diff --git a/CHANGELOG.md b/CHANGELOG.md index 3904007619..c71243425b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. ## Next +### Bug Fixes + +* Fix bug preventing delete of org. ([PR](https://github.com/hashicorp/boundary/pull/2465) + ### New and Improved * workers: Added the ability to read and reinitialize the Worker certificate @@ -28,6 +32,12 @@ grant strings in very rare circumstances as the `-sources` actions replaced the ## 0.10.5 (2022/09/13) +### Known Issues + +* There is bug that prevents deleting an org in some circumstances. This can be + worked around by first deleting all projects in the org, then deleting the + org. This will be fixed in 0.11.0. + ### Bug Fixes * grants: Properly resolve "only self" for permissions. When generating @@ -42,6 +52,12 @@ grant strings in very rare circumstances as the `-sources` actions replaced the ## 0.10.4 (2022/09/13) +### Known Issues + +* There is bug that prevents deleting an org in some circumstances. This can be + worked around by first deleting all projects in the org, then deleting the + org. This will be fixed in 0.11.0. + ### New and Improved * Controller-led worker authorization: This is a second authorization option for @@ -102,6 +118,12 @@ grant strings in very rare circumstances as the `-sources` actions replaced the ## 0.10.3 (2022/08/30) +### Known Issues + +* There is bug that prevents deleting an org in some circumstances. This can be + worked around by first deleting all projects in the org, then deleting the + org. This will be fixed in 0.11.0. + ### Bug Fixes * db: Fix an issue with migrations failing due to not updating the project_id @@ -111,6 +133,12 @@ grant strings in very rare circumstances as the `-sources` actions replaced the ## 0.10.2 (2022/08/23) +### Known Issues + +* There is bug that prevents deleting an org in some circumstances. This can be + worked around by first deleting all projects in the org, then deleting the + org. This will be fixed in 0.11.0. + ### Security * Fix security vulnerability CVE-2022-36130: Boundary up to 0.10.1 did not diff --git a/internal/db/schema/migrations/oss/postgres/54/02_session_defer.up.sql b/internal/db/schema/migrations/oss/postgres/54/02_session_defer.up.sql new file mode 100644 index 0000000000..b251b2e278 --- /dev/null +++ b/internal/db/schema/migrations/oss/postgres/54/02_session_defer.up.sql @@ -0,0 +1,8 @@ +begin; + alter table session alter constraint target_fkey deferrable initially deferred; + alter table session alter constraint session_auth_token_id_fkey deferrable initially deferred; + alter table session alter constraint iam_scope_project_fkey deferrable initially deferred; + alter table session alter constraint session_host_id_fkey deferrable initially deferred; + alter table session alter constraint session_host_set_id_fkey deferrable initially deferred; + alter table session alter constraint session_user_id_fkey deferrable initially deferred; +end; diff --git a/internal/db/sqltest/Makefile b/internal/db/sqltest/Makefile index 8f1a5e6ce3..20e8456dd4 100644 --- a/internal/db/sqltest/Makefile +++ b/internal/db/sqltest/Makefile @@ -18,6 +18,7 @@ endif PROVE_OPTS ?= TESTS ?= tests/setup/*.sql \ + tests/org/*.sql \ tests/wh/*/*.sql \ tests/sentinel/*.sql \ tests/credential/*/*.sql \ diff --git a/internal/db/sqltest/initdb.d/04_foodtruck_persona.sql b/internal/db/sqltest/initdb.d/04_foodtruck_persona.sql new file mode 100644 index 0000000000..27b14ce6b4 --- /dev/null +++ b/internal/db/sqltest/initdb.d/04_foodtruck_persona.sql @@ -0,0 +1,107 @@ +begin; + -- This persona is setup primary to test a delete org case + + -- Add organizations + insert into iam_scope + (parent_id, type, public_id, name) + values + ('global', 'org', 'o__foodtruck', 'Best Tacos'); + + -- Add projects to the organizations + insert into iam_scope + (parent_id, type, public_id, name) + values + ('o__foodtruck', 'project', 'p______tacos', 'Tacos'), + ('o__foodtruck', 'project', 'p_____nachos', 'Nachos'); + + -- Host Catalog, Host, Host Set + insert into static_host_catalog + (project_id, public_id, name) + values + ('p______tacos', 'c____t-sthcl', 'Tacos Food Truck Static