From acf7e462adaea2c7e2c9ab1e0a0b5c3554a4dab6 Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Sat, 13 Nov 2021 14:01:05 -0500 Subject: [PATCH 1/2] Improvements for namespace deletion: add a confirmation prompt, and make sure to also delete any associated preauthkeys. --- cmd/headscale/cli/namespaces.go | 36 ++++++++++++++++++++++++++++----- namespaces.go | 16 +++++++++++---- namespaces_test.go | 16 ++++++++++++++- preauth_keys.go | 10 +++++++++ 4 files changed, 68 insertions(+), 10 deletions(-) diff --git a/cmd/headscale/cli/namespaces.go b/cmd/headscale/cli/namespaces.go index 752638a7..0e5eeb4c 100644 --- a/cmd/headscale/cli/namespaces.go +++ b/cmd/headscale/cli/namespaces.go @@ -3,6 +3,7 @@ package cli import ( "fmt" + survey "github.com/AlecAivazis/survey/v2" v1 "github.com/juanfont/headscale/gen/go/headscale/v1" "github.com/pterm/pterm" "github.com/rs/zerolog/log" @@ -70,19 +71,44 @@ var destroyNamespaceCmd = &cobra.Command{ namespaceName := args[0] + request := &v1.GetNamespaceRequest{ + Name: namespaceName, + } + ctx, client, conn, cancel := getHeadscaleCLIClient() defer cancel() defer conn.Close() - request := &v1.DeleteNamespaceRequest{Name: namespaceName} - - response, err := client.DeleteNamespace(ctx, request) + _, err := client.GetNamespace(ctx, request) if err != nil { - ErrorOutput(err, fmt.Sprintf("Cannot destroy namespace: %s", status.Convert(err).Message()), output) + ErrorOutput(err, fmt.Sprintf("Error: %s", status.Convert(err).Message()), output) return } - SuccessOutput(response, "Namespace destroyed", output) + confirm := false + force, _ := cmd.Flags().GetBool("force") + if !force { + prompt := &survey.Confirm{ + Message: fmt.Sprintf("Do you want to remove the namespace '%s' and any associated preauthkeys?", namespaceName), + } + err := survey.AskOne(prompt, &confirm) + if err != nil { + return + } + } + + if confirm || force { + request := &v1.DeleteNamespaceRequest{Name: namespaceName} + + response, err := client.DeleteNamespace(ctx, request) + if err != nil { + ErrorOutput(err, fmt.Sprintf("Cannot destroy namespace: %s", status.Convert(err).Message()), output) + return + } + SuccessOutput(response, "Namespace destroyed", output) + } else { + SuccessOutput(map[string]string{"Result": "Namespace not destroyed"}, "Namespace not destroyed", output) + } }, } diff --git a/namespaces.go b/namespaces.go index 66deb1a2..dc034cb4 100644 --- a/namespaces.go +++ b/namespaces.go @@ -15,9 +15,9 @@ import ( ) const ( - errorNamespaceExists = Error("Namespace already exists") - errorNamespaceNotFound = Error("Namespace not found") - errorNamespaceNotEmpty = Error("Namespace not empty") + errorNamespaceExists = Error("Namespace already exists") + errorNamespaceNotFound = Error("Namespace not found") + errorNamespaceNotEmptyOfNodes = Error("Namespace not empty: node(s) found") ) // Namespace is the way Headscale implements the concept of users in Tailscale @@ -60,7 +60,15 @@ func (h *Headscale) DestroyNamespace(name string) error { return err } if len(m) > 0 { - return errorNamespaceNotEmpty + return errorNamespaceNotEmptyOfNodes + } + + keys, err := h.ListPreAuthKeys(name) + if err != nil { + return err + } + for _, p := range keys { + h.DestroyPreAuthKey(&p) } if result := h.db.Unscoped().Delete(&n); result.Error != nil { diff --git a/namespaces_test.go b/namespaces_test.go index 7ce4850e..72193ee2 100644 --- a/namespaces_test.go +++ b/namespaces_test.go @@ -3,6 +3,7 @@ package headscale import ( "github.com/rs/zerolog/log" "gopkg.in/check.v1" + "gorm.io/gorm" ) func (s *Suite) TestCreateAndDestroyNamespace(c *check.C) { @@ -31,6 +32,19 @@ func (s *Suite) TestDestroyNamespaceErrors(c *check.C) { pak, err := h.CreatePreAuthKey(n.Name, false, false, nil) c.Assert(err, check.IsNil) + err = h.DestroyNamespace("test") + c.Assert(err, check.IsNil) + + result := h.db.Preload("Namespace").First(&pak, "key = ?", pak.Key) + // destroying a namespace also deletes all associated preauthkeys + c.Assert(result.Error, check.Equals, gorm.ErrRecordNotFound) + + n, err = h.CreateNamespace("test") + c.Assert(err, check.IsNil) + + pak, err = h.CreatePreAuthKey(n.Name, false, false, nil) + c.Assert(err, check.IsNil) + m := Machine{ ID: 0, MachineKey: "foo", @@ -45,7 +59,7 @@ func (s *Suite) TestDestroyNamespaceErrors(c *check.C) { h.db.Save(&m) err = h.DestroyNamespace("test") - c.Assert(err, check.Equals, errorNamespaceNotEmpty) + c.Assert(err, check.Equals, errorNamespaceNotEmptyOfNodes) } func (s *Suite) TestRenameNamespace(c *check.C) { diff --git a/preauth_keys.go b/preauth_keys.go index 1cb9c112..41b10e39 100644 --- a/preauth_keys.go +++ b/preauth_keys.go @@ -93,6 +93,16 @@ func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, er return pak, nil } +// DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey +// does not exist. +func (h *Headscale) DestroyPreAuthKey(pak *PreAuthKey) error { + if result := h.db.Unscoped().Delete(&pak); result.Error != nil { + return result.Error + } + + return nil +} + // MarkExpirePreAuthKey marks a PreAuthKey as expired func (h *Headscale) ExpirePreAuthKey(k *PreAuthKey) error { if err := h.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil { From 34dba0ade864ee4bceb8cf7264c84c865ca828de Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Sat, 13 Nov 2021 15:24:32 -0500 Subject: [PATCH 2/2] Fix missing error check. --- namespaces.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/namespaces.go b/namespaces.go index dc034cb4..e5d17839 100644 --- a/namespaces.go +++ b/namespaces.go @@ -68,7 +68,10 @@ func (h *Headscale) DestroyNamespace(name string) error { return err } for _, p := range keys { - h.DestroyPreAuthKey(&p) + err = h.DestroyPreAuthKey(&p) + if err != nil { + return err + } } if result := h.db.Unscoped().Delete(&n); result.Error != nil {