diff --git a/management/server/account.go b/management/server/account.go
index b376f6f5eba..52809aa5da9 100644
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -280,9 +280,6 @@ func (am *DefaultAccountManager) GetIdpManager() idp.Manager {
// User that performs the update has to belong to the account.
// Returns an updated Settings
func (am *DefaultAccountManager) UpdateAccountSettings(ctx context.Context, accountID, userID string, newSettings *types.Settings) (*types.Settings, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Settings, operations.Update)
if err != nil {
return nil, fmt.Errorf("failed to validate user permissions: %w", err)
@@ -460,8 +457,6 @@ func (am *DefaultAccountManager) peerLoginExpirationJob(ctx context.Context, acc
ctx := context.WithValue(ctx, nbcontext.AccountIDKey, accountID)
//nolint
ctx = context.WithValue(ctx, hook.ExecutionContextKey, fmt.Sprintf("%s-PEER-EXPIRATION", hook.SystemSource))
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
expiredPeers, err := am.getExpiredPeers(ctx, accountID)
if err != nil {
@@ -497,9 +492,6 @@ func (am *DefaultAccountManager) schedulePeerLoginExpiration(ctx context.Context
// peerInactivityExpirationJob marks login expired for all inactive peers and returns the minimum duration in which the next peer of the account will expire by inactivity if found
func (am *DefaultAccountManager) peerInactivityExpirationJob(ctx context.Context, accountID string) func() (time.Duration, bool) {
return func() (time.Duration, bool) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
inactivePeers, err := am.getInactivePeers(ctx, accountID)
if err != nil {
log.WithContext(ctx).Errorf("failed getting inactive peers for account %s", accountID)
@@ -640,8 +632,6 @@ func (am *DefaultAccountManager) isCacheCold(ctx context.Context, store cacheSto
// DeleteAccount deletes an account and all its users from local store and from the remote IDP if the requester is an admin and account owner
func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, userID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
account, err := am.Store.GetAccount(ctx, accountID)
if err != nil {
return err
@@ -1007,9 +997,6 @@ func (am *DefaultAccountManager) updateAccountDomainAttributesIfNotUpToDate(ctx
return nil
}
- unlockAccount := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlockAccount()
-
accountDomain, domainCategory, err := am.Store.GetAccountDomainAndCategory(ctx, store.LockingStrengthShare, accountID)
if err != nil {
log.WithContext(ctx).Errorf("error getting account domain and category: %v", err)
@@ -1102,9 +1089,6 @@ func (am *DefaultAccountManager) addNewPrivateAccount(ctx context.Context, domai
}
func (am *DefaultAccountManager) addNewUserToDomainAccount(ctx context.Context, domainAccountID string, userAuth nbcontext.UserAuth) (string, error) {
- unlockAccount := am.Store.AcquireWriteLockByUID(ctx, domainAccountID)
- defer unlockAccount()
-
newUser := types.NewRegularUser(userAuth.UserId)
newUser.AccountID = domainAccountID
err := am.Store.SaveUser(ctx, store.LockingStrengthUpdate, newUser)
@@ -1251,13 +1235,6 @@ func (am *DefaultAccountManager) SyncUserJWTGroups(ctx context.Context, userAuth
return nil
}
- unlockAccount := am.Store.AcquireWriteLockByUID(ctx, userAuth.AccountId)
- defer func() {
- if unlockAccount != nil {
- unlockAccount()
- }
- }()
-
var addNewGroups []string
var removeOldGroups []string
var hasChanges bool
@@ -1326,8 +1303,6 @@ func (am *DefaultAccountManager) SyncUserJWTGroups(ctx context.Context, userAuth
return fmt.Errorf("error incrementing network serial: %w", err)
}
}
- unlockAccount()
- unlockAccount = nil
return nil
})
@@ -1542,11 +1517,6 @@ func (am *DefaultAccountManager) SyncAndMarkPeer(ctx context.Context, accountID
log.WithContext(ctx).Debugf("SyncAndMarkPeer: took %v", time.Since(start))
}()
- accountUnlock := am.Store.AcquireReadLockByUID(ctx, accountID)
- defer accountUnlock()
- peerUnlock := am.Store.AcquireWriteLockByUID(ctx, peerPubKey)
