mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-12 09:50:47 +01:00
Fix failed to create policy and delete user PAT on postgres
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
This commit is contained in:
bcmmbaga
parent
2f7027194b
commit
a23a09bba3
@ -2430,16 +2430,17 @@ func newAccountWithId(ctx context.Context, store Store, accountID, userID, domai
|
|||||||
return fmt.Errorf("failed to save group All: %w", err)
|
return fmt.Errorf("failed to save group All: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
id := xid.New().String()
|
policyID := xid.New().String()
|
||||||
defaultPolicy := &Policy{
|
defaultPolicy := &Policy{
|
||||||
ID: id,
|
ID: policyID,
|
||||||
AccountID: accountID,
|
AccountID: accountID,
|
||||||
Name: DefaultPolicyName,
|
Name: DefaultPolicyName,
|
||||||
Description: DefaultPolicyDescription,
|
Description: DefaultPolicyDescription,
|
||||||
Enabled: true,
|
Enabled: true,
|
||||||
Rules: []*PolicyRule{
|
Rules: []*PolicyRule{
|
||||||
{
|
{
|
||||||
ID: id,
|
ID: xid.New().String(),
|
||||||
|
PolicyID: policyID,
|
||||||
Name: DefaultRuleName,
|
Name: DefaultRuleName,
|
||||||
Description: DefaultRuleDescription,
|
Description: DefaultRuleDescription,
|
||||||
Enabled: true,
|
Enabled: true,
|
||||||
@ -2451,7 +2452,7 @@ func newAccountWithId(ctx context.Context, store Store, accountID, userID, domai
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
if err := transaction.SavePolicy(ctx, LockingStrengthUpdate, defaultPolicy); err != nil {
|
if err := transaction.CreatePolicy(ctx, LockingStrengthUpdate, defaultPolicy); err != nil {
|
||||||
return fmt.Errorf("failed to save default policy: %w", err)
|
return fmt.Errorf("failed to save default policy: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -399,7 +399,12 @@ func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, user
|
|||||||
return fmt.Errorf("failed to increment network serial: %w", err)
|
return fmt.Errorf("failed to increment network serial: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = transaction.SavePolicy(ctx, LockingStrengthUpdate, policy); err != nil {
|
saveFunc := transaction.SavePolicy
|
||||||
|
if !isUpdate {
|
||||||
|
saveFunc = transaction.CreatePolicy
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := saveFunc(ctx, LockingStrengthUpdate, policy); err != nil {
|
||||||
return fmt.Errorf("failed to save policy: %w", err)
|
return fmt.Errorf("failed to save policy: %w", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
@ -421,7 +421,8 @@ func (s *SqlStore) SaveUsers(ctx context.Context, lockStrength LockingStrength,
|
|||||||
|
|
||||||
// SaveUser saves the given user to the database.
|
// SaveUser saves the given user to the database.
|
||||||
func (s *SqlStore) SaveUser(ctx context.Context, lockStrength LockingStrength, user *User) error {
|
func (s *SqlStore) SaveUser(ctx context.Context, lockStrength LockingStrength, user *User) error {
|
||||||
result := s.db.WithContext(ctx).Clauses(clause.Locking{Strength: string(lockStrength)}).Save(user)
|
result := s.db.WithContext(ctx).Clauses(clause.Locking{Strength: string(lockStrength)}).
|
||||||
|
Select(clause.Associations).Save(user)
|
||||||
if result.Error != nil {
|
if result.Error != nil {
|
||||||
log.WithContext(ctx).Errorf("failed to save user to store: %s", result.Error)
|
log.WithContext(ctx).Errorf("failed to save user to store: %s", result.Error)
|
||||||
return status.Errorf(status.Internal, "failed to save user to store")
|
return status.Errorf(status.Internal, "failed to save user to store")
|
||||||
@ -502,15 +503,19 @@ func (s *SqlStore) GetUserByUserID(ctx context.Context, lockStrength LockingStre
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *SqlStore) DeleteUser(ctx context.Context, lockStrength LockingStrength, accountID, userID string) error {
|
func (s *SqlStore) DeleteUser(ctx context.Context, lockStrength LockingStrength, accountID, userID string) error {
|
||||||
result := s.db.WithContext(ctx).Clauses(clause.Locking{Strength: string(lockStrength)}).
|
err := s.db.Transaction(func(tx *gorm.DB) error {
|
||||||
Delete(&User{}, accountAndIDQueryCondition, accountID, userID)
|
result := tx.WithContext(ctx).Clauses(clause.Locking{Strength: string(lockStrength)}).
