Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CBG-3867 ban empty replications or replication id on REST calls #6895

Merged
merged 8 commits into from
Jun 26, 2024
Merged

CBG-3867 ban empty replications or replication id on REST calls #6895

merged 8 commits into from
Jun 26, 2024

Conversation

torcolvin
Copy link
Collaborator

@torcolvin torcolvin commented Jun 13, 2024
edited
Loading

allow them for legacy config reading, but print a warning.

This is a follow on to 84997a0

I could potentially remove the call in PutReplications because that will now be hit earlier dbConfig.validate

Pre-review checklist

  • Removed debug logging (fmt.Print, log.Print, ...)
  • Logging sensitive data? Make sure it's tagged (e.g. base.UD(docID), base.MD(dbName))
  • Updated relevant information in the API specifications (such as endpoint descriptions, schemas, ...) in docs/api

Integration Tests

@torcolvin torcolvin requested a review from gregns1 June 13, 2024 17:23
adamcfraser
adamcfraser requested changes Jun 13, 2024
View reviewed changes
rest/admin_api.go Outdated
@@ -60,7 +60,8 @@ func (h *handler) handleCreateDB() error {
return base.HTTPErrorf(http.StatusBadRequest, err.Error())
}

if err := config.validate(h.ctx(), validateOIDC); err != nil {
isUpsert := true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Create db shouldn't be considered an upsert - are we using the wrong terminology for the legacy case?

rest/config.go Outdated
@@ -676,7 +676,8 @@ func (dbConfig *DbConfig) validatePersistentDbConfig() (errorMessages error) {

// validateConfigUpdate combines the results of validate and validateChanges.
func (dbConfig *DbConfig) validateConfigUpdate(ctx context.Context, old DbConfig, validateOIDCConfig bool) error {
err := dbConfig.validate(ctx, validateOIDCConfig)
isUpsert := true
err := dbConfig.validate(ctx, validateOIDCConfig, isUpsert)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this point for a POST _config we've already performed a merge between the incoming request and the existing db config. It seems like if there's an existing replication in the config with id="", and we're making an upsert unrelated to replications, we're going to reject that update here. Given that, do we think this is the right place to be performing the empty replication ID check? Or is there something in the handling for existing replications I'm overlooking.

rest/config.go Outdated
func (dbConfig *DbConfig) validate(ctx context.Context, validateOIDCConfig bool) error {
return dbConfig.validateVersion(ctx, base.IsEnterpriseEdition(), validateOIDCConfig)
// validate checks the DbConfig for any invalid or unsupported values and return a http error. If isUpsert is true, add any checks that might be upposrte
func (dbConfig *DbConfig) validate(ctx context.Context, validateOIDCConfig bool, isUpsert bool) error {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like adding the conditional 'isUpsert' parameter here - previously this function's usage was clear - pass a fully populated dbconfig, and find out if it's valid. Conditional handling based on the type of update makes that quite a bit harder to reason about for me.

If the more correct name for the parameter is 'isLegacyConfig' that might be an improvement?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed the name of this to be validateReplications to indicate whether we want to validateReplications. It does make it narrower but hopefully easier to understand when we want to do it.

@adamcfraser adamcfraser assigned torcolvin and unassigned adamcfraser Jun 13, 2024
@torcolvin
Copy link
Collaborator Author

Added a feature to not overwrite the replications from a dbConfig, since overwriting them would mean that the replications in CfgSG get updated every time the database gets reloaded, despite updates to /db/_replication/.

I added warning code to sgReplicateManager to find existing replications that are affected and provided instructions for fixing. The "easy" case of just missing ID will be correctable using REST api, but the case of missing keys has to be updated by editing the cluster doc directly. That's why I moved the validation to sgReplicateManager since this where we know the name of the document.

@torcolvin torcolvin assigned torcolvin and adamcfraser and unassigned torcolvin Jun 19, 2024
adamcfraser
adamcfraser reviewed Jun 25, 2024
View reviewed changes
Copy link
Collaborator

@adamcfraser adamcfraser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good - one nit on the logging.

db/sg_replicate_cfg.go Outdated
base.WarnfCtx(ctx, "An ISGR replication with an empty key exists. To fix this, this replication should be removed from database config and directly from edit the database config and the %q document. %s",
m.dbContext.MetadataKeys.SGCfgPrefix(m.dbContext.Options.GroupID), resetCheckpointMsg)
} else if replication.ID == "" {
base.WarnfCtx(ctx, "An ISGR replication with an empty `id` exists. To fix this, update the replication using PUT /%s/_replication/%s. %s", m.dbContext.Name, replicationID, resetCheckpointMsg)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think avoiding back-ticks in log lines would be preferred, and we decided at one point to try to standardize on ID.

Suggested change
base.WarnfCtx(ctx, "An ISGR replication with an empty `id` exists. To fix this, update the replication using PUT /%s/_replication/%s. %s", m.dbContext.Name, replicationID, resetCheckpointMsg)
base.WarnfCtx(ctx, "An ISGR replication with an empty ID exists. To fix this, update the replication using PUT /%s/_replication/%s. %s", m.dbContext.Name, replicationID, resetCheckpointMsg)

@adamcfraser adamcfraser assigned torcolvin and unassigned adamcfraser Jun 25, 2024
@adamcfraser adamcfraser enabled auto-merge (squash) June 25, 2024 23:08
@adamcfraser adamcfraser merged commit 59ff006 into main Jun 26, 2024
33 of 34 checks passed
@adamcfraser adamcfraser deleted the CBG-3867 branch June 26, 2024 01:34
torcolvin added a commit that referenced this pull request Jul 3, 2024
@torcolvin
CBG-3867 ban empty replications or replication id on REST calls (#6895)
b9f6e56 
* CBG-3867 ban empty replications or replication id on REST calls

allow them for legacy config reading, but print a warning

* add test

* don't overwrite replications

* Add check to validate replications in sgReplicateManager when they are started

* Add test to ensure we do not overwrite replications from the database config

* Skip test if not EE

* provide credentials for connecting

* Clarify error text
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamcfraser adamcfraser adamcfraser approved these changes

@gregns1 gregns1 Awaiting requested review from gregns1

Assignees

@torcolvin torcolvin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@torcolvin @adamcfraser