refact: to use go-dbw CreateItems, DeleteItems

Latest version of go-dbw updated the signature of
CreateItems(...) and DeleteItems(...) on a happy
note this latest version of go-dbw actually does
batch inserts and updates for this functions.

go.mod

@@ -46,7 +46,6 @@ require (
 	github.com/hashicorp/vault/api v1.12.0
 	github.com/iancoleman/strcase v0.3.0
 	github.com/jackc/pgconn v1.14.3
-	github.com/jackc/pgx/v4 v4.18.3 // indirect
 	github.com/jefferai/keyring v1.1.7-0.20220316160357-58a74bb55891
 	github.com/kr/pretty v0.3.1
 	github.com/kr/text v0.2.0
@@ -82,7 +81,7 @@ require (
 	nhooyr.io/websocket v1.8.10
 )
 
-require github.com/hashicorp/go-dbw v0.1.3-0.20240312210008-7ed943176e5b
+require github.com/hashicorp/go-dbw v0.1.4-0.20240728230619-2d5c356ada71
 
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2
@@ -96,7 +95,7 @@ require (
 	github.com/hashicorp/go-rate v0.0.0-20231204194614-cc8d401f70ab
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/nodeenrollment v0.2.13
-	github.com/jackc/pgx/v5 v5.5.5
+	github.com/jackc/pgx/v5 v5.6.0
 	github.com/jimlambrt/gldap v0.1.10
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/miekg/dns v1.1.58
@@ -110,7 +109,7 @@ require (
 
 require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/mattn/go-sqlite3 v2.0.1+incompatible // indirect
+	github.com/mattn/go-sqlite3 v1.14.22 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	modernc.org/libc v1.41.0 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
@@ -190,7 +189,6 @@ require (
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 // indirect
-	github.com/jackc/pgtype v1.14.2 // indirect
 	github.com/jefferai/go-libsecret v0.0.0-20210525195240-b53481abef97 // indirect
 	github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f // indirect
 	github.com/jinzhu/gorm v1.9.16 // indirect

internal/auth/ldap/auth_method.go

@@ -141,14 +141,14 @@ func (am *AuthMethod) oplog(ctx context.Context, opType oplog.OpType) (oplog.Met
 }
 
 type convertedValues struct {
-	Urls                 []any
-	Certs                []any
-	UserEntrySearchConf  any
-	GroupEntrySearchConf any
-	ClientCertificate    any
-	BindCredential       any
-	AccountAttributeMaps []any
-	DerefAliases         any
+	Urls                 []*Url
+	Certs                []*Certificate
+	UserEntrySearchConf  *UserEntrySearchConf
+	GroupEntrySearchConf *GroupEntrySearchConf
+	ClientCertificate    *ClientCertificate
+	BindCredential       *BindCredential
+	AccountAttributeMaps []*AccountAttributeMap
+	DerefAliases         *DerefAliases
 }
 
 // convertValueObjects converts the embedded value objects. It will return an
@@ -199,15 +199,15 @@ func (am *AuthMethod) convertValueObjects(ctx context.Context) (*convertedValues
 	return converted, nil
 }
 
-// convertCertificates converts any embedded URLs from []string
-// to []any where each slice element is a *Url. It will return an error if the
-// AuthMethod's public id is not set.
-func (am *AuthMethod) convertUrls(ctx context.Context) ([]any, error) {
+// convertUrls converts any embedded URLs from []string to []*Url where each
+// slice element is a *Url. It will return an error if the AuthMethod's public
+// id is not set.
+func (am *AuthMethod) convertUrls(ctx context.Context) ([]*Url, error) {
 	const op = "ldap.(AuthMethod).convertUrls"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
 	}
-	newValObjs := make([]any, 0, len(am.Urls))
+	newValObjs := make([]*Url, 0, len(am.Urls))
 	for priority, u := range am.Urls {
 		parsed, err := url.Parse(u)
 		if err != nil {
@@ -223,14 +223,14 @@ func (am *AuthMethod) convertUrls(ctx context.Context) ([]any, error) {
 }
 