|
||||||
if err := result.Error; err != nil {
|
Delete(&PersonalAccessToken{}, "user_id = ?", userID)
|
||||||
log.WithContext(ctx).Errorf("failed to delete user from the store: %s", err)
|
if result.Error != nil {
|
||||||
return status.Errorf(status.Internal, "failed to user policy from store")
|
return result.Error
|
||||||
}
|
}
|
||||||
|
|
||||||
if result.RowsAffected == 0 {
|
return tx.WithContext(ctx).Clauses(clause.Locking{Strength: string(lockStrength)}).
|
||||||
return status.NewUserNotFoundError(userID)
|
Delete(&User{}, accountAndIDQueryCondition, accountID, userID).Error
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
log.WithContext(ctx).Errorf("failed to delete user from the store: %s", err)
|
||||||
|
return status.Errorf(status.Internal, "failed to delete user from store")
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
@ -1414,6 +1419,16 @@ func (s *SqlStore) GetPolicyByID(ctx context.Context, lockStrength LockingStreng
|
|||||||
return policy, nil
|
return policy, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *SqlStore) CreatePolicy(ctx context.Context, lockStrength LockingStrength, policy *Policy) error {
|
||||||
|
result := s.db.WithContext(ctx).Clauses(clause.Locking{Strength: string(lockStrength)}).Create(policy)
|
||||||
|
if result.Error != nil {
|
||||||
|
log.WithContext(ctx).Errorf("failed to create policy in the store: %s", result.Error)
|
||||||
|
return status.Errorf(status.Internal, "failed to create policy in the store")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// SavePolicy saves a policy to the database.
|
// SavePolicy saves a policy to the database.
|
||||||
func (s *SqlStore) SavePolicy(ctx context.Context, lockStrength LockingStrength, policy *Policy) error {
|
func (s *SqlStore) SavePolicy(ctx context.Context, lockStrength LockingStrength, policy *Policy) error {
|
||||||
result := s.db.WithContext(ctx).Session(&gorm.Session{FullSaveAssociations: true}).
|
result := s.db.WithContext(ctx).Session(&gorm.Session{FullSaveAssociations: true}).
|
||||||
|
|||||||
@ -88,6 +88,7 @@ func runLargeTest(t *testing.T, store Store) {
|
|||||||
|
|
||||||
peer := &nbpeer.Peer{
|
peer := &nbpeer.Peer{
|
||||||
ID: peerID,
|
ID: peerID,
|
||||||
|
AccountID: accountID,
|
||||||
Key: peerID,
|
Key: peerID,
|
||||||
IP: netIP,
|
IP: netIP,
|
||||||
Name: peerID,
|
Name: peerID,
|
||||||
@ -96,8 +97,8 @@ func runLargeTest(t *testing.T, store Store) {
|
|||||||
Status: &nbpeer.PeerStatus{Connected: false, LastSeen: time.Now()},
|
Status: &nbpeer.PeerStatus{Connected: false, LastSeen: time.Now()},
|
||||||
SSHEnabled: false,
|
SSHEnabled: false,
|
||||||
}
|
}
|
||||||
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID, peer)
|
err = store.AddPeerToAccount(context.Background(), peer)
|
||||||
assert.NoError(t, err, "failed to save peer")
|
assert.NoError(t, err, "failed to add peer")
|
||||||
|
|
||||||
err = store.AddPeerToAllGroup(context.Background(), accountID, peerID)
|
err = store.AddPeerToAllGroup(context.Background(), accountID, peerID)
|
||||||
assert.NoError(t, err, "failed to add peer to all group")
|
assert.NoError(t, err, "failed to add peer to all group")
|
||||||
@ -237,12 +238,14 @@ func TestSqlite_SaveAccount(t *testing.T) {
|
|||||||
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
||||||
require.NoError(t, err, "failed to save setup key")
|
require.NoError(t, err, "failed to save setup key")
|
||||||
|
|
||||||
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID, &nbpeer.Peer{
|
err = store.AddPeerToAccount(context.Background(), &nbpeer.Peer{
|
||||||
Key: "peerkey",
|
ID: "testpeer",
|
||||||
IP: net.IP{127, 0, 0, 1},
|
Key: "peerkey",
|
||||||
Meta: nbpeer.PeerSystemMeta{},
|
IP: net.IP{127, 0, 0, 1},
|
||||||
Name: "peer name",
|
AccountID: accountID,
|
||||||
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
Meta: nbpeer.PeerSystemMeta{},
|
||||||
|
Name: "peer name",
|
||||||
|
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
||||||
})
|
})
|
||||||
require.NoError(t, err, "failed to save peer")
|
require.NoError(t, err, "failed to save peer")
