fix: fix grant revoke for deleted resource into guardian.

raystack · Nov 16, 2022 · d028625 · d028625
1 parent 04684f0
commit d028625
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 5 deletions.
diff --git a/core/grant/service.go b/core/grant/service.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/go-playground/validator/v10"
+	"github.com/jinzhu/copier"
 	"github.com/odpf/guardian/domain"
 	"github.com/odpf/guardian/plugins/notifiers"
 	"github.com/odpf/guardian/utils"
@@ -120,17 +121,19 @@ func (s *Service) Revoke(ctx context.Context, id, actor, reason string, opts ...
 	}
 
 	revokedGrant := &domain.Grant{}
-	*revokedGrant = *grant
-	if err := grant.Revoke(actor, reason); err != nil {
+	if err := copier.Copy(&revokedGrant, &grant); err != nil {
 		return nil, err
 	}
-	if err := s.repo.Update(ctx, grant); err != nil {
+	if err := revokedGrant.Revoke(actor, reason); err != nil {
+		return nil, err
+	}
+	if err := s.repo.Update(ctx, revokedGrant); err != nil {
 		return nil, fmt.Errorf("updating grant record in db: %w", err)
 	}
 
 	options := s.getOptions(opts...)
 
-	if !options.skipRevokeInProvider {
+	if !options.skipRevokeInProvider && !grant.Resource.IsDeleted {
 		if err := s.providerService.RevokeAccess(ctx, *grant); err != nil {
 			if err := s.repo.Update(ctx, grant); err != nil {
 				return nil, fmt.Errorf("failed to rollback grant status: %w", err)
@@ -165,7 +168,7 @@ func (s *Service) Revoke(ctx context.Context, id, actor, reason string, opts ...
 		s.logger.Error("failed to record audit log", "error", err)
 	}
 
-	return grant, nil
+	return revokedGrant, nil
 }
 
 func (s *Service) BulkRevoke(ctx context.Context, filter domain.RevokeGrantsFilter, actor, reason string) ([]*domain.Grant, error) {

diff --git a/domain/grant.go b/domain/grant.go
@@ -69,6 +69,7 @@ func (g *Grant) Revoke(actor, reason string) error {
 	}
 
 	g.Status = GrantStatusInactive
+	g.StatusInProvider = GrantStatusInactive
 	g.RevokedBy = actor
 	g.RevokeReason = reason
 	now := time.Now()

diff --git a/go.mod b/go.mod
@@ -16,6 +16,7 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3
 	github.com/imdario/mergo v0.3.12
+	github.com/jinzhu/copier v0.3.5
 	github.com/lib/pq v1.10.0
 	github.com/mcuadros/go-defaults v1.2.0
 	github.com/mcuadros/go-lookup v0.0.0-20200831155250-80f87a4fa5ee

diff --git a/go.sum b/go.sum
@@ -833,6 +833,8 @@ github.com/jackc/puddle v1.1.2/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jeremywohl/flatten v1.0.1 h1:LrsxmB3hfwJuE+ptGOijix1PIfOoKLJ3Uee/mzbgtrs=
 github.com/jeremywohl/flatten v1.0.1/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ=
+github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
+github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.1 h1:g39TucaRWyV3dwDO++eEc6qf8TVIQ/Da48WmqjZ3i7E=

diff --git a/internal/store/postgres/migrations/000012_update_status_provider_for_appeal_source.down.sql b/internal/store/postgres/migrations/000012_update_status_provider_for_appeal_source.down.sql
diff --git a/internal/store/postgres/migrations/000012_update_status_provider_for_appeal_source.up.sql b/internal/store/postgres/migrations/000012_update_status_provider_for_appeal_source.up.sql
@@ -0,0 +1,7 @@
+UPDATE
+    "grants"
+SET
+    "status_in_provider" = "status"
+WHERE
+    "source" = 'appeal'
+    AND "status_in_provider" != "status"