Merge pull request open-horizon#3943 from MaxMcAdam/multiagent-secret…

…-bug Bug - node level secret update not recieved intermitently
naphelps · Nov 14, 2023 · 51d127e · 51d127e
2 parents 3276509 + 9575725
commit 51d127e
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 39 deletions.
diff --git a/agreementbot/governance.go b/agreementbot/governance.go
@@ -221,7 +221,7 @@ func (w *AgreementBotWorker) GovernAgreements() int {
 												details, err := w.secretProvider.GetSecretDetails(w.GetExchangeId(), w.GetExchangeToken(), exchange.GetOrg(updatedSecretName), secretUser, secretNode, secretName)
 												if err != nil {
 													glog.Errorf(logString(fmt.Sprintf("error retrieving secret %v for policy %v, error: %v", updatedSecretName, ag.PolicyName, err)))
-													if  updateSecretNode != "" {
+													if updateSecretNode != "" {
 														secretExistsMap[updatedSecretName] = false
 													}
 												} else {

diff --git a/agreementbot/persistence/postgresql/secrets.go b/agreementbot/persistence/postgresql/secrets.go
@@ -164,13 +164,13 @@ func (db *AgbotPostgresqlDB) GetPatternsForUpdatedSecretQuery() string {
 }
 
 func (db *AgbotPostgresqlDB) GetPoliciesForRemovedSecretQuery() string {
-        sql := strings.Replace(SECRET_POLICIES_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1)
-        return sql
+	sql := strings.Replace(SECRET_POLICIES_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1)
+	return sql
 }
 
 func (db *AgbotPostgresqlDB) GetPatternsForRemovedSecretQuery() string {
-        sql := strings.Replace(SECRET_PATTERNS_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1)
-        return sql
+	sql := strings.Replace(SECRET_PATTERNS_TO_UPDATE_REMOVED_SECRET, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1)
+	return sql
 }
 
 func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPolicy() string {
@@ -179,8 +179,8 @@ func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPolicy() string {
 }
 
 func (db *AgbotPostgresqlDB) GetUpdateSecretExistsUpdateTimeQueryPolicy() string {
-        sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_POLICY, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1)
-        return sql
+	sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_POLICY, SECRET_TABLE_NAME_ROOT_POLICY, db.GetSecretPartitionTableNamePolicy(db.PrimaryPartition()), 1)
+	return sql
 }
 
 func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPattern() string {
@@ -189,8 +189,8 @@ func (db *AgbotPostgresqlDB) GetUpdateSecretUpdateTimeQueryPattern() string {
 }
 
 func (db *AgbotPostgresqlDB) GetUpdateSecretExistsUpdateTimeQueryPattern() string {
-        sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_PATTERN, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1)
-        return sql
+	sql := strings.Replace(SECRET_EXISTS_UPDATE_TIME_PATTERN, SECRET_TABLE_NAME_ROOT_PATTERN, db.GetSecretPartitionTableNamePattern(db.PrimaryPartition()), 1)
+	return sql
 }
 
 func (db *AgbotPostgresqlDB) GetUniquePoliciesQuery() string {
@@ -349,17 +349,17 @@ func (db *AgbotPostgresqlDB) SetSecretUpdate(secretOrg, secretName string, secre
 
 func (db *AgbotPostgresqlDB) SetSecretExists(secretOrg, secretName string, secretUpdateTime int64) error {
 
-        err := db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPolicy(), secretOrg, secretName, secretUpdateTime, true)
-        if err != nil {
-                return errors.New(fmt.Sprintf("error updating policy secret %s/%s: %v", secretOrg, secretName, err))
-        }
+	err := db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPolicy(), secretOrg, secretName, secretUpdateTime, true)
+	if err != nil {
+		return errors.New(fmt.Sprintf("error updating policy secret %s/%s: %v", secretOrg, secretName, err))
+	}
 
-        err = db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPattern(), secretOrg, secretName, secretUpdateTime, true)
-        if err != nil {
-                return errors.New(fmt.Sprintf("error updating pattern secret %s/%s: %v", secretOrg, secretName, err))
-        }
+	err = db.setInternalSecretExistsUpdate(db.GetUpdateSecretExistsUpdateTimeQueryPattern(), secretOrg, secretName, secretUpdateTime, true)
+	if err != nil {
+		return errors.New(fmt.Sprintf("error updating pattern secret %s/%s: %v", secretOrg, secretName, err))
+	}
 
-        return nil
+	return nil
 }
 
 func (db *AgbotPostgresqlDB) setInternalSecretUpdate(sql, secretOrg, secretName string, secretUpdateTime int64, secretExists bool) error {
@@ -383,20 +383,20 @@ func (db *AgbotPostgresqlDB) setInternalSecretUpdate(sql, secretOrg, secretName
 
 func (db *AgbotPostgresqlDB) setInternalSecretExistsUpdate(sql, secretOrg, secretName string, secretUpdateTime int64, secretExists bool) error {
 
-        updated, err := db.db.Exec(sql, secretUpdateTime, secretOrg, secretName, secretExists)
-        if err != nil {
-                return errors.New(fmt.Sprintf("error setting update time for %s/%s: %v", secretOrg, secretName, err))
-        }
+	updated, err := db.db.Exec(sql, secretUpdateTime, secretOrg, secretName, secretExists)
+	if err != nil {
+		return errors.New(fmt.Sprintf("error setting update time for %s/%s: %v", secretOrg, secretName, err))
+	}
 
