From 12f28e9aa461f0b914ff93002a44aac0efeea6e9 Mon Sep 17 00:00:00 2001 From: Givi Khojanashvili Date: Mon, 19 Jun 2023 11:33:44 +0400 Subject: [PATCH] Fix migration fro groups issue --- management/server/account.go | 5 +++-- management/server/account_test.go | 6 ++++-- management/server/file_store.go | 12 ++++++++---- management/server/file_store_test.go | 19 ++++++++++++++++++- 4 files changed, 33 insertions(+), 9 deletions(-) diff --git a/management/server/account.go b/management/server/account.go index e48fd9ee6..255412957 100644 --- a/management/server/account.go +++ b/management/server/account.go @@ -1392,8 +1392,9 @@ func (am *DefaultAccountManager) GetDNSDomain() string { func addAllGroup(account *Account) error { if len(account.Groups) == 0 { allGroup := &Group{ - ID: xid.New().String(), - Name: "All", + ID: xid.New().String(), + Name: "All", + Issued: GroupIssuedAPI, } for _, peer := range account.Peers { allGroup.Peers = append(allGroup.Peers, peer.ID) diff --git a/management/server/account_test.go b/management/server/account_test.go index 4d2d6d5c4..b0e28dcbc 100644 --- a/management/server/account_test.go +++ b/management/server/account_test.go @@ -489,7 +489,8 @@ func TestDefaultAccountManager_GetGroupsFromTheToken(t *testing.T) { t.Run("JWT groups enabled without claim name", func(t *testing.T) { initAccount.Settings.JWTGroupsEnabled = true - manager.Store.SaveAccount(initAccount) + err := manager.Store.SaveAccount(initAccount) + require.NoError(t, err, "save account failed") account, _, err := manager.GetAccountFromToken(claims) require.NoError(t, err, "get account by token failed") @@ -499,7 +500,8 @@ func TestDefaultAccountManager_GetGroupsFromTheToken(t *testing.T) { t.Run("JWT groups enabled", func(t *testing.T) { initAccount.Settings.JWTGroupsEnabled = true initAccount.Settings.JWTGroupsClaimName = "idp-groups" - manager.Store.SaveAccount(initAccount) + err := manager.Store.SaveAccount(initAccount) + require.NoError(t, err, "save account failed") account, _, err := manager.GetAccountFromToken(claims) require.NoError(t, err, "get account by token failed") diff --git a/management/server/file_store.go b/management/server/file_store.go index 09a6063d7..4bbe95a10 100644 --- a/management/server/file_store.go +++ b/management/server/file_store.go @@ -157,6 +157,14 @@ func restore(file string) (*FileStore, error) { addPeerLabelsToAccount(account, existingLabels) } + // TODO: delete this block after migration + // Set API as issuer for groups which has not this field + for _, group := range account.Groups { + if group.Issued == "" { + group.Issued = GroupIssuedAPI + } + } + allGroup, err := account.GetGroupAll() if err != nil { log.Errorf("unable to find the All group, this should happen only when migrate from a version that didn't support groups. Error: %v", err) @@ -205,10 +213,6 @@ func restore(file string) (*FileStore, error) { group.Peers[i] = p.ID } } - // TODO: delete this block after migration - if group.Issued == "" { - group.Issued = GroupIssuedAPI - } } // detect routes that have Peer.Key as a reference and replace it with ID. diff --git a/management/server/file_store_test.go b/management/server/file_store_test.go index 7d1b49812..8408014bd 100644 --- a/management/server/file_store_test.go +++ b/management/server/file_store_test.go @@ -310,15 +310,32 @@ func TestRestoreGroups_Migration(t *testing.T) { return } + // create default group account := store.Accounts["bf1c8084-ba50-4ce7-9439-34653001fc3b"] + account.Groups = map[string]*Group{ + "cfefqs706sqkneg59g3g": { + ID: "cfefqs706sqkneg59g3g", + Name: "All", + }, + } + err = store.SaveAccount(account) + require.NoError(t, err, "failed to save account") + + // restore account with default group with empty Issue field + if store, err = NewFileStore(storeDir, nil); err != nil { + return + } + account = store.Accounts["bf1c8084-ba50-4ce7-9439-34653001fc3b"] + require.Len(t, account.Groups, 1, "failed to restore a FileStore file - missing Account Groups") + // check that default group has API issued mark var group *Group for _, g := range account.Groups { group = g } - require.Equal(t, group.Issued, GroupIssuedAPI, "default group should has API issued mark") + require.Equal(t, GroupIssuedAPI, group.Issued, "default group should has API issued mark") } func TestGetAccountByPrivateDomain(t *testing.T) {