 // convertCertificates converts any embedded certificates from []string
-// to []any where each slice element is a *Certificate. It will return an error
-// if the AuthMethod's public id is not set.
-func (am *AuthMethod) convertCertificates(ctx context.Context) ([]any, error) {
+// to []*Certificate. It will return an error if the AuthMethod's public id is
+// not set.
+func (am *AuthMethod) convertCertificates(ctx context.Context) ([]*Certificate, error) {
 	const op = "ldap.(AuthMethod).convertCertificates"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
 	}
-	newValObjs := make([]any, 0, len(am.Certificates))
+	newValObjs := make([]*Certificate, 0, len(am.Certificates))
 	for _, cert := range am.Certificates {
 		obj, err := NewCertificate(ctx, am.PublicId, cert)
 		if err != nil {
@@ -242,9 +242,9 @@ func (am *AuthMethod) convertCertificates(ctx context.Context) ([]any, error) {
 }
 
 // convertUserEntrySearchConf converts an embedded user entry search fields
-// into an any type.  It will return an error if the AuthMethod's public id is
-// not set.
-func (am *AuthMethod) convertUserEntrySearchConf(ctx context.Context) (any, error) {
+// into an *UserEntrySearchConf type.  It will return an error if the
+// AuthMethod's public id is not set.
+func (am *AuthMethod) convertUserEntrySearchConf(ctx context.Context) (*UserEntrySearchConf, error) {
 	const op = "ldap.(AuthMethod).convertUserEntrySearchConf"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
@@ -257,9 +257,9 @@ func (am *AuthMethod) convertUserEntrySearchConf(ctx context.Context) (any, erro
 }
 
 // convertGroupEntrySearchConf converts an embedded group entry search fields
-// into an any type.  It will return an error if the AuthMethod's public id is
-// not set.
-func (am *AuthMethod) convertGroupEntrySearchConf(ctx context.Context) (any, error) {
+// into an *GroupEntrySearchConf type.  It will return an error if the
+// AuthMethod's public id is not set.
+func (am *AuthMethod) convertGroupEntrySearchConf(ctx context.Context) (*GroupEntrySearchConf, error) {
 	const op = "ldap.(AuthMethod).convertGroupEntrySearchConf"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
@@ -272,9 +272,9 @@ func (am *AuthMethod) convertGroupEntrySearchConf(ctx context.Context) (any, err
 }
 
 // convertClientCertificate converts an embedded client certificate entry into
-// an any type.  It will return an error if the AuthMethod's public id is not
-// set.
-func (am *AuthMethod) convertClientCertificate(ctx context.Context) (any, error) {
+// an *ClientCertificate type.  It will return an error if the AuthMethod's
+// public id is not set.
+func (am *AuthMethod) convertClientCertificate(ctx context.Context) (*ClientCertificate, error) {
 	const op = "ldap.(AuthMethod).convertClientCertificate"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing auth method id")
@@ -287,9 +287,9 @@ func (am *AuthMethod) convertClientCertificate(ctx context.Context) (any, error)
 }
 
 // convertBindCredential converts an embedded bind credential entry into
-// an any type.  It will return an error if the AuthMethod's public id is not
-// set.
-func (am *AuthMethod) convertBindCredential(ctx context.Context) (any, error) {
+// an *BindCredential type.  It will return an error if the AuthMethod's public
+// id is not set.
+func (am *AuthMethod) convertBindCredential(ctx context.Context) (*BindCredential, error) {
 	const op = "ldap.(AuthMethod).convertBindCredentials"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing auth method id")
@@ -302,9 +302,9 @@ func (am *AuthMethod) convertBindCredential(ctx context.Context) (any, error) {
 }
 
 // convertDerefAliases converts an embedded deref aliases entry into
-// an any type.  It will return an error if the AuthMethod's public id is not
-// set.
-func (am *AuthMethod) convertDerefAliases(ctx context.Context) (any, error) {
+// an *DerefAliases type.  It will return an error if the AuthMethod's public id
+// is not set.
+func (am *AuthMethod) convertDerefAliases(ctx context.Context) (*DerefAliases, error) {
 	const op = "ldap.(AuthMethod).convertDerefAliases"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing auth method id")
@@ -317,15 +317,15 @@ func (am *AuthMethod) convertDerefAliases(ctx context.Context) (any, error) {
 }
 
