From a95a84898f1455d184985ec873bc06d55ed96f8c Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Thu, 14 Oct 2021 12:28:35 -0400 Subject: [PATCH 1/3] Fix entity alias deletion --- vault/identity_store_test.go | 55 ++++++++++++++++++++++++++++++++++++ vault/identity_store_util.go | 15 ++++++---- 2 files changed, 64 insertions(+), 6 deletions(-) diff --git a/vault/identity_store_test.go b/vault/identity_store_test.go index 82ad82cab59c3..d484d31a06d26 100644 --- a/vault/identity_store_test.go +++ b/vault/identity_store_test.go @@ -6,6 +6,8 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/armon/go-metrics" "github.com/go-test/deep" "github.com/golang/protobuf/ptypes" @@ -17,6 +19,59 @@ import ( "github.com/hashicorp/vault/sdk/logical" ) +func TestIdentityStore_DeleteEntityAlias(t *testing.T) { + c, _, _ := TestCoreUnsealed(t) + txn := c.identityStore.db.Txn(true) + defer txn.Abort() + + alias := &identity.Alias{ + ID: "testAliasID1", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor", + Name: "testAliasName", + } + alias2 := &identity.Alias{ + ID: "testAliasID2", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor", + Name: "testAliasName2", + } + entity := &identity.Entity{ + ID: "testEntityID", + Name: "testEntityName", + Policies: []string{"foo", "bar"}, + Aliases: []*identity.Alias{ + alias, + alias2, + }, + NamespaceID: namespace.RootNamespaceID, + BucketKey: c.identityStore.entityPacker.BucketKey("testEntityID"), + } + + err := c.identityStore.upsertEntityInTxn(context.Background(), txn, entity, nil, false) + require.NoError(t, err) + + err = c.identityStore.deleteAliasesInEntityInTxn(txn, entity, []*identity.Alias{alias, alias2}) + require.NoError(t, err) + + txn.Commit() + + alias, err = c.identityStore.MemDBAliasByID("testAliasID1", false, false) + require.NoError(t, err) + require.Nil(t, alias) + + alias, err = c.identityStore.MemDBAliasByID("testAliasID2", false, false) + require.NoError(t, err) + require.Nil(t, alias) + + entity, err = c.identityStore.MemDBEntityByID("testEntityID", false) + require.NoError(t, err) + + require.Len(t, entity.Aliases, 0) +} + func TestIdentityStore_UnsealingWhenConflictingAliasNames(t *testing.T) { err := AddTestCredentialBackend("github", credGithub.Factory) if err != nil { diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index 0d10617263be7..d2d8245b043f8 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -1297,15 +1297,18 @@ func (i *IdentityStore) deleteAliasesInEntityInTxn(txn *memdb.Txn, entity *ident var remainList []*identity.Alias var removeList []*identity.Alias - - for _, item := range aliases { - for _, alias := range entity.Aliases { + for _, item := range entity.Aliases { + remove := false + for _, alias := range aliases { if alias.ID == item.ID { - removeList = append(removeList, alias) - } else { - remainList = append(remainList, alias) + remove = true } } + if remove { + removeList = append(removeList, item) + } else { + remainList = append(remainList, item) + } } // Remove identity indices from aliases table for those that needs to From 72f11bbeb5a0cb321e9a0c403ab3e4b3b98d8990 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Tue, 19 Oct 2021 10:35:06 -0400 Subject: [PATCH 2/3] Fix tests --- vault/identity_store_test.go | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/vault/identity_store_test.go b/vault/identity_store_test.go index 561a75913e7d4..751c5d8ee973c 100644 --- a/vault/identity_store_test.go +++ b/vault/identity_store_test.go @@ -26,18 +26,20 @@ func TestIdentityStore_DeleteEntityAlias(t *testing.T) { defer txn.Abort() alias := &identity.Alias{ - ID: "testAliasID1", - CanonicalID: "testEntityID", - MountType: "testMountType", - MountAccessor: "testMountAccessor", - Name: "testAliasName", + ID: "testAliasID1", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor", + Name: "testAliasName", + LocalBucketKey: c.identityStore.localAliasPacker.BucketKey("testEntityID"), } alias2 := &identity.Alias{ - ID: "testAliasID2", - CanonicalID: "testEntityID", - MountType: "testMountType", - MountAccessor: "testMountAccessor", - Name: "testAliasName2", + ID: "testAliasID2", + CanonicalID: "testEntityID", + MountType: "testMountType", + MountAccessor: "testMountAccessor2", + Name: "testAliasName2", + LocalBucketKey: c.identityStore.localAliasPacker.BucketKey("testEntityID"), } entity := &identity.Entity{ ID: "testEntityID", From b12e6ea18a04e02d5cb7f9c36be0bd1793642338 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Tue, 19 Oct 2021 14:41:23 -0400 Subject: [PATCH 3/3] Add CL --- changelog/12834.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/12834.txt diff --git a/changelog/12834.txt b/changelog/12834.txt new file mode 100644 index 0000000000000..205b6488cf251 --- /dev/null +++ b/changelog/12834.txt @@ -0,0 +1,3 @@ +```release-note:bug +core/identity: Cleanup alias in the in-memory entity after an alias deletion by ID +``` \ No newline at end of file