Fix creation of initial Scope roles (#996)

* Fix the creation of initial roles and users so the admin has permission to list/read resources. * Adding known permission issue to CHANGELOG.md.
5 years ago · 48ef25433f
parent bb2d86eb39
commit 48ef25433f
2 changed files with 20 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,13 @@

 Canonical reference for changes, improvements, and bugfixes for Boundary.

+## Pending
+
+### Bug Fixes
+
+* server: Roles for auto generated scopes are now generated at database init.
+  [PR](https://github.com/hashicorp/boundary/pull/996)
+
 ## 0.1.8 (2021/03/10)

 ### Known Issues
@ -18,6 +25,15 @@ to call out in this changelog. The full set of open issues is on GitHub.
  test was using the normal table output since the output was ignored anyways.
  As a result, our CLI tests did not catch this panic. Our apologies, and we
  will fix this in the next release.
+* Initially Created Scopes: Starting in 0.1.6, When initial scopes are created
+  when executing `boundary database init`, the associated admin roles aren't
+  created. The intended behavior is to have a role which granted the auto
+  created admin the grant `"id=*;type=*;actions=*"` for each auto generated
+  scope.  To set your data to the intended state you can add a role for the
+  admin user in the generated scopes.  An outline of the steps to do this can
+  be found in this
+  [gist](https://gist.github.com/talanknight/98492dc68d894f67742086eb41fdb506).
+  This will be fixed in the next release.

 ### Changes/Deprecations

--- a/internal/cmd/base/initial_resources.go
+++ b/internal/cmd/base/initial_resources.go
@ -134,7 +134,7 @@ func (b *Server) CreateInitialAuthMethod(ctx context.Context) (*password.AuthMet
 			}
 			loginName = strings.ToLower(b.DevLoginName)
 		}
-		if b.DevPassword == "" {
+		if loginPassword == "" {
 			b.DevPassword, err = base62.Random(20)
 			if err != nil {
 				return nil, fmt.Errorf("unable to generate password: %w", err)
@ -166,10 +166,11 @@ func (b *Server) CreateInitialAuthMethod(ctx context.Context) (*password.AuthMet

 		// Create a new user and associate it with the account
 		if userId == "" {
-			userId, err = db.NewPublicId(iam.UserPrefix)
+			b.DevUserId, err = db.NewPublicId(iam.UserPrefix)
 			if err != nil {
 				return nil, fmt.Errorf("error generating initial user id: %w", err)
 			}
+			userId = b.DevUserId
 		}
 		opts := []iam.Option{
 			iam.WithPublicId(userId),
@ -245,9 +246,7 @@ func (b *Server) CreateInitialScopes(ctx context.Context) (*iam.Scope, *iam.Scop
 	if err != nil {
 		return nil, nil, fmt.Errorf("error creating kms cache: %w", err)
 	}
-	if err := kmsCache.AddExternalWrappers(
-		kms.WithRootWrapper(b.RootKms),
-	); err != nil {
+	if err := kmsCache.AddExternalWrappers(kms.WithRootWrapper(b.RootKms)); err != nil {
 		return nil, nil, fmt.Errorf("error adding config keys to kms: %w", err)
 	}