 // convertAccountAttributeMaps converts the embedded account attribute maps from
-// []string to []interface{} where each slice element is a *AccountAttributeMap. It
-// will return an error if the AuthMethod's public id is not set or it can
-// convert the account attribute maps.
-func (am *AuthMethod) convertAccountAttributeMaps(ctx context.Context) ([]any, error) {
+// []string to []*AccountAttributeMap. It will return an error if the
+// AuthMethod's public id is not set or it can convert the account attribute
+// maps.
+func (am *AuthMethod) convertAccountAttributeMaps(ctx context.Context) ([]*AccountAttributeMap, error) {
 	const op = "ldap.(AuthMethod).convertAccountAttributeMaps"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
 	}
-	newInterfaces := make([]any, 0, len(am.AccountAttributeMaps))
+	acctAttribMaps := make([]*AccountAttributeMap, 0, len(am.AccountAttributeMaps))
 	const (
 		from = 0
 		to   = 1
@@ -343,7 +343,7 @@ func (am *AuthMethod) convertAccountAttributeMaps(ctx context.Context) ([]any, e
 		if err != nil {
 			return nil, errors.Wrap(ctx, err, op)
 		}
-		newInterfaces = append(newInterfaces, obj)
+		acctAttribMaps = append(acctAttribMaps, obj)
 	}
-	return newInterfaces, nil
+	return acctAttribMaps, nil
 }

internal/auth/ldap/auth_method_test.go

@@ -348,17 +348,17 @@ func Test_convertValueObjects(t *testing.T) {
 	testCerts := []string{pem}
 	c, err := NewCertificate(testCtx, testPublicId, pem)
 	require.NoError(t, err)
-	testCertificates := []any{c}
+	testCertificates := []*Certificate{c}
 
-	testUrls := make([]any, 0, len(testLdapServers))
+	testUrls := make([]*Url, 0, len(testLdapServers))
 	for priority, uu := range TestConvertToUrls(t, testLdapServers...) {
 		u, err := NewUrl(testCtx, testPublicId, priority+1, uu)
 		require.NoError(t, err)
 		testUrls = append(testUrls, u)
 	}
 
 	testAttrMaps := []string{"email_address=email", "display_name=fullName"}
-	testAccountAttributeMaps := make([]any, 0, len(testAttrMaps))
+	testAccountAttributeMaps := make([]*AccountAttributeMap, 0, len(testAttrMaps))
 	acms, err := ParseAccountAttributeMaps(testCtx, testAttrMaps...)
 	require.NoError(t, err)
 	for _, m := range acms {
@@ -618,6 +618,23 @@ func (a converted) Less(i, j int) bool {
 }
 
 func testSortConverted(t *testing.T, c *convertedValues) {
-	sort.Sort(converted(c.Urls))
-	sort.Sort(converted(c.Certs))
+	t.Helper()
+	sort.Sort(sortableUrls(c.Urls))
+	sort.Sort(sortableCerts(c.Certs))
+}
+
+type sortableUrls []*Url
+
+func (u sortableUrls) Len() int      { return len(u) }
+func (u sortableUrls) Swap(i, j int) { u[i], u[j] = u[j], u[i] }
+func (u sortableUrls) Less(i, j int) bool {
+	return u[i].GetServerUrl() < u[j].GetServerUrl()
+}
+
+type sortableCerts []*Certificate
+
+func (c sortableCerts) Len() int      { return len(c) }
+func (c sortableCerts) Swap(i, j int) { c[i], c[j] = c[j], c[i] }
+func (c sortableCerts) Less(i, j int) bool {
+	return c[i].GetCert() < c[j].GetCert()
 }

internal/auth/ldap/repository_auth_method_create.go

@@ -68,20 +68,12 @@ func (r *Repository) CreateAuthMethod(ctx context.Context, am *AuthMethod, opt .
 	}
 
 	if cv.BindCredential != nil {
-		bc, ok := cv.BindCredential.(*BindCredential)
-		if !ok {
-			return nil, errors.New(ctx, errors.Internal, op, fmt.Sprintf("invalid type (%T) is not a bind credential", cv.BindCredential))
-		}
-		if err := bc.encrypt(ctx, dbWrapper); err != nil {
+		if err := cv.BindCredential.encrypt(ctx, dbWrapper); err != nil {
 			return nil, errors.Wrap(ctx, err, op, errors.WithMsg("failed to encrypt bind credential"))
 		}
 	}
 	if cv.ClientCertificate != nil {
-		cc, ok := cv.ClientCertificate.(*ClientCertificate)
-		if !ok {
-			return nil, errors.New(ctx, errors.Internal, op, fmt.Sprintf("invalid type (%T) is not a client certificate", cv.ClientCertificate))
-		}
-		if err := cc.encrypt(ctx, dbWrapper); err != nil {
+		if err := cv.ClientCertificate.encrypt(ctx, dbWrapper); err != nil {
 			return nil, errors.Wrap(ctx, err, op, errors.WithMsg("failed to encrypt client certificate"))
 		}
 	}

