Properly update group on user removal (#31)

* Regenerate stale idp swagger definitions * Remove an unnecessary import * Handle err case for role not found in db * Fix user not being deleted in casbin on user remove from group
2026-03-04 18:10:21 +00:00 · 2022-02-25 17:35:51 +05:30
parent 269bffea29
commit cba4bd226c
6 changed files with 19 additions and 37 deletions
--- a/components/usermgmt/gen/openapi/proto/rpc/v3/idp.swagger.json
+++ b/components/usermgmt/gen/openapi/proto/rpc/v3/idp.swagger.json
@@ -154,13 +154,6 @@
            "type": "string",
            "default": "Idp"
          },
-          {
-            "name": "metadata.name",
-            "description": "Name. name of the resource",
-            "in": "query",
-            "required": false,
-            "type": "string"
-          },
          {
            "name": "metadata.displayName",
            "description": "Display Name. display name of the resource",
@@ -383,13 +376,6 @@
            "type": "string",
            "default": "Idp"
          },
-          {
-            "name": "metadata.name",
-            "description": "Name. name of the resource",
-            "in": "query",
-            "required": false,
-            "type": "string"
-          },
          {
            "name": "metadata.displayName",
            "description": "Display Name. display name of the resource",
--- a/components/usermgmt/gen/openapi/proto/rpc/v3/oidc_provider.swagger.json
+++ b/components/usermgmt/gen/openapi/proto/rpc/v3/oidc_provider.swagger.json
@@ -154,13 +154,6 @@
            "type": "string",
            "default": "OIDCProvider"
          },
-          {
-            "name": "metadata.name",
-            "description": "Name. name of the resource",
-            "in": "query",
-            "required": false,
-            "type": "string"
-          },
          {
            "name": "metadata.displayName",
            "description": "Display Name. display name of the resource",
@@ -375,13 +368,6 @@
            "type": "string",
            "default": "OIDCProvider"
          },
-          {
-            "name": "metadata.name",
-            "description": "Name. name of the resource",
-            "in": "query",
-            "required": false,
-            "type": "string"
-          },
          {
            "name": "metadata.displayName",
            "description": "Display Name. display name of the resource",
--- a/components/usermgmt/main.go
+++ b/components/usermgmt/main.go
@@ -28,7 +28,6 @@ import (
 	"github.com/RafaySystems/rcloud-base/components/usermgmt/pkg/providers"
 	"github.com/RafaySystems/rcloud-base/components/usermgmt/pkg/server"
 	"github.com/RafaySystems/rcloud-base/components/usermgmt/pkg/service"
-	pbrpcv3 "github.com/RafaySystems/rcloud-base/components/usermgmt/proto/rpc/v3"
 	rpcv3 "github.com/RafaySystems/rcloud-base/components/usermgmt/proto/rpc/v3"
 	_grpc "google.golang.org/grpc"
 )
@@ -182,12 +181,12 @@ func runAPI(wg *sync.WaitGroup, ctx context.Context) {
 		ctx,
 		fmt.Sprintf(":%d", rpcPort),
 		make([]runtime.ServeMuxOption, 0),
-		pbrpcv3.RegisterUserHandlerFromEndpoint,
-		pbrpcv3.RegisterGroupHandlerFromEndpoint,
-		pbrpcv3.RegisterRoleHandlerFromEndpoint,
-		pbrpcv3.RegisterRolepermissionHandlerFromEndpoint,
-		pbrpcv3.RegisterIdpHandlerFromEndpoint,
-		pbrpcv3.RegisterOIDCProviderHandlerFromEndpoint,
+		rpcv3.RegisterUserHandlerFromEndpoint,
+		rpcv3.RegisterGroupHandlerFromEndpoint,
+		rpcv3.RegisterRoleHandlerFromEndpoint,
+		rpcv3.RegisterRolepermissionHandlerFromEndpoint,
+		rpcv3.RegisterIdpHandlerFromEndpoint,
+		rpcv3.RegisterOIDCProviderHandlerFromEndpoint,
 	)
 	if err != nil {
 		_log.Fatalw("unable to create gateway", "error", err)
--- a/components/usermgmt/pkg/service/group.go
+++ b/components/usermgmt/pkg/service/group.go
@@ -212,7 +212,7 @@ func (s *groupService) deleteGroupAccountRelations(ctx context.Context, groupId
 		return &userv3.Group{}, fmt.Errorf("unable to delete user; %v", err)
 	}

-	_, err = s.azc.DeleteUserGroups(ctx, &authzv1.UserGroup{Grp: group.GetMetadata().GetName()})
+	_, err = s.azc.DeleteUserGroups(ctx, &authzv1.UserGroup{Grp: "g:"+group.GetMetadata().GetName()})
 	if err != nil {
 		return &userv3.Group{}, fmt.Errorf("unable to delete gorup-user relations from authz; %v", err)
 	}
--- a/components/usermgmt/pkg/service/group_test.go
+++ b/components/usermgmt/pkg/service/group_test.go
@@ -80,6 +80,17 @@ func performGroupBasicAuthzChecks(t *testing.T, mazc mockAuthzClient, guuid stri
 			}
 		}
 	}
+
+	if len(mazc.dug) > 0 {
+		if mazc.dug[len(mazc.dug)-1].Grp != "g:group-"+guuid {
+			t.Errorf("invalid group sent to authz; expected 'g:group-%v', got '%v'", guuid, mazc.dug[len(mazc.dug)-1].Grp)
+		}
+	}
+	if len(mazc.dp) > 0 {
+		if mazc.dp[len(mazc.dp)-1].Sub != "g:group-"+guuid {
+			t.Errorf("invalid sub in policy sent to authz; expected '%v', got '%v'", "g:group-"+guuid, mazc.dp[len(mazc.dp)-1].Sub)
+		}
+	}
 }

 func TestCreateGroupNoUsersNoRoles(t *testing.T) {
--- a/components/usermgmt/pkg/service/role.go
+++ b/components/usermgmt/pkg/service/role.go
@@ -209,7 +209,7 @@ func (s *roleService) GetByName(ctx context.Context, role *userv3.Role) (*userv3
 			return &userv3.Role{}, err
 		}
 	} else {
-
+		return nil, fmt.Errorf("unable to find role")
 	}
 	return role, nil