From 0a44ed3edd00297315559df396e1568bf708030d Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 16 Sep 2020 11:15:42 -0400 Subject: [PATCH] Fix global scope lookup (#367) The changed auth logic + verify logic in the scope handler pass the parent ID for validation, which is correct, as a scope lives in its parent ID. However, the global scope has no parent, and the changes resulted in an empty ID being passed in rather than the global scope itself. This fixes that lookup. --- internal/auth/auth.go | 5 +++++ internal/cmd/commands/scopes/scope.go | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 37f0e5e094..ae42d50602 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -17,6 +17,7 @@ import ( "github.com/hashicorp/boundary/internal/servers/controller/common" "github.com/hashicorp/boundary/internal/servers/controller/handlers" "github.com/hashicorp/boundary/internal/types/action" + "github.com/hashicorp/boundary/internal/types/resource" "github.com/hashicorp/boundary/internal/types/scope" "github.com/hashicorp/boundary/sdk/recovery" "github.com/hashicorp/go-hclog" @@ -143,6 +144,10 @@ func Verify(ctx context.Context, opt ...Option) (ret VerifyResults) { Pin: opts.withPin, Type: opts.withType, } + // Global scope has no parent ID; account for this + if opts.withId == scope.Global.String() && opts.withType == resource.Scope { + v.res.ScopeId = scope.Global.String() + } if v.requestInfo.EncryptedToken != "" { v.decryptToken() diff --git a/internal/cmd/commands/scopes/scope.go b/internal/cmd/commands/scopes/scope.go index 8b3633d880..b39d5dfb85 100644 --- a/internal/cmd/commands/scopes/scope.go +++ b/internal/cmd/commands/scopes/scope.go @@ -117,7 +117,9 @@ func (c *Command) Run(args []string) int { opts = append(opts, scopes.WithDescription(c.FlagDescription)) } - opts = append(opts, scopes.WithSkipRoleCreation(c.flagSkipRoleCreation)) + if c.flagSkipRoleCreation { + opts = append(opts, scopes.WithSkipRoleCreation(c.flagSkipRoleCreation)) + } scopeClient := scopes.NewClient(client)