Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add admin/superuser error handling and cleanup #8559

Merged
merged 2 commits into from
Jan 29, 2025
Merged

Add admin/superuser error handling and cleanup #8559

merged 2 commits into from
Jan 29, 2025

Conversation

nopcoder
Copy link
Contributor

  • Added a defer function to clean up the admin user if an error occurs during creation.
  • Added tests for creating an admin user, verifying successful creation, attempting to create another admin user, deleting the admin user, creating an admin user without a secret access key, and re-adding the admin user.
  • Included a new test TestAddAdminUser to verify the behavior of the AddAdminUser function in various scenarios.

Closes #8490

@nopcoder
Add admin/superuser error handling and cleanup
e110f8e 
- Added a defer function to clean up the admin user if an error occurs during creation.
- Added tests for creating an admin user, verifying successful creation, attempting to create another admin user, deleting the admin user, creating an admin user without a secret access key, and re-adding the admin user.
- Included a new test `TestAddAdminUser` to verify the behavior of the `AddAdminUser` function in various scenarios.
@nopcoder nopcoder added area/auth IAM, authorization, authentication, audit, AAA, and integrations with all those include-changelog PR description should be included in next release changelog labels Jan 28, 2025
@nopcoder nopcoder self-assigned this Jan 28, 2025
@github-actions GitHub Actions
Copy link

E2E Test Results - DynamoDB Local - Local Block Adapter

13 passed

@github-actions GitHub Actions
Copy link

E2E Test Results - Quickstart

11 passed

@nopcoder nopcoder requested a review from yonipeleg33 January 28, 2025 14:58
yonipeleg33
yonipeleg33 approved these changes Jan 28, 2025
View reviewed changes
Copy link
Contributor

@yonipeleg33 yonipeleg33 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TLDR: Thanks, LGTM!

I have two drawbacks here:

  1. This solution isn't bulletproof, as the process might die before executing the defer statement. That being said, it is probably good enough for the majority of cases.
  2. I'd like to implement this suggested solution to re-validate the user intent with a special flag passed to the command.
    It is orthogonal to this PR, so it's not a blocker (obviously), but I believe making the command more human-error-proof can be even more valuable than the rollback implemented in this PR.

But nonetheless, this PR is net-positive, so LGTM! Thanks for working on this

pkg/auth/setup/setup.go
@@ -174,6 +174,12 @@ func AddAdminUser(ctx context.Context, authService auth.Service, user *model.Sup
if err != nil {
return nil, fmt.Errorf("create user - %w", err)
}
defer func() {
// delete admin on any error to avoid partial setup
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please replace the comment with an informative log message (info/warn imo)

@nopcoder nopcoder merged commit 340dc93 into master Jan 29, 2025
38 checks passed
@nopcoder nopcoder deleted the fix/superuser branch January 29, 2025 09:41
N-o-Z added a commit that referenced this pull request Jan 30, 2025
@N-o-Z
# This is a combination of 6 commits.
a54954e 
# This is the 1st commit message:

StorageConfigList response changes

# The commit message #2 will be skipped:

# Fix newConfig

# The commit message #3 will be skipped:

# More fixes

# The commit message #4 will be skipped:

# More fixes

# The commit message #5 will be skipped:

# Add admin/superuser error handling and cleanup (#8559)
#
# * Add admin/superuser error handling and cleanup
#
# - Added a defer function to clean up the admin user if an error occurs during creation.
# - Added tests for creating an admin user, verifying successful creation, attempting to create another admin user, deleting the admin user, creating an admin user without a secret access key, and re-adding the admin user.
# - Included a new test `TestAddAdminUser` to verify the behavior of the `AddAdminUser` function in various scenarios.
#
# * Added a logger to log the error message and warn about deleting the user

# The commit message #6 will be skipped:

# Add StorageID to adapter GetStorageNamespaceInfo and ResolveNamespace (#8551)
#
# * Add StorageID to adapter metadata functions
#
# * Fix tests
#
# * Add error handling
#
# * Fix tests
#
# * Fix lint
#
# * Revert "Fix lint"
#
# This reverts commit 850f17b.
#
# * Revert "Fix tests"
#
# This reverts commit 7bf9acc.
#
# * Revert "Add error handling"
#
# This reverts commit 9d3f0a2.
#
# * Revert "Fix tests"
#
# This reverts commit a2a4ab5.
#
# * Revert "Add StorageID to adapter metadata functions"
#
# This reverts commit 06b32ee.
#
# * Add storageID to metadata functions
#
# * Fix tests
#
# * Fix tests
#
# * Remove storageID from BlockstoreMetadata
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yonipeleg33 yonipeleg33 yonipeleg33 approved these changes

Assignees

@nopcoder nopcoder

Labels
area/auth IAM, authorization, authentication, audit, AAA, and integrations with all those include-changelog PR description should be included in next release changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: Creating a user using the superuser command can end up in an unrecoverable state
2 participants
@nopcoder @yonipeleg33