- defer peerUnlock()
-
peer, netMap, postureChecks, err := am.SyncPeer(ctx, types.PeerSync{WireGuardPubKey: peerPubKey, Meta: meta}, accountID)
if err != nil {
return nil, nil, nil, fmt.Errorf("error syncing peer: %w", err)
@@ -1561,11 +1531,6 @@ func (am *DefaultAccountManager) SyncAndMarkPeer(ctx context.Context, accountID
}
func (am *DefaultAccountManager) OnPeerDisconnected(ctx context.Context, accountID string, peerPubKey string) error {
- accountUnlock := am.Store.AcquireReadLockByUID(ctx, accountID)
- defer accountUnlock()
- peerUnlock := am.Store.AcquireWriteLockByUID(ctx, peerPubKey)
- defer peerUnlock()
-
err := am.MarkPeerConnected(ctx, peerPubKey, false, nil, accountID)
if err != nil {
log.WithContext(ctx).Warnf("failed marking peer as disconnected %s %v", peerPubKey, err)
@@ -1581,12 +1546,6 @@ func (am *DefaultAccountManager) SyncPeerMeta(ctx context.Context, peerPubKey st
return err
}
- unlock := am.Store.AcquireReadLockByUID(ctx, accountID)
- defer unlock()
-
- unlockPeer := am.Store.AcquireWriteLockByUID(ctx, peerPubKey)
- defer unlockPeer()
-
_, _, _, err = am.SyncPeer(ctx, types.PeerSync{WireGuardPubKey: peerPubKey, Meta: meta, UpdateAccountPeers: true}, accountID)
if err != nil {
return mapError(ctx, err)
diff --git a/management/server/group.go b/management/server/group.go
index 130a67145c3..e823c2a7ec0 100644
--- a/management/server/group.go
+++ b/management/server/group.go
@@ -67,8 +67,6 @@ func (am *DefaultAccountManager) GetGroupByName(ctx context.Context, groupName,
// SaveGroup object of the peers
func (am *DefaultAccountManager) SaveGroup(ctx context.Context, accountID, userID string, newGroup *types.Group, create bool) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
return am.SaveGroups(ctx, accountID, userID, []*types.Group{newGroup}, create)
}
@@ -202,8 +200,6 @@ func (am *DefaultAccountManager) prepareGroupEvents(ctx context.Context, transac
// DeleteGroup object of the peers.
func (am *DefaultAccountManager) DeleteGroup(ctx context.Context, accountID, userID, groupID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
return am.DeleteGroups(ctx, accountID, userID, []string{groupID})
}
@@ -262,9 +258,6 @@ func (am *DefaultAccountManager) DeleteGroups(ctx context.Context, accountID, us
// GroupAddPeer appends peer to the group
func (am *DefaultAccountManager) GroupAddPeer(ctx context.Context, accountID, groupID, peerID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
var group *types.Group
var updateAccountPeers bool
var err error
@@ -303,9 +296,6 @@ func (am *DefaultAccountManager) GroupAddPeer(ctx context.Context, accountID, gr
// GroupAddResource appends resource to the group
func (am *DefaultAccountManager) GroupAddResource(ctx context.Context, accountID, groupID string, resource types.Resource) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
var group *types.Group
var updateAccountPeers bool
var err error
@@ -344,9 +334,6 @@ func (am *DefaultAccountManager) GroupAddResource(ctx context.Context, accountID
// GroupDeletePeer removes peer from the group
func (am *DefaultAccountManager) GroupDeletePeer(ctx context.Context, accountID, groupID, peerID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
var group *types.Group
var updateAccountPeers bool
var err error
@@ -385,9 +372,6 @@ func (am *DefaultAccountManager) GroupDeletePeer(ctx context.Context, accountID,
// GroupDeleteResource removes resource from the group
func (am *DefaultAccountManager) GroupDeleteResource(ctx context.Context, accountID, groupID string, resource types.Resource) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
var group *types.Group
var updateAccountPeers bool
var err error
diff --git a/management/server/integrated_validator.go b/management/server/integrated_validator.go
index edb89466c7d..0e5e5609aa2 100644
--- a/management/server/integrated_validator.go
+++ b/management/server/integrated_validator.go
