Add comments, enhance error messages to ease error solving.

common/naming.go

@@ -152,7 +152,7 @@ var (
 
 	// The 3 below vars are initialized by the go linker directly
 	// in the resulting binary when doing 'make main'
-	version       = "0.1.0"
+	version       = "1.0.4"
 	BuildStamp    string
 	BuildRevision string
 

idm/policy/defaults.go

@@ -30,7 +30,9 @@ import (
 )
 
 var (
-	// DefaultPolicyGroups provides some sample policies to Admin Users
+	// DefaultPolicyGroups provides some sample policies to Admin Users.
+	// Note that Name and Description fields are generally i18nized
+	// that is why we rather declare here the corresponding message IDs.
 	DefaultPolicyGroups = []*idm.PolicyGroup{
 		{
 			Uuid:          "public-access",
@@ -164,11 +166,9 @@ var (
 					ID:          "shares-default-policy",
 					Description: "PolicyGroup.LoggedUsers.Rule3",
 					Subjects:    []string{"profile:standard", "profile:shared"},
-					Resources: []string{
-						"rest:/docstore/share/<.+>",
-					},
-					Actions: []string{"GET", "PUT"},
-					Effect:  ladon.AllowAccess,
+					Resources:   []string{"rest:/docstore/share/<.+>"},
+					Actions:     []string{"GET", "PUT"},
+					Effect:      ladon.AllowAccess,
 				}),
 			},
 		},

idm/policy/grpc/plugins.go

@@ -67,6 +67,7 @@ func init() {
 	)
 }
 
+// InitDefaults is called once at first launch to create default policy groups.
 func InitDefaults(ctx context.Context) error {
 
 	cfg := config.Default()
@@ -94,13 +95,14 @@ func InitDefaults(ctx context.Context) error {
 		}
 
 		if _, er := dao.StorePolicyGroup(ctx, policyGroup); er != nil {
-			log.Logger(ctx).Error("Could not store default policy!", zap.Any("policy", policyGroup), zap.Error(er))
+			log.Logger(ctx).Error("could not store default policy group "+policyGroup.Uuid, zap.Any("policy", policyGroup), zap.Error(er))
 		}
 	}
-	log.Logger(ctx).Info("Successfully inserted default policies")
+	log.Logger(ctx).Info("Inserted default policies")
 	return nil
 }
 
+// Upgrade101 adapts policy dbs. It is called once at service launch when Cells version become >= 1.0.1.
 func Upgrade101(ctx context.Context) error {
 	dao := servicecontext.GetDAO(ctx).(policy.DAO)
 	if dao == nil {
@@ -118,9 +120,9 @@ func Upgrade101(ctx context.Context) error {
 				}
 			}
 			if _, er := dao.StorePolicyGroup(ctx, group); er != nil {
-				log.Logger(ctx).Error("Could not update policy group "+group.Uuid, zap.Error(er))
+				log.Logger(ctx).Error("could not update policy group "+group.Uuid, zap.Error(er))
 			} else {
-				log.Logger(ctx).Info("Updating policy group " + group.Uuid)
+				log.Logger(ctx).Info("Updated policy group " + group.Uuid)
 			}
 		} else if group.Uuid == "rest-apis-default-accesses" {
 			for _, p := range group.Policies {
@@ -129,15 +131,17 @@ func Upgrade101(ctx context.Context) error {
 				}
 			}
 			if _, er := dao.StorePolicyGroup(ctx, group); er != nil {
-				log.Logger(ctx).Error("Could not update policy group "+group.Uuid, zap.Error(er))
+				log.Logger(ctx).Error("could not update policy group "+group.Uuid, zap.Error(er))
 			} else {
-				log.Logger(ctx).Info("Updating policy group " + group.Uuid)
+				log.Logger(ctx).Info("Updated policy group " + group.Uuid)
 			}
 		}
 	}
+	log.Logger(ctx).Info("Upgraded policy model to v1.0.1")
 	return nil
 }
 
+// Upgrade103 adapts policy dbs. It is called once at service launch when Cells version become >= 1.0.3 .
 func Upgrade103(ctx context.Context) error {
 	dao := servicecontext.GetDAO(ctx).(policy.DAO)
 	if dao == nil {
@@ -158,11 +162,12 @@ func Upgrade103(ctx context.Context) error {
 				Effect:      ladon.AllowAccess,
 			}))
 			if _, er := dao.StorePolicyGroup(ctx, group); er != nil {
-				log.Logger(ctx).Error("Could not update policy group "+group.Uuid, zap.Error(er))
+				log.Logger(ctx).Error("could not update policy group "+group.Uuid, zap.Error(er))
 			} else {
-				log.Logger(ctx).Info("Updating policy group " + group.Uuid)
+				log.Logger(ctx).Info("Updated policy group " + group.Uuid)
 			}
 		}
 	}
+	log.Logger(ctx).Info("Upgraded policy model to v1.0.3")
 	return nil
 }

idm/policy/sql.go

@@ -22,6 +22,7 @@ package policy
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/gobuffalo/packr"
@@ -94,31 +95,45 @@ func (s *sqlimpl) Init(options config.Map) error {
 
