From 0b2c66281ce0ef4e3cf1b7d0a0b979335f5c4017 Mon Sep 17 00:00:00 2001 From: Max McAdam Date: Wed, 24 Jul 2024 07:41:29 -0700 Subject: [PATCH] Issue #4111 - Bug: secret_exists column not added to secrets_policy if table already exists Signed-off-by: Max McAdam --- agreementbot/persistence/postgresql/init.go | 14 ++++--- .../persistence/postgresql/version.go | 7 +++- cli/cliutils/cliutils.go | 38 +++++++++---------- 3 files changed, 32 insertions(+), 27 deletions(-) diff --git a/agreementbot/persistence/postgresql/init.go b/agreementbot/persistence/postgresql/init.go index d28303d4f..a9965e2bd 100644 --- a/agreementbot/persistence/postgresql/init.go +++ b/agreementbot/persistence/postgresql/init.go @@ -140,15 +140,17 @@ func (db *AgbotPostgresqlDB) Initialize(cfg *config.HorizonConfig) error { for si := 0; si < len(migrationSQL[v].sql); si++ { if _, err := db.db.Exec(migrationSQL[v].sql[si]); err != nil { return errors.New(fmt.Sprintf("unable to run SQL migration statement version %v, index %v, statement %v, error: %v", v, si, migrationSQL[v].sql[si], err)) - } else if _, err := db.db.Exec(VERSION_UPDATE, HIGHEST_DATABASE_VERSION, migrationSQL[v].description); err != nil { - return errors.New(fmt.Sprintf("unable to create version table, error: %v", err)) - } else { - glog.V(3).Infof("Postgresql database tables upgraded to version %v, %v", v, migrationSQL[v].description) } } - } + glog.V(3).Infof("Postgresql database tables upgraded for version %v, %v", v, migrationSQL[v].description) - glog.V(3).Infof("Postgresql database tables upgraded to version %v", HIGHEST_DATABASE_VERSION) + if _, err := db.db.Exec(VERSION_UPDATE, v, migrationSQL[v].description); err != nil { + return errors.New(fmt.Sprintf("unable to create version table, error: %v", err)) + } else { + glog.V(3).Infof("Postgresql database tables upgraded to version %v, %v", v, migrationSQL[v].description) + } + } + glog.V(3).Infof("Finished upgrading postgresql database tables. The version is now %v", HIGHEST_DATABASE_VERSION) } glog.V(3).Infof("Postgresql database tables initialized.") diff --git a/agreementbot/persistence/postgresql/version.go b/agreementbot/persistence/postgresql/version.go index dd2985875..95d0224e2 100644 --- a/agreementbot/persistence/postgresql/version.go +++ b/agreementbot/persistence/postgresql/version.go @@ -28,7 +28,8 @@ END $$` const VERSION_UPDATE = `UPDATE version SET ver = $1, description = $2, updated = current_timestamp WHERE id = 1;` -const HIGHEST_DATABASE_VERSION = v1 +const HIGHEST_DATABASE_VERSION = v2 +const v2 = 1 const v1 = 0 type SchemaUpdate struct { @@ -36,4 +37,6 @@ type SchemaUpdate struct { description string // A description of the schema change. } -var migrationSQL = map[int]SchemaUpdate{} +var v2SchemaUpdate = SchemaUpdate{sql: []string{"ALTER TABLE secrets_policy ADD COLUMN IF NOT EXISTS \"secret_exists\" BOOLEAN NOT NULL DEFAULT true;", "ALTER TABLE secrets_pattern ADD COLUMN IF NOT EXISTS \"secret_exists\" BOOLEAN NOT NULL DEFAULT true;"}, description: "Add a column to the secrets table to indicate if the secret exists or not. This is necessary to support node-specific secrets."} + +var migrationSQL = map[int]SchemaUpdate{v2: v2SchemaUpdate} diff --git a/cli/cliutils/cliutils.go b/cli/cliutils/cliutils.go index a7c06d848..4b9460ff0 100644 --- a/cli/cliutils/cliutils.go +++ b/cli/cliutils/cliutils.go @@ -1098,29 +1098,29 @@ func GetIcpCertPath() string { // TrustIcpCert adds the icp cert file to be trusted in calls made by the given http client func TrustIcpCert(httpClient *http.Client) error { - icpCertPath := GetIcpCertPath() + icpCertPath := GetIcpCertPath() - var caCertPool *x509.CertPool - var err error + var caCertPool *x509.CertPool + var err error - // Trust the system certs like the anax agent code can - caCertPool, err = x509.SystemCertPool() - if err != nil { + // Trust the system certs like the anax agent code can + caCertPool, err = x509.SystemCertPool() + if err != nil { // Decided not to fail and return here but just create a new pool caCertPool = x509.NewCertPool() - } - - if icpCertPath != "" { - icpCert, err := ioutil.ReadFile(icpCertPath) - if err != nil { - return fmt.Errorf(i18n.GetMessagePrinter().Sprintf("Encountered error reading ICP cert file %v: %v", icpCertPath, err)) - } - caCertPool.AppendCertsFromPEM(icpCert) - } - - transport := httpClient.Transport.(*http.Transport) - transport.TLSClientConfig.RootCAs = caCertPool - return nil + } + + if icpCertPath != "" { + icpCert, err := ioutil.ReadFile(icpCertPath) + if err != nil { + return fmt.Errorf(i18n.GetMessagePrinter().Sprintf("Encountered error reading ICP cert file %v: %v", icpCertPath, err)) + } + caCertPool.AppendCertsFromPEM(icpCert) + } + + transport := httpClient.Transport.(*http.Transport) + transport.TLSClientConfig.RootCAs = caCertPool + return nil } // Get exchange url from /etc/default/horizon file. if not set, check /etc/horizon/anax.json file