@@ -34,9 +34,6 @@ func (am *DefaultAccountManager) UpdateIntegratedValidatorGroups(ctx context.Con
return errors.New("invalid groups")
}
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
return am.Store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
a, err := transaction.GetAccountByUser(ctx, userID)
if err != nil {
diff --git a/management/server/nameserver.go b/management/server/nameserver.go
index 18339335db8..6ef64cd7d57 100644
--- a/management/server/nameserver.go
+++ b/management/server/nameserver.go
@@ -37,9 +37,6 @@ func (am *DefaultAccountManager) GetNameServerGroup(ctx context.Context, account
// CreateNameServerGroup creates and saves a new nameserver group
func (am *DefaultAccountManager) CreateNameServerGroup(ctx context.Context, accountID string, name, description string, nameServerList []nbdns.NameServer, groups []string, primary bool, domains []string, enabled bool, userID string, searchDomainEnabled bool) (*nbdns.NameServerGroup, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Nameservers, operations.Create)
if err != nil {
return nil, status.NewPermissionValidationError(err)
@@ -94,9 +91,6 @@ func (am *DefaultAccountManager) CreateNameServerGroup(ctx context.Context, acco
// SaveNameServerGroup saves nameserver group
func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accountID, userID string, nsGroupToSave *nbdns.NameServerGroup) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
if nsGroupToSave == nil {
return status.Errorf(status.InvalidArgument, "nameserver group provided is nil")
}
@@ -148,9 +142,6 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun
// DeleteNameServerGroup deletes nameserver group with nsGroupID
func (am *DefaultAccountManager) DeleteNameServerGroup(ctx context.Context, accountID, nsGroupID, userID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Nameservers, operations.Delete)
if err != nil {
return status.NewPermissionValidationError(err)
diff --git a/management/server/networks/manager.go b/management/server/networks/manager.go
index 1c46e9281b3..7038eb8e317 100644
--- a/management/server/networks/manager.go
+++ b/management/server/networks/manager.go
@@ -70,9 +70,6 @@ func (m *managerImpl) CreateNetwork(ctx context.Context, userID string, network
network.ID = xid.New().String()
- unlock := m.store.AcquireWriteLockByUID(ctx, network.AccountID)
- defer unlock()
-
err = m.store.SaveNetwork(ctx, store.LockingStrengthUpdate, network)
if err != nil {
return nil, fmt.Errorf("failed to save network: %w", err)
@@ -104,9 +101,6 @@ func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network
return nil, status.NewPermissionDeniedError()
}
- unlock := m.store.AcquireWriteLockByUID(ctx, network.AccountID)
- defer unlock()
-
_, err = m.store.GetNetworkByID(ctx, store.LockingStrengthUpdate, network.AccountID, network.ID)
if err != nil {
return nil, fmt.Errorf("failed to get network: %w", err)
@@ -131,9 +125,6 @@ func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, netw
return fmt.Errorf("failed to get network: %w", err)
}
- unlock := m.store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
var eventsToStore []func()
err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
resources, err := transaction.GetNetworkResourcesByNetID(ctx, store.LockingStrengthUpdate, accountID, networkID)
diff --git a/management/server/networks/resources/manager.go b/management/server/networks/resources/manager.go
index 21d1e54de9d..5706c24e332 100644
--- a/management/server/networks/resources/manager.go
+++ b/management/server/networks/resources/manager.go
@@ -108,9 +108,6 @@ func (m *managerImpl) CreateResource(ctx context.Context, userID string, resourc
return nil, fmt.Errorf("failed to create new network resource: %w", err)
}
- unlock := m.store.AcquireWriteLockByUID(ctx, resource.AccountID)
- defer unlock()
-
var eventsToStore []func()
err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
_, err = transaction.GetNetworkResourceByName(ctx, store.LockingStrengthShare, resource.AccountID, resource.Name)
