Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating policies may cause loss of policy data #503

Closed
johnwu96822 opened this issue Jun 7, 2017 · 2 comments
Closed

Updating policies may cause loss of policy data #503

johnwu96822 opened this issue Jun 7, 2017 · 2 comments
Labels
bug Something is not working. upstream Issue is caused by an upstream dependency.
Milestone
0.10.0

Comments

@johnwu96822
Copy link
Contributor

We are using MySQL and Hydra 0.7.0. We add subjects to one policy frequently using the CLI: hydra policies subjects add ... Two weeks ago, we found that the subjects, resources, and actions were all gone from this policy. Since then, it had happened again.

I am suspecting that it was due to the way Hydra updates a policy by first deleting the entire policy, and then recreating it. So concurrent updates on a policy could have such a devastating effect. In addition, Ladon stores policies in 4 tables, which could explain why we lost the policy data (subjects, resources, actions) but not the policy itself.

Ideally adding or removing subjects from a policy should just update the subjects and not recreating the entire policy. A less preferred solution would be to prevent race condition on the delete/recreate operation (mutex or transaction).
@aeneasr aeneasr added bug Something is not working. policy labels Jun 8, 2017
@aeneasr aeneasr added this to the 1.0.0: stable release milestone Jun 8, 2017
@aeneasr
Copy link
Member

aeneasr commented Jun 8, 2017

The problem with updating the policy is that we need to make a diff and, for example, find out which subjects were added, or which ones need to be removed. The solution to this is probably, to remove and add the policy in one transaction.

@aeneasr aeneasr added the upstream Issue is caused by an upstream dependency. label Jun 17, 2017
@aeneasr
Copy link
Member

aeneasr commented Jun 17, 2017

ory/ladon#75

aeneasr pushed a commit that referenced this issue Jun 17, 2017
vendor: update to ladon 0.8.0 - closes #503
df41e89
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working. upstream Issue is caused by an upstream dependency.
Projects
None yet
Milestone
0.10.0
Development

No branches or pull requests
2 participants
@johnwu96822 @aeneasr