From ea5aef9fc1cfaffae3a6878f4117717e848f6583 Mon Sep 17 00:00:00 2001 From: Kristijan Mitrovic Date: Fri, 11 Sep 2020 14:20:03 +0000 Subject: [PATCH 1/2] Fix account sync preconditions (#54) Merge branch 'master' into kris/fix_account_sync_preconditions Add comments about account sync restrictions Revert wrong fix Fix account sync preconditions Co-authored-by: jonathan Co-authored-by: Kristijan Mitrovic Reviewed-on: https://git.bubblev.org/bubblev/bubble/pulls/54 --- .../account/StandardSyncAccountService.java | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java b/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java index 5af6369c..b0397107 100644 --- a/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java +++ b/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java @@ -46,18 +46,21 @@ public class StandardSyncAccountService implements SyncAccountService { log.warn("sync: thisNetwork was null, sync_account is impossible"); return; } - if (!account.admin()) { - log.info("sync: not syncing non-admin account"); - return; - } + if (!account.sync()) { log.info("sync: account sync disabled for account: "+account.getName()); return; } + final AnsibleInstallType installType = thisNetwork.getInstallType(); if (installType == AnsibleInstallType.sage) { // changing account on sage, notify all bubbles launched by user that have syncAccount == true + // sync account: sage -> node(s) + // Note that a non-admin person can change only his own account on sage node, while admin can change any + // account. In both cases, the change should be synced through the nodes, so even for non-admin account, the + // sync should be done here. + for (BubbleNetwork network : networkDAO.findByAccount(account.getUuid())) { if (network.getState() != BubbleNetworkState.running) continue; if (!network.syncAccount()) continue; @@ -72,10 +75,21 @@ public class StandardSyncAccountService implements SyncAccountService { } } else if (installType == AnsibleInstallType.node) { + // sync account: node -> sage + // On sage there's just a single account related to this node - the node's network owner's account. So only + // that account should be synced in this case. It doesn't matter if somebody already changed this account + // to be non-admin (TODO strange situation and maybe it should be tested if it is forbidden already) + + if (account.getUuid().equals(thisNetwork.getAccount())) { + log.info("sync: not syncing non-owner account from node to sage"); + return; + } + if (!thisNetwork.syncAccount()) { log.info("sync: disabled for node, not sending sync_account notification"); return; } + // changing account on node, notify sage, which will then notify all bubbles launched by user that have // syncAccount == true log.info("sync: sending sync_account notification from node to sage: "+configuration.getSageNode()); From 7bcd41317f620fadd91f68bcbfff29356afdb42d Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Fri, 11 Sep 2020 10:24:00 -0400 Subject: [PATCH 2/2] update messages and web --- bubble-server/src/main/resources/messages | 2 +- bubble-web | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bubble-server/src/main/resources/messages b/bubble-server/src/main/resources/messages index 74c7c7f2..4f834554 160000 --- a/bubble-server/src/main/resources/messages +++ b/bubble-server/src/main/resources/messages @@ -1 +1 @@ -Subproject commit 74c7c7f2efa41dd12d74cffff5013149136d3867 +Subproject commit 4f8345542b29228db0dba3e845f0662ab9cf6693 diff --git a/bubble-web b/bubble-web index 2d0df5ec..230cec24 160000 --- a/bubble-web +++ b/bubble-web @@ -1 +1 @@ -Subproject commit 2d0df5ecd846bc81f72d37ec385ed8b46ae17fd9 +Subproject commit 230cec24414134fcc5dd39224dec5826506f19de