From dca5757fe74c8a0b2d6c78be7b8903ef85eb170b Mon Sep 17 00:00:00 2001 From: Denis Arh Date: Thu, 15 Jul 2021 12:31:51 +0200 Subject: [PATCH] Add system user to context for system CLI ops --- app/app.go | 2 ++ app/boot_levels.go | 61 ++++++++++++++++++++++++++----------- pkg/provision/roles.go | 6 ++-- pkg/provision/users.go | 7 +++-- system/commands/exporter.go | 3 ++ system/commands/roles.go | 5 +++ system/commands/settings.go | 13 ++++++++ system/commands/users.go | 9 +++++- 8 files changed, 81 insertions(+), 25 deletions(-) diff --git a/app/app.go b/app/app.go index 0537762d2..c964195e6 100644 --- a/app/app.go +++ b/app/app.go @@ -57,6 +57,8 @@ type ( WsServer wsServer AuthService authServicer + + systemEntitiesInitialized bool } ) diff --git a/app/boot_levels.go b/app/boot_levels.go index 688dba9cd..5930e9f67 100644 --- a/app/boot_levels.go +++ b/app/boot_levels.go @@ -4,6 +4,8 @@ import ( "context" "crypto/tls" "fmt" + "strings" + authService "github.com/cortezaproject/corteza-server/auth" authHandlers "github.com/cortezaproject/corteza-server/auth/handlers" "github.com/cortezaproject/corteza-server/auth/saml" @@ -36,7 +38,6 @@ import ( "github.com/cortezaproject/corteza-server/system/types" "go.uber.org/zap" gomail "gopkg.in/mail.v2" - "strings" ) const ( @@ -255,25 +256,10 @@ func (app *CortezaApp) Provision(ctx context.Context) (err error) { return err } - var ( - uu []*types.User - rr []*types.Role - ) - - // Basic provision for system resources that we need before anything else - if rr, err = provision.SystemRoles(ctx, app.Log, app.Store); err != nil { + if err = app.initSystemEntities(ctx); err != nil { return } - // Basic provision for system users that we need before anything else - if uu, err = provision.SystemUsers(ctx, app.Log, app.Store); err != nil { - return - } - - // set system users & roles with so that the whole app knows what to use - auth.SetSystemUsers(uu, rr) - auth.SetSystemRoles(rr) - { // register temporary RBAC with bypass roles // this is needed because envoy relies on availability of access-control @@ -320,7 +306,9 @@ func (app *CortezaApp) InitServices(ctx context.Context) (err error) { return err } - // Load users + if err = app.initSystemEntities(ctx); err != nil { + return + } app.WsServer = websocket.Server(app.Log, app.Opt.Websocket) @@ -490,6 +478,43 @@ func (app *CortezaApp) Activate(ctx context.Context) (err error) { return nil } +// Provisions and initializes system roles and users +func (app *CortezaApp) initSystemEntities(ctx context.Context) (err error) { + if app.systemEntitiesInitialized { + // make sure we do this once. + return nil + } + + app.systemEntitiesInitialized = true + + var ( + uu types.UserSet + rr types.RoleSet + ) + + // Basic provision for system resources that we need before anything else + if rr, err = provision.SystemRoles(ctx, app.Log, app.Store); err != nil { + return + } + + // Basic provision for system users that we need before anything else + if uu, err = provision.SystemUsers(ctx, app.Log, app.Store); err != nil { + return + } + + // set system users & roles with so that the whole app knows what to use + auth.SetSystemUsers(uu, rr) + auth.SetSystemRoles(rr) + + app.Log.Debug( + "system entities set", + zap.Uint64s("users", uu.IDs()), + zap.Uint64s("roles", rr.IDs()), + ) + + return nil +} + func updateAuthSettings(svc authServicer, current *types.AppSettings) { var ( // current auth settings diff --git a/pkg/provision/roles.go b/pkg/provision/roles.go index dfd0703a2..3451f11b3 100644 --- a/pkg/provision/roles.go +++ b/pkg/provision/roles.go @@ -49,14 +49,14 @@ func SystemRoles(ctx context.Context, log *zap.Logger, s store.Storer) (rr []*ty for i := range rr { r := rr[i] if m[r.Handle] == nil { - log.Info("creating role", zap.String("handle", r.Handle)) + log.Info("creating system role", zap.String("handle", r.Handle)) // this is a new role r.ID = id.Next() r.CreatedAt = *now() m[r.Handle] = r } else { - log.Info("updating role", zap.String("handle", r.Handle)) + log.Info("updating system role", zap.String("handle", r.Handle)) // use existing role rr[i] = m[r.Handle] @@ -69,7 +69,7 @@ func SystemRoles(ctx context.Context, log *zap.Logger, s store.Storer) (rr []*ty } if err := store.UpsertRole(ctx, s, rr...); err != nil { - return nil, fmt.Errorf("failed to provision roles: %w", err) + return nil, fmt.Errorf("failed to provision system roles: %w", err) } return diff --git a/pkg/provision/users.go b/pkg/provision/users.go index e0932ab03..faf215231 100644 --- a/pkg/provision/users.go +++ b/pkg/provision/users.go @@ -49,9 +49,11 @@ func SystemUsers(ctx context.Context, log *zap.Logger, s store.Users) (uu []*typ u.CreatedAt = *now() if err := store.UpsertUser(ctx, s, u); err != nil { - return nil, fmt.Errorf("failed to provision user %s: %w", u.Handle, err) + return nil, fmt.Errorf("failed to provision system user %s: %w", u.Handle, err) } } else { + u.ID = m[u.Handle].ID + // There is no need to update system users if they are unchanged if m[u.Handle].UpdatedAt == nil && m[u.Handle].SuspendedAt == nil && @@ -60,7 +62,6 @@ func SystemUsers(ctx context.Context, log *zap.Logger, s store.Users) (uu []*typ } // Make sure all values are as they should be - u.ID = m[u.Handle].ID u.CreatedAt = m[u.Handle].CreatedAt u.Email = m[u.Handle].Email u.Name = m[u.Handle].Name @@ -69,7 +70,7 @@ func SystemUsers(ctx context.Context, log *zap.Logger, s store.Users) (uu []*typ u.DeletedAt = nil if err := store.UpsertUser(ctx, s, u); err != nil { - return nil, fmt.Errorf("failed to provision user %s: %w", u.Handle, err) + return nil, fmt.Errorf("failed to provision system user %s: %w", u.Handle, err) } } diff --git a/system/commands/exporter.go b/system/commands/exporter.go index 7ff6842fc..aed5d2908 100644 --- a/system/commands/exporter.go +++ b/system/commands/exporter.go @@ -7,6 +7,7 @@ import ( "path" "strings" + "github.com/cortezaproject/corteza-server/pkg/auth" "github.com/cortezaproject/corteza-server/pkg/envoy/yaml" "github.com/spf13/cobra" @@ -27,6 +28,8 @@ func Export(ctx context.Context, storeInit func(ctx context.Context) (store.Stor Long: `Export data to YAML files.`, Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( f = su.NewDecodeFilter() ) diff --git a/system/commands/roles.go b/system/commands/roles.go index 39124f9e6..af897ece2 100644 --- a/system/commands/roles.go +++ b/system/commands/roles.go @@ -3,6 +3,7 @@ package commands import ( "context" + "github.com/cortezaproject/corteza-server/pkg/auth" "github.com/cortezaproject/corteza-server/pkg/cli" "github.com/cortezaproject/corteza-server/store" "github.com/cortezaproject/corteza-server/system/service" @@ -31,6 +32,8 @@ func rolesAddUser(ctx context.Context, app serviceInitializer) *cobra.Command { Args: cobra.ExactArgs(2), PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( roleStr, userStr = args[0], args[1] @@ -62,6 +65,8 @@ func rolesList(ctx context.Context, app serviceInitializer) *cobra.Command { Short: "List all roles", PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + f := types.RoleFilter{Query: ""} if len(args) > 0 { f.Query = args[0] diff --git a/system/commands/settings.go b/system/commands/settings.go index 24d2a4bba..eacd81c13 100644 --- a/system/commands/settings.go +++ b/system/commands/settings.go @@ -6,6 +6,7 @@ import ( "os" "strings" + "github.com/cortezaproject/corteza-server/pkg/auth" "github.com/cortezaproject/corteza-server/system/types" "github.com/spf13/cobra" @@ -27,6 +28,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command { Short: "List all", PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + prefix := cmd.Flags().Lookup("prefix").Value.String() if kv, err := service.DefaultSettings.FindByPrefix(ctx, prefix); err != nil { cli.HandleError(err) @@ -54,6 +57,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command { Args: cobra.ExactArgs(1), PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + if v, err := service.DefaultSettings.Get(ctx, args[0], 0); err != nil { cli.HandleError(err) } else if v != nil { @@ -68,6 +73,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command { Args: cobra.ExactArgs(2), PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + value := args[1] v := &types.SettingValue{ @@ -98,6 +105,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command { Args: cobra.MaximumNArgs(1), PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( fh *os.File err error @@ -137,6 +146,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command { Args: cobra.MaximumNArgs(1), PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( fh *os.File err error @@ -169,6 +180,8 @@ func Settings(ctx context.Context, app serviceInitializer) *cobra.Command { Args: cobra.MinimumNArgs(0), PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( names = []string{} ) diff --git a/system/commands/users.go b/system/commands/users.go index 65d11fe69..2ed2eefea 100644 --- a/system/commands/users.go +++ b/system/commands/users.go @@ -6,6 +6,7 @@ import ( "strconv" "syscall" + "github.com/cortezaproject/corteza-server/pkg/auth" "github.com/cortezaproject/corteza-server/pkg/cli" "github.com/cortezaproject/corteza-server/pkg/filter" "github.com/cortezaproject/corteza-server/system/service" @@ -32,6 +33,8 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command { PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( queryFlag = cmd.Flags().Lookup("query").Value.String() limitFlag = cmd.Flags().Lookup("limit").Value.String() @@ -85,6 +88,8 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command { PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( authSvc = service.Auth() @@ -95,7 +100,7 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command { password []byte ) - // Update current settings to be sure that we do not have outdated values + // Update current settings to be sure we do not have outdated values cli.HandleError(service.DefaultSettings.UpdateCurrent(ctx)) if user, err = service.DefaultUser.Create(ctx, user); err != nil { @@ -134,6 +139,8 @@ func Users(ctx context.Context, app serviceInitializer) *cobra.Command { Args: cobra.MinimumNArgs(1), PreRunE: commandPreRunInitService(app), Run: func(cmd *cobra.Command, args []string) { + ctx = auth.SetIdentityToContext(ctx, auth.ServiceUser()) + var ( user *types.User err error