Catalog'); + + insert into static_host + (catalog_id, public_id, address) + values + ('c____t-sthcl', 'h______t__01', '1.taco.foodtruck'); + + insert into static_host_set + (catalog_id, public_id, name) + values + ('c____t-sthcl', 's____1t-sths', 'Taco Food Truck Static Set 1'); + + insert into static_host_set_member + ( host_id, set_id, catalog_id) + values + ( 'h______t__01', 's____1t-sths', 'c____t-sthcl'); + + -- Target + insert into target_tcp + (project_id, public_id, name) + values + ('p______tacos', 't__________t', 'Taco Food Truck Target'); + + insert into target_host_set + (project_id, target_id, host_set_id) + values + ('p______tacos', 't__________t', 's____1t-sths'); + + -- Add password auth method to organizations + insert into auth_password_conf + (password_method_id, private_id) + values + ('apm_foodtruc', 'apmc_foodtru'); + + -- Auth method and account + insert into auth_password_method + (scope_id, public_id, password_conf_id, name) + values + ('o__foodtruck', 'apm_foodtruc', 'apmc_foodtru', 'Food Truck Auth Password'); + + insert into auth_password_account + (auth_method_id, public_id, login_name) + values + ('apm_foodtruc', 'apa______jim', 'jim'), + ('apm_foodtruc', 'apa______bob', 'bob'); + + -- Add organization users + insert into iam_user + (scope_id, public_id, name) + values + ('o__foodtruck', 'u________jim', 'Jim'), + ('o__foodtruck', 'u________bob', 'Bob'); + + update auth_account set iam_user_id = 'u________jim' where public_id = 'apa______jim'; + update auth_account set iam_user_id = 'u________bob' where public_id = 'apa______bob'; + + insert into auth_token + (key_id, auth_account_id, public_id, token) + values + ('key', 'apa______jim', 'tok______jim', 'tok______jim'::bytea), + ('key', 'apa______bob', 'tok______bob', 'tok______bob'::bytea); + + -- Roles + insert into iam_role + (scope_id, grant_scope_id, public_id, name) + values + ('p______tacos', 'p______tacos', 'r_pp___tacos', 'Tacos'); + + insert into iam_role_grant + (role_id, canonical_grant, raw_grant) + values + ('r_pp___tacos', 'id=*;type=*;actions=read:self,list', 'id=*;type=*;actions=read:self,list'), + ('r_pp___tacos', 'id=*;type=target;actions=authorize-session', 'id=*;type=target;actions=authorize-session'), + ('r_pp___tacos', 'id=*;type=session;actions=cancel:self', 'id=*;type=session;actions=cancel:self'); + + insert into iam_user_role + (role_id, principal_id) + values + ('r_pp___tacos', 'u________jim'), + ('r_pp___tacos', 'u________bob'); + + insert into session + ( project_id, target_id, host_set_id, host_id, user_id, auth_token_id, certificate, endpoint, public_id) + values + ('p______tacos', 't__________t', 's____1t-sths', 'h______t__01', 'u________jim', 'tok______jim', 'abc'::bytea, 'ep1', 's1_______jim'); + +commit; diff --git a/internal/db/sqltest/tests/org/org-delete.sql b/internal/db/sqltest/tests/org/org-delete.sql new file mode 100644 index 0000000000..a566c52e0c --- /dev/null +++ b/internal/db/sqltest/tests/org/org-delete.sql @@ -0,0 +1,15 @@ +-- org-delete tests: +-- deleting an org + +begin; + select plan(1); + + prepare delete_org as + delete from iam_scope + where type = 'org' + and public_id = 'o__foodtruck'; + + select lives_ok('delete_org'); + + select * from finish(); +rollback; diff --git a/internal/db/sqltest/tests/wh/session/update_state.sql b/internal/db/sqltest/tests/wh/session/update_state.sql index 580ba63abe..f7b8c33e6e 100644 --- a/internal/db/sqltest/tests/wh/session/update_state.sql +++ b/internal/db/sqltest/tests/wh/session/update_state.sql @@ -15,7 +15,7 @@ begin; termination_reason = 'closed by end-user' where public_id = 's1_____clare'; - select is(count(*), 4::bigint) from wh_session_accumulating_fact; + select is(count(*), 1::bigint) from wh_session_accumulating_fact where session_id = 's1_____clare'; select is(total_bytes_up, 10::wh_bytes_transmitted) from wh_session_accumulating_fact where session_id = 's1_____clare'; select is(total_bytes_down, 5::wh_bytes_transmitted) from wh_session_accumulating_fact where session_id = 's1_____clare'; select is(session_terminated_time, now()::wh_timestamp) from wh_session_accumulating_fact where session_id = 's1_____clare';