Fix migration fro groups issue

2026-04-16 15:26:40 +00:00 · 2023-06-19 11:33:44 +04:00
parent e41072e2fc
commit 12f28e9aa4
4 changed files with 33 additions and 9 deletions
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -1392,8 +1392,9 @@ func (am *DefaultAccountManager) GetDNSDomain() string {
 func addAllGroup(account *Account) error {
 	if len(account.Groups) == 0 {
 		allGroup := &Group{
-			ID:   xid.New().String(),
-			Name: "All",
+			ID:     xid.New().String(),
+			Name:   "All",
+			Issued: GroupIssuedAPI,
 		}
 		for _, peer := range account.Peers {
 			allGroup.Peers = append(allGroup.Peers, peer.ID)
--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@@ -489,7 +489,8 @@ func TestDefaultAccountManager_GetGroupsFromTheToken(t *testing.T) {

 	t.Run("JWT groups enabled without claim name", func(t *testing.T) {
 		initAccount.Settings.JWTGroupsEnabled = true
-		manager.Store.SaveAccount(initAccount)
+		err := manager.Store.SaveAccount(initAccount)
+		require.NoError(t, err, "save account failed")

 		account, _, err := manager.GetAccountFromToken(claims)
 		require.NoError(t, err, "get account by token failed")
@@ -499,7 +500,8 @@ func TestDefaultAccountManager_GetGroupsFromTheToken(t *testing.T) {
 	t.Run("JWT groups enabled", func(t *testing.T) {
 		initAccount.Settings.JWTGroupsEnabled = true
 		initAccount.Settings.JWTGroupsClaimName = "idp-groups"
-		manager.Store.SaveAccount(initAccount)
+		err := manager.Store.SaveAccount(initAccount)
+		require.NoError(t, err, "save account failed")

 		account, _, err := manager.GetAccountFromToken(claims)
 		require.NoError(t, err, "get account by token failed")
--- a/management/server/file_store.go
+++ b/management/server/file_store.go
@@ -157,6 +157,14 @@ func restore(file string) (*FileStore, error) {
 			addPeerLabelsToAccount(account, existingLabels)
 		}

+		// TODO: delete this block after migration
+		// Set API as issuer for groups which has not this field
+		for _, group := range account.Groups {
+			if group.Issued == "" {
+				group.Issued = GroupIssuedAPI
+			}
+		}
+
 		allGroup, err := account.GetGroupAll()
 		if err != nil {
 			log.Errorf("unable to find the All group, this should happen only when migrate from a version that didn't support groups. Error: %v", err)
@@ -205,10 +213,6 @@ func restore(file string) (*FileStore, error) {
 						group.Peers[i] = p.ID
 					}
 				}
-				// TODO: delete this block after migration
-				if group.Issued == "" {
-					group.Issued = GroupIssuedAPI
-				}
 			}

 			// detect routes that have Peer.Key as a reference and replace it with ID.
--- a/management/server/file_store_test.go
+++ b/management/server/file_store_test.go
@@ -310,15 +310,32 @@ func TestRestoreGroups_Migration(t *testing.T) {
 		return
 	}

+	// create default group
 	account := store.Accounts["bf1c8084-ba50-4ce7-9439-34653001fc3b"]
+	account.Groups = map[string]*Group{
+		"cfefqs706sqkneg59g3g": {
+			ID:   "cfefqs706sqkneg59g3g",
+			Name: "All",
+		},
+	}
+	err = store.SaveAccount(account)
+	require.NoError(t, err, "failed to save account")
+
+	// restore account with default group with empty Issue field
+	if store, err = NewFileStore(storeDir, nil); err != nil {
+		return
+	}
+	account = store.Accounts["bf1c8084-ba50-4ce7-9439-34653001fc3b"]
+
 	require.Len(t, account.Groups, 1, "failed to restore a FileStore file - missing Account Groups")

+	// check that default group has API issued mark
 	var group *Group
 	for _, g := range account.Groups {
 		group = g
 	}

-	require.Equal(t, group.Issued, GroupIssuedAPI, "default group should has API issued mark")
+	require.Equal(t, GroupIssuedAPI, group.Issued, "default group should has API issued mark")
 }

 func TestGetAccountByPrivateDomain(t *testing.T) {