internal/auth/ldap/repository_auth_method_update.go

@@ -155,18 +155,42 @@ func (r *Repository) UpdateAuthMethod(ctx context.Context, am *AuthMethod, versi
 	if err != nil {
 		return nil, db.NoRowsAffected, errors.Wrap(ctx, err, op, errors.WithMsg("unable to get database wrapper"))
 	}
-	addUrls, deleteUrls, err := valueObjectChanges(ctx, origAm.PublicId, UrlVO, am.Urls, origAm.Urls, dbMask, nullFields)
+	au, du, err := valueObjectChanges(ctx, origAm.PublicId, UrlVO, am.Urls, origAm.Urls, dbMask, nullFields)
 	if err != nil {
 		return nil, db.NoRowsAffected, errors.Wrap(ctx, err, op, errors.WithMsg("unable to update urls"))
 	}
-	addCerts, deleteCerts, err := valueObjectChanges(ctx, origAm.PublicId, CertificateVO, am.Certificates, origAm.Certificates, dbMask, nullFields)
+	addUrls := []*Url{}
+	for _, u := range au {
+		addUrls = append(addUrls, u.(*Url))
+	}
+	deleteUrls := []*Url{}
+	for _, u := range du {
+		deleteUrls = append(deleteUrls, u.(*Url))
+	}
+	ac, dc, err := valueObjectChanges(ctx, origAm.PublicId, CertificateVO, am.Certificates, origAm.Certificates, dbMask, nullFields)
 	if err != nil {
 		return nil, db.NoRowsAffected, errors.Wrap(ctx, err, op, errors.WithMsg("unable to update certificates"))
 	}
-	addMaps, deleteMaps, err := valueObjectChanges(ctx, origAm.PublicId, AccountAttributeMapsVO, am.AccountAttributeMaps, origAm.AccountAttributeMaps, dbMask, nullFields)
+	deleteCerts := []*Certificate{}
+	for _, c := range dc {
+		deleteCerts = append(deleteCerts, c.(*Certificate))
+	}
+	addCerts := []*Certificate{}
+	for _, c := range ac {
+		addCerts = append(addCerts, c.(*Certificate))
+	}
+	addM, deleteM, err := valueObjectChanges(ctx, origAm.PublicId, AccountAttributeMapsVO, am.AccountAttributeMaps, origAm.AccountAttributeMaps, dbMask, nullFields)
 	if err != nil {
 		return nil, db.NoRowsAffected, errors.Wrap(ctx, err, op, errors.WithMsg("unable to update account attribute maps"))
 	}
+	addMaps := []*AccountAttributeMap{}
+	for _, m := range addM {
+		addMaps = append(addMaps, m.(*AccountAttributeMap))
+	}
+	deleteMaps := []*AccountAttributeMap{}
+	for _, m := range deleteM {
+		deleteMaps = append(deleteMaps, m.(*AccountAttributeMap))
+	}
 
 	combinedMasks := append(dbMask, nullFields...)
 

internal/auth/ldap/repository_authenticate.go

@@ -117,18 +117,13 @@ func (r *Repository) Authenticate(ctx context.Context, authMethodId, loginName,
 		}
 
 		for _, attrMap := range attrMaps {
-			aam, ok := attrMap.(*AccountAttributeMap)
-			if !ok {
-				return nil, errors.New(ctx, errors.Internal, op, "failed to convert attribute map into AccountAttributeMap type")
-			}
-
-			switch aam.ToAttribute {
+			switch attrMap.ToAttribute {
 			case DefaultEmailAttribute:
-				emailAttr = aam.FromAttribute
+				emailAttr = attrMap.FromAttribute
 			case DefaultFullNameAttribute:
-				fullNameAttr = aam.FromAttribute
+				fullNameAttr = attrMap.FromAttribute
 			default:
-				return nil, errors.New(ctx, errors.InvalidParameter, op, fmt.Sprintf("invalid to attribute %q", aam.ToAttribute))
+				return nil, errors.New(ctx, errors.InvalidParameter, op, fmt.Sprintf("invalid to attribute %q", attrMap.ToAttribute))
 			}
 		}