From e1b278c29db11ab6876162e8d23f02c0307ad566 Mon Sep 17 00:00:00 2001 From: Tim Buckley Date: Wed, 6 Dec 2023 18:06:04 -0700 Subject: [PATCH 1/2] Fix panic on nil value in `getPresetRoles()` This fixes a panic when attempting to fetch `/webapi/presetroles` as `ui.NewRoles()` is (reasonably) not nil safe. `GetPresetRoles()` can return nil entries if corresponding features are disabled, so this tweaks `GetPresetRoles()` to filter out nil entries. This endpoint is only used for Cloud features (email invites at onboarding, specifically) and currently all features are enabled for Cloud users, so the only internal use is minimally impacted. The other use of `GetPresetRoles()`, `createPresetRoles()`, already checks for nil entries. It's behavior is unchanged. --- lib/auth/init.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/auth/init.go b/lib/auth/init.go index bd579b777c8d6..6bdaa1e2b0da0 100644 --- a/lib/auth/init.go +++ b/lib/auth/init.go @@ -753,7 +753,7 @@ type PresetRoleManager interface { // GetPresetRoles returns a list of all preset roles expected to be available on // this cluster. func GetPresetRoles() []types.Role { - return []types.Role{ + presets := []types.Role{ services.NewPresetGroupAccessRole(), services.NewPresetEditorRole(), services.NewPresetAccessRole(), @@ -765,6 +765,20 @@ func GetPresetRoles() []types.Role { services.NewPresetDeviceEnrollRole(), services.NewPresetRequireTrustedDeviceRole(), } + + // Certain `New$FooRole()` functions will return a nil role if the + // corresponding feature is disabled. They should be filtered out as they + // are not actually made available on the cluster. + filtered := make([]types.Role, 0, len(presets)) + for _, role := range presets { + if role == nil { + continue + } + + filtered = append(filtered, role) + } + + return filtered } // createPresetRoles creates preset role resources From dae4bb80f097ac9e468cb8a250e7684dbe54571d Mon Sep 17 00:00:00 2001 From: Tim Buckley Date: Wed, 6 Dec 2023 18:44:00 -0700 Subject: [PATCH 2/2] Replace manual deletion with `slices.DeleteFunc` Co-authored-by: Zac Bergquist --- lib/auth/init.go | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/lib/auth/init.go b/lib/auth/init.go index 6bdaa1e2b0da0..52dc80c26015c 100644 --- a/lib/auth/init.go +++ b/lib/auth/init.go @@ -769,16 +769,7 @@ func GetPresetRoles() []types.Role { // Certain `New$FooRole()` functions will return a nil role if the // corresponding feature is disabled. They should be filtered out as they // are not actually made available on the cluster. - filtered := make([]types.Role, 0, len(presets)) - for _, role := range presets { - if role == nil { - continue - } - - filtered = append(filtered, role) - } - - return filtered + return slices.DeleteFunc(presets, func(r types.Role) bool { return r == nil }) } // createPresetRoles creates preset role resources