From 4e821eb6b9181677fef8f7a53410e43db6ec41a9 Mon Sep 17 00:00:00 2001 From: Max McAdam Date: Fri, 10 Nov 2023 14:24:03 -0800 Subject: [PATCH] Bug - node level secret update not recieved intermitently Signed-off-by: Max McAdam --- agreementbot/governance.go | 2 +- .../persistence/postgresql/secrets.go | 58 +++++++++---------- agreementbot/secret_updater.go | 20 ++++--- 3 files changed, 41 insertions(+), 39 deletions(-) diff --git a/agreementbot/governance.go b/agreementbot/governance.go index 69d067fba..89003eb92 100644 --- a/agreementbot/governance.go +++ b/agreementbot/governance.go @@ -221,7 +221,7 @@ func (w *AgreementBotWorker) GovernAgreements() int { details, err := w.secretProvider.GetSecretDetails(w.GetExchangeId(), w.GetExchangeToken(), exchange.GetOrg(updatedSecretName), secretUser, secretNode, secretName) if err != nil { glog.Errorf(logString(fmt.Sprintf("error retrieving secret %v for policy %v, error: %v", updatedSecretName, ag.PolicyName, err))) - if updateSecretNode != "" { + if updateSecretNode != "" { secretExistsMap[updatedSecretName] = false } } else { diff --git a/agreementbot/persistence/postgresql/secrets.go b/agreementbot/persistence/postgresql/secrets.go index d373a7cbe..fb0040f93 100644 --- a/agreementbot/persistence/postgresql/secrets.go +++ b/agreementbot/persistence/postgresql/secrets.go @@ -164,13 +164,13 @@ func (db *AgbotPostgresqlDB) GetPatternsForUpdatedSecretQuery() string { } func (db *AgbotPostgresqlDB) GetPoliciesForRemovedSecretQuery() string { - sql := strings.Replace(SECRET_POLICIES_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1) - return sql + sql := strings.Replace(SECRET_POLICIES_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1) + return sql } func (db *AgbotPostgresqlDB) GetPatternsForRemovedSecretQuery() string { - sql := strings.Replace(SECRET_PATTERNS_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1) - return sql + sql := strings.Replace(SECRET_PATTERNS_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1) + return sql } func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPolicy() string { @@ -179,8 +179,8 @@ func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPolicy() string { } func (db *AgbotPostgresqlDB) GetUpdateSecretExistsUpdateTimeQueryPolicy() string { - sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_POLICY, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1) - return sql + sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_POLICY, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1) + return sql } func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPattern() string { @@ -189,8 +189,8 @@ func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPattern() string { } func (db *AgbotPostgresqlDB) GetUpdateSecretExistsUpdateTimeQueryPattern() string { - sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_PATTERN, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1) - return sql + sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_PATTERN, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1) + return sql } func (db *AgbotPostgresqlDB) GetUniquePoliciesQuery() string { @@ -349,17 +349,17 @@ func (db *AgbotPostgresqlDB) SetSecretUpdate(secretOrg, secretName string, secre func (db *AgbotPostgresqlDB) SetSecretExists(secretOrg, secretName string, secretUpdateTime int64) error { - err := db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPolicy(), secretOrg, secretName, secretUpdateTime, true) - if err != nil { - return errors.New(fmt.Sprintf("error updating policy secret %s/%s: %v", secretOrg, secretName, err)) - } + err := db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPolicy(), secretOrg, secretName, secretUpdateTime, true) + if err != nil { + return errors.New(fmt.Sprintf("error updating policy secret %s/%s: %v", secretOrg, secretName, err)) + } - err = db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPattern(), secretOrg, secretName, secretUpdateTime, true) - if err != nil { - return errors.New(fmt.Sprintf("error updating pattern secret %s/%s: %v", secretOrg, secretName, err)) - } + err = db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPattern(), secretOrg, secretName, secretUpdateTime, true) + if err != nil { + return errors.New(fmt.Sprintf("error updating pattern secret %s/%s: %v", secretOrg, secretName, err)) + } - return nil + return nil } func (db *AgbotPostgresqlDB) setInternalSecretUpdate(sql, secretOrg, secretName string, secretUpdateTime int64, secretExists bool) error { @@ -383,20 +383,20 @@ func (db *AgbotPostgresqlDB) setInternalSecretUpdate(sql, secretOrg, secretName func (db *AgbotPostgresqlDB) setInternalSecretExistsUpdate(sql, secretOrg, secretName string, secretUpdateTime int64, secretExists bool) error { - updated, err := db.db.Exec(sql, secretUpdateTime, secretOrg, secretName, secretExists) - if err != nil { - return errors.New(fmt.Sprintf("error setting update time for %s/%s: %v", secretOrg, secretName, err)) - } + updated, err := db.db.Exec(sql, secretUpdateTime, secretOrg, secretName, secretExists) + if