string, enabled bool, userID string, searchDomainEnabled bool) (*nbdns.NameServerGroup, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Nameservers, operations.Create) if err != nil { return nil, status.NewPermissionValidationError(err) @@ -94,9 +91,6 @@ func (am *DefaultAccountManager) CreateNameServerGroup(ctx context.Context, acco // SaveNameServerGroup saves nameserver group func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accountID, userID string, nsGroupToSave *nbdns.NameServerGroup) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - if nsGroupToSave == nil { return status.Errorf(status.InvalidArgument, "nameserver group provided is nil") } @@ -148,9 +142,6 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun // DeleteNameServerGroup deletes nameserver group with nsGroupID func (am *DefaultAccountManager) DeleteNameServerGroup(ctx context.Context, accountID, nsGroupID, userID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Nameservers, operations.Delete) if err != nil { return status.NewPermissionValidationError(err) diff --git a/management/server/networks/manager.go b/management/server/networks/manager.go index 1c46e9281..7038eb8e3 100644 --- a/management/server/networks/manager.go +++ b/management/server/networks/manager.go @@ -70,9 +70,6 @@ func (m *managerImpl) CreateNetwork(ctx context.Context, userID string, network network.ID = xid.New().String() - unlock := m.store.AcquireWriteLockByUID(ctx, network.AccountID) - defer unlock() - err = m.store.SaveNetwork(ctx, store.LockingStrengthUpdate, network) if err != nil { return nil, fmt.Errorf("failed to save network: %w", err) @@ -104,9 +101,6 @@ func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network return nil, status.NewPermissionDeniedError() } - unlock := m.store.AcquireWriteLockByUID(ctx, network.AccountID) - defer unlock() - _, err = m.store.GetNetworkByID(ctx, store.LockingStrengthUpdate, network.AccountID, network.ID) if err != nil { return nil, fmt.Errorf("failed to get network: %w", err) @@ -131,9 +125,6 @@ func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, netw return fmt.Errorf("failed to get network: %w", err) } - unlock := m.store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - var eventsToStore []func() err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error { resources, err := transaction.GetNetworkResourcesByNetID(ctx, store.LockingStrengthUpdate, accountID, networkID) diff --git a/management/server/networks/resources/manager.go b/management/server/networks/resources/manager.go index 21d1e54de..5706c24e3 100644 --- a/management/server/networks/resources/manager.go +++ b/management/server/networks/resources/manager.go @@ -108,9 +108,6 @@ func (m *managerImpl) CreateResource(ctx context.Context, userID string, resourc return nil, fmt.Errorf("failed to create new network resource: %w", err) } - unlock := m.store.AcquireWriteLockByUID(ctx, resource.AccountID) - defer unlock() - var eventsToStore []func() err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error { _, err = transaction.GetNetworkResourceByName(ctx, store.LockingStrengthShare, resource.AccountID, resource.Name) @@ -204,9 +201,6 @@ func (m *managerImpl) UpdateResource(ctx context.Context, userID string, resourc resource.Domain = domain resource.Prefix = prefix - unlock := m.store.AcquireWriteLockByUID(ctx, resource.AccountID) - defer unlock() - var eventsToStore []func() err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error { network, err := transaction.GetNetworkByID(ctx, store.LockingStrengthUpdate, resource.AccountID, resource.NetworkID) @@ -315,9 +309,6 @@ func (m *managerImpl) DeleteResource(ctx context.Context, accountID, userID, net return status.NewPermissionDeniedError() } - unlock := m.store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - var events []func() err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error { events, err = m.DeleteResourceInTransaction(ctx, transaction, accountID, userID, networkID, resourceID) diff --git a/management/server/networks/routers/manager.go b/management/server/networks/routers/manager.go index 7b488b361..0ddb5289b 100644 --- a/management/server/networks/routers/manager.go +++ b/management/server/networks/routers/manager.go @@ -88,9 +88,6 @@ func (m *managerImpl) CreateRouter(ctx context.Context, userID string, router *t return nil, status.NewPermissionDeniedError() } - unlock := m.store.AcquireWriteLockByUID(ctx, router.AccountID) - defer unlock() - var network *networkTypes.Network err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error { network, err = transaction.GetNetworkByID(ctx, store.LockingStrengthShare, router.AccountID, router.NetworkID) @@ -157,9 +154,6 @@ func (m *managerImpl) UpdateRouter(ctx context.Context, userID string, router *t return nil, status.NewPermissionDeniedError() } - unlock := m.store.AcquireWriteLockByUID(ctx, router.AccountID) - defer unlock() - var network *networkTypes.Network err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error { network, err = transaction.GetNetworkByID(ctx, store.LockingStrengthShare, router.AccountID, router.NetworkID) @@ -203,9 +197,6 @@ func (m *managerImpl) DeleteRouter(ctx context.Context, accountID, userID, netwo return status.NewPermissionDeniedError() } - unlock := m.store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - var event func() err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error { event, err = m.DeleteRouterInTransaction(ctx, transaction, accountID, userID, networkID, routerID) diff --git a/management/server/peer.go b/management/server/peer.go