TRITON-2221: node-triton barfs on roles with users in them

Details

Issue Type:Bug
Priority:4 - Normal
Status:Open
Created at:2021-05-03T21:56:28.753Z
Updated at:2022-08-10T14:16:15.910Z

People

Created by:Michael HIcks
Reported by:Michael HIcks
Assigned to:Travis Paul

Related Links

Description

node-triton `rbac info` fails to parse roles

~ �� triton --version
Triton CLI 7.14.0
https://github.com/joyent/node-triton

no roles or subusers

~ �� triton -p iad001 rbac info
users (0):
roles (0):
policies (0):

no roles, one subuser

~ �� triton -p iad001 rbac info 
users (1):
    dobedobedo (rbac_test_1 tobedeleted, no ssh keys): no roles
roles (0):
policies (0):

Comments

Comment by Travis Paul
Created at 2022-07-27T17:37:16.601Z

I’ve setup a user and role to reproduce:

$ echo '{"login": "triton2221user","password":"Lasagne_4_ever","email":"pasta@foodworld.it"}' | ./bin/triton -p mnx rbac user --add -
Created user "triton2221user"

$ echo '{"name": "triton2221role", "members":[{"login":"triton2221user", "type":"subuser"}]}' | ./bin/triton -p mnx rbac role --add -
Created role "triton2221role"

$ ./bin/triton -p mnx rbac info
/Users/tpaul/projects/triton/node-triton/lib/rbac.js:397
                role.default_members.forEach(function (login) {
                                     ^

TypeError: Cannot read properties of undefined (reading 'forEach')
    at Object.fillInUserRoles [as func] (/Users/tpaul/projects/triton/node-triton/lib/rbac.js:397:38)
    at Immediate.<anonymous> (/Users/tpaul/projects/triton/node-triton/node_modules/vasync/lib/vasync.js:213:20)

The role.default_members property isn’t defined when loadRbacState is called by triton rbac info and that property appears to only be set when using triton rbac apply as seen in the example rbac.json file.

Since this property may not be set by some callers, I’ve added a condition to skip the forEach if role.default_members is not defined or has no length.

Fixing that however exposes another, previously unreached bug:

./bin/triton rbac info
/Users/tpaul/projects/triton/node-triton/lib/rbac.js:410
                    userFromLogin[login].roles.push(role.name);
                                         ^

TypeError: Cannot read properties of undefined (reading 'roles')
    at /Users/tpaul/projects/triton/node-triton/lib/rbac.js:410:42
    at Array.forEach (<anonymous>)
    at Object.fillInUserRoles [as func] (/Users/tpaul/projects/triton/node-triton/lib/rbac.js:409:30)
    at Immediate.<anonymous> (/Users/tpaul/projects/triton/node-triton/node_modules/vasync/lib/vasync.js:213:20)

loadRbacState is attempting to iterate over role.members but each item in the array is an object (not an string) so indexing userFromLogin[login] is actually something like:

userFromLogin[{id: 'uuid', login: 'foo', ...}];

Comment by Travis Paul
Created at 2022-07-27T18:01:56.915Z

After the changes in: [https://github.com/TritonDataCenter/node-triton/pull/328|https://github.com/TritonDataCenter/node-triton/pull/328|smart-link]

A triton rbac info results in:

./bin/triton rbac info
users (1):
    triton2221user (no ssh keys): role [, triton2221role]
roles (1):
    triton2221role: no policies
policies (0):