Merge remote-tracking branch 'origin/master' into migrate-shared-serv…

…ices
svalabs · Sep 17, 2024 · 6b1d30d · 6b1d30d
2 parents 70a8450 + 004f243
commit 6b1d30d
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 26 deletions.
diff --git a/v3/services/authnsvc/internal/authnservice.go b/v3/services/authnsvc/internal/authnservice.go
@@ -570,6 +570,23 @@ func (a *AuthServer) GetAccessSet(w http.ResponseWriter, r *http.Request) {
 	util.ReturnHTTPContent(w, r, http.StatusOK, "access_set", encodedAS)
 }
 
+func (a AuthServer) DeleteUser(w http.ResponseWriter, r *http.Request) {
+	token := r.Header.Get("Authorization")
+	user, err := a.internalAuthnServer.AuthN(r.Context(), &authnpb.AuthNRequest{
+		Token: token,
+	})
+	if err != nil {
+		util.ReturnHTTPMessage(w, r, http.StatusUnauthorized, "unauthorized", "unauthorized")
+		return
+	}
+
+	_, err = a.userClient.DeleteUser(r.Context(), &generalpb.ResourceId{Id: user.GetId()})
+
+	if err != nil {
+		util.ReturnHTTPMessage(w, r, http.StatusInternalServerError, "error", "Error during account deletion")
+	}
+}
+
 func (a AuthServer) ListScheduledEventsFunc(w http.ResponseWriter, r *http.Request) {
 	token := r.Header.Get("Authorization")
 	user, err := a.internalAuthnServer.AuthN(r.Context(), &authnpb.AuthNRequest{

diff --git a/v3/services/authnsvc/internal/server.go b/v3/services/authnsvc/internal/server.go
@@ -47,6 +47,7 @@ func (a AuthServer) SetupRoutes(r *mux.Router) {
 	r.HandleFunc("/auth/settings", a.UpdateSettingsFunc).Methods("POST")
 	r.HandleFunc("/auth/authenticate", a.LoginFunc).Methods("POST")
 	r.HandleFunc("/auth/access", a.GetAccessSet).Methods("GET")
+	r.HandleFunc("/auth/delete", a.DeleteUser).Methods("GET")
 	r.HandleFunc("/auth/scheduledevents", a.ListScheduledEventsFunc).Methods("GET")
 	glog.V(2).Infof("set up route")
 }
diff --git a/v3/services/usersvc/internal/grpc.go b/v3/services/usersvc/internal/grpc.go
@@ -18,12 +18,14 @@ import (
 	hflabels "github.com/hobbyfarm/gargantua/v3/pkg/labels"
 	"github.com/hobbyfarm/gargantua/v3/pkg/util"
 	generalpb "github.com/hobbyfarm/gargantua/v3/protos/general"
+	rbacpb "github.com/hobbyfarm/gargantua/v3/protos/rbac"
 	sessionpb "github.com/hobbyfarm/gargantua/v3/protos/session"
 	userpb "github.com/hobbyfarm/gargantua/v3/protos/user"
 	"golang.org/x/crypto/bcrypt"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/emptypb"
+	"google.golang.org/protobuf/types/known/wrapperspb"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/retry"
@@ -40,9 +42,10 @@ type GrpcUserServer struct {
 	userLister    listerv2.UserLister
 	userSynced    cache.InformerSynced
 	sessionClient sessionpb.SessionSvcClient
+	rbacClient    rbacpb.RbacSvcClient
 }
 
-func NewGrpcUserServer(hfClientSet hfClientset.Interface, hfInformerFactory hfInformers.SharedInformerFactory, sessionClient sessionpb.SessionSvcClient) (*GrpcUserServer, error) {
+func NewGrpcUserServer(hfClientSet hfClientset.Interface, hfInformerFactory hfInformers.SharedInformerFactory, sessionClient sessionpb.SessionSvcClient, rbacClient rbacpb.RbacSvcClient) (*GrpcUserServer, error) {
 	inf := hfInformerFactory.Hobbyfarm().V2().Users().Informer()
 	indexers := map[string]cache.IndexFunc{emailIndex: emailIndexer}
 	err := inf.AddIndexers(indexers)
@@ -56,6 +59,7 @@ func NewGrpcUserServer(hfClientSet hfClientset.Interface, hfInformerFactory hfIn
 		userLister:    hfInformerFactory.Hobbyfarm().V2().Users().Lister(),
 		userSynced:    inf.HasSynced,
 		sessionClient: sessionClient,
+		rbacClient:    rbacClient,
 	}, nil
 }
 
@@ -408,25 +412,53 @@ func (u *GrpcUserServer) DeleteUser(ctx context.Context, userId *generalpb.Resou
 	}
 
 	if len(sessionList.Sessions) > 0 {
-		// there are sessions present but they may be expired. let's check
 		for _, s := range sessionList.Sessions {
-			if !s.Status.Finished {
+			now := time.Now().Format(time.UnixDate)
+
+			// This will set the expiration time to now, leading to the session being cleaned up
+			_, err = u.sessionClient.UpdateSessionStatus(ctx, &sessionpb.UpdateSessionStatusRequest{
+				Id:             s.GetId(),
+				Active:         wrapperspb.Bool(false),
+				ExpirationTime: now,
+			})
+
+			if err != nil {
+				glog.Errorf("error marking session as expired: %s", hferrors.GetErrorMessage(err))
 				return &emptypb.Empty{}, hferrors.GrpcError(
 					codes.Internal,
-					"cannot delete user, existing sessions found",
+					"error marking session as finished for user %s",
 					userId,
+					userId.GetId(),
 				)
 			}
 		}
+	}
+
+	// Delete role bindings that belong to the user
+	bindings, err := u.rbacClient.GetHobbyfarmRoleBindings(ctx, &generalpb.ResourceId{
+		Id: user.Name,
+	})
 
-		// getting here means there are sessions present but they are not active
-		// let's delete them for cleanliness' sake
-		if ok, err := u.deleteSessions(ctx, sessionList.Sessions); !ok {
-			glog.Errorf("error deleting old sessions for user %s: %s", id, err)
+	if err != nil {
+		glog.Errorf("error getting hobbyfarm rolebindings for user %s: %v", user.Name, err)
+		return &emptypb.Empty{}, hferrors.GrpcError(
+			codes.Internal,
+			"error getting rolebindings list for user %s",
+			userId,
+			userId.GetId(),
+		)
+	}
+	for _, rb := range bindings.GetRolebindings() {
+		_, err = u.rbacClient.DeleteRolebinding(ctx, &generalpb.ResourceId{
+			Id: rb.Name,
+		})
+		if err != nil {
+			glog.Errorf("error deleting rolebindings %s for user %s: %v", rb.Name, user.Name, err)
 			return &emptypb.Empty{}, hferrors.GrpcError(
 				codes.Internal,
-				"cannot delete user, error removing old sessions",
+				"error deleting rolebinding for user %s",
 				userId,
+				userId.GetId(),
 			)
 		}
 	}
@@ -446,19 +478,3 @@ func (u *GrpcUserServer) DeleteUser(ctx context.Context, userId *generalpb.Resou
 	}
 	return &emptypb.Empty{}, nil
 }
-
-func (u *GrpcUserServer) deleteSessions(ctx context.Context, sessions []*sessionpb.Session) (bool, error) {
-	for _, s := range sessions {
-		retryErr := retry.RetryOnConflict(retry.DefaultRetry, func() error {
-			// @TODO: Use gRPC SessionClient here!
-			_, err := u.sessionClient.DeleteSession(ctx, &generalpb.ResourceId{Id: s.Id})
-			return err
-		})
-
-		if retryErr != nil {
-			return false, retryErr
-		}
-	}
-
-	return true, nil
-}
diff --git a/v3/services/usersvc/main.go b/v3/services/usersvc/main.go
@@ -53,7 +53,7 @@ func main() {
 	sessionClient := sessionpb.NewSessionSvcClient(connections[microservices.Session])
 
 	gs := microservices.CreateGRPCServer(serviceConfig.ServerCert)
-	us, err := userservice.NewGrpcUserServer(hfClient, hfInformerFactory, sessionClient)
+	us, err := userservice.NewGrpcUserServer(hfClient, hfInformerFactory, sessionClient, rbacClient)
 
 	if err != nil {
 		glog.Fatalf("starting grpc user server failed: %v", err)