From 83d127a08b3f1eff74a67bc86db1430f189bcbec Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Wed, 20 Oct 2021 12:59:29 -0400 Subject: [PATCH] Backport 12834 16x (#12883) * Fix entity alias deletion (#12834) * Fix entity alias deletion * Fix tests * Add CL * Fix go.sum * Remove 1.9 changes --- changelog/12834.txt | 3 ++ go.sum | 2 +- vault/identity_store_test.go | 55 ++++++++++++++++++++++++++++++++++++ vault/identity_store_util.go | 15 ++++++---- 4 files changed, 68 insertions(+), 7 deletions(-) create mode 100644 changelog/12834.txt diff --git a/changelog/12834.txt b/changelog/12834.txt new file mode 100644 index 0000000000000..205b6488cf251 --- /dev/null +++ b/changelog/12834.txt @@ -0,0 +1,3 @@ +```release-note:bug +core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID +``` \ No newline at end of file diff --git a/go.sum b/go.sum index 98d4cde504a8c..616bc4979bc45 100644 --- a/go.sum +++ b/go.sum @@ -595,7 +595,7 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk= github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl v1.0.1-vault h1:UiJeEzCWAYdVaJr8Xo4lBkTozlW1+1yxVUnpbS1xVEk= +github.com/hashicorp/hcl v1.0.1-vault h1:/JhJsLUPC73zeqSbkZApgsofP4iB++zgDHS5t6ZL0Lc= github.com/hashicorp/hcl v1.0.1-vault/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= diff --git a/vault/identity_store_test.go b/vault/identity_store_test.go index ebb5994b89f04..644d12c96ef06 100644 --- a/vault/identity_store_test.go +++ b/vault/identity_store_test.go @@ -6,6 +6,8 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/armon/go-metrics" "github.com/go-test/deep" "github.com/golang/protobuf/ptypes" @@ -18,6 +20,59 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) +func TestIdentityStore_DeleteEntityAlias(t *testing.T) { + c, _, _ := TestCoreUnsealed(t) + txn := c.identityStore.db.Txn(true) + defer txn.Abort() + + alias := &identity.Alias{ + ID: "testAliasID1", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor", + Name: "testAliasName", + } + alias2 := &identity.Alias{ + ID: "testAliasID2", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor2", + Name: "testAliasName2", + } + entity := &identity.Entity{ + ID: "testEntityID", + Name: "testEntityName", + Policies: []string{"foo", "bar"}, + Aliases: []*identity.Alias{ + alias, + alias2, + }, + NamespaceID: namespace.RootNamespaceID, + BucketKey: c.identityStore.entityPacker.BucketKey("testEntityID"), + } + + err := c.identityStore.upsertEntityInTxn(context.Background(), txn, entity, nil, false) + require.NoError(t, err) + + err = c.identityStore.deleteAliasesInEntityInTxn(txn, entity, []*identity.Alias{alias, alias2}) + require.NoError(t, err) + + txn.Commit() + + alias, err = c.identityStore.MemDBAliasByID("testAliasID1", false, false) + require.NoError(t, err) + require.Nil(t, alias) + + alias, err = c.identityStore.MemDBAliasByID("testAliasID2", false, false) + require.NoError(t, err) + require.Nil(t, alias) + + entity, err = c.identityStore.MemDBEntityByID("testEntityID", false) + require.NoError(t, err) + + require.Len(t, entity.Aliases, 0) +} + func TestIdentityStore_UnsealingWhenConflictingAliasNames(t *testing.T) { err := AddTestCredentialBackend("github", credGithub.Factory) if err != nil { diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index 40a6a11cf7845..806426a9088d9 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -1301,15 +1301,18 @@ func (i *IdentityStore) deleteAliasesInEntityInTxn(txn *memdb.Txn, entity *ident var remainList []*identity.Alias var removeList []*identity.Alias - - for _, item := range aliases { - for _, alias := range entity.Aliases { + for _, item := range entity.Aliases { + remove := false + for _, alias := range aliases { if alias.ID == item.ID { - removeList = append(removeList, alias) - } else { - remainList = append(remainList, alias) + remove = true } } + if remove { + removeList = append(removeList, item) + } else { + remainList = append(remainList, item) + } } // Remove identity indices from aliases table for those that needs to