Fix identity case sensitivity loading in secondary cluster (#7327)
* Fix identity case sensitivity loading in secondary cluster * Add nil check
This commit is contained in:
Vishal Nayak
GitHub
parent
ae81c1d665
commit
c84f804f48
|
|
@ -23,6 +23,7 @@ const (
|
|||
)
|
||||
|
||||
var (
|
||||
caseSensitivityKey = "casesensitivity"
|
||||
sendGroupUpgrade = func(*IdentityStore, *identity.Group) (bool, error) { return false, nil }
|
||||
parseExtraEntityFromBucket = func(context.Context, *IdentityStore, *identity.Entity) (bool, error) { return false, nil }
|
||||
addExtraEntityDataToResponse = func(*identity.Entity, map[string]interface{}) {}
|
||||
|
|
@ -72,9 +73,10 @@ func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendCo
|
|||
}
|
||||
|
||||
iStore.Backend = &framework.Backend{
|
||||
BackendType: logical.TypeLogical,
|
||||
Paths: iStore.paths(),
|
||||
Invalidate: iStore.Invalidate,
|
||||
BackendType: logical.TypeLogical,
|
||||
Paths: iStore.paths(),
|
||||
Invalidate: iStore.Invalidate,
|
||||
InitializeFunc: iStore.initialize,
|
||||
PathsSpecial: &logical.Paths{
|
||||
Unauthenticated: []string{
|
||||
"oidc/.well-known/*",
|
||||
|
|
@ -109,6 +111,17 @@ func (i *IdentityStore) paths() []*framework.Path {
|
|||
)
|
||||
}
|
||||
|
||||
func (i *IdentityStore) initialize(ctx context.Context, req *logical.InitializationRequest) error {
|
||||
entry, err := logical.StorageEntryJSON(caseSensitivityKey, &casesensitivity{
|
||||
DisableLowerCasedNames: i.disableLowerCasedNames,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return i.view.Put(ctx, entry)
|
||||
}
|
||||
|
||||
// Invalidate is a callback wherein the backend is informed that the value at
|
||||
// the given key is updated. In identity store's case, it would be the entity
|
||||
// storage entries that get updated. The value needs to be read and MemDB needs
|
||||
|
|
@ -120,6 +133,41 @@ func (i *IdentityStore) Invalidate(ctx context.Context, key string) {
|
|||
defer i.lock.Unlock()
|
||||
|
||||
switch {
|
||||
case key == caseSensitivityKey:
|
||||
entry, err := i.view.Get(ctx, caseSensitivityKey)
|
||||
if err != nil {
|
||||
i.logger.Error("failed to read case sensitivity setting during invalidation", "error", err)
|
||||
return
|
||||
}
|
||||
if entry == nil {
|
||||
return
|
||||
}
|
||||
|
||||
var setting casesensitivity
|
||||
if err := entry.DecodeJSON(&setting); err != nil {
|
||||
i.logger.Error("failed to decode case sensitivity setting during invalidation", "error", err)
|
||||
return
|
||||
}
|
||||
|
||||
// Fast return if the setting is the same
|
||||
if i.disableLowerCasedNames == setting.DisableLowerCasedNames {
|
||||
return
|
||||
}
|
||||
|
||||
// If the setting is different, reset memdb and reload all the artifacts
|
||||
i.disableLowerCasedNames = setting.DisableLowerCasedNames
|
||||
if err := i.resetDB(ctx); err != nil {
|
||||
i.logger.Error("failed to reset memdb during invalidation", "error", err)
|
||||
return
|
||||
}
|
||||
if err := i.loadEntities(ctx); err != nil {
|
||||
i.logger.Error("failed to load entities during invalidation", "error", err)
|
||||
return
|
||||
}
|
||||
if err := i.loadGroups(ctx); err != nil {
|
||||
i.logger.Error("failed to load groups during invalidation", "error", err)
|
||||
return
|
||||
}
|
||||
// Check if the key is a storage entry key for an entity bucket
|
||||
case strings.HasPrefix(key, storagepacker.StoragePackerBucketsPrefix):
|
||||
// Create a MemDB transaction
|
||||
|
|
|
|||
|
|
@ -87,3 +87,7 @@ type groupDiff struct {
|
|||
Deleted []*identity.Group
|
||||
Unmodified []*identity.Group
|
||||
}
|
||||
|
||||
type casesensitivity struct {
|
||||
DisableLowerCasedNames bool `json:"disable_lower_cased_names"`
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue