mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
Skip cache during CreateBot RPC (#14899)
* Skip cache during CreateBot RPC * Adjust calls to use .Service rather than .Identity * Switch to CreateRole from UpsertRole
This commit is contained in:
parent
e499d0961e
commit
071bb116bc
|
@ -3175,7 +3175,7 @@ func (a *ServerWithRoles) GetRoles(ctx context.Context) ([]types.Role, error) {
|
|||
}
|
||||
|
||||
// CreateRole not implemented: can only be called locally.
|
||||
func (a *ServerWithRoles) CreateRole(role types.Role) error {
|
||||
func (a *ServerWithRoles) CreateRole(ctx context.Context, role types.Role) error {
|
||||
return trace.NotImplemented(notImplementedMessage)
|
||||
}
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ func createBotRole(ctx context.Context, s *Server, botName string, resourceName
|
|||
meta.Labels[types.BotLabel] = botName
|
||||
role.SetMetadata(meta)
|
||||
|
||||
err = s.UpsertRole(ctx, role)
|
||||
err = s.CreateRole(ctx, role)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
|
@ -125,15 +125,16 @@ func (s *Server) createBot(ctx context.Context, req *proto.CreateBotRequest) (*p
|
|||
resourceName := BotResourceName(req.Name)
|
||||
|
||||
// Ensure conflicting resources don't already exist.
|
||||
_, err := s.GetRole(ctx, resourceName)
|
||||
// We skip the cache here to allow for bot recreation shortly after bot
|
||||
// deletion.
|
||||
_, err := s.Services.GetRole(ctx, resourceName)
|
||||
if err != nil && !trace.IsNotFound(err) {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
if roleExists := (err == nil); roleExists {
|
||||
return nil, trace.AlreadyExists("cannot add bot: role %q already exists", resourceName)
|
||||
}
|
||||
|
||||
_, err = s.GetUser(resourceName, false)
|
||||
_, err = s.Services.GetUser(resourceName, false)
|
||||
if err != nil && !trace.IsNotFound(err) {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
|
|
|
@ -1187,7 +1187,7 @@ func (c *Client) DeleteNamespace(name string) error {
|
|||
}
|
||||
|
||||
// CreateRole not implemented: can only be called locally.
|
||||
func (c *Client) CreateRole(role types.Role) error {
|
||||
func (c *Client) CreateRole(ctx context.Context, role types.Role) error {
|
||||
return trace.NotImplemented(notImplementedMessage)
|
||||
}
|
||||
|
||||
|
|
|
@ -403,7 +403,7 @@ func Init(cfg InitConfig, opts ...ServerOption) (*Server, error) {
|
|||
}
|
||||
|
||||
// Create presets - convenience and example resources.
|
||||
err = createPresets(asrv)
|
||||
err = createPresets(ctx, asrv)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
}
|
||||
|
@ -514,14 +514,14 @@ func migrateLegacyResources(ctx context.Context, asrv *Server) error {
|
|||
}
|
||||
|
||||
// createPresets creates preset resources (eg, roles).
|
||||
func createPresets(asrv *Server) error {
|
||||
func createPresets(ctx context.Context, asrv *Server) error {
|
||||
roles := []types.Role{
|
||||
services.NewPresetEditorRole(),
|
||||
services.NewPresetAccessRole(),
|
||||
services.NewPresetAuditorRole(),
|
||||
}
|
||||
for _, role := range roles {
|
||||
err := asrv.CreateRole(role)
|
||||
err := asrv.CreateRole(ctx, role)
|
||||
if err != nil {
|
||||
if !trace.IsAlreadyExists(err) {
|
||||
return trace.WrapWithMessage(err, "failed to create preset role %v", role.GetName())
|
||||
|
|
|
@ -447,18 +447,19 @@ func TestPresets(t *testing.T) {
|
|||
roles := []types.Role{
|
||||
services.NewPresetEditorRole(),
|
||||
services.NewPresetAccessRole(),
|
||||
services.NewPresetAuditorRole()}
|
||||
services.NewPresetAuditorRole(),
|
||||
}
|
||||
|
||||
t.Run("EmptyCluster", func(t *testing.T) {
|
||||
as := newTestAuthServer(ctx, t)
|
||||
clock := clockwork.NewFakeClock()
|
||||
as.SetClock(clock)
|
||||
|
||||
err := createPresets(as)
|
||||
err := createPresets(ctx, as)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Second call should not fail
|
||||
err = createPresets(as)
|
||||
err = createPresets(ctx, as)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Presets were created
|
||||
|
@ -476,10 +477,10 @@ func TestPresets(t *testing.T) {
|
|||
|
||||
access := services.NewPresetEditorRole()
|
||||
access.SetLogins(types.Allow, []string{"root"})
|
||||
err := as.CreateRole(access)
|
||||
err := as.CreateRole(ctx, access)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = createPresets(as)
|
||||
err = createPresets(ctx, as)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Presets were created
|
||||
|
@ -973,8 +974,10 @@ func TestRotateDuplicatedCerts(t *testing.T) {
|
|||
require.NoError(t, err)
|
||||
})
|
||||
|
||||
rotationPhases := []string{types.RotationPhaseInit, types.RotationPhaseUpdateClients,
|
||||
types.RotationPhaseUpdateServers, types.RotationPhaseStandby}
|
||||
rotationPhases := []string{
|
||||
types.RotationPhaseInit, types.RotationPhaseUpdateClients,
|
||||
types.RotationPhaseUpdateServers, types.RotationPhaseStandby,
|
||||
}
|
||||
|
||||
ctx := context.Background()
|
||||
// Rotate CAs.
|
||||
|
|
|
@ -236,7 +236,7 @@ func TestSSODiagnostic(t *testing.T) {
|
|||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
err = s.a.CreateRole(role)
|
||||
err = s.a.CreateRole(ctx, role)
|
||||
require.NoError(t, err)
|
||||
|
||||
// connector spec
|
||||
|
|
|
@ -410,7 +410,7 @@ func TestServer_ValidateSAMLResponse(t *testing.T) {
|
|||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
err = a.CreateRole(role)
|
||||
err = a.CreateRole(ctx, role)
|
||||
require.NoError(t, err)
|
||||
|
||||
// real response from Okta
|
||||
|
|
|
@ -35,7 +35,7 @@ type Access interface {
|
|||
// GetRoles returns a list of roles.
|
||||
GetRoles(ctx context.Context) ([]types.Role, error)
|
||||
// CreateRole creates a role.
|
||||
CreateRole(role types.Role) error
|
||||
CreateRole(ctx context.Context, role types.Role) error
|
||||
// UpsertRole creates or updates role.
|
||||
UpsertRole(ctx context.Context, role types.Role) error
|
||||
// DeleteAllRoles deletes all roles.
|
||||
|
|
|
@ -69,7 +69,7 @@ func (s *AccessService) GetRoles(ctx context.Context) ([]types.Role, error) {
|
|||
}
|
||||
|
||||
// CreateRole creates a role on the backend.
|
||||
func (s *AccessService) CreateRole(role types.Role) error {
|
||||
func (s *AccessService) CreateRole(ctx context.Context, role types.Role) error {
|
||||
err := services.ValidateRoleName(role)
|
||||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
|
@ -86,7 +86,7 @@ func (s *AccessService) CreateRole(role types.Role) error {
|
|||
Expires: role.Expiry(),
|
||||
}
|
||||
|
||||
_, err = s.Create(context.TODO(), item)
|
||||
_, err = s.Create(ctx, item)
|
||||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue