Add system user to context for system CLI ops
This commit is contained in:
Denis Arh
parent
b6a4937739
commit
dca5757fe7
@ -57,6 +57,8 @@ type (
|
||||
WsServer wsServer
|
||||
|
||||
AuthService authServicer
|
||||
|
||||
systemEntitiesInitialized bool
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
@ -4,6 +4,8 @@ import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
authService "github.com/cortezaproject/corteza-server/auth"
|
||||
authHandlers "github.com/cortezaproject/corteza-server/auth/handlers"
|
||||
"github.com/cortezaproject/corteza-server/auth/saml"
|
||||
@ -36,7 +38,6 @@ import (
|
||||
"github.com/cortezaproject/corteza-server/system/types"
|
||||
"go.uber.org/zap"
|
||||
gomail "gopkg.in/mail.v2"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -255,25 +256,10 @@ func (app *CortezaApp) Provision(ctx context.Context) (err error) {
|
||||
return err
|
||||
}
|
||||
|
||||
var (
|
||||
uu []*types.User
|
||||
rr []*types.Role
|
||||
)
|
||||
|
||||
// Basic provision for system resources that we need before anything else
|
||||
if rr, err = provision.SystemRoles(ctx, app.Log, app.Store); err != nil {
|
||||
if err = app.initSystemEntities(ctx); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Basic provision for system users that we need before anything else
|
||||
if uu, err = provision.SystemUsers(ctx, app.Log, app.Store); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// set system users & roles with so that the whole app knows what to use
|
||||
auth.SetSystemUsers(uu, rr)
|
||||
auth.SetSystemRoles(rr)
|
||||
|
||||
{
|
||||
// register temporary RBAC with bypass roles
|
||||
// this is needed because envoy relies on availability of access-control
|
||||
@ -320,7 +306,9 @@ func (app *CortezaApp) InitServices(ctx context.Context) (err error) {
|
||||
return err
|
||||
}
|
||||
|
||||
// Load users
|
||||
if err = app.initSystemEntities(ctx); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
app.WsServer = websocket.Server(app.Log, app.Opt.Websocket)
|
||||
|
||||
@ -490,6 +478,43 @@ func (app *CortezaApp) Activate(ctx context.Context) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Provisions and initializes system roles and users
|
||||
func (app *CortezaApp) initSystemEntities(ctx context.Context) (err error) {
|
||||
if app.systemEntitiesInitialized {
|
||||
// make sure we do this once.
|
||||
return nil
|
||||
}
|
||||
|
||||
app.systemEntitiesInitialized = true
|
||||
|
||||
var (
|
||||
uu types.UserSet
|
||||
rr types.RoleSet
|
||||
)
|
||||
|
||||
// Basic provision for system resources that we need before anything else
|
||||
if rr, err = provision.SystemRoles(ctx, app.Log, app.Store); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Basic provision for system users that we need before anything else
|
||||
if uu, err = provision.SystemUsers(ctx, app.Log, app.Store); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// set system users & roles with so that the whole app knows what to use
|
||||
auth.SetSystemUsers(uu, rr)
|
||||
auth.SetSystemRoles(rr)
|
||||
|
||||
app.Log.Debug(
|
||||
"system entities set",
|
||||
zap.Uint64s("users", uu.IDs()),
|
||||
zap.Uint64s("roles", rr.IDs()),
|
||||
)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func updateAuthSettings(svc authServicer, current *types.AppSettings) {
|
||||
var (
|
||||
// current auth settings
|
||||
|
||||
@ -49,14 +49,14 @@ func SystemRoles(ctx context.Context, log *zap.Logger, s store.Storer) (rr []*ty
|
||||
for i := range rr {
|
||||
r := rr[i]
|
||||
if m[r.Handle] == nil {
|
||||
log.Info("creating role", zap.String("handle", r.Handle))
|
||||
log.Info("creating system role", zap.String("handle", r.Handle))
|
||||
// this is a new role
|
||||
r.ID = id.Next()
|
||||
r.CreatedAt = *now()
|
||||
|
||||
m[r.Handle] = r
|
||||
} else {
|
||||
log.Info("updating role", zap.String("handle", r.Handle))
|
||||
log.Info("updating system role", zap.String("handle", r.Handle))
|
||||
// use existing role
|
||||
rr[i] = m[r.Handle]
|
||||
|
||||
@ -69,7 +69,7 @@ func SystemRoles(ctx context.Context, log *zap.Logger, s store.Storer) (rr []*ty
|
||||
}
|
||||
|
||||
if err := store.UpsertRole(ctx, s, rr...); err != nil {
|
||||
return nil, fmt.Errorf("failed to provision roles: %w", err)
|
||||
return nil, fmt.Errorf("failed to provision system roles: %w", err)
|
||||
}
|
||||
|
||||
return
|
||||
|
||||
@ -49,9 +49,11 @@ func SystemUsers(ctx context.Context, log *zap.Logger, s store.Users) (uu []*typ
|
||||
u.CreatedAt = *now()
|
||||
|
||||
if err := store.UpsertUser(ctx, s, u); err != nil {
|
||||
return nil, fmt.Errorf("failed to provision user %s: %w", u.Handle, err)
|
||||
return nil, fmt.Errorf("failed to provision system user %s: %w", u.Handle, err)
|
||||
}
|
||||
} else {
|
||||
u.ID = m[u.Handle].ID
|
||||
|
||||
// There is no need to update system users if they are unchanged
|
||||
if m[u.Handle].UpdatedAt == nil &&
|
||||
m[u.Handle].SuspendedAt == nil &&