@@ -204,9 +201,6 @@ func (m *managerImpl) UpdateResource(ctx context.Context, userID string, resourc
resource.Domain = domain
resource.Prefix = prefix
- unlock := m.store.AcquireWriteLockByUID(ctx, resource.AccountID)
- defer unlock()
-
var eventsToStore []func()
err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
network, err := transaction.GetNetworkByID(ctx, store.LockingStrengthUpdate, resource.AccountID, resource.NetworkID)
@@ -315,9 +309,6 @@ func (m *managerImpl) DeleteResource(ctx context.Context, accountID, userID, net
return status.NewPermissionDeniedError()
}
- unlock := m.store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
var events []func()
err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
events, err = m.DeleteResourceInTransaction(ctx, transaction, accountID, userID, networkID, resourceID)
diff --git a/management/server/networks/routers/manager.go b/management/server/networks/routers/manager.go
index 7b488b3618d..0ddb5289b21 100644
--- a/management/server/networks/routers/manager.go
+++ b/management/server/networks/routers/manager.go
@@ -88,9 +88,6 @@ func (m *managerImpl) CreateRouter(ctx context.Context, userID string, router *t
return nil, status.NewPermissionDeniedError()
}
- unlock := m.store.AcquireWriteLockByUID(ctx, router.AccountID)
- defer unlock()
-
var network *networkTypes.Network
err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
network, err = transaction.GetNetworkByID(ctx, store.LockingStrengthShare, router.AccountID, router.NetworkID)
@@ -157,9 +154,6 @@ func (m *managerImpl) UpdateRouter(ctx context.Context, userID string, router *t
return nil, status.NewPermissionDeniedError()
}
- unlock := m.store.AcquireWriteLockByUID(ctx, router.AccountID)
- defer unlock()
-
var network *networkTypes.Network
err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
network, err = transaction.GetNetworkByID(ctx, store.LockingStrengthShare, router.AccountID, router.NetworkID)
@@ -203,9 +197,6 @@ func (m *managerImpl) DeleteRouter(ctx context.Context, accountID, userID, netwo
return status.NewPermissionDeniedError()
}
- unlock := m.store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
var event func()
err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
event, err = m.DeleteRouterInTransaction(ctx, transaction, accountID, userID, networkID, routerID)
diff --git a/management/server/peer.go b/management/server/peer.go
index 1a128972149..5b767ef2bae 100644
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -189,9 +189,6 @@ func updatePeerStatusAndLocation(ctx context.Context, geo geolocation.Geolocatio
// UpdatePeer updates peer. Only Peer.Name, Peer.SSHEnabled, Peer.LoginExpirationEnabled and Peer.InactivityExpirationEnabled can be updated.
func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, userID string, update *nbpeer.Peer) (*nbpeer.Peer, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Peers, operations.Update)
if err != nil {
return nil, status.NewPermissionValidationError(err)
@@ -324,9 +321,6 @@ func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, user
// DeletePeer removes peer from the account by its IP
func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peerID, userID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Peers, operations.Delete)
if err != nil {
return status.NewPermissionValidationError(err)
@@ -476,13 +470,6 @@ func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID s
return nil, nil, nil, status.Errorf(status.NotFound, "failed adding new peer: account not found")
}
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer func() {
- if unlock != nil {
- unlock()
- }
- }()
-
// This is a handling for the case when the same machine (with the same WireGuard pub key) tries to register twice.
// Such case is possible when AddPeer function takes long time to finish after AcquireWriteLockByUID (e.g., database is slow)
// and the peer disconnects with a timeout and tries to register again.