-        // Not all DB drivers support the rows affected function.
-        rowsAffected, err := updated.RowsAffected()
-        if err == nil {
-                glog.V(2).Infof("Succeeded setting update time in %v rows for %s/%s", rowsAffected, secretOrg, secretName)
-        } else {
-                glog.V(2).Infof("Succeeded setting update time for %s/%s", secretOrg, secretName)
-        }
+	// Not all DB drivers support the rows affected function.
+	rowsAffected, err := updated.RowsAffected()
+	if err == nil {
+		glog.V(2).Infof("Succeeded setting update time in %v rows for %s/%s", rowsAffected, secretOrg, secretName)
+	} else {
+		glog.V(2).Infof("Succeeded setting update time for %s/%s", secretOrg, secretName)
+	}
 
-        return nil
+	return nil
 
 }
 

diff --git a/agreementbot/secret_updater.go b/agreementbot/secret_updater.go
@@ -6,6 +6,7 @@ import (
 	"github.com/golang/glog"
 	"github.com/open-horizon/anax/agreementbot/persistence"
 	"github.com/open-horizon/anax/agreementbot/secrets"
+	"github.com/open-horizon/anax/cli/cliutils"
 	"github.com/open-horizon/anax/compcheck"
 	"github.com/open-horizon/anax/cutil"
 	"github.com/open-horizon/anax/events"
@@ -110,15 +111,17 @@ func (sm *SecretUpdateManager) CheckForUpdates(secretProvider secrets.AgbotSecre
 
 		if !secretExists {
 			err := db.SetSecretExists(secretOrg, secretName, time.Now().Unix())
-			glog.Errorf(smlogString(fmt.Sprintf("Error updating secret %s in database: %v", fullSecretName, err)))
+			if err != nil {
+				glog.Errorf(smlogString(fmt.Sprintf("Error updating secret %s in database: %v", fullSecretName, err)))
+			}
 		}
 
 		// If there are policies returned, then it means that the policy references the secret and the secret has been updated.
 		if len(policyNames) != 0 {
 			updateTime := secretMetadata.UpdateTime
-                        if updateTime == 0 {
-                                updateTime = time.Now().Unix()
-                        }
+			if updateTime == 0 {
+				updateTime = time.Now().Unix()
+			}
 			su := events.NewSecretUpdate(secretOrg, exchange.GetId(fullSecretName), updateTime, policyNames, []string{}, secretNode)
 			secretUpdates.AddSecretUpdate(su)
 			glog.V(5).Infof(smlogString(fmt.Sprintf("Policies affected by %s, %v Node: %s", fullSecretName, policyNames, secretNode)))
@@ -224,7 +227,6 @@ func (sm *SecretUpdateManager) UpdateNodePolicySecrets(org string, exchPolsMetad
 		// Look for unreferenced secrets and remove them.
 		for _, secretName := range secretNames {
 			if _, ok := referencedSecrets[secretName]; !ok {
-
 				glog.V(5).Infof(smlogString(fmt.Sprintf("deleting managed secret %s from %s because it is no longer used", secretName, policyName)))
 				err = db.DeletePolicySecret(exchange.GetOrg(secretName), exchange.GetId(secretName), org, exchange.GetId(policyName))
 				if err != nil {
@@ -258,7 +260,7 @@ func (sm *SecretUpdateManager) UpdateNodePatternSecrets(org string, exchPatsMeta
 			for _, bs := range sb.Secrets {
 				// Extract the secret manager secret name
 				_, secretFullName := bs.GetBinding()
-				referencedSecrets[fmt.Sprintf("%s/%s", org, secretFullName)] = true
+				referencedSecrets[fmt.Sprintf("%s%s", org, cliutils.AddSlash(secretFullName))] = true
 
 				if !sb.EnableNodeLevelSecrets {
 					continue
@@ -372,7 +374,7 @@ func (sm *SecretUpdateManager) UpdatePolicies(org string, exchPolsMetadata map[s
 			for _, bs := range sb.Secrets {
 				// Extract the secret manager secret name
 				_, secretFullName := bs.GetBinding()
-				referencedSecrets[fmt.Sprintf("%s/%s", org, secretFullName)] = true
+				referencedSecrets[fmt.Sprintf("%s%s", org, cliutils.AddSlash(secretFullName))] = true
 
 				secretUser, secretNode, secretName, err := compcheck.ParseVaultSecretName(secretFullName, nil)
 				if err != nil {
@@ -411,7 +413,7 @@ func (sm *SecretUpdateManager) UpdatePolicies(org string, exchPolsMetadata map[s
 		// Look for unreferenced secrets and remove them.
 		for _, secretName := range secretNames {
 			if _, ok := referencedSecrets[secretName]; !ok {
-				if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode != "" {
+				if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode == "" {
 					glog.V(5).Infof(smlogString(fmt.Sprintf("deleting managed secret %s from %s because it is no longer used", secretName, policyName)))
 					err = db.DeletePolicySecret(exchange.GetOrg(secretName), exchange.GetId(secretName), org, exchange.GetId(policyName))
 					if err != nil {
@@ -520,7 +522,7 @@ func (sm *SecretUpdateManager) UpdatePatterns(org string, exchPatternMetadata ma
 		// Look for unreferenced secrets and remove them.
 		for _, secretName := range secretNames {
 			if _, ok := referencedSecrets[secretName]; !ok {
-				if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode != "" {
+				if _, secretNode, _, err := compcheck.ParseVaultSecretName(exchange.GetId(secretName), nil); secretNode == "" {
 					glog.V(5).Infof(smlogString(fmt.Sprintf("deleting managed secret %s from %s because it is no longer used", secretName, patName)))
 					err = db.DeletePatternSecret(exchange.GetOrg(secretName), exchange.GetId(secretName), org, exchange.GetId(patName))
 					if err != nil {