luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Replicate member_entity_ids and policies in identity/group across nodes identically (#16088) 

* Replicate values of group member_entity_ids and policies across nodes identically

* Adding CL

* fixing tests
This commit is contained in:
Hamid Ghaf 2022-06-28 19:54:24 -04:00 committed by GitHub
parent 29cae725ce
commit fa754c7fa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/16088.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core/identity: Replicate member_entity_ids and policies in identity/group across nodes identically
```

14
vault/external_tests/identity/identity_test.go
View File

@ -628,8 +628,20 @@ func assertMember(t *testing.T, client *api.Client, entityID, groupName, groupID
t.Fatal(err) t.Fatal(err)
} }
groupMap := secret.Data groupMap := secret.Data
groupEntityMembers, ok := groupMap["member_entity_ids"].([]interface{})
if !ok && expectFound {
t.Fatalf("expected member_entity_ids not to be nil")
}
// if type assertion fails and expectFound is false, groupEntityMembers
// is nil, then let's just return, nothing to be done!
if !ok && !expectFound {
return
}
found := false found := false
for _, entityIDRaw := range groupMap["member_entity_ids"].([]interface{}) { for _, entityIDRaw := range groupEntityMembers {
if entityIDRaw.(string) == entityID { if entityIDRaw.(string) == entityID {
found = true found = true
} }

22
vault/identity_store_util.go
View File

@ -1473,19 +1473,23 @@ func (i *IdentityStore) sanitizeAndUpsertGroup(ctx context.Context, group *ident
} }
// Remove duplicate entity IDs and check if all IDs are valid // Remove duplicate entity IDs and check if all IDs are valid
group.MemberEntityIDs = strutil.RemoveDuplicates(group.MemberEntityIDs, false) if group.MemberEntityIDs != nil {
for _, entityID := range group.MemberEntityIDs { group.MemberEntityIDs = strutil.RemoveDuplicates(group.MemberEntityIDs, false)
entity, err := i.MemDBEntityByID(entityID, false) for _, entityID := range group.MemberEntityIDs {
if err != nil { entity, err := i.MemDBEntityByID(entityID, false)
return fmt.Errorf("failed to validate entity ID %q: %w", entityID, err) if err != nil {
} return fmt.Errorf("failed to validate entity ID %q: %w", entityID, err)
if entity == nil { }
return fmt.Errorf("invalid entity ID %q", entityID) if entity == nil {
return fmt.Errorf("invalid entity ID %q", entityID)
}
} }
} }
// Remove duplicate policies // Remove duplicate policies
group.Policies = strutil.RemoveDuplicates(group.Policies, false) if group.Policies != nil {
group.Policies = strutil.RemoveDuplicates(group.Policies, false)
}
txn := i.db.Txn(true) txn := i.db.Txn(true)
defer txn.Abort() defer txn.Abort()