Skip to content

Commit 3c6974b

Browse files
ViktorTigerstromViktorTigerstrom
committed
session: sort MacaroonRecipe.caveats in migration
In the kvdb to sql migration, if there have been caveats set for the MacaroonRecipe, the order of the postgres db caveats will in very rare cases differ from the kv store caveats. Therefore, we sort both the kv and sql caveats by their ID, so that we can compare them in a deterministic way.
1 parent ef87c7a commit 3c6974b

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

session/sql_migration.go

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
"errors"
88
"fmt"
99
"reflect"
10+
"sort"
1011
"time"
1112

1213
"github.com/davecgh/go-spew/spew"
@@ -380,17 +381,44 @@ func overrideSessionTimeZone(session *Session) {
380381
// as nil in the bbolt store. Therefore, we also override the permissions
381382
// or caveats to nil for the migrated session in that scenario, so that the
382383
// deep equals check does not fail in this scenario either.
384+
//
385+
// Additionally, we sort the caveats of both the kv and sql sessions by
386+
// their ID, so that they are always comparable in a deterministic way with deep
387+
// equals.
383388
func overrideMacaroonRecipe(kvSession *Session, migratedSession *Session) {
384389
if kvSession.MacaroonRecipe != nil {
385390
kvPerms := kvSession.MacaroonRecipe.Permissions
386391
kvCaveats := kvSession.MacaroonRecipe.Caveats
392+
sqlCaveats := migratedSession.MacaroonRecipe.Caveats
387393

394+
// If the kvSession has a MacaroonRecipe with nil set for any
395+
// of the fields, we need to override the migratedSession
396+
// MacaroonRecipe to match that.
388397
if kvPerms == nil && kvCaveats == nil {
389398
migratedSession.MacaroonRecipe = &MacaroonRecipe{}
390399
} else if kvPerms == nil {
391400
migratedSession.MacaroonRecipe.Permissions = nil
392401
} else if kvCaveats == nil {
393402
migratedSession.MacaroonRecipe.Caveats = nil
394403
}
404+
405+
// If there have been caveats set for the MacaroonRecipe,
406+
// the order of the postgres db caveats will in very rare cases
407+
// differ from the kv store caveats. Therefore, we sort
408+
// both the kv and sql caveats by their ID, so that we can
409+
// compare them in a deterministic way.
410+
if kvCaveats != nil {
411+
sort.Slice(kvCaveats, func(i, j int) bool {
412+
return bytes.Compare(
413+
kvCaveats[i].Id, kvCaveats[j].Id,
414+
) < 0
415+
})
416+
417+
sort.Slice(sqlCaveats, func(i, j int) bool {
418+
return bytes.Compare(
419+
sqlCaveats[i].Id, sqlCaveats[j].Id,
420+
) < 0
421+
})
422+
}
395423
}
396424
}

0 commit comments

Comments
 (0)