Skip to content

Commit d3eb3cd

Browse files
ViktorT-11ViktorT-11
committed
session: sort MacaroonRecipe.caveats in migration
In the kvdb to sql migration, if there have been caveats set for the MacaroonRecipe, the order of the postgres db caveats will in very rare cases differ from the kv store caveats. Therefore, we sort both the kv and sql caveats by their ID, so that we can compare them in a deterministic way.
1 parent ef87c7a commit d3eb3cd

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

session/sql_migration.go

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
"errors"
88
"fmt"
99
"reflect"
10+
"sort"
1011
"time"
1112

1213
"github.com/davecgh/go-spew/spew"
@@ -380,17 +381,45 @@ func overrideSessionTimeZone(session *Session) {
380381
// as nil in the bbolt store. Therefore, we also override the permissions
381382
// or caveats to nil for the migrated session in that scenario, so that the
382383
// deep equals check does not fail in this scenario either.
384+
//
385+
// Additionally, we sort the caveats of both the kv and sql sessions by
386+
// their ID, so that they are always comparable in a deterministic way with deep
387+
// equals.
383388
func overrideMacaroonRecipe(kvSession *Session, migratedSession *Session) {
384389
if kvSession.MacaroonRecipe != nil {
385390
kvPerms := kvSession.MacaroonRecipe.Permissions
386391
kvCaveats := kvSession.MacaroonRecipe.Caveats
387392

393+
// If the kvSession has a MacaroonRecipe with nil set for any
394+
// of the fields, we need to override the migratedSession
395+
// MacaroonRecipe to match that.
388396
if kvPerms == nil && kvCaveats == nil {
389397
migratedSession.MacaroonRecipe = &MacaroonRecipe{}
390398
} else if kvPerms == nil {
391399
migratedSession.MacaroonRecipe.Permissions = nil
392400
} else if kvCaveats == nil {
393401
migratedSession.MacaroonRecipe.Caveats = nil
394402
}
403+
404+
sqlCaveats := migratedSession.MacaroonRecipe.Caveats
405+
406+
// If there have been caveats set for the MacaroonRecipe,
407+
// the order of the postgres db caveats will in very rare cases
408+
// differ from the kv store caveats. Therefore, we sort
409+
// both the kv and sql caveats by their ID, so that we can
410+
// compare them in a deterministic way.
411+
if kvCaveats != nil {
412+
sort.Slice(kvCaveats, func(i, j int) bool {
413+
return bytes.Compare(
414+
kvCaveats[i].Id, kvCaveats[j].Id,
415+
) < 0
416+
})
417+
418+
sort.Slice(sqlCaveats, func(i, j int) bool {
419+
return bytes.Compare(
420+
sqlCaveats[i].Id, sqlCaveats[j].Id,
421+
) < 0
422+
})
423+
}
395424
}
396425
}

0 commit comments

Comments
 (0)