Fix entity alias deletion (#12834)

* Fix entity alias deletion

* Fix tests

* Add CL
This commit is contained in:
Vishal Nayak 2021-10-19 15:05:06 -04:00 committed by GitHub
parent 1347d4c534
commit 6eead9f09b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 6 deletions

3
changelog/12834.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID
```

View File

@ -6,6 +6,8 @@ import (
"testing" "testing"
"time" "time"
"github.com/stretchr/testify/require"
"github.com/armon/go-metrics" "github.com/armon/go-metrics"
"github.com/go-test/deep" "github.com/go-test/deep"
"github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes"
@ -18,6 +20,61 @@ import (
"github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/logical"
) )
func TestIdentityStore_DeleteEntityAlias(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
txn := c.identityStore.db.Txn(true)
defer txn.Abort()
alias := &identity.Alias{
ID: "testAliasID1",
CanonicalID: "testEntityID",
MountType: "testMountType",
MountAccessor: "testMountAccessor",
Name: "testAliasName",
LocalBucketKey: c.identityStore.localAliasPacker.BucketKey("testEntityID"),
}
alias2 := &identity.Alias{
ID: "testAliasID2",
CanonicalID: "testEntityID",
MountType: "testMountType",
MountAccessor: "testMountAccessor2",
Name: "testAliasName2",
LocalBucketKey: c.identityStore.localAliasPacker.BucketKey("testEntityID"),
}
entity := &identity.Entity{
ID: "testEntityID",
Name: "testEntityName",
Policies: []string{"foo", "bar"},
Aliases: []*identity.Alias{
alias,
alias2,
},
NamespaceID: namespace.RootNamespaceID,
BucketKey: c.identityStore.entityPacker.BucketKey("testEntityID"),
}
err := c.identityStore.upsertEntityInTxn(context.Background(), txn, entity, nil, false)
require.NoError(t, err)
err = c.identityStore.deleteAliasesInEntityInTxn(txn, entity, []*identity.Alias{alias, alias2})
require.NoError(t, err)
txn.Commit()
alias, err = c.identityStore.MemDBAliasByID("testAliasID1", false, false)
require.NoError(t, err)
require.Nil(t, alias)
alias, err = c.identityStore.MemDBAliasByID("testAliasID2", false, false)
require.NoError(t, err)
require.Nil(t, alias)
entity, err = c.identityStore.MemDBEntityByID("testEntityID", false)
require.NoError(t, err)
require.Len(t, entity.Aliases, 0)
}
func TestIdentityStore_UnsealingWhenConflictingAliasNames(t *testing.T) { func TestIdentityStore_UnsealingWhenConflictingAliasNames(t *testing.T) {
err := AddTestCredentialBackend("github", credGithub.Factory) err := AddTestCredentialBackend("github", credGithub.Factory)
if err != nil { if err != nil {

View File

@ -1662,15 +1662,18 @@ func (i *IdentityStore) deleteAliasesInEntityInTxn(txn *memdb.Txn, entity *ident
var remainList []*identity.Alias var remainList []*identity.Alias
var removeList []*identity.Alias var removeList []*identity.Alias
for _, item := range entity.Aliases {
for _, item := range aliases { remove := false
for _, alias := range entity.Aliases { for _, alias := range aliases {
if alias.ID == item.ID { if alias.ID == item.ID {
removeList = append(removeList, alias) remove = true
} else {
remainList = append(remainList, alias)
} }
} }
if remove {
removeList = append(removeList, item)
} else {
remainList = append(remainList, item)
}
} }
// Remove identity indices from aliases table for those that needs to // Remove identity indices from aliases table for those that needs to