Skip to content

[sql-38] multi: couple sessions and accounts to actions #1071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[sql-38] multi: couple sessions and accounts to actions #1071

wants to merge 4 commits into from

Conversation

ellemouton
Copy link
Member

@ellemouton ellemouton commented May 13, 2025
edited
Loading

In this PR, we add best effort logic to ensure tight coupling between actions and sessions&accounts at the
time of action creation. This forces us to update our tests to expect certain errors if linked sessions/accounts
do not yet exist at the time of action creation. This sets us up nicely for the SQL impl of the actions DB which will
enforce strict coupling.

Part of #917

@ellemouton ellemouton self-assigned this May 13, 2025
@ellemouton ellemouton marked this pull request as draft May 13, 2025 12:57
@ellemouton ellemouton mentioned this pull request May 13, 2025
Draft
@ellemouton ellemouton added the no-changelog This PR is does not require a release notes entry label May 13, 2025
@ellemouton ellemouton force-pushed the sql38 branch 3 times, most recently from be966f6 to f93f70e Compare May 16, 2025 10:59
@ellemouton ellemouton marked this pull request as ready for review May 16, 2025 10:59
ellemouton added 4 commits May 16, 2025 13:02
@ellemouton
firewalldb: best effort tight coupling of actions and sessions
9227bbe 
In this commit, we do our best to ensure that at least at the time of
action creation, if the session ID is set, then our bbolt actions store
impl will at least first check that the session really does exist. This
also forces us to update our tests in preparation for the SQL store
which will tightly couple the actions and sessions.
@ellemouton
accounts: remove accountFromMacaroon helper
965684e 
We only use it in one place and we can just handle the unwrap of the
option there.
@ellemouton
firewall+firewalldb: extract Account ID and pass to AddActionReq
eb9966c 
In this commit we add an optional AccountID to the RequestInfo type.
Then, we populate it if the caveat of the macaroon being used contains
an accounts caveat.

We also add an unused AccountID type to the AddActionReq and pass in the
value from the RequestLogger.
@ellemouton
firewalldb: best effort link from actions to accounts
d4ddb81 
In this commit, we do our best to ensure that at least at the time of
action creation, if the account ID is set, then our bbolt actions store
impl will at least first check that the account really does exist. This
also forces us to update our tests in preparation for the SQL store
which will tightly couple the actions and accounts.
ViktorTigerstrom
ViktorTigerstrom approved these changes May 20, 2025
View reviewed changes
Copy link
Contributor

@ViktorTigerstrom ViktorTigerstrom left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, LGTM 🚀! Only leaving a few nits which are optional.

Also: Could potentially add test coverage under "kvdb" builds that show that the sessions + accounts aren't tightly coupled to actions. I think that'll be a quite nice coverage to have once the tightly coupling under "sql" builds exists, so that you can show that it's coupled there. Just to prove that this is expected behaviour. Potentially though, that's something that would make more sense to add coverage of in that PR.

firewalldb/actions_kvdb.go
Comment on lines +69 to +71
if err != nil {
return nil, err
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: could potentially wrap the error on session.ErrSessionNotFound errors to make it clear that was a linked session for an action that wasn't found.

firewalldb/actions_kvdb.go
Comment on lines +80 to +82
if err != nil {
return nil, err
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:
Same here but for accounts.ErrAccNotFound.

firewalldb/actions_test.go
Comment on lines +507 to +508
// Accounts are not explicitly linked in our bbolt DB implementation.
got.AccountID = expected.AccountID
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Should we remove the overwritten value from got at the end of this function as this is a pointer we're passing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ViktorTigerstrom ViktorTigerstrom ViktorTigerstrom approved these changes

@bitromortac bitromortac Awaiting requested review from bitromortac

Assignees

@ellemouton ellemouton

Labels
no-changelog This PR is does not require a release notes entry sql-ize
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ellemouton @ViktorTigerstrom