Use NS context when loading entities and groups (#6563)

* Use NS context when loading entities and groups * update context while group loading as well * Address review feedback
hashicorp · Apr 10, 2019 · 5a798e0 · 5a798e0
1 parent 3cc5d05
commit 5a798e0
Showing 1 changed file with 21 additions and 19 deletions.
diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go
@@ -105,26 +105,27 @@ func (i *IdentityStore) loadGroups(ctx context.Context) error {
 				continue
 			}
 
-			// Remove dangling groups
-			if group.NamespaceID != "" && !(i.core.ReplicationState().HasState(consts.ReplicationPerformanceSecondary) || i.core.perfStandby) {
-				ns, err := NamespaceByID(ctx, group.NamespaceID, i.core)
-				if err != nil {
-					return err
-				}
-				if ns == nil {
+			ns, err := NamespaceByID(ctx, group.NamespaceID, i.core)
+			if err != nil {
+				return err
+			}
+			if ns == nil {
+				// Remove dangling groups
+				if !(i.core.ReplicationState().HasState(consts.ReplicationPerformanceSecondary) || i.core.perfStandby) {
 					// Group's namespace doesn't exist anymore but the group
 					// from the namespace still exists.
 					i.logger.Warn("deleting group and its any existing aliases", "name", group.Name, "namespace_id", group.NamespaceID)
 					err = i.groupPacker.DeleteItem(group.ID)
 					if err != nil {
 						return err
 					}
-					continue
 				}
+				continue
 			}
+			nsCtx := namespace.ContextWithNamespace(context.Background(), ns)
 
 			// Ensure that there are no groups with duplicate names
-			groupByName, err := i.MemDBGroupByName(ctx, group.Name, false)
+			groupByName, err := i.MemDBGroupByName(nsCtx, group.Name, false)
 			if err != nil {
 				return err
 			}
@@ -271,26 +272,27 @@ func (i *IdentityStore) loadEntities(ctx context.Context) error {
 					continue
 				}
 
-				// Remove dangling entities
-				if entity.NamespaceID != "" && !(i.core.ReplicationState().HasState(consts.ReplicationPerformanceSecondary) || i.core.perfStandby) {
-					ns, err := NamespaceByID(ctx, entity.NamespaceID, i.core)
-					if err != nil {
-						return err
-					}
-					if ns == nil {
+				ns, err := NamespaceByID(ctx, entity.NamespaceID, i.core)
+				if err != nil {
+					return err
+				}
+				if ns == nil {
+					// Remove dangling entities
+					if !(i.core.ReplicationState().HasState(consts.ReplicationPerformanceSecondary) || i.core.perfStandby) {
 						// Entity's namespace doesn't exist anymore but the
 						// entity from the namespace still exists.
 						i.logger.Warn("deleting entity and its any existing aliases", "name", entity.Name, "namespace_id", entity.NamespaceID)
 						err = i.entityPacker.DeleteItem(entity.ID)
 						if err != nil {
 							return err
 						}
-						continue
 					}
+					continue
 				}
+				nsCtx := namespace.ContextWithNamespace(context.Background(), ns)
 
 				// Ensure that there are no entities with duplicate names
-				entityByName, err := i.MemDBEntityByName(ctx, entity.Name, false)
+				entityByName, err := i.MemDBEntityByName(nsCtx, entity.Name, false)
 				if err != nil {
 					return nil
 				}
@@ -302,7 +304,7 @@ func (i *IdentityStore) loadEntities(ctx context.Context) error {
 				}
 
 				// Only update MemDB and don't hit the storage again
-				err = i.upsertEntity(ctx, entity, nil, false)
+				err = i.upsertEntity(nsCtx, entity, nil, false)
 				if err != nil {
 					return errwrap.Wrapf("failed to update entity in MemDB: {{err}}", err)
 				}