Skip to content

Commit

Permalink
Use the userClient instead of userCache when cleaning up auth provide…
Browse files Browse the repository at this point in the history
…r users. (rancher#47311)
  • Loading branch information
crobby authored Oct 1, 2024
1 parent caca393 commit b35702e
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 18 deletions.
8 changes: 3 additions & 5 deletions pkg/auth/cleanup/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ var errAuthConfigNil = errors.New("cannot get auth provider if its config is nil
type Service struct {
secretsInterface corev1.SecretInterface

userCache controllers.UserCache
userClient controllers.UserClient

clusterRoleTemplateBindingsCache controllers.ClusterRoleTemplateBindingCache
Expand All @@ -39,7 +38,6 @@ func NewCleanupService(secretsInterface corev1.SecretInterface, c controllers.In
return &Service{
secretsInterface: secretsInterface,

userCache: c.User().Cache(),
userClient: c.User(),

clusterRoleTemplateBindingsCache: c.ClusterRoleTemplateBinding().Cache(),
Expand Down Expand Up @@ -156,12 +154,12 @@ func (s *Service) deleteUsers(config *v3.AuthConfig) error {
if config == nil {
return errAuthConfigNil
}
users, err := s.userCache.List(labels.Everything())
users, err := s.userClient.List(v1.ListOptions{})
if err != nil {
return fmt.Errorf("failed to list users: %w", err)
}

for _, u := range users {
for _, u := range users.Items {
providerName := getProviderNameFromPrincipalNames(u.PrincipalIDs...)
if providerName == config.Name {
// A fully external user (who was never local) has no password.
Expand All @@ -171,7 +169,7 @@ func (s *Service) deleteUsers(config *v3.AuthConfig) error {
return err
}
} else {
if err := s.resetLocalUser(u); err != nil {
if err := s.resetLocalUser(&u); err != nil {
return fmt.Errorf("failed to reset local user: %w", err)
}
}
Expand Down
33 changes: 20 additions & 13 deletions pkg/auth/cleanup/service_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,12 @@ func TestRunCleanup(t *testing.T) {
PrincipalIDs: []string{"azuread_group://rick", "local://rick"},
Password: "secret",
},
"boss": {
ObjectMeta: metav1.ObjectMeta{
Name: "boss",
Labels: map[string]string{"authz.management.cattle.io/bootstrapping": "admin-user"}},
PrincipalIDs: []string{"local://boss", "azuread_user://authprincipal"},
},
}

var secretStore = map[string]*v1.Secret{
Expand Down Expand Up @@ -196,17 +202,6 @@ func newMockCleanupService(t *testing.T,
return nil
}).AnyTimes()

userCache := fake.NewMockNonNamespacedCacheInterface[*v3.User](ctrl)
userCache.EXPECT().List(gomock.Any()).DoAndReturn(func(_ labels.Selector) ([]*v3.User, error) {
var lst []*v3.User
for _, v := range userStore {
lst = append(lst, v)
}
return lst, nil
}).AnyTimes()
userCache.EXPECT().Get(gomock.Any()).DoAndReturn(func(name string) (*v3.User, error) {
return userStore[name], nil
}).AnyTimes()
userClient := fake.NewMockNonNamespacedClientInterface[*v3.User, *v3.UserList](ctrl)
userClient.EXPECT().Delete(gomock.Any(), gomock.Any()).DoAndReturn(func(name string, _ *metav1.DeleteOptions) error {
delete(userStore, name)
Expand All @@ -215,7 +210,20 @@ func newMockCleanupService(t *testing.T,
userClient.EXPECT().Update(gomock.Any()).DoAndReturn(func(user *v3.User) (*v3.User, error) {
userStore[user.Name] = user
return user, nil
})
}).AnyTimes()
userClient.EXPECT().List(gomock.Any()).DoAndReturn(func(opts metav1.ListOptions) (*v3.UserList, error) {
var lst v3.UserList
for _, v := range userStore {
selector, err := labels.Parse(opts.LabelSelector)
if err != nil {
return nil, err
}
if selector.Matches(labels.Set(v.Labels)) {
lst.Items = append(lst.Items, *v)
}
}
return &lst, nil
}).AnyTimes()

return Service{
secretsInterface: getSecretInterfaceMock(secretStore),
Expand All @@ -225,7 +233,6 @@ func newMockCleanupService(t *testing.T,
projectRoleTemplateBindingsClient: prtbClient,
clusterRoleTemplateBindingsCache: crtbCache,
clusterRoleTemplateBindingsClient: crtbClient,
userCache: userCache,
userClient: userClient,
}
}
Expand Down

0 comments on commit b35702e

Please sign in to comment.