@ -421,7 +421,9 @@ func (b *Server) ConnectToDatabase(dialect string) error {
return nil
}
func ( b * Server ) CreateDevDatabase ( dialect string ) error {
func ( b * Server ) CreateDevDatabase ( dialect string , opt ... Option ) error {
opts := getOpts ( opt ... )
c , url , container , err := db . InitDbInDocker ( dialect )
// In case of an error, run the cleanup function. If we pass all errors, c should be set to a noop
// function before returning from this method
@ -467,11 +469,6 @@ func (b *Server) CreateDevDatabase(dialect string) error {
return fmt . Errorf ( "error adding config keys to kms: %w" , err )
}
repo , err := iam . NewRepository ( rw , rw , kmsCache , iam . WithRandomReader ( b . SecureRandomReader ) )
if err != nil {
return fmt . Errorf ( "unable to create repo for org id: %w" , err )
}
ctx , cancel := context . WithCancel ( context . Background ( ) )
go func ( ) {
<- b . ShutdownCh
@ -487,6 +484,13 @@ func (b *Server) CreateDevDatabase(dialect string) error {
return fmt . Errorf ( "error saving global scope root key: %w" , err )
}
if opts . withSkipAuthMethodCreation {
// now that we have passed all the error cases, reset c to be a noop so the
// defer doesn't do anything.
c = func ( ) error { return nil }
return nil
}
// Create the dev auth method
pwRepo , err := password . NewRepository ( rw , rw , kmsCache )
if err != nil {
@ -504,6 +508,8 @@ func (b *Server) CreateDevDatabase(dialect string) error {
if err != nil {
return fmt . Errorf ( "error saving auth method to the db: %w" , err )
}
b . InfoKeys = append ( b . InfoKeys , "dev auth method id" )
b . Info [ "dev auth method id" ] = amId
// Create the dev user
acctLoginName := b . DevLoginName
@ -521,6 +527,9 @@ func (b *Server) CreateDevDatabase(dialect string) error {
return fmt . Errorf ( "unable to generate dev password: %w" , err )
}
}
b . InfoKeys = append ( b . InfoKeys , "dev password" )
b . Info [ "dev password" ] = pw
acct , err := password . NewAccount ( amId , password . WithLoginName ( acctLoginName ) )
if err != nil {
return fmt . Errorf ( "error creating new in memory auth account: %w" , err )
@ -529,30 +538,31 @@ func (b *Server) CreateDevDatabase(dialect string) error {
if err != nil {
return fmt . Errorf ( "error saving auth account to the db: %w" , err )
}
b . InfoKeys = append ( b . InfoKeys , "dev login name" )
b . Info [ "dev login name" ] = acct . GetLoginName ( )
// Create a role tying them together
iamRepo , err := iam . NewRepository ( rw , rw , kmsCache , iam . WithRandomReader ( b . SecureRandomReader ) )
if err != nil {
return fmt . Errorf ( "unable to create repo for org id: %w" , err )
}
pr , err := iam . NewRole ( scope . Global . String ( ) )
if err != nil {
return fmt . Errorf ( "error creating in memory role for default dev grants: %w" , err )
}
pr . Name = "Dev Mode Global Scope Admin Role"
pr . Description = ` Provides admin grants to all authenticated users within the "global" scope `
defPermsRole , err := r epo. CreateRole ( ctx , pr )
defPermsRole , err := iamR epo. CreateRole ( ctx , pr )
if err != nil {
return fmt . Errorf ( "error creating role for default dev grants: %w" , err )
}
if _ , err := r epo. AddRoleGrants ( ctx , defPermsRole . PublicId , defPermsRole . Version , [ ] string { "id=*;actions=*" } ) ; err != nil {
if _ , err := iamR epo. AddRoleGrants ( ctx , defPermsRole . PublicId , defPermsRole . Version , [ ] string { "id=*;actions=*" } ) ; err != nil {
return fmt . Errorf ( "error creating grant for default dev grants: %w" , err )
}
if _ , err := r epo. AddPrincipalRoles ( ctx , defPermsRole . PublicId , defPermsRole . Version + 1 , [ ] string { "u_auth" } , nil ) ; err != nil {
if _ , err := iamR epo. AddPrincipalRoles ( ctx , defPermsRole . PublicId , defPermsRole . Version + 1 , [ ] string { "u_auth" } , nil ) ; err != nil {
return fmt . Errorf ( "error adding principal to role for default dev grants: %w" , err )
}
b . InfoKeys = append ( b . InfoKeys , "dev auth method id" , "dev login name" , "dev password" )
b . Info [ "dev auth method id" ] = amId
b . Info [ "dev login name" ] = acct . GetLoginName ( )
b . Info [ "dev password" ] = pw
// now that we have passed all the error cases, reset c to be a noop so the
// defer doesn't do anything.
c = func ( ) error { return nil }