zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-11-01 12:42:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

NET-674: clear extclients of an user when deleted, remove gw id from user gws when deleted (#2631)

Browse Source 
* remove client gw from user when deleted

* clear extclient of a user if deleted

* check if ingress gw on user gws

* debug log

* log change

* pr comments
This commit is contained in:
Abhishek K
2023-10-17 23:22:17 +04:00
committed by GitHub
parent 3e26f5953b
commit 4876bdb62f
5 changed files with 71 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/ext_client.go
View File

@@ -364,7 +364,7 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
extclient.RemoteAccessClientID == customExtClient.RemoteAccessClientID && nodeid == extclient.IngressGatewayID { extclient.RemoteAccessClientID == customExtClient.RemoteAccessClientID && nodeid == extclient.IngressGatewayID {
// extclient on the gw already exists for the remote access client // extclient on the gw already exists for the remote access client
err = errors.New("remote client config already exists on the gateway") err = errors.New("remote client config already exists on the gateway")
slog.Error("failed to get extclients", "error", err) slog.Error("failed to create extclient", "user", userName, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return return
} }
@@ -539,12 +539,12 @@ func deleteExtClient(w http.ResponseWriter, r *http.Request) {
if err != nil { if err != nil {
err = errors.New("Could not delete extclient " + params["clientid"]) err = errors.New("Could not delete extclient " + params["clientid"])
logger.Log(0, r.Header.Get("user"), logger.Log(0, r.Header.Get("user"),
fmt.Sprintf("failed to delete extclient [%s],network [%s]: %v", clientid, network, err)) fmt.Sprintf("failed to get extclient [%s],network [%s]: %v", clientid, network, err))
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return return
} }
if !logic.IsUserAllowedAccessToExtClient(r.Header.Get("user"), extclient) { if !logic.IsUserAllowedAccessToExtClient(r.Header.Get("user"), extclient) {
slog.Error("failed to get extclient", "network", network, "clientID", slog.Error("user not allowed to delete", "network", network, "clientID",
clientid, "error", errors.New("access is denied")) clientid, "error", errors.New("access is denied"))
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("access is denied"), "forbidden")) logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("access is denied"), "forbidden"))
return return

20
controllers/node.go
View File

@@ -571,11 +571,29 @@ func deleteIngressGateway(w http.ResponseWriter, r *http.Request) {
return return
} }
if servercfg.IsPro && wasFailover { if servercfg.IsPro {
if wasFailover {
if err = logic.EnterpriseResetFailoverFunc(node.Network); err != nil { if err = logic.EnterpriseResetFailoverFunc(node.Network); err != nil {
logger.Log(1, "failed to reset failover list during failover create", node.ID.String(), node.Network) logger.Log(1, "failed to reset failover list during failover create", node.ID.String(), node.Network)
} }
} }
go func() {
users, err := logic.GetUsersDB()
if err == nil {
for _, user := range users {
if _, ok := user.RemoteGwIDs[nodeid]; ok {
delete(user.RemoteGwIDs, nodeid)
err = logic.UpsertUser(user)
if err != nil {
slog.Error("failed to get user", "user", user.UserName, "error", err)
}
}
}
} else {
slog.Error("failed to get users", "error", err)
}
}()
}
apiNode := node.ConvertToAPINode() apiNode := node.ConvertToAPINode()
logger.Log(1, r.Header.Get("user"), "deleted ingress gateway", nodeid) logger.Log(1, r.Header.Get("user"), "deleted ingress gateway", nodeid)

18
controllers/user.go
View File

@@ -525,7 +525,23 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return return
} }
// check and delete extclient with this ownerID
go func() {
extclients, err := logic.GetAllExtClients()
if err != nil {
slog.Error("failed to get extclients", "error", err)
return
}
for _, extclient := range extclients {
if extclient.OwnerID == user.UserName {
err = logic.DeleteExtClient(extclient.Network, extclient.ClientID)
if err != nil {
slog.Error("failed to delete extclient",
"id", extclient.ClientID, "owner", user.UserName, "error", err)
}
}
}
}()
logger.Log(1, username, "was deleted") logger.Log(1, username, "was deleted")
json.NewEncoder(w).Encode(params["username"] + " deleted.") json.NewEncoder(w).Encode(params["username"] + " deleted.")
} }

24
logic/auth.go
View File

@@ -39,6 +39,30 @@ func HasSuperAdmin() (bool, error) {
return false, err return false, err
} }
// GetUsersDB - gets users
func GetUsersDB() ([]models.User, error) {
var users []models.User
collection, err := database.FetchRecords(database.USERS_TABLE_NAME)
if err != nil {
return users, err
}
for _, value := range collection {
var user models.User
err = json.Unmarshal([]byte(value), &user)
if err != nil {
continue // get users
}
users = append(users, user)
}
return users, err
}
// GetUsers - gets users // GetUsers - gets users
func GetUsers() ([]models.ReturnUser, error) { func GetUsers() ([]models.ReturnUser, error) {

6
pro/controllers/users.go
View File

@@ -185,6 +185,9 @@ func getUserRemoteAccessGws(w http.ResponseWriter, r *http.Request) {
if node.PendingDelete { if node.PendingDelete {
continue continue
} }
if !node.IsIngressGateway {
continue
}
host, err := logic.GetHost(node.HostID.String()) host, err := logic.GetHost(node.HostID.String())
if err != nil { if err != nil {
continue continue
@@ -214,6 +217,9 @@ func getUserRemoteAccessGws(w http.ResponseWriter, r *http.Request) {
if err != nil { if err != nil {
continue continue
} }
if !node.IsIngressGateway {
continue
}
if node.PendingDelete { if node.PendingDelete {
continue continue
} }