Add a check to skip base resource provisioning

Before it would overwrite some RBAC rules with the pre-defined ones.
cortezaproject · Feb 7, 2023 · 88204f7 · 88204f7
1 parent 3d960a1
commit 88204f7
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/server/pkg/provision/config.go b/server/pkg/provision/config.go
@@ -3,10 +3,11 @@ package provision
 import (
 	"context"
 	"fmt"
-	"github.com/cortezaproject/corteza/server/pkg/dal"
 	"path/filepath"
 	"strings"
 
+	"github.com/cortezaproject/corteza/server/pkg/dal"
+
 	"github.com/cortezaproject/corteza/server/pkg/rbac"
 
 	"github.com/cortezaproject/corteza/server/pkg/envoy"
@@ -84,7 +85,7 @@ func canImportConfig(ctx context.Context, s store.Storer) (bool, error) {
 func collectUnimportedConfigs(ctx context.Context, log *zap.Logger, s store.Storer, sources []string, dec directory.Decoder) (nn []resource.Interface, err error) {
 	var (
 		searchPartialDirectories = []uConfig{
-			{dir: "000_base", fn: nil},
+			{dir: "000_base", fn: provisionPartialBase},
 			{dir: "002_templates", fn: provisionPartialTemplates},
 			{dir: "003_auth", fn: provisionPartialAuthClients},
 			{dir: "200_federation", fn: nil},

diff --git a/server/pkg/provision/partial.go b/server/pkg/provision/partial.go
@@ -18,6 +18,32 @@ type (
 	}
 )
 
+// provisionPartialBase check for roles and permissions
+//
+// It checks if there are any roles and any RBAC rules. If there are, we assume
+// the provision for the base dir was already done.
+func provisionPartialBase(ctx context.Context, s store.Storer, log *zap.Logger) bool {
+	rr, _, err := store.SearchRoles(ctx, s, types.RoleFilter{Deleted: filter.StateInclusive})
+	if err != nil {
+		log.Warn("could not make a partial import of base: roles", zap.Error(err))
+		return false
+	}
+	if len(rr) == 0 {
+		return true
+	}
+
+	pp, _, err := store.SearchRbacRules(ctx, s, rbac.RuleFilter{})
+	if err != nil {
+		log.Warn("could not make a partial import of base: permissions", zap.Error(err))
+		return false
+	}
+	if len(pp) == 0 {
+		return true
+	}
+
+	return false
+}
+
 // provisionPartialAuthClients checks for a specific set of auth client rbac rules
 func provisionPartialAuthClients(ctx context.Context, s store.Storer, log *zap.Logger) bool {
 	set, _, err := store.SearchRbacRules(ctx, s, rbac.RuleFilter{})