feat: Purge ACP state on DB purge #3363
Conversation
jsimnz
added
feature
jsimnz
force-pushed
the
jsimnz/feat/acp-purge
branch
from
f56117e to
c781935
Compare
acp/acp.go
Outdated
| // DropAll purges the entire ACP state. | ||
| DropAll(ctx context.Context) error |
There was a problem hiding this comment.
suggestion: As mentioned on discord :P prefer ResetState over DropAll
| // DropAll purges the entire ACP state. | |
| DropAll(ctx context.Context) error | |
| // ResetState resets the entire ACP state. | |
| ResetState(ctx context.Context) error |
There was a problem hiding this comment.
Would Reset work, or do you prefer the full ResetState?
| @@ -105,6 +107,40 @@ func (l *ACPLocal) Close() error { | |||
| return l.manager.Terminate() | |||
| } | |||
|
|
|||
| func (l *ACPLocal) DropAll(ctx context.Context) error { | |||
| err := l.Close() | |||
There was a problem hiding this comment.
question: l.manager.Terminate() is safe to call close on even if it was already closed before?
There was a problem hiding this comment.
Yea there might be an issue here, thanks for flagging
There was a problem hiding this comment.
Resolved this, can you do another quick review on the last 2 commits. Added a flag to track if we're already closed so we don't duplicate the termination stuff. @shahzadlone
There was a problem hiding this comment.
Re-reviewed. Just left one suggestion
acp/acp_local_test.go
Outdated
| func Test_LocalACP_InMemory_AddPolicy_CreatingSamePolicyAfterDropAllReturnsSameID(t *testing.T) { | ||
| ctx := context.Background() | ||
| localACP := NewLocalACP() | ||
|
|
||
| localACP.Init(ctx, "") | ||
| errStart := localACP.Start(ctx) | ||
| require.Nil(t, errStart) | ||
|
|
||
| policyID, errAddPolicy := localACP.AddPolicy( | ||
| ctx, | ||
| identity1, | ||
| validPolicy, | ||
| ) | ||
| require.Nil(t, errAddPolicy) | ||
|
|
||
| require.Equal( | ||
| t, | ||
| validPolicyID, | ||
| policyID, | ||
| ) | ||
|
|
||
| errDrop := localACP.DropAll(ctx) | ||
| require.Nil(t, errDrop) | ||
|
|
||
| // Since nothing is persisted should allow adding same policy again with same ID | ||
|
|
||
| policyID, errAddPolicy = localACP.AddPolicy( | ||
| ctx, | ||
| identity1, | ||
| validPolicy, | ||
| ) | ||
| require.Nil(t, errAddPolicy) | ||
| require.Equal( | ||
| t, | ||
| validPolicyID, | ||
| policyID, | ||
| ) | ||
|
|
||
| errClose := localACP.Close() | ||
| require.Nil(t, errClose) | ||
| } | ||
|
|
||
| func Test_LocalACP_Persistent_AddPolicy_CreatingSamePolicyAfterDropAllReturnsSameID(t *testing.T) { | ||
| ctx := context.Background() | ||
| localACP := NewLocalACP() | ||
|
|
||
| acpPath := t.TempDir() | ||
| localACP.Init(ctx, acpPath) | ||
| errStart := localACP.Start(ctx) | ||
| require.Nil(t, errStart) | ||
|
|
||
| policyID, errAddPolicy := localACP.AddPolicy( | ||
| ctx, | ||
| identity1, | ||
| validPolicy, | ||
| ) | ||
| require.Nil(t, errAddPolicy) | ||
|
|
||
| require.Equal( | ||
| t, | ||
| validPolicyID, | ||
| policyID, | ||
| ) | ||
|
|
||
| errDrop := localACP.DropAll(ctx) | ||
| require.Nil(t, errDrop) | ||
|
|
||
| // Since nothing is persisted should allow adding same policy again with same ID | ||
|
|
||
| policyID, errAddPolicy = localACP.AddPolicy( | ||
| ctx, | ||
| identity1, | ||
| validPolicy, | ||
| ) | ||
| require.Nil(t, errAddPolicy) | ||
| require.Equal( | ||
| t, | ||
| validPolicyID, | ||
| policyID, | ||
| ) | ||
|
|
||
| errClose := localACP.Close() | ||
| require.Nil(t, errClose) | ||
| } |
There was a problem hiding this comment.
