Skip to content

Commit

Permalink
don't error if role already exists on restart
Browse files Browse the repository at this point in the history
  • Loading branch information
@sarahalsmiller
sarahalsmiller committed May 8, 2024
1 parent c11c201 commit a0ca997
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions control-plane/api-gateway/cache/consul.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,10 @@ func (c *Cache) ensurePolicy(client *api.Client, gatewayName string) (string, er
return existing.ID, nil
}

func getACLRoleName(gatewayName string) string {
return fmt.Sprint("managed-gateway-acl-role-", gatewayName)
}

func (c *Cache) ensureRole(client *api.Client, gatewayName string) (string, error) {
policyID, err := c.ensurePolicy(client, gatewayName)
if err != nil {
Expand All @@ -407,19 +411,21 @@ func (c *Cache) ensureRole(client *api.Client, gatewayName string) (string, erro
defer c.aclRoleMutex.Unlock()

createRole := func() (string, error) {
aclRoleName := fmt.Sprint("managed-gateway-acl-role-", gatewayName)
aclRoleName := getACLRoleName(gatewayName)
role := &api.ACLRole{
Name: aclRoleName,
Description: "ACL Role for Managed API Gateways",
Policies: []*api.ACLLink{{ID: policyID}},
}

_, _, err = client.ACL().RoleCreate(role, &api.WriteOptions{})
if err != nil {
if err != nil && !isRoleExistsErr(err, aclRoleName) {
//don't error out in the case that the role already exists
return "", err
}

c.gatewayNameToRole[gatewayName] = role
return aclRoleName, err
return aclRoleName, nil
}

cachedRole, found := c.gatewayNameToRole[gatewayName]
Expand Down Expand Up @@ -592,7 +598,18 @@ func ignoreACLsDisabled(err error) error {
// isPolicyExistsErr returns true if err is due to trying to call the
// policy create API when the policy already exists.
func isPolicyExistsErr(err error, policyName string) bool {
return isExistsErr(err, "Policy", policyName)
}

// isExistsErr returns true if err is due to trying to call an API for a given type and it already exists

Check failure on line 604 in control-plane/api-gateway/cache/consul.go

View workflow job for this annotation

GitHub Actions / golangci-lint 

Comment should end in a period (godot)
func isExistsErr(err error, typeName, name string) bool {
return err != nil &&
strings.Contains(err.Error(), "Unexpected response code: 500") &&
strings.Contains(err.Error(), fmt.Sprintf("Invalid Policy: A Policy with Name %q already exists", policyName))
strings.Contains(err.Error(), fmt.Sprintf("Invalid %s: A %s with Name %q already exists", typeName, typeName, name))
}

// isRoleExistsErr returns true if err is due to trying to call the
// role create API when the role already exists.
func isRoleExistsErr(err error, roleName string) bool {
return isExistsErr(err, "Role", roleName)
}

0 comments on commit a0ca997

Please sign in to comment.