index 1a1289721..5b767ef2b 100644 --- a/management/server/peer.go +++ b/management/server/peer.go @@ -189,9 +189,6 @@ func updatePeerStatusAndLocation(ctx context.Context, geo geolocation.Geolocatio // UpdatePeer updates peer. Only Peer.Name, Peer.SSHEnabled, Peer.LoginExpirationEnabled and Peer.InactivityExpirationEnabled can be updated. func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, userID string, update *nbpeer.Peer) (*nbpeer.Peer, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Peers, operations.Update) if err != nil { return nil, status.NewPermissionValidationError(err) @@ -324,9 +321,6 @@ func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, user // DeletePeer removes peer from the account by its IP func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peerID, userID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Peers, operations.Delete) if err != nil { return status.NewPermissionValidationError(err) @@ -476,13 +470,6 @@ func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID s return nil, nil, nil, status.Errorf(status.NotFound, "failed adding new peer: account not found") } - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer func() { - if unlock != nil { - unlock() - } - }() - // This is a handling for the case when the same machine (with the same WireGuard pub key) tries to register twice. // Such case is possible when AddPeer function takes long time to finish after AcquireWriteLockByUID (e.g., database is slow) // and the peer disconnects with a timeout and tries to register again. @@ -663,9 +650,6 @@ func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID s am.StoreEvent(ctx, opEvent.InitiatorID, opEvent.TargetID, opEvent.AccountID, opEvent.Activity, opEvent.Meta) - unlock() - unlock = nil - if updateAccountPeers { am.BufferUpdateAccountPeers(ctx, accountID) } @@ -805,15 +789,6 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer } } - unlockAccount := am.Store.AcquireReadLockByUID(ctx, accountID) - defer unlockAccount() - unlockPeer := am.Store.AcquireWriteLockByUID(ctx, login.WireGuardPubKey) - defer func() { - if unlockPeer != nil { - unlockPeer() - } - }() - var peer *nbpeer.Peer var updateRemotePeers bool var isRequiresApproval bool @@ -894,9 +869,6 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer return nil, nil, nil, err } - unlockPeer() - unlockPeer = nil - if updateRemotePeers || isStatusChanged || (isPeerUpdated && len(postureChecks) > 0) { am.BufferUpdateAccountPeers(ctx, accountID) } diff --git a/management/server/policy.go b/management/server/policy.go index 1e9331d43..e2e78c849 100644 --- a/management/server/policy.go +++ b/management/server/policy.go @@ -32,9 +32,6 @@ func (am *DefaultAccountManager) GetPolicy(ctx context.Context, accountID, polic // SavePolicy in the store func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, userID string, policy *types.Policy, create bool) (*types.Policy, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - operation := operations.Create if !create { operation = operations.Update @@ -88,9 +85,6 @@ func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, user // DeletePolicy from the store func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, policyID, userID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Policies, operations.Delete) if err != nil { return status.NewPermissionValidationError(err) diff --git a/management/server/posture_checks.go b/management/server/posture_checks.go index f91e89b45..a6704fb70 100644 --- a/management/server/posture_checks.go +++ b/management/server/posture_checks.go @@ -32,9 +32,6 @@ func (am *DefaultAccountManager) GetPostureChecks(ctx context.Context, accountID // SavePostureChecks saves a posture check. func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountID, userID string, postureChecks *posture.Checks, create bool) (*posture.Checks, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - operation := operations.Create if !create { operation = operations.Update @@ -87,9 +84,6 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI // DeletePostureChecks deletes a posture check by ID. func (am *DefaultAccountManager) DeletePostureChecks(ctx context.Context, accountID, postureChecksID, userID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Read) if err != nil { return status.NewPermissionValidationError(err) diff --git a/management/server/route.go b/management/server/route.go index 32ff39977..701e4637e 100644 --- a/management/server/route.go +++ b/management/server/route.go @@ -135,9 +135,6 @@ func getRouteDescriptor(prefix netip.Prefix, domains domain.List) string { // CreateRoute creates and saves a new route func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID string, prefix netip.Prefix, networkType route.NetworkType, domains domain.List, peerID string, peerGroupIDs []string, description string, netID route.NetID, masquerade bool, metric int, groups, accessControlGroupIDs []string, enabled bool, userID string, keepRoute bool) (*route.Route, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Create) if err != nil { return nil, status.NewPermissionValidationError(err) @@ -202,9 +199,6 @@ func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID stri // SaveRoute saves route func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userID string, routeToSave *route.Route) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Update) if err != nil { return status.NewPermissionValidationError(err) @@ -259,9 +253,6 @@ func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userI // DeleteRoute deletes