f - session: add migration code from kvdb to SQL

ViktorTigerstrom · ViktorTigerstrom · commit eabf4de5507c · 2025-06-03T12:20:23.000+02:00
diff --git a/session/sql_migration.go b/session/sql_migration.go
@@ -111,7 +111,6 @@ func migrateSessionsToSQLAndValidate(ctx context.Context,
 
 		overrideSessionTimeZone(kvSession)
 		overrideSessionTimeZone(migratedSession)
-		overrideMacaroonRecipe(kvSession, migratedSession)
 
 		if !reflect.DeepEqual(kvSession, migratedSession) {
 			diff := difflib.UnifiedDiff{
@@ -329,33 +328,3 @@ func overrideSessionTimeZone(session *Session) {
 		session.RevokedAt = fixTime(session.RevokedAt)
 	}
 }
-
-// overrideMacaroonRecipe overrides the MacaroonRecipe for the SQL session in a
-// certain scenario:
-// In the bbolt store, a session can have a non-nil macaroon struct, despite
-// both the permissions and caveats being nil. There is no way to represent this
-// in the SQL store, as the macaroon permissions and caveats are separate
-// tables. Therefore, in the scenario where a MacaroonRecipe exists for the
-// bbolt version, but both the permissions and caveats are nil, we override the
-// MacaroonRecipe for the SQL version and set it to a MacaroonRecipe with
-// nil permissions and caveats. This is needed to ensure that the deep equals
-// check in the migration validation does not fail in this scenario.
-// Additionally, if either the permissions or caveats aren't set, for the
-// MacaroonRecipe, that is represented as empty array in the SQL store, but
-// as nil in the bbolt store. Therefore, we also override the permissions
-// or caveats to nil for the migrated session in that scenario, so that the
-// deep equals check does not fail in this scenario either.
-func overrideMacaroonRecipe(kvSession *Session, migratedSession *Session) {
-	if kvSession.MacaroonRecipe != nil {
-		kvPerms := kvSession.MacaroonRecipe.Permissions
-		kvCaveats := kvSession.MacaroonRecipe.Caveats
-
-		if kvPerms == nil && kvCaveats == nil {
-			migratedSession.MacaroonRecipe = &MacaroonRecipe{}
-		} else if kvPerms == nil {
-			migratedSession.MacaroonRecipe.Permissions = nil
-		} else if kvCaveats == nil {
-			migratedSession.MacaroonRecipe.Caveats = nil
-		}
-	}
-}
diff --git a/session/sql_migration_test.go b/session/sql_migration_test.go
@@ -73,12 +73,6 @@ func TestSessionsStoreMigration(t *testing.T) {
 			)
 			require.NoError(t, err)
 
-			// Since the SQL store can't represent a session with
-			// a non-nil MacaroonRecipe, but with nil caveats and
-			// perms, we need to override the macaroon recipe if the
-			// kvSession has such a recipe stored.
-			overrideMacaroonRecipe(kvSession, sqlSession)
-
 			assertEqualSessions(t, kvSession, sqlSession)
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -73,12 +73,6 @@ func TestSessionsStoreMigration(t *testing.T) {`
`73`	`73`	`)`
`74`	`74`	`require.NoError(t, err)`
`75`	`75`
`76`		`- // Since the SQL store can't represent a session with`
`77`		`- // a non-nil MacaroonRecipe, but with nil caveats and`
`78`		`- // perms, we need to override the macaroon recipe if the`
`79`		`- // kvSession has such a recipe stored.`
`80`		`- overrideMacaroonRecipe(kvSession, sqlSession)`
`81`		`-`
`82`	`76`	`assertEqualSessions(t, kvSession, sqlSession)`
`83`	`77`	`}`
`84`	`78`