|
||||||
|
|
||||||
@ -255,12 +258,14 @@ func TestSqlite_SaveAccount(t *testing.T) {
|
|||||||
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
||||||
require.NoError(t, err, "failed to save setup key")
|
require.NoError(t, err, "failed to save setup key")
|
||||||
|
|
||||||
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID2, &nbpeer.Peer{
|
err = store.AddPeerToAccount(context.Background(), &nbpeer.Peer{
|
||||||
Key: "peerkey2",
|
ID: "testpeer2",
|
||||||
IP: net.IP{127, 0, 0, 2},
|
Key: "peerkey2",
|
||||||
Meta: nbpeer.PeerSystemMeta{},
|
AccountID: accountID2,
|
||||||
Name: "peer name 2",
|
IP: net.IP{127, 0, 0, 2},
|
||||||
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
Meta: nbpeer.PeerSystemMeta{},
|
||||||
|
Name: "peer name 2",
|
||||||
|
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
||||||
})
|
})
|
||||||
require.NoError(t, err, "failed to save peer")
|
require.NoError(t, err, "failed to save peer")
|
||||||
|
|
||||||
@ -312,12 +317,6 @@ func TestSqlite_DeleteAccount(t *testing.T) {
|
|||||||
accountID := "account_id"
|
accountID := "account_id"
|
||||||
testUserID := "testuser"
|
testUserID := "testuser"
|
||||||
|
|
||||||
user := NewAdminUser(testUserID)
|
|
||||||
user.PATs = map[string]*PersonalAccessToken{"testtoken": {
|
|
||||||
ID: "testtoken",
|
|
||||||
Name: "test token",
|
|
||||||
}}
|
|
||||||
|
|
||||||
err = newAccountWithId(context.Background(), store, accountID, testUserID, "")
|
err = newAccountWithId(context.Background(), store, accountID, testUserID, "")
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
@ -326,12 +325,14 @@ func TestSqlite_DeleteAccount(t *testing.T) {
|
|||||||
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
||||||
require.NoError(t, err, "failed to save setup key")
|
require.NoError(t, err, "failed to save setup key")
|
||||||
|
|
||||||
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID, &nbpeer.Peer{
|
err = store.AddPeerToAccount(context.Background(), &nbpeer.Peer{
|
||||||
Key: "peerkey",
|
ID: "testpeer",
|
||||||
IP: net.IP{127, 0, 0, 1},
|
Key: "peerkey",
|
||||||
Meta: nbpeer.PeerSystemMeta{},
|
AccountID: accountID,
|
||||||
Name: "peer name",
|
IP: net.IP{127, 0, 0, 1},
|
||||||
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
Meta: nbpeer.PeerSystemMeta{},
|
||||||
|
Name: "peer name",
|
||||||
|
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
||||||
})
|
})
|
||||||
require.NoError(t, err, "failed to save peer")
|
require.NoError(t, err, "failed to save peer")
|
||||||
|
|
||||||
@ -638,7 +639,7 @@ func TestSqlite_GetUserByTokenID(t *testing.T) {
|
|||||||
|
|
||||||
user, err := store.GetUserByPATID(context.Background(), LockingStrengthShare, id)
|
user, err := store.GetUserByPATID(context.Background(), LockingStrengthShare, id)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Equal(t, id, user.PATs[id].ID)
|
require.Equal(t, "f4f6d672-63fb-11ec-90d6-0242ac120003", user.Id)
|
||||||
|
|
||||||
_, err = store.GetUserByPATID(context.Background(), LockingStrengthShare, "non-existing-id")
|
_, err = store.GetUserByPATID(context.Background(), LockingStrengthShare, "non-existing-id")
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
@ -814,12 +815,14 @@ func TestPostgresql_SaveAccount(t *testing.T) {
|
|||||||
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
||||||
require.NoError(t, err, "failed to save setup key")
|
require.NoError(t, err, "failed to save setup key")
|
||||||
|
|
||||||
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID, &nbpeer.Peer{
|
err = store.AddPeerToAccount(context.Background(), &nbpeer.Peer{
|
||||||
Key: "peerkey",
|
ID: "testpeer",
|
||||||
IP: net.IP{127, 0, 0, 1},
|
Key: "peerkey",
|
||||||
Meta: nbpeer.PeerSystemMeta{},
|
IP: net.IP{127, 0, 0, 1},
|
||||||
Name: "peer name",
|
AccountID: accountID,
|
||||||
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
Meta: nbpeer.PeerSystemMeta{},
|
||||||
|
Name: "peer name",
|
||||||
|
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
||||||
})
|
})
|
||||||
require.NoError(t, err, "failed to save peer")
|