|
||||
@ -60,7 +62,6 @@ func SystemUsers(ctx context.Context, log *zap.Logger, s store.Users) (uu []*typ
|
||||
}
|
||||
|
||||
// Make sure all values are as they should be
|
||||
u.ID = m[u.Handle].ID
|
||||
u.CreatedAt = m[u.Handle].CreatedAt
|
||||
u.Email = m[u.Handle].Email
|
||||
u.Name = m[u.Handle].Name
|
||||
@ -69,7 +70,7 @@ func SystemUsers(ctx context.Context, log *zap.Logger, s store.Users) (uu []*typ
|
||||
u.DeletedAt = nil
|
||||
|
||||
if err := store.UpsertUser(ctx, s, u); err != nil {
|
||||
return nil, fmt.Errorf("failed to provision user %s: %w", u.Handle, err)
|
||||
return nil, fmt.Errorf("failed to provision system user %s: %w", u.Handle, err)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -7,6 +7,7 @@ import (
|
||||
"path"
|
||||
"strings"
|
||||
|
||||
"github.com/cortezaproject/corteza-server/pkg/auth"
|
||||
"github.com/cortezaproject/corteza-server/pkg/envoy/yaml"
|
||||
"github.com/spf13/cobra"
|
||||
|
||||
@ -27,6 +28,8 @@ func Export(ctx context.Context, storeInit func(ctx context.Context) (store.Stor
|
||||
Long: `Export data to YAML files.`,
|
||||
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
f = su.NewDecodeFilter()
|
||||
)
|
||||
|
||||
@ -3,6 +3,7 @@ package commands
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/cortezaproject/corteza-server/pkg/auth"
|
||||
"github.com/cortezaproject/corteza-server/pkg/cli"
|
||||
"github.com/cortezaproject/corteza-server/store"
|
||||
"github.com/cortezaproject/corteza-server/system/service"
|
||||
@ -31,6 +32,8 @@ func rolesAddUser(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Args: cobra.ExactArgs(2),
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
roleStr, userStr = args[0], args[1]
|
||||
|
||||
@ -62,6 +65,8 @@ func rolesList(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Short: "List all roles",
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
f := types.RoleFilter{Query: ""}
|
||||
if len(args) > 0 {
|
||||
f.Query = args[0]
|
||||
|
||||
@ -6,6 +6,7 @@ import (
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/cortezaproject/corteza-server/pkg/auth"
|
||||
"github.com/cortezaproject/corteza-server/system/types"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
@ -27,6 +28,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Short: "List all",
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
prefix := cmd.Flags().Lookup("prefix").Value.String()
|
||||
if kv, err := service.DefaultSettings.FindByPrefix(ctx, prefix); err != nil {
|
||||
cli.HandleError(err)
|
||||
@ -54,6 +57,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Args: cobra.ExactArgs(1),
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
if v, err := service.DefaultSettings.Get(ctx, args[0], 0); err != nil {
|
||||
cli.HandleError(err)
|
||||
} else if v != nil {
|
||||
@ -68,6 +73,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Args: cobra.ExactArgs(2),
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
value := args[1]
|
||||
|
||||
v := &types.SettingValue{
|
||||
@ -98,6 +105,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Args: cobra.MaximumNArgs(1),
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
fh *os.File
|
||||
err error
|
||||
@ -137,6 +146,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Args: cobra.MaximumNArgs(1),
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
fh *os.File
|
||||
err error
|
||||
@ -169,6 +180,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Args: cobra.MinimumNArgs(0),
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
names = []string{}
|
||||
)
|
||||
|
||||
@ -6,6 +6,7 @@ import (
|
||||
"strconv"
|
||||
"syscall"
|
||||
|
||||
"github.com/cortezaproject/corteza-server/pkg/auth"
|
||||
"github.com/cortezaproject/corteza-server/pkg/cli"
|
||||
"github.com/cortezaproject/corteza-server/pkg/filter"
|
||||
"github.com/cortezaproject/corteza-server/system/service"
|
||||
@ -32,6 +33,8 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
queryFlag = cmd.Flags().Lookup("query").Value.String()
|
||||
limitFlag = cmd.Flags().Lookup("limit").Value.String()
|
||||
@ -85,6 +88,8 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
authSvc = service.Auth()
|
||||
|
||||
@ -95,7 +100,7 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
password []byte
|
||||
)
|
||||
|
||||
// Update current settings to be sure that we do not have outdated values
|
||||
// Update current settings to be sure we do not have outdated values
|
||||
cli.HandleError(service.DefaultSettings.UpdateCurrent(ctx))
|
||||
|
||||
if user, err = service.DefaultUser.Create(ctx, user); err != nil {
|
||||
@ -134,6 +139,8 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command {
|
||||
Args: cobra.MinimumNArgs(1),
|
||||
PreRunE: commandPreRunInitService(app),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser())
|
||||
|
||||
var (
|
||||
user *types.User
|
||||
err error
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user