@@ -663,9 +650,6 @@ func (am *DefaultAccountManager) AddPeer(ctx context.Context, setupKey, userID s
am.StoreEvent(ctx, opEvent.InitiatorID, opEvent.TargetID, opEvent.AccountID, opEvent.Activity, opEvent.Meta)
- unlock()
- unlock = nil
-
if updateAccountPeers {
am.BufferUpdateAccountPeers(ctx, accountID)
}
@@ -805,15 +789,6 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer
}
}
- unlockAccount := am.Store.AcquireReadLockByUID(ctx, accountID)
- defer unlockAccount()
- unlockPeer := am.Store.AcquireWriteLockByUID(ctx, login.WireGuardPubKey)
- defer func() {
- if unlockPeer != nil {
- unlockPeer()
- }
- }()
-
var peer *nbpeer.Peer
var updateRemotePeers bool
var isRequiresApproval bool
@@ -894,9 +869,6 @@ func (am *DefaultAccountManager) LoginPeer(ctx context.Context, login types.Peer
return nil, nil, nil, err
}
- unlockPeer()
- unlockPeer = nil
-
if updateRemotePeers || isStatusChanged || (isPeerUpdated && len(postureChecks) > 0) {
am.BufferUpdateAccountPeers(ctx, accountID)
}
diff --git a/management/server/policy.go b/management/server/policy.go
index 1e9331d4333..e2e78c849f7 100644
--- a/management/server/policy.go
+++ b/management/server/policy.go
@@ -32,9 +32,6 @@ func (am *DefaultAccountManager) GetPolicy(ctx context.Context, accountID, polic
// SavePolicy in the store
func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, userID string, policy *types.Policy, create bool) (*types.Policy, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
operation := operations.Create
if !create {
operation = operations.Update
@@ -88,9 +85,6 @@ func (am *DefaultAccountManager) SavePolicy(ctx context.Context, accountID, user
// DeletePolicy from the store
func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, policyID, userID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Policies, operations.Delete)
if err != nil {
return status.NewPermissionValidationError(err)
diff --git a/management/server/posture_checks.go b/management/server/posture_checks.go
index f91e89b45bc..a6704fb70cb 100644
--- a/management/server/posture_checks.go
+++ b/management/server/posture_checks.go
@@ -32,9 +32,6 @@ func (am *DefaultAccountManager) GetPostureChecks(ctx context.Context, accountID
// SavePostureChecks saves a posture check.
func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountID, userID string, postureChecks *posture.Checks, create bool) (*posture.Checks, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
operation := operations.Create
if !create {
operation = operations.Update
@@ -87,9 +84,6 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI
// DeletePostureChecks deletes a posture check by ID.
func (am *DefaultAccountManager) DeletePostureChecks(ctx context.Context, accountID, postureChecksID, userID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Read)
if err != nil {
return status.NewPermissionValidationError(err)
diff --git a/management/server/route.go b/management/server/route.go
index 32ff399774b..701e4637e67 100644
--- a/management/server/route.go
+++ b/management/server/route.go
@@ -135,9 +135,6 @@ func getRouteDescriptor(prefix netip.Prefix, domains domain.List) string {
// CreateRoute creates and saves a new route
func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID string, prefix netip.Prefix, networkType route.NetworkType, domains domain.List, peerID string, peerGroupIDs []string, description string, netID route.NetID, masquerade bool, metric int, groups, accessControlGroupIDs []string, enabled bool, userID string, keepRoute bool) (*route.Route, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Create)
if err != nil {
return nil, status.NewPermissionValidationError(err)
@@ -202,9 +199,6 @@ func (am *DefaultAccountManager) CreateRoute(ctx context.Context, accountID stri
// SaveRoute saves route
func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userID string, routeToSave *route.Route) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Update)
if err != nil {
return status.NewPermissionValidationError(err)
@@ -259,9 +253,6 @@ func (am *DefaultAccountManager) SaveRoute(ctx context.Context, accountID, userI
// DeleteRoute deletes route with routeID
func (am *DefaultAccountManager) DeleteRoute(ctx context.Context, accountID string, routeID route.ID, userID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Routes, operations.Delete)
if err != nil {
return status.NewPermissionValidationError(err)
diff --git a/management/server/setupkey.go b/management/server/setupkey.go
index b0903c8d059..b871f4cea27 100644
--- a/management/server/setupkey.go
+++ b/management/server/setupkey.go
@@ -55,8 +55,6 @@ type SetupKeyUpdateOperation struct {
// and adds it to the specified account. A list of autoGroups IDs can be empty.
