Use SQLite instead of bbolt

cmd/authd/daemon/daemon.go

@@ -33,7 +33,7 @@ type App struct {
 // only overriable for tests.
 type systemPaths struct {
 	BrokersConf string
-	Cache       string
+	Database    string
 	Socket      string
 }
 
@@ -65,7 +65,7 @@ func New() *App {
 			a.config = daemonConfig{
 				Paths: systemPaths{
 					BrokersConf: consts.DefaultBrokersConfPath,
-					Cache:       consts.DefaultCacheDir,
+					Database:    consts.DefaultDatabaseDir,
 					Socket:      "",
 				},
 				UsersConfig: users.DefaultConfig,
@@ -82,7 +82,7 @@ func New() *App {
 			setVerboseMode(a.config.Verbosity)
 			log.Debugf(context.Background(), "Verbosity: %d", a.config.Verbosity)
 
-			if err := migrateOldCacheDir(consts.OldCacheDir, a.config.Paths.Cache); err != nil {
+			if err := migrateOlddbDir(consts.OlddbDir, a.config.Paths.Database); err != nil {
 				return err
 			}
 
@@ -111,18 +111,18 @@ func New() *App {
 func (a *App) serve(config daemonConfig) error {
 	ctx := context.Background()
 
-	cacheDir := config.Paths.Cache
-	if err := ensureDirWithPerms(cacheDir, 0700); err != nil {
+	dbDir := config.Paths.Database
+	if err := ensureDirWithPerms(dbDir, 0700); err != nil {
 		close(a.ready)
-		return fmt.Errorf("error initializing cache directory at %q: %v", cacheDir, err)
+		return fmt.Errorf("error initializing database directory at %q: %v", dbDir, err)
 	}
 
-	m, err := services.NewManager(ctx, cacheDir, config.Paths.BrokersConf, config.Brokers, config.UsersConfig)
+	m, err := services.NewManager(ctx, dbDir, config.Paths.BrokersConf, config.Brokers, config.UsersConfig)
 	if err != nil {
 		close(a.ready)
 		return err
 	}
-	// We are closing the cache on exit.
+	// We are closing the database on exit.
 	defer func() { _ = m.Stop() }()
 
 	socketPath := config.Paths.Socket

cmd/authd/daemon/daemon_test.go

@@ -15,7 +15,7 @@ import (
 	"github.com/ubuntu/authd/cmd/authd/daemon"
 	"github.com/ubuntu/authd/internal/consts"
 	"github.com/ubuntu/authd/internal/testutils"
-	"github.com/ubuntu/authd/internal/users/cache"
+	"github.com/ubuntu/authd/internal/users/db"
 )
 
 func TestHelp(t *testing.T) {
@@ -113,7 +113,7 @@ func TestAppCanQuitWithoutExecute(t *testing.T) {
 
 func TestAppRunFailsOnComponentsCreationAndQuit(t *testing.T) {
 	t.Parallel()
-	// Trigger the error with a cache directory that cannot be created over an
+	// Trigger the error with a database directory that cannot be created over an
 	// existing file
 
 	const (
@@ -124,17 +124,17 @@ func TestAppRunFailsOnComponentsCreationAndQuit(t *testing.T) {
 	)
 
 	testCases := map[string]struct {
-		cacheDBBehavior    int
-		cachePathBehavior  int
+		dbBehavior         int
+		dbPathBehavior     int
 		socketPathBehavior int
 	}{
-		"Error_on_existing_cache_path_not_being_a_directory":    {cachePathBehavior: dirIsFile},
-		"Error_on_existing_cache_path_with_invalid_permissions": {cachePathBehavior: hasWrongPermission},
-		"Error_on_missing_parent_cache_directory":               {cachePathBehavior: parentDirDoesNotExists},
+		"Error_on_existing_db_path_not_being_a_directory":    {dbPathBehavior: dirIsFile},
+		"Error_on_existing_db_path_with_invalid_permissions": {dbPathBehavior: hasWrongPermission},
+		"Error_on_missing_parent_db_directory":               {dbPathBehavior: parentDirDoesNotExists},
 
 		"Error_on_grpc_daemon_creation_failure": {socketPathBehavior: dirIsFile},
 
-		"Error_on_manager_creationg_failure": {cacheDBBehavior: hasWrongPermission},
+		"Error_on_manager_creationg_failure": {dbBehavior: hasWrongPermission},
 	}
 
 	for name, tc := range testCases {
@@ -156,27 +156,27 @@ func TestAppRunFailsOnComponentsCreationAndQuit(t *testing.T) {
 			require.NoError(t, err, "Setup: failed to write file")
 