praise: Thanks for adding these!
acp/acp_local_test.go
Outdated
| policyID, | ||
| ) | ||
|
|
||
| errDrop := localACP.DropAll(ctx) |
There was a problem hiding this comment.
nitpick: Might be interesting to also test if calling this when acp is already closed (not started) is safe or errors/panics.
There was a problem hiding this comment.
Thinking this through, should we only allow dropping if it isn't closed yet?
There was a problem hiding this comment.
Since we will soon have option to turn acp off (which can be done only by authorized admin), as long as we also plan to (which I believe we do) gate the purge command also with authorized admin (AAC will use it's own separate local acp logic not mixed with this document access control logic), so it makes sense that the purge resets even if it's closed.
However happy to discuss further. We could also have a --force flag with purge that does the behavior of purging on close and otherwise a "safer" one that will error if acp is off (or is closed for whatever reason).
There was a problem hiding this comment.
Let's not forget that the purge command is a dev only feature so protecting it with Admin ACP doesn't really make sense.
There was a problem hiding this comment.
Let's not forget that the purge command is a dev only feature so protecting it with Admin ACP doesn't really make sense.
Kind of forgot about that. Do we still want dev only features when aac is implemented?
There was a problem hiding this comment.
I think so yes. I would never want purge to be accessible by anyone on a production DB.
There was a problem hiding this comment.
Thinking this through, should we only allow dropping if it isn't closed yet?
Following up here. Decided we do want to make sure we're only "resetting" state after the ACP instance is closed, at the very least because it simplifies things, and produces less edge cases to cover compared to if we were resetting the state while the ACP engine is in use.
Agreed, in the spirit of the velocity experiment, Im going to power through and mark this as a follow up issue, that we can get some more feedback on how we might want to make this change more permanent, but for now its a minor change that can easily be fixed. |
| func Test_LocalACP_InMemory_ResetStateAfterClose(t *testing.T) { | ||
| ctx := context.Background() | ||
| localACP := NewLocalACP() | ||
|
|
||
| localACP.Init(ctx, "") | ||
| errStart := localACP.Start(ctx) | ||
| require.Nil(t, errStart) | ||
|
|
||
| errClose := localACP.Close() | ||
| require.NoError(t, errClose) | ||
|
|
||
| errReset := localACP.ResetState(ctx) | ||
| require.NoError(t, errReset) | ||
| } | ||
|
|
||
| func Test_LocalACP_Persistent_ResetStateAfterClose(t *testing.T) { | ||
| acpPath := t.TempDir() | ||
| require.NotEqual(t, "", acpPath) | ||
|
|
||
| ctx := context.Background() | ||
| localACP := NewLocalACP() | ||
|
|
||
| localACP.Init(ctx, acpPath) | ||
| errStart := localACP.Start(ctx) | ||
| require.Nil(t, errStart) | ||
|
|
||
| errClose := localACP.Close() | ||
| require.NoError(t, errClose) | ||
|
|
||
| errReset := localACP.ResetState(ctx) | ||
| require.NoError(t, errReset) | ||
| } | ||
|
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #3363 +/- ##
===========================================
- Coverage 78.51% 78.30% -0.21%
===========================================
Files 392 392
Lines 35640 35688 +48
===========================================
- Hits 27982 27943 -39
- Misses 6033 6095 +62
- Partials 1625 1650 +25
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 15 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
|
Bug bash: works |
Relevant issue(s)
Resolves #3358
Description
Crude implementation to purge the ACP state for LocalACP implementation (SourceHub ACP returns error at the moment). Basically it deletes the entire underlying KVStore and reinitializes it.
Tasks
How has this been tested?
Manually, also added unit tests. No current integration purge tests (afaik)
Specify the platform(s) on which this was tested: