aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix for principalsToSet

Browse Source
pull/165/head
Jim Lambert 6 years ago
parent 9c2b65f772
commit 7e7eaf20ee
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File

31
internal/iam/repository_principal_role.go
Unescape View File

@ -110,8 +110,7 @@ func (r *Repository) AddPrincipalRoles(ctx context.Context, roleId string, roleV
return principalRoles, nil
}
// tests: no change, just delete, just add
// SetPrincipalRoles will set the role's principals
func (r *Repository) SetPrincipalRoles(ctx context.Context, roleId string, roleVersion int, userIds, groupIds []string, opt ...Option) ([]PrincipalRole, int, error) {
if roleId == "" {
return nil, db.NoRowsAffected, fmt.Errorf("set principal roles: missing role id: %w", db.ErrInvalidParameter)
@ -119,16 +118,17 @@ func (r *Repository) SetPrincipalRoles(ctx context.Context, roleId string, roleV
if len(userIds) == 0 && len(groupIds) == 0 {
return nil, db.NoRowsAffected, fmt.Errorf("set principal roles: missing either user or groups to delete %w", db.ErrInvalidParameter)
}
toSet, err := r.principalsToSet(ctx, roleId, userIds, groupIds)
if err != nil {
return nil, db.NoRowsAffected, fmt.Errorf("set principal roles: unable to determine set: %w", err)
}
role := allocRole()
role.PublicId = roleId
scope, err := role.GetScope(ctx, r.reader)
if err != nil {
return nil, db.NoRowsAffected, fmt.Errorf("set principal roles: unable to get role %s scope: %w", roleId, err)
}
toSet, err := r.principalsToSet(ctx, &role, userIds, groupIds)
if err != nil {
return nil, db.NoRowsAffected, fmt.Errorf("set principal roles: unable to determine set: %w", err)
}
// handle no change to existing principal roles
if len(toSet.addUserRoles) == 0 && len(toSet.addGroupRoles) == 0 && len(toSet.deleteUserRoles) == 0 && len(toSet.deleteGroupRoles) == 0 {
results := make([]PrincipalRole, 0, len(userIds)+len(groupIds))
@ -282,10 +282,13 @@ type principalSet struct {
deleteGroupRoles []interface{}
}
func (r *Repository) principalsToSet(ctx context.Context, roleId string, userIds, groupIds []string) (*principalSet, error) {
existing, err := r.ListPrincipalRoles(ctx, roleId)
func (r *Repository) principalsToSet(ctx context.Context, role *Role, userIds, groupIds []string) (*principalSet, error) {
if role == nil {
return nil, fmt.Errorf("missing role %w", db.ErrNilParameter)
}
existing, err := r.ListPrincipalRoles(ctx, role.PublicId)
if err != nil {
return nil, fmt.Errorf("unable to list existing principal role %s: %w", roleId, err)
return nil, fmt.Errorf("unable to list existing principal role %s: %w", role.PublicId, err)
}
existingUsers := map[string]PrincipalRole{}
existingGroups := map[string]PrincipalRole{}
@ -303,8 +306,8 @@ func (r *Repository) principalsToSet(ctx context.Context, roleId string, userIds
userIdsMap := map[string]struct{}{}
for _, id := range userIds {
userIdsMap[id] = struct{}{}
if p, ok := existingUsers[id]; !ok {
usrRole, err := NewUserRole(p.GetScopeId(), p.GetRoleId(), id)
if _, ok := existingUsers[id]; !ok {
usrRole, err := NewUserRole(role.ScopeId, role.PublicId, id)
if err != nil {
return nil, fmt.Errorf("unable to create in memory user role for add: %w", err)
}
@ -315,8 +318,8 @@ func (r *Repository) principalsToSet(ctx context.Context, roleId string, userIds
groupIdsMap := map[string]struct{}{}
for _, id := range groupIds {
groupIdsMap[id] = struct{}{}
if p, ok := existingGroups[id]; !ok {
grpRole, err := NewGroupRole(p.GetScopeId(), p.GetRoleId(), id)
if _, ok := existingGroups[id]; !ok {
grpRole, err := NewGroupRole(role.ScopeId, role.PublicId, id)
if err != nil {
return nil, fmt.Errorf("unable to create in memory group role for add: %w", err)
}
@ -335,7 +338,7 @@ func (r *Repository) principalsToSet(ctx context.Context, roleId string, userIds
}
var deleteGrpRoles []interface{}
for _, p := range existingGroups {
if _, ok := userIdsMap[p.GetPrincipalId()]; !ok {
if _, ok := groupIdsMap[p.GetPrincipalId()]; !ok {
grpRole, err := NewGroupRole(p.GetScopeId(), p.GetRoleId(), p.GetPrincipalId())
if err != nil {
return nil, fmt.Errorf("unable to create in memory group role for delete: %w", err)

Write Preview
Loading…
Cancel
Save