|
|
|
@ -17,10 +17,8 @@ import (
|
|
|
|
"github.com/hashicorp/boundary/internal/db"
|
|
|
|
"github.com/hashicorp/boundary/internal/db"
|
|
|
|
"github.com/hashicorp/boundary/internal/db/timestamp"
|
|
|
|
"github.com/hashicorp/boundary/internal/db/timestamp"
|
|
|
|
"github.com/hashicorp/boundary/internal/errors"
|
|
|
|
"github.com/hashicorp/boundary/internal/errors"
|
|
|
|
"github.com/hashicorp/boundary/internal/iam"
|
|
|
|
|
|
|
|
"github.com/hashicorp/boundary/internal/kms"
|
|
|
|
"github.com/hashicorp/boundary/internal/kms"
|
|
|
|
"github.com/hashicorp/boundary/internal/perms"
|
|
|
|
"github.com/hashicorp/boundary/internal/perms"
|
|
|
|
"github.com/hashicorp/boundary/internal/types/scope"
|
|
|
|
|
|
|
|
"github.com/hashicorp/boundary/internal/util"
|
|
|
|
"github.com/hashicorp/boundary/internal/util"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
@ -91,24 +89,21 @@ func (r *Repository) LookupAppToken(ctx context.Context, id string, opt ...Optio
|
|
|
|
|
|
|
|
|
|
|
|
var at AppToken
|
|
|
|
var at AppToken
|
|
|
|
lookupFunc := func(reader db.Reader, w db.Writer) error {
|
|
|
|
lookupFunc := func(reader db.Reader, w db.Writer) error {
|
|
|
|
scopeType, err := getAppTokenScopeType(ctx, reader, id)
|
|
|
|
scopeId, err := getAppTokenScopeId(ctx, reader, id)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrap(ctx, err, op)
|
|
|
|
return errors.Wrap(ctx, err, op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var query string
|
|
|
|
var query string
|
|
|
|
switch scopeType {
|
|
|
|
switch {
|
|
|
|
case scope.Global:
|
|
|
|
case strings.HasPrefix(scopeId, globals.GlobalPrefix):
|
|
|
|
query = getAppTokenGlobalQuery
|
|
|
|
query = getAppTokenGlobalQuery
|
|
|
|
|
|
|
|
case strings.HasPrefix(scopeId, globals.OrgPrefix):
|
|
|
|
case scope.Org:
|
|
|
|
|
|
|
|
query = getAppTokenOrgQuery
|
|
|
|
query = getAppTokenOrgQuery
|
|
|
|
|
|
|
|
case strings.HasPrefix(scopeId, globals.ProjectPrefix):
|
|
|
|
case scope.Project:
|
|
|
|
|
|
|
|
query = getAppTokenProjectQuery
|
|
|
|
query = getAppTokenProjectQuery
|
|
|
|
|
|
|
|
default:
|
|
|
|
case scope.Unknown:
|
|
|
|
return errors.New(ctx, errors.InvalidParameter, op, fmt.Sprintf("unknown scope type for scope id: %s", scopeId))
|
|
|
|
return errors.New(ctx, errors.Unknown, op, fmt.Sprintf("unknown scope type for app token: %s", id))
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
rows, err := reader.Query(ctx, query, []any{
|
|
|
|
rows, err := reader.Query(ctx, query, []any{
|
|
|
|
@ -142,7 +137,7 @@ func (r *Repository) LookupAppToken(ctx context.Context, id string, opt ...Optio
|
|
|
|
return errors.Wrap(ctx, err, op)
|
|
|
|
return errors.Wrap(ctx, err, op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if res.publicId == "" {
|
|
|
|
if res.publicId == "" {
|
|
|
|
return errors.New(ctx, errors.NotFound, op, fmt.Sprintf("app token %v not found", id))
|
|
|
|
return errors.New(ctx, errors.NotFound, op, "app token not found")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Unpack permissions JSON from query results
|
|
|
|
// Unpack permissions JSON from query results
|
|
|
|
@ -787,87 +782,33 @@ func (r *Repository) estimatedCount(ctx context.Context) (int, error) {
|
|
|
|
return count, nil
|
|
|
|
return count, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// getAppTokenScopeType returns the [scope.Type] of an App Token by reading it from the base type app_token table.
|
|
|
|
// getAppTokenScopeId returns the scope id of the app token
|
|
|
|
// Use this to get scope ID to determine which of the app token subtype tables to operate on.
|
|
|
|
func getAppTokenScopeId(ctx context.Context, reader db.Reader, id string) (string, error) {
|
|
|
|
func getAppTokenScopeType(ctx context.Context, reader db.Reader, id string) (scope.Type, error) {
|
|
|
|
const op = "apptoken.getAppTokenScopeId"
|
|
|
|
const op = "apptoken.getAppTokenScopeType"
|
|
|
|
|
|
|
|
if id == "" {
|
|
|
|
if id == "" {
|
|
|
|
return scope.Unknown, errors.New(ctx, errors.InvalidParameter, op, "missing app token id")
|
|
|
|
return "", errors.New(ctx, errors.InvalidParameter, op, "missing app token id")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if reader == nil {
|
|
|
|
if reader == nil {
|
|
|
|
return scope.Unknown, errors.New(ctx, errors.InvalidParameter, op, "missing db.Reader")
|
|
|
|
return "", errors.New(ctx, errors.InvalidParameter, op, "missing db.Reader")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
rows, err := reader.Query(ctx, scopeIdFromAppTokenIdQuery, []any{sql.Named("public_id", id)})
|
|
|
|
rows, err := reader.Query(ctx, scopeIdFromAppTokenIdQuery, []any{sql.Named("public_id", id)})
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return scope.Unknown, errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("failed to lookup app token scope for id: %s", id)))
|
|
|
|
return "", errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("failed to lookup app token scope for id: %s", id)))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
defer rows.Close()
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
|
|
|
|
var scopeIds []string
|
|
|
|
var scopeId string
|
|
|
|
for rows.Next() {
|
|
|
|
for rows.Next() {
|
|
|
|
if err := reader.ScanRows(ctx, rows, &scopeIds); err != nil {
|
|
|
|
if err := reader.ScanRows(ctx, rows, &scopeId); err != nil {
|
|
|
|
return scope.Unknown, errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("failed scan results from querying app token scope for id: %s", id)))
|
|
|
|
return "", errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("failed scan results from querying app token scope for id: %s", id)))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := rows.Err(); err != nil {
|
|
|
|
if err := rows.Err(); err != nil {
|
|
|
|
return scope.Unknown, errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("unexpected error scanning results from querying app token scope for id: %s", id)))
|
|
|
|
return "", errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("unexpected error scanning results from querying app token scope for id: %s", id)))
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(scopeIds) == 0 {
|
|
|
|
|
|
|
|
return scope.Unknown, errors.New(ctx, errors.RecordNotFound, op, fmt.Sprintf("app token %s not found", id))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(scopeIds) > 1 {
|
|
|
|
|
|
|
|
return scope.Unknown, errors.New(ctx, errors.MultipleRecords, op, fmt.Sprintf("expected 1 row but got: %d", len(scopeIds)))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
scopeId := scopeIds[0]
|
|
|
|
|
|
|
|
switch {
|
|
|
|
|
|
|
|
case strings.HasPrefix(scopeId, globals.GlobalPrefix):
|
|
|
|
|
|
|
|
return scope.Global, nil
|
|
|
|
|
|
|
|
case strings.HasPrefix(scopeId, globals.OrgPrefix):
|
|
|
|
|
|
|
|
return scope.Org, nil
|
|
|
|
|
|
|
|
case strings.HasPrefix(scopeId, globals.ProjectPrefix):
|
|
|
|
|
|
|
|
return scope.Project, nil
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
|
|
|
return scope.Unknown, fmt.Errorf("unknown scope type for app token %s", id)
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// getAppTokenScope returns the scope of the app token
|
|
|
|
if scopeId == "" {
|
|
|
|
func getAppTokenScope(ctx context.Context, r db.Reader, id string) (*iam.Scope, error) {
|
|
|
|
return "", errors.New(ctx, errors.RecordNotFound, op, fmt.Sprintf("app token %s not found", id))
|
|
|
|
const op = "apptoken.getAppTokenScope"
|
|
|
|
|
|
|
|
if id == "" {
|
|
|
|
|
|
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing app token id")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if r == nil {
|
|
|
|
|
|
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing db.Reader")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
rows, err := r.Query(ctx, scopeIdFromAppTokenIdQuery, []any{sql.Named("public_id", id)})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return nil, errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("failed to lookup app token scope for :%s", id)))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var scopeIds []string
|
|
|
|
|
|
|
|
for rows.Next() {
|
|
|
|
|
|
|
|
if err := r.ScanRows(ctx, rows, &scopeIds); err != nil {
|
|
|
|
|
|
|
|
return nil, errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("failed scan results from querying app token scope for :%s", id)))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := rows.Err(); err != nil {
|
|
|
|
|
|
|
|
return nil, errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("unexpected error scanning results from querying app token scope for :%s", id)))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if len(scopeIds) == 0 {
|
|
|
|
|
|
|
|
return nil, errors.New(ctx, errors.RecordNotFound, op, fmt.Sprintf("app token %s not found", id))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(scopeIds) > 1 {
|
|
|
|
|
|
|
|
return nil, errors.New(ctx, errors.MultipleRecords, op, fmt.Sprintf("expected 1 row but got: %d", len(scopeIds)))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
scp := iam.AllocScope()
|
|
|
|
|
|
|
|
scp.PublicId = scopeIds[0]
|
|
|
|
|
|
|
|
err = r.LookupByPublicId(ctx, &scp)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return nil, errors.Wrap(ctx, err, op, errors.WithMsg("failed to lookup app token scope"))
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return &scp, nil
|
|
|
|
return scopeId, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|