NET-674: clear extclients of an user when deleted, remove gw id from user gws when deleted (#2631)

* remove client gw from user when deleted

* clear extclient of a user if deleted

* check if ingress gw on user gws

* debug log

* log change

* pr comments

controllers/ext_client.go

@@ -364,7 +364,7 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 					extclient.RemoteAccessClientID == customExtClient.RemoteAccessClientID && nodeid == extclient.IngressGatewayID {
 					// extclient on the gw already exists for the remote access client
 					err = errors.New("remote client config already exists on the gateway")
-					slog.Error("failed to get extclients", "error", err)
+					slog.Error("failed to create extclient", "user", userName, "error", err)
 					logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 					return
 				}
@@ -539,12 +539,12 @@ func deleteExtClient(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		err = errors.New("Could not delete extclient " + params["clientid"])
 		logger.Log(0, r.Header.Get("user"),
-			fmt.Sprintf("failed to delete extclient [%s],network [%s]: %v", clientid, network, err))
+			fmt.Sprintf("failed to get extclient [%s],network [%s]: %v", clientid, network, err))
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
 	if !logic.IsUserAllowedAccessToExtClient(r.Header.Get("user"), extclient) {
-		slog.Error("failed to get extclient", "network", network, "clientID",
+		slog.Error("user not allowed to delete", "network", network, "clientID",
 			clientid, "error", errors.New("access is denied"))
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("access is denied"), "forbidden"))
 		return

controllers/node.go

@@ -571,10 +571,28 @@ func deleteIngressGateway(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if servercfg.IsPro && wasFailover {
-		if err = logic.EnterpriseResetFailoverFunc(node.Network); err != nil {
-			logger.Log(1, "failed to reset failover list during failover create", node.ID.String(), node.Network)
+	if servercfg.IsPro {
+		if wasFailover {
+			if err = logic.EnterpriseResetFailoverFunc(node.Network); err != nil {
+				logger.Log(1, "failed to reset failover list during failover create", node.ID.String(), node.Network)
+			}
 		}
+		go func() {
+			users, err := logic.GetUsersDB()
+			if err == nil {
+				for _, user := range users {
+					if _, ok := user.RemoteGwIDs[nodeid]; ok {
+						delete(user.RemoteGwIDs, nodeid)
+						err = logic.UpsertUser(user)
+						if err != nil {
+							slog.Error("failed to get user", "user", user.UserName, "error", err)
+						}
+					}
+				}
+			} else {
+				slog.Error("failed to get users", "error", err)
+			}
+		}()
 	}
 
 	apiNode := node.ConvertToAPINode()

controllers/user.go

@@ -525,7 +525,23 @@ func deleteUser(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 		return
 	}
-
+	// check and delete extclient with this ownerID
+	go func() {
+		extclients, err := logic.GetAllExtClients()
+		if err != nil {
+			slog.Error("failed to get extclients", "error", err)
+			return
+		}
+		for _, extclient := range extclients {
+			if extclient.OwnerID == user.UserName {
+				err = logic.DeleteExtClient(extclient.Network, extclient.ClientID)
+				if err != nil {
+					slog.Error("failed to delete extclient",
+						"id", extclient.ClientID, "owner", user.UserName, "error", err)
+				}
+			}
+		}
+	}()
 	logger.Log(1, username, "was deleted")
 	json.NewEncoder(w).Encode(params["username"] + " deleted.")
 }

logic/auth.go

@@ -39,6 +39,30 @@ func HasSuperAdmin() (bool, error) {
 	return false, err
 }
 
+// GetUsersDB - gets users
+func GetUsersDB() ([]models.User, error) {
+
+	var users []models.User
+
+	collection, err := database.FetchRecords(database.USERS_TABLE_NAME)
+
+	if err != nil {
+		return users, err
+	}
+
+	for _, value := range collection {
+
+		var user models.User
+		err = json.Unmarshal([]byte(value), &user)
+		if err != nil {
+			continue // get users
+		}
+		users = append(users, user)
+	}
+
+	return users, err
+}
+
 // GetUsers - gets users
 func GetUsers() ([]models.ReturnUser, error) {
 

pro/controllers/users.go

@@ -185,6 +185,9 @@ func getUserRemoteAccessGws(w http.ResponseWriter, r *http.Request) {
 			if node.PendingDelete {
 				continue
 			}
+			if !node.IsIngressGateway {
+				continue
+			}
 			host, err := logic.GetHost(node.HostID.String())
 			if err != nil {
 				continue
@@ -214,6 +217,9 @@ func getUserRemoteAccessGws(w http.ResponseWriter, r *http.Request) {
 		if err != nil {
 			continue
 		}
+		if !node.IsIngressGateway {
+			continue
+		}
 		if node.PendingDelete {
 			continue
 		}