require.NoError(t, err, "failed to save peer")
|
||||||
|
|
||||||
@ -833,12 +836,14 @@ func TestPostgresql_SaveAccount(t *testing.T) {
|
|||||||
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
||||||
require.NoError(t, err, "failed to save setup key")
|
require.NoError(t, err, "failed to save setup key")
|
||||||
|
|
||||||
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID2, &nbpeer.Peer{
|
err = store.AddPeerToAccount(context.Background(), &nbpeer.Peer{
|
||||||
Key: "peerkey2",
|
ID: "testpeer2",
|
||||||
IP: net.IP{127, 0, 0, 2},
|
Key: "peerkey2",
|
||||||
Meta: nbpeer.PeerSystemMeta{},
|
AccountID: accountID2,
|
||||||
Name: "peer name 2",
|
IP: net.IP{127, 0, 0, 2},
|
||||||
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
Meta: nbpeer.PeerSystemMeta{},
|
||||||
|
Name: "peer name 2",
|
||||||
|
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
||||||
})
|
})
|
||||||
require.NoError(t, err, "failed to save peer")
|
require.NoError(t, err, "failed to save peer")
|
||||||
|
|
||||||
@ -907,12 +912,14 @@ func TestPostgresql_DeleteAccount(t *testing.T) {
|
|||||||
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
err = store.SaveSetupKey(context.Background(), LockingStrengthUpdate, setupKey)
|
||||||
require.NoError(t, err, "failed to save setup key")
|
require.NoError(t, err, "failed to save setup key")
|
||||||
|
|
||||||
err = store.SavePeer(context.Background(), LockingStrengthUpdate, accountID, &nbpeer.Peer{
|
err = store.AddPeerToAccount(context.Background(), &nbpeer.Peer{
|
||||||
Key: "peerkey",
|
ID: "testingpeer",
|
||||||
IP: net.IP{127, 0, 0, 1},
|
AccountID: accountID,
|
||||||
Meta: nbpeer.PeerSystemMeta{},
|
Key: "peerkey",
|
||||||
Name: "peer name",
|
IP: net.IP{127, 0, 0, 1},
|
||||||
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
Meta: nbpeer.PeerSystemMeta{},
|
||||||
|
Name: "peer name",
|
||||||
|
Status: &nbpeer.PeerStatus{Connected: true, LastSeen: time.Now().UTC()},
|
||||||
})
|
})
|
||||||
require.NoError(t, err, "failed to save peer")
|
require.NoError(t, err, "failed to save peer")
|
||||||
|
|
||||||
|
|||||||
@ -84,6 +84,7 @@ type Store interface {
|
|||||||
|
|
||||||
GetAccountPolicies(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*Policy, error)
|
GetAccountPolicies(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*Policy, error)
|
||||||
GetPolicyByID(ctx context.Context, lockStrength LockingStrength, accountID, policyID string) (*Policy, error)
|
GetPolicyByID(ctx context.Context, lockStrength LockingStrength, accountID, policyID string) (*Policy, error)
|
||||||
|
CreatePolicy(ctx context.Context, lockStrength LockingStrength, policy *Policy) error
|
||||||
SavePolicy(ctx context.Context, lockStrength LockingStrength, policy *Policy) error
|
SavePolicy(ctx context.Context, lockStrength LockingStrength, policy *Policy) error
|
||||||
DeletePolicy(ctx context.Context, lockStrength LockingStrength, accountID, policyID string) error
|
DeletePolicy(ctx context.Context, lockStrength LockingStrength, accountID, policyID string) error
|
||||||
|
|
||||||
|
|||||||
@ -69,7 +69,7 @@ type User struct {
|
|||||||
// AutoGroups is a list of Group IDs to auto-assign to peers registered by this user
|
// AutoGroups is a list of Group IDs to auto-assign to peers registered by this user
|
||||||
AutoGroups []string `gorm:"serializer:json"`
|
AutoGroups []string `gorm:"serializer:json"`
|
||||||
PATs map[string]*PersonalAccessToken `gorm:"-"`
|
PATs map[string]*PersonalAccessToken `gorm:"-"`
|
||||||
PATsG []PersonalAccessToken `json:"-" gorm:"foreignKey:UserID;references:id"`
|
PATsG []PersonalAccessToken `json:"-" gorm:"foreignKey:UserID;references:id;constraint:OnDelete:CASCADE;"`
|
||||||
// Blocked indicates whether the user is blocked. Blocked users can't use the system.
|
// Blocked indicates whether the user is blocked. Blocked users can't use the system.
|
||||||
Blocked bool
|
Blocked bool
|
||||||
// LastLogin is the last time the user logged in to IdP
|
// LastLogin is the last time the user logged in to IdP
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user