From 58b1b237fd328749e014c6fdfc9a6b43ef396f85 Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Mon, 30 Sep 2019 10:27:25 -0400 Subject: [PATCH] Fix identity case sensitivity loading in secondary cluster (#7327) * Fix identity case sensitivity loading in secondary cluster * Add nil check --- vault/identity_store.go | 54 +++++++++++++++++++++++++++++++-- vault/identity_store_structs.go | 4 +++ 2 files changed, 55 insertions(+), 3 deletions(-) diff --git a/vault/identity_store.go b/vault/identity_store.go index 34e4fcc540..d04e9f187a 100644 --- a/vault/identity_store.go +++ b/vault/identity_store.go @@ -23,6 +23,7 @@ const ( ) var ( + caseSensitivityKey = "casesensitivity" sendGroupUpgrade = func(*IdentityStore, *identity.Group) (bool, error) { return false, nil } parseExtraEntityFromBucket = func(context.Context, *IdentityStore, *identity.Entity) (bool, error) { return false, nil } addExtraEntityDataToResponse = func(*identity.Entity, map[string]interface{}) {} @@ -72,9 +73,10 @@ func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendCo } iStore.Backend = &framework.Backend{ - BackendType: logical.TypeLogical, - Paths: iStore.paths(), - Invalidate: iStore.Invalidate, + BackendType: logical.TypeLogical, + Paths: iStore.paths(), + Invalidate: iStore.Invalidate, + InitializeFunc: iStore.initialize, PathsSpecial: &logical.Paths{ Unauthenticated: []string{ "oidc/.well-known/*", @@ -109,6 +111,17 @@ func (i *IdentityStore) paths() []*framework.Path { ) } +func (i *IdentityStore) initialize(ctx context.Context, req *logical.InitializationRequest) error { + entry, err := logical.StorageEntryJSON(caseSensitivityKey, &casesensitivity{ + DisableLowerCasedNames: i.disableLowerCasedNames, + }) + if err != nil { + return err + } + + return i.view.Put(ctx, entry) +} + // Invalidate is a callback wherein the backend is informed that the value at // the given key is updated. In identity store's case, it would be the entity // storage entries that get updated. The value needs to be read and MemDB needs @@ -120,6 +133,41 @@ func (i *IdentityStore) Invalidate(ctx context.Context, key string) { defer i.lock.Unlock() switch { + case key == caseSensitivityKey: + entry, err := i.view.Get(ctx, caseSensitivityKey) + if err != nil { + i.logger.Error("failed to read case sensitivity setting during invalidation", "error", err) + return + } + if entry == nil { + return + } + + var setting casesensitivity + if err := entry.DecodeJSON(&setting); err != nil { + i.logger.Error("failed to decode case sensitivity setting during invalidation", "error", err) + return + } + + // Fast return if the setting is the same + if i.disableLowerCasedNames == setting.DisableLowerCasedNames { + return + } + + // If the setting is different, reset memdb and reload all the artifacts + i.disableLowerCasedNames = setting.DisableLowerCasedNames + if err := i.resetDB(ctx); err != nil { + i.logger.Error("failed to reset memdb during invalidation", "error", err) + return + } + if err := i.loadEntities(ctx); err != nil { + i.logger.Error("failed to load entities during invalidation", "error", err) + return + } + if err := i.loadGroups(ctx); err != nil { + i.logger.Error("failed to load groups during invalidation", "error", err) + return + } // Check if the key is a storage entry key for an entity bucket case strings.HasPrefix(key, storagepacker.StoragePackerBucketsPrefix): // Create a MemDB transaction diff --git a/vault/identity_store_structs.go b/vault/identity_store_structs.go index f6a32b5178..c0f1f97aba 100644 --- a/vault/identity_store_structs.go +++ b/vault/identity_store_structs.go @@ -87,3 +87,7 @@ type groupDiff struct { Deleted []*identity.Group Unmodified []*identity.Group } + +type casesensitivity struct { + DisableLowerCasedNames bool `json:"disable_lower_cased_names"` +}