 			var config daemon.DaemonConfig
-			switch tc.cachePathBehavior {
+			switch tc.dbPathBehavior {
 			case dirIsFile:
-				config.Paths.Cache = filePath
+				config.Paths.Database = filePath
 			case hasWrongPermission:
-				config.Paths.Cache = worldAccessDir
+				config.Paths.Database = worldAccessDir
 			case parentDirDoesNotExists:
-				config.Paths.Cache = filepath.Join(shortTmp, "not-exists", "cache")
+				config.Paths.Database = filepath.Join(shortTmp, "not-exists", "db")
 			}
 			switch tc.socketPathBehavior {
 			case dirIsFile:
 				config.Paths.Socket = filepath.Join(filePath, "mysocket")
 			default:
 				config.Paths.Socket = filepath.Join(shortTmp, "mysocket")
 			}
-			switch tc.cacheDBBehavior {
+			switch tc.dbBehavior {
 			case hasWrongPermission:
-				config.Paths.Cache = filepath.Join(shortTmp, "cache")
-				err := os.MkdirAll(config.Paths.Cache, 0700)
-				require.NoError(t, err, "Setup: could not create cache directory")
+				config.Paths.Database = filepath.Join(shortTmp, "db")
+				err := os.MkdirAll(config.Paths.Database, 0700)
+				require.NoError(t, err, "Setup: could not create database directory")
 				//nolint: gosec // This is a file with invalid permission for tests.
-				err = os.WriteFile(filepath.Join(config.Paths.Cache, cache.Z_ForTests_DBName()), nil, 0644)
+				err = os.WriteFile(filepath.Join(config.Paths.Database, db.Z_ForTests_DBName()), nil, 0644)
 				require.NoError(t, err, "Setup: could not create database with invalid permissions")
 			}
 
@@ -319,7 +319,7 @@ func TestNoConfigSetDefaults(t *testing.T) {
 
 	require.Equal(t, 0, a.Config().Verbosity, "Default Verbosity")
 	require.Equal(t, consts.DefaultBrokersConfPath, a.Config().Paths.BrokersConf, "Default brokers configuration path")
-	require.Equal(t, consts.DefaultCacheDir, a.Config().Paths.Cache, "Default cache directory")
+	require.Equal(t, consts.DefaultDatabaseDir, a.Config().Paths.Database, "Default database directory")
 	require.Equal(t, "", a.Config().Paths.Socket, "No socket address as default")
 }
 

cmd/authd/daemon/export_test.go

@@ -38,11 +38,11 @@ func GenerateTestConfig(t *testing.T, origConf *daemonConfig) string {
 	if conf.Verbosity == 0 {
 		conf.Verbosity = 2
 	}
-	if conf.Paths.Cache == "" {
-		conf.Paths.Cache = t.TempDir()
+	if conf.Paths.Database == "" {
+		conf.Paths.Database = t.TempDir()
 		//nolint: gosec // This is a directory owned only by the current user for tests.
-		err := os.Chmod(conf.Paths.Cache, 0700)
-		require.NoError(t, err, "Setup: could not change permission on cache directory for tests")
+		err := os.Chmod(conf.Paths.Database, 0700)
+		require.NoError(t, err, "Setup: could not change permission on database directory for tests")
 	}
 	if conf.Paths.Socket == "" {
 		conf.Paths.Socket = filepath.Join(t.TempDir(), "authd.socket")

cmd/authd/daemon/migration.go

@@ -9,7 +9,7 @@ import (
 	"github.com/ubuntu/authd/log"
 )
 
-func migrateOldCacheDir(oldPath, newPath string) error {
+func migrateOlddbDir(oldPath, newPath string) error {
 	exists, err := fileutils.FileExists(oldPath)
 	if err != nil {
 		// Let's not fail if we can't access the old database dir, but log a warning

cmd/authd/daemon/migration_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/ubuntu/authd/internal/fileutils"
 )
 
-func TestMigrateOldCacheDir(t *testing.T) {
+func TestMigrateOlddbDir(t *testing.T) {
 	t.Parallel()
 
 	testCases := map[string]struct {
@@ -56,8 +56,8 @@ func TestMigrateOldCacheDir(t *testing.T) {
 
 			oldParentDir := t.TempDir()
 			newParentDir := t.TempDir()
-			oldDir := filepath.Join(oldParentDir, "cache")
-			newDir := filepath.Join(newParentDir, "cache")
+			oldDir := filepath.Join(oldParentDir, "db")
+			newDir := filepath.Join(newParentDir, "db")
 			dbFilename := "authd.db"
 
 			if tc.oldDirExists {
@@ -94,7 +94,7 @@ func TestMigrateOldCacheDir(t *testing.T) {
 				}()
 			}
 
-			err := migrateOldCacheDir(oldDir, newDir)
+			err := migrateOlddbDir(oldDir, newDir)
 			require.ErrorIs(t, err, tc.wantedErr)
 
 			if tc.wantOldDirExists {

go.mod

@@ -46,6 +46,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-localereader v0.0.1 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-sqlite3 v1.14.24 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
 	github.com/muesli/cancelreader v0.2.2 // indirect

go.sum

@@ -60,6 +60,8 @@ github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2J
 github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
+github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=

internal/brokers/manager_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/ubuntu/authd/internal/brokers/auth"
 	"github.com/ubuntu/authd/internal/testutils"
 	"github.com/ubuntu/authd/internal/testutils/golden"
+	"github.com/ubuntu/authd/log"
 )
 
 var (
@@ -386,6 +387,8 @@ func TestStartAndEndSession(t *testing.T) {
 }
 
 func TestMain(m *testing.M) {
+	log.SetLevel(log.DebugLevel)
+
 	// Start system bus mock.
 	cleanup, err := testutils.StartSystemBusMock()
 	if err != nil {

internal/consts/consts.go

@@ -21,11 +21,11 @@ const (
 	// DefaultBrokersConfPath is the default configuration directory for the brokers.
 	DefaultBrokersConfPath = "/etc/authd/brokers.d/"
 
-	// OldCacheDir is the directory where the database was stored by default before 0.3.7.
-	OldCacheDir = "/var/cache/authd/"
+	// OlddbDir is the directory where the database was stored by default before 0.3.7.
+	OlddbDir = "/var/cache/authd/"
 
-	// DefaultCacheDir is the default directory for the database.
-	DefaultCacheDir = "/var/lib/authd/"
+	// DefaultDatabaseDir is the default directory for the database.
+	DefaultDatabaseDir = "/var/lib/authd/"
 
 	// ServiceName is the authd service name for health check purposes.
 	ServiceName = "com.ubuntu.authd"

internal/services/manager.go

@@ -29,7 +29,7 @@ type Manager struct {
 }
 
 // NewManager returns a new manager after creating all necessary items for our business logic.
-func NewManager(ctx context.Context, cacheDir, brokersConfPath string, configuredBrokers []string, usersConfig users.Config) (m Manager, err error) {
+func NewManager(ctx context.Context, dbDir, brokersConfPath string, configuredBrokers []string, usersConfig users.Config) (m Manager, err error) {
 	defer decorate.OnError(&err /*i18n.G(*/, "can't create authd object") //)
 
 	log.Debug(ctx, "Building authd object")
@@ -39,7 +39,7 @@ func NewManager(ctx context.Context, cacheDir, brokersConfPath string, configure
 		return m, err
 	}
 
-	userManager, err := users.NewManager(usersConfig, cacheDir)
+	userManager, err := users.NewManager(usersConfig, dbDir)
 	if err != nil {
 		return m, err
 	}
@@ -78,9 +78,9 @@ func (m Manager) RegisterGRPCServices(ctx context.Context) *grpc.Server {
 	return grpcServer
 }
 
-// stop stops the underlying cache.
+// stop stops the underlying database.
 func (m *Manager) stop() error {
-	log.Debug(context.TODO(), "Closing gRPC manager and cache")
+	log.Debug(context.TODO(), "Closing gRPC manager and database")
 
 	return m.userManager.Stop()
 }

internal/services/manager_test.go

@@ -23,27 +23,27 @@ import (
 
 func TestNewManager(t *testing.T) {
 	tests := map[string]struct {
-		cacheDir string
+		dbDir string
 
 		systemBusSocket string
 
 		wantErr bool
 	}{
 		"Successfully_create_the_manager": {},
 
-		"Error_when_can_not_create_cache":          {cacheDir: "doesnotexist", wantErr: true},
+		"Error_when_can_not_create_db":             {dbDir: "doesnotexist", wantErr: true},
 		"Error_when_can_not_create_broker_manager": {systemBusSocket: "doesnotexist", wantErr: true},
 	}
 	for name, tc := range tests {
 		t.Run(name, func(t *testing.T) {
-			if tc.cacheDir == "" {
-				tc.cacheDir = t.TempDir()
+			if tc.dbDir == "" {
+				tc.dbDir = t.TempDir()
 			}
 			if tc.systemBusSocket != "" {
 				t.Setenv("DBUS_SYSTEM_BUS_ADDRESS", tc.systemBusSocket)
 			}
 
-			m, err := services.NewManager(context.Background(), tc.cacheDir, t.TempDir(), nil, users.DefaultConfig)
+			m, err := services.NewManager(context.Background(), tc.dbDir, t.TempDir(), nil, users.DefaultConfig)
 			if tc.wantErr {
 				require.Error(t, err, "NewManager should have returned an error, but did not")
 				return

internal/services/nss/nss.go

@@ -53,7 +53,7 @@ func (s Service) GetPasswdByName(ctx context.Context, req *authd.GetPasswdByName
 		return nil, noDataFoundErrorToGRPCError(err)
 	}
 
-	// If the user is not found in the local cache, we check if it exists in at least one broker.
+	// If the user is not found in the database, we check if it exists in at least one broker.
 	pwent, err := s.userPreCheck(ctx, req.GetName())
 	if err != nil {
 		return nil, status.Error(codes.NotFound, err.Error())