func (am *DefaultAccountManager) CreateSetupKey(ctx context.Context, accountID string, keyName string, keyType types.SetupKeyType,
expiresIn time.Duration, autoGroups []string, usageLimit int, userID string, ephemeral bool, allowExtraDNSLabels bool) (*types.SetupKey, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.SetupKeys, operations.Create)
if err != nil {
@@ -107,9 +105,6 @@ func (am *DefaultAccountManager) SaveSetupKey(ctx context.Context, accountID str
return nil, status.Errorf(status.InvalidArgument, "provided setup key to update is nil")
}
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.SetupKeys, operations.Update)
if err != nil {
return nil, status.NewPermissionValidationError(err)
diff --git a/management/server/store/store.go b/management/server/store/store.go
index d41379b1c10..829e872c843 100644
--- a/management/server/store/store.go
+++ b/management/server/store/store.go
@@ -161,10 +161,6 @@ type Store interface {
GetInstallationID() string
SaveInstallationID(ctx context.Context, ID string) error
- // AcquireWriteLockByUID should attempt to acquire a lock for write purposes and return a function that releases the lock
- AcquireWriteLockByUID(ctx context.Context, uniqueID string) func()
- // AcquireReadLockByUID should attempt to acquire lock for read purposes and return a function that releases the lock
- AcquireReadLockByUID(ctx context.Context, uniqueID string) func()
// AcquireGlobalLock should attempt to acquire a global lock and return a function that releases the lock
AcquireGlobalLock(ctx context.Context) func()
diff --git a/management/server/user.go b/management/server/user.go
index a1f1c46d5a5..efa091b27ce 100644
--- a/management/server/user.go
+++ b/management/server/user.go
@@ -26,9 +26,6 @@ import (
// createServiceUser creates a new service user under the given account.
func (am *DefaultAccountManager) createServiceUser(ctx context.Context, accountID string, initiatorUserID string, role types.UserRole, serviceUserName string, nonDeletable bool, autoGroups []string) (*types.UserInfo, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, initiatorUserID, modules.Users, operations.Create)
if err != nil {
return nil, status.NewPermissionValidationError(err)
@@ -76,9 +73,6 @@ func (am *DefaultAccountManager) CreateUser(ctx context.Context, accountID, user
// inviteNewUser Invites a USer to a given account and creates reference in datastore
func (am *DefaultAccountManager) inviteNewUser(ctx context.Context, accountID, userID string, invite *types.UserInfo) (*types.UserInfo, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
if am.idpManager == nil {
return nil, status.Errorf(status.PreconditionFailed, "IdP manager must be enabled to send user invites")
}
@@ -227,9 +221,6 @@ func (am *DefaultAccountManager) DeleteUser(ctx context.Context, accountID, init
return status.Errorf(status.InvalidArgument, "self deletion is not allowed")
}
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
initiatorUser, err := am.Store.GetUserByUserID(ctx, store.LockingStrengthShare, initiatorUserID)
if err != nil {
return err
@@ -285,9 +276,6 @@ func (am *DefaultAccountManager) DeleteUser(ctx context.Context, accountID, init
// InviteUser resend invitations to users who haven't activated their accounts prior to the expiration period.
func (am *DefaultAccountManager) InviteUser(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
if am.idpManager == nil {
return status.Errorf(status.PreconditionFailed, "IdP manager must be enabled to send user invites")
}
@@ -328,9 +316,6 @@ func (am *DefaultAccountManager) InviteUser(ctx context.Context, accountID strin
// CreatePAT creates a new PAT for the given user
func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*types.PersonalAccessTokenGenerated, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
if tokenName == "" {
return nil, status.Errorf(status.InvalidArgument, "token name can't be empty")
}
@@ -379,9 +364,6 @@ func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string
// DeletePAT deletes a specific PAT from a user
func (am *DefaultAccountManager) DeletePAT(ctx context.Context, accountID string, initiatorUserID string, targetUserID string, tokenID string) error {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
allowed, err := am.permissionsManager.ValidateUserPermissions(ctx, accountID, initiatorUserID, modules.Pats, operations.Delete)
if err != nil {
return status.NewPermissionValidationError(err)
@@ -481,9 +463,6 @@ func (am *DefaultAccountManager) SaveUser(ctx context.Context, accountID, initia
// SaveOrAddUser updates the given user. If addIfNotExists is set to true it will add user when no exist
// Only User.AutoGroups, User.Role, and User.Blocked fields are allowed to be updated for now.
func (am *DefaultAccountManager) SaveOrAddUser(ctx context.Context, accountID, initiatorUserID string, update *types.User, addIfNotExists bool) (*types.UserInfo, error) {
- unlock := am.Store.AcquireWriteLockByUID(ctx, accountID)
- defer unlock()
-
updatedUsers, err := am.SaveOrAddUsers(ctx, accountID, initiatorUserID, []*types.User{update}, addIfNotExists)
if err != nil {
return nil, err