err != nil { + return errors.New(fmt.Sprintf("error setting update time for %s/%s: %v", secretOrg, secretName, err)) + } - // Not all DB drivers support the rows affected function. - rowsAffected, err := updated.RowsAffected() - if err == nil { - glog.V(2).Infof("Succeeded setting update time in %v rows for %s/%s", rowsAffected, secretOrg, secretName) - } else { - glog.V(2).Infof("Succeeded setting update time for %s/%s", secretOrg, secretName) - } + // Not all DB drivers support the rows affected function. + rowsAffected, err := updated.RowsAffected() + if err == nil { + glog.V(2).Infof("Succeeded setting update time in %v rows for %s/%s", rowsAffected, secretOrg, secretName) + } else { + glog.V(2).Infof("Succeeded setting update time for %s/%s", secretOrg, secretName) + } - return nil + return nil } diff --git a/agreementbot/secret_updater.go b/agreementbot/secret_updater.go index 170338c92..bcd9e68cc 100644 --- a/agreementbot/secret_updater.go +++ b/agreementbot/secret_updater.go @@ -6,6 +6,7 @@ import ( "github.com/golang/glog" "github.com/open-horizon/anax/agreementbot/persistence" "github.com/open-horizon/anax/agreementbot/secrets" + "github.com/open-horizon/anax/cli/cliutils" "github.com/open-horizon/anax/compcheck" "github.com/open-horizon/anax/cutil" "github.com/open-horizon/anax/events" @@ -110,15 +111,17 @@ func (sm *SecretUpdateManager) CheckForUpdates(secretProvider secrets.AgbotSecre if !secretExists { err := db.SetSecretExists(secretOrg, secretName, time.Now().Unix()) - glog.Errorf(smlogString(fmt.Sprintf("Error updating secret %s in database: %v", fullSecretName, err))) + if err != nil { + glog.Errorf(smlogString(fmt.Sprintf("Error updating secret %s in database: %v", fullSecretName, err))) + } } // If there are policies returned, then it means that the policy references the secret and the secret has been updated. if len(policyNames) != 0 { updateTime := secretMetadata.UpdateTime - if updateTime == 0 { - updateTime = time.Now().Unix() - } + if updateTime == 0 { + updateTime = time.Now().Unix() + } su := events.NewSecretUpdate(secretOrg, exchange.GetId(fullSecretName), updateTime, policyNames, []string{}, secretNode) secretUpdates.AddSecretUpdate(su) glog.V(5).Infof(smlogString(fmt.Sprintf("Policies affected by %s, %v Node: %s", fullSecretName, policyNames, secretNode))) @@ -224,7 +227,6 @@ func (sm *SecretUpdateManager) UpdateNodePolicySecrets(org string, exchPolsMetad // Look for unreferenced secrets and remove them. for _, secretName := range secretNames { if _, ok := referencedSecrets[secretName]; !ok { - glog.V(5).Infof(smlogString(fmt.Sprintf("deleting managed secret %s from %s because it is no longer used", secretName, policyName))) err = db.DeletePolicySecret(exchange.GetOrg(secretName), exchange.GetId(secretName), org, exchange.GetId(policyName)) if err != nil { @@ -258,7 +260,7 @@ func (sm *SecretUpdateManager) UpdateNodePatternSecrets(org string, exchPatsMeta for _, bs := range sb.Secrets { // Extract the secret manager secret name _, secretFullName := bs.GetBinding() - referencedSecrets[fmt.Sprintf("%s/%s", org, secretFullName)] = true + referencedSecrets[fmt.Sprintf("%s%s", org, cliutils.AddSlash(secretFullName))] = true if !sb.EnableNodeLevelSecrets { continue @@ -372,7 +374,7 @@ func (sm *SecretUpdateManager) UpdatePolicies(org string, exchPolsMetadata map[s for _, bs := range sb.Secrets { // Extract the secret manager secret name _, secretFullName := bs.GetBinding() - referencedSecrets[fmt.Sprintf("%s/%s", org, secretFullName)] = true + referencedSecrets[fmt.Sprintf("%s%s", org, cliutils.AddSlash(secretFullName))] = true secretUser, secretNode, secretName, err := compcheck.ParseVaultSecretName(secretFullName, nil) if err != nil { @@ -411,7 +413,7 @@ func (sm *SecretUpdateManager) UpdatePolicies(org string, exchPolsMetadata map[s // Look for unreferenced secrets and remove them. for _, secretName := range secretNames { if _, ok := referencedSecrets[secretName]; !ok { - if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode != "" { + if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode == "" { glog.V(5).Infof(smlogString(fmt.Sprintf("deleting managed secret %s from %s because it is no longer used", secretName, policyName))) err = db.DeletePolicySecret(exchange.GetOrg(secretName), exchange.GetId(secretName), org, exchange.GetId(policyName)) if err != nil { @@ -520,7 +522,7 @@ func (sm *SecretUpdateManager) UpdatePatterns(org string, exchPatternMetadata ma // Look for unreferenced secrets and remove them. for _, secretName := range secretNames { if _, ok := referencedSecrets[secretName]; !ok { - if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode != "" { + if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode == "" { glog.V(5).Infof(smlogString(fmt.Sprintf("deleting managed secret %s from %s because it is no longer used", secretName, patName))) err = db.DeletePatternSecret(exchange.GetOrg(secretName), exchange.GetId(secretName), org, exchange.GetId(patName)) if err != nil {