search

Netflix / security_monkey

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
Apache License 2.0
4.35k stars 799 forks source link

Cannot delete SM user with Justifications. #776

Open falcoris opened 7 years ago

falcoris commented 7 years ago

Hi

I've created a test user that i can seem to delete with the GUI interface, and there doesn't seem to be a CLI monkey command to do it.

The delete button on the GUI interface just doesn't do anything apparently, tried on multiple browser to rule that out.

Xeteskian commented 7 years ago

Are you trying to delete the user you're logged in as? I get this if I try to do that, but if I create a second account using the terminal, then I can delete it

falcoris commented 7 years ago

No, I am using a different one. Both are admin if that information could be valuable.

scriptsrc commented 7 years ago

Any log messages when this happens?

falcoris commented 7 years ago

yes actually : 

==> /var/log/security_monkey/securitymonkey.log <==
2017-08-01 21:29:23,826 ERROR: Internal Error [in /usr/local/src/security_monkey/venv/local/lib/python2.7/site-packages/Flask_RESTful-0.3.3-py2.7.egg/flask_restful/__init__.py:299]
Traceback (most recent call last):
  File "/usr/local/src/security_monkey/venv/local/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/src/security_monkey/venv/local/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/src/security_monkey/venv/local/lib/python2.7/site-packages/Flask_RESTful-0.3.3-py2.7.egg/flask_restful/__init__.py", line 462, in wrapper
    resp = resource(*args, **kwargs)
  File "/usr/local/src/security_monkey/venv/local/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/views.py", line 84, in view
    return self.dispatch_request(*args, **kwargs)
  File "/usr/local/src/security_monkey/venv/local/lib/python2.7/site-packages/Flask_RESTful-0.3.3-py2.7.egg/flask_restful/__init__.py", line 572, in dispatch_request
    resp = meth(*args, **kwargs)
  File "/usr/local/src/security_monkey/security_monkey/views/users.py", line 151, in delete
    db.session.commit()
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/scoping.py", line 149, in do
    return getattr(self.registry(), name)(*args, **kwargs)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/session.py", line 765, in commit
    self.transaction.commit()
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/session.py", line 370, in commit
    self._prepare_impl()
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/session.py", line 350, in _prepare_impl
    self.session.flush()
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/session.py", line 1879, in flush
    self._flush(objects)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/session.py", line 1997, in _flush
    transaction.rollback(_capture_exception=True)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/util/langhelpers.py", line 57, in __exit__
    compat.reraise(exc_type, exc_value, exc_tb)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/session.py", line 1961, in _flush
    flush_context.execute()
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/unitofwork.py", line 370, in execute
    rec.execute(self)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/unitofwork.py", line 551, in execute
    uow
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/persistence.py", line 116, in delete_obj
    cached_connections, mapper, table, delete)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/orm/persistence.py", line 705, in _emit_delete_statements
    connection.execute(statement, del_objects)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 717, in execute
    return meth(self, multiparams, params)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/sql/elements.py", line 317, in _execute_on_connection
    return connection._execute_clauseelement(self, multiparams, params)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 814, in _execute_clauseelement
    compiled_sql, distilled_params
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 927, in _execute_context
    context)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 1076, in _handle_dbapi_exception
    exc_info
  File "build/bdist.linux-x86_64/egg/sqlalchemy/util/compat.py", line 185, in raise_from_cause
    reraise(type(exception), exception, tb=exc_tb)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 920, in _execute_context
    context)
  File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/default.py", line 425, in do_execute
    cursor.execute(statement, parameters)
IntegrityError: (IntegrityError) update or delete on table "user" violates foreign key constraint "itemaudit_justified_user_id_fkey" on table "itemaudit"
DETAIL:  Key (id)=(1) is still referenced from table "itemaudit".
 'DELETE FROM "user" WHERE "user".id = %(id)s' {'id': 1}

==> /var/log/security_monkey/security_monkey.access.log <==
202.46.176.66 - - [01/Aug/2017:21:29:23 +0000] "DELETE /api/1/users/1 HTTP/1.1" 500 51 "https://securitymonkey.someurl.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0"
scriptsrc commented 7 years ago

Good find.

Looks like the User model does not have a directive to cascade deletes to the tables for which it has relationships. In this case, it appears the user has justified an issue, so the DB doesn't know what to do about the dangling justification.

I'll file this as a bug.

https://github.com/Netflix/security_monkey/blob/develop/security_monkey/datastore.py#L160

scriptsrc commented 7 years ago

Temporary solution is to deactivate the user.