 }
 
+// StorePolicyGroup first upserts policies (and fail fast) before upserting the passed policy group
+// and recreating corresponding relations.
 func (s *sqlimpl) StorePolicyGroup(ctx context.Context, group *idm.PolicyGroup) (*idm.PolicyGroup, error) {
 
 	if group.Uuid == "" {
 		group.Uuid = uuid.NewUUID().String()
 	} else {
 		// First clear relations
-		s.GetStmt("deleteRelPolicies").Exec(group.Uuid)
+		_, err := s.GetStmt("deleteRelPolicies").Exec(group.Uuid)
+		if err != nil {
+			log.Logger(ctx).Error(fmt.Sprintf("could not delete relation for policy group %s", group.Uuid), zap.Error(err))
+			return group, err
+		}
 	}
 
 	// Insert or update Policies first
 	for _, policy := range group.Policies {
-		var upsertErr error
 		if policy.Id == "" { // must be a new policy
 			policy.Id = uuid.NewUUID().String()
-			upsertErr = s.Manager.Create(ProtoToLadonPolicy(policy))
+			err := s.Manager.Create(ProtoToLadonPolicy(policy))
+			if err != nil {
+				log.Logger(ctx).Error(fmt.Sprintf("cannot create new ladon policy with description: %s", policy.Description), zap.Error(err))
+				return group, err
+			}
 		} else { // maybe new or update
-			if p, _ := s.Manager.Get(policy.Id); p != nil {
-				upsertErr = s.Manager.Update(ProtoToLadonPolicy(policy))
+			p, err := s.Manager.Get(policy.Id)
+			if err != nil && err.Error() != "sql: no rows in result set" {
+				log.Logger(ctx).Error(fmt.Sprintf("unable to retrieve policy with id %s", policy.Id), zap.Error(err))
+				return group, err
+			}
+			if p != nil {
+				err = s.Manager.Update(ProtoToLadonPolicy(policy))
 			} else {
-				upsertErr = s.Manager.Create(ProtoToLadonPolicy(policy))
+				err = s.Manager.Create(ProtoToLadonPolicy(policy))
+			}
+			if err != nil {
+				log.Logger(ctx).Error(fmt.Sprintf("cannot upsert policy with id %s", policy.Id), zap.Error(err))
+				return group, err
 			}
-		}
-		if upsertErr != nil {
-			log.Logger(ctx).Error("Ladon Upsert Error", zap.Error(upsertErr))
-			return group, upsertErr
 		}
 	}
 
@@ -129,20 +144,21 @@ func (s *sqlimpl) StorePolicyGroup(ctx context.Context, group *idm.PolicyGroup)
 		group.Name, group.Description, group.OwnerUuid, group.ResourceGroup, now, // UPDATE
 	)
 	if err != nil {
-		log.Logger(ctx).Error("Policy GroupUpsert Error", zap.Error(err))
+		log.Logger(ctx).Error("cannot upsert policy group "+group.Uuid, zap.Error(err))
 	}
 
 	// Now recreate relations
 	for _, policy := range group.Policies {
 		if _, err := s.GetStmt("insertRelPolicy").Exec(group.Uuid, policy.Id); err != nil {
-			log.Logger(ctx).Error("Error while inserting relation", zap.Error(err))
+			log.Logger(ctx).Error(fmt.Sprintf("cannot insert relation between group %s and policy %s", group.Uuid, policy.Id), zap.Error(err))
 		}
 	}
 
 	return group, err
 
 }
 
+// ListPolicyGroups searches the db and returns an array of PolicyGroup.
 func (s *sqlimpl) ListPolicyGroups(ctx context.Context) (groups []*idm.PolicyGroup, e error) {
 
 	res, err := s.GetStmt("listJoined").Query()
@@ -179,6 +195,7 @@ func (s *sqlimpl) ListPolicyGroups(ctx context.Context) (groups []*idm.PolicyGro
 	return
 }
 
+// DeletePolicyGroup deletes a policy group and all related policies.
 func (s *sqlimpl) DeletePolicyGroup(ctx context.Context, group *idm.PolicyGroup) error {
 
 	var policies []string
@@ -201,7 +218,7 @@ func (s *sqlimpl) DeletePolicyGroup(ctx context.Context, group *idm.PolicyGroup)
 
 	for _, policyId := range policies {
 		if err := s.Delete(policyId); err != nil {
-			log.Logger(ctx).Error("Cannot delete policy", zap.String("policyId", policyId), zap.Error(err))
+			log.Logger(ctx).Error("cannot delete policy "+policyId, zap.String("policyId", policyId), zap.Error(err))
 		}
 	}