route with routeID func (am *DefaultAccountManager) DeleteRoute(ctx context.Context, accountID string, routeID route.ID, userID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Delete) if err != nil { return status.NewPermissionValidationError(err) diff --git a/management/server/setupkey.go b/management/server/setupkey.go index b0903c8d0..b871f4cea 100644 --- a/management/server/setupkey.go +++ b/management/server/setupkey.go @@ -55,8 +55,6 @@ type SetupKeyUpdateOperation struct { // and adds it to the specified account. A list of autoGroups IDs can be empty. func (am *DefaultAccountManager) CreateSetupKey(ctx context.Context, accountID string, keyName string, keyType types.SetupKeyType, expiresIn time.Duration, autoGroups []string, usageLimit int, userID string, ephemeral bool, allowExtraDNSLabels bool) (*types.SetupKey, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.SetupKeys, operations.Create) if err != nil { @@ -107,9 +105,6 @@ func (am *DefaultAccountManager) SaveSetupKey(ctx context.Context, accountID str return nil, status.Errorf(status.InvalidArgument, "provided setup key to update is nil") } - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.SetupKeys, operations.Update) if err != nil { return nil, status.NewPermissionValidationError(err) diff --git a/management/server/store/store.go b/management/server/store/store.go index d41379b1c..829e872c8 100644 --- a/management/server/store/store.go +++ b/management/server/store/store.go @@ -161,10 +161,6 @@ type Store interface { GetInstallationID() string SaveInstallationID(ctx context.Context, ID string) error - // AcquireWriteLockByUID should attempt to acquire a lock for write purposes and return a function that releases the lock - AcquireWriteLockByUID(ctx context.Context, uniqueID string) func() - // AcquireReadLockByUID should attempt to acquire lock for read purposes and return a function that releases the lock - AcquireReadLockByUID(ctx context.Context, uniqueID string) func() // AcquireGlobalLock should attempt to acquire a global lock and return a function that releases the lock AcquireGlobalLock(ctx context.Context) func() diff --git a/management/server/user.go b/management/server/user.go index a1f1c46d5..efa091b27 100644 --- a/management/server/user.go +++ b/management/server/user.go @@ -26,9 +26,6 @@ import ( // createServiceUser creates a new service user under the given account. func (am *DefaultAccountManager) createServiceUser(ctx context.Context, accountID string, initiatorUserID string, role types.UserRole, serviceUserName string, nonDeletable bool, autoGroups []string) (*types.UserInfo, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, initiatorUserID, modules.Users, operations.Create) if err != nil { return nil, status.NewPermissionValidationError(err) @@ -76,9 +73,6 @@ func (am *DefaultAccountManager) CreateUser(ctx context.Context, accountID, user // inviteNewUser Invites a USer to a given account and creates reference in datastore func (am *DefaultAccountManager) inviteNewUser(ctx context.Context, accountID, userID string, invite *types.UserInfo) (*types.UserInfo, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - if am.idpManager == nil { return nil, status.Errorf(status.PreconditionFailed, "IdP manager must be enabled to send user invites") } @@ -227,9 +221,6 @@ func (am *DefaultAccountManager) DeleteUser(ctx context.Context, accountID, init return status.Errorf(status.InvalidArgument, "self deletion is not allowed") } - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - initiatorUser, err := am.Store.GetUserByUserID(ctx, store.LockingStrengthShare, initiatorUserID) if err != nil { return err @@ -285,9 +276,6 @@ func (am *DefaultAccountManager) DeleteUser(ctx context.Context, accountID, init // InviteUser resend invitations to users who haven't activated their accounts prior to the expiration period. func (am *DefaultAccountManager) InviteUser(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - if am.idpManager == nil { return status.Errorf(status.PreconditionFailed, "IdP manager must be enabled to send user invites") } @@ -328,9 +316,6 @@ func (am *DefaultAccountManager) InviteUser(ctx context.Context, accountID strin // CreatePAT creates a new PAT for the given user func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*types.PersonalAccessTokenGenerated, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - if tokenName == "" { return nil, status.Errorf(status.InvalidArgument, "token name can't be empty") } @@ -379,9 +364,6 @@ func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string // DeletePAT deletes a specific PAT from a user func (am *DefaultAccountManager) DeletePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) error { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, initiatorUserID, modules.Pats, operations.Delete) if err != nil { return status.NewPermissionValidationError(err) @@ -481,9 +463,6 @@ func (am *DefaultAccountManager) SaveUser(ctx context.Context, accountID, initia // SaveOrAddUser updates the given user. If addIfNotExists is set to true it will add user when no exist // Only User.AutoGroups, User.Role, and User.Blocked fields are allowed to be updated for now. func (am *DefaultAccountManager) SaveOrAddUser(ctx context.Context, accountID, initiatorUserID string, update *types.User, addIfNotExists bool) (*types.UserInfo, error) { - unlock := am.Store.AcquireWriteLockByUID(ctx, accountID) - defer unlock() - updatedUsers, err := am.SaveOrAddUsers(ctx, accountID, initiatorUserID, []*types.User{update}, addIfNotExists) if err != nil { return nil, err