-
Notifications
You must be signed in to change notification settings - Fork 19
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - good work @cianfoley-nearform
Just double checking, this is not a breaking change right? I.e. anyone using existing API does not need to update any of their code when they upgrade to this version of udaru?
key1: val1, | ||
key2: val2 | ||
} | ||
return "'" + JSON.stringify(obj) + "'::JSONB" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does ::JSONB
need to be appended to the stringified json?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also swagger needs to be regenerated in order to update /docs
, doesn't have to be done as part of this PR but we should review documentation before this gets published.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I committed swagger docs in the latest commit :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please make sure you release the client, although in this particular case it gives no side effects.
client.query('SELECT NOW()', (err, res) => {
console.log(err, res)
client.end()
})
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok on termination of process? I'm using the same client throughout.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the connection will probably time out after a while but it is a good practice to release it when not used anymore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added to final callback just before process ends in try catch with no output at least to make an attempt at closing... if I call after query callback it will terminate for subsequent queries
Not sure Damien, I just saw that in fixures so I kept with the
convention.... it;s going directly into a sql insert statement in volume
fixtures and not using udaru core
…On Mon, Feb 19, 2018 at 7:58 PM, Damian Beresford ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In database/loadVolumeData.js
<#466 (comment)>:
> @@ -148,15 +149,27 @@ function loadPolicies (startId, orgId, teamId, callback) {
})
}
+function getMetaData (val1, val2) {
+ if (ADD_METADATA) {
+ var obj = {
+ key1: val1,
+ key2: val2
+ }
+ return "'" + JSON.stringify(obj) + "'::JSONB"
Also swagger needs to be regenerated in order to update /docs, doesn't
have to be done as part of this PR but we should review documentation
before this gets published.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#466 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AiXnQwjvOw8RnV-HxmM3Egbc-ZNRQBv8ks5tWdJLgaJpZM4SK8KE>
.
|
- EDIT - it is a breaking change now with 409 conflict response for unique constraint
No it's not a breaking change so minor version number update... all
existing tests pass, core and end-to-end so unless there's features that
are untested it should be same? If there is no meta field, it isn't
returned at all, and if not present in params, it works fine...
There are some functions where updates could be optional such as name,
description, meta potentially otherwise the caller of API will have to pass
back the same data, i noticed in tests the full object being passed back at
times even though the params are limited to 2 or 3, i wondered if this
should be allowed but it is convenient.
C.
…On Mon, Feb 19, 2018 at 7:49 PM, Damian Beresford ***@***.***> wrote:
***@***.**** approved this pull request.
LGTM - good work @cianfoley-nearform
<https://github.com/cianfoley-nearform>
Just double checking, this is not a breaking change right? I.e. anyone
using existing API does not need to update any of their code when they
upgrade to this version of udaru?
------------------------------
In database/loadVolumeData.js
<#466 (comment)>:
> @@ -148,15 +149,27 @@ function loadPolicies (startId, orgId, teamId, callback) {
})
}
+function getMetaData (val1, val2) {
+ if (ADD_METADATA) {
+ var obj = {
+ key1: val1,
+ key2: val2
+ }
+ return "'" + JSON.stringify(obj) + "'::JSONB"
Why does ::JSONB need to be appended to the stringified json?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#466 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AiXnQ12uXi_5zZpqfwfMjf5fakmt0Hkzks5tWdA9gaJpZM4SK8KE>
.
|
@dberesford @mihaidma @mirceaalexandru |
…ement of allow/deny on policies
Issue #475 fix committed to this branch |
Issue #470 and other swagger related issues dealt with in this branch |
lib/core/lib/ops/validation.js
Outdated
const ResourcesArray = Joi.array().max(10).items(requiredString.description('A single resource')).single().required().description('A list of Resources').label('ResourcesArray') | ||
|
||
const StatementObject = Joi.object({ | ||
Effect: Joi.string().valid('Allow', 'Deny').label('Effect'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#475 fix
…nsert/update conflict constraints
ece3eed
to
614a9a7
Compare
@@ -0,0 +1,5 @@ | |||
ALTER TABLE teams | |||
ADD CONSTRAINT "Unique Team Names" UNIQUE (name, org_id); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oups, sorry to jump in, but this will be a problem in Energy Insights.
As we use nested team, this situation is legit:
- team 1
- team A
- team 2
- team A
What is the reason to make names unique?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I second this ^^: there is actually nothing that comes to mind why team names should be unique. The id is unique (to be able to manage them) while the name is just for readability purposes. If we are looking at what udaru is supposed to do: ids would have been enough to be able to manage access. The name for a team (and others entities) was added as a "bonus" - bare UM functionality.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect, I wasn't aware of the optional characteristics of those scripts.
Sorry for the interruption!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why would we commit the scripts? no point to put them in the project repo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
might be better to document that we can handle multiple constraints in readme?
This was put in based on this issue: #474
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@feugy, @floridemai no prob, probably best to not have in there as mihai suggests, just thought it might be useful to those that need such constraints set up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i agree with the opinions above, let's not complicate the code with adding constraints there (even if they are on both team and parent id). If the user will add from UI two teams with the same name he can always go and edit names.
database/migrations/007.undo..sql
Outdated
@@ -0,0 +1,6 @@ | |||
ALTER TABLE public.organizations | |||
DROP COLUMN meta; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
incorrect column name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also the migration file name is wrong
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixing now...
844da43
to
1d72f1a
Compare
database/nameConstraints.js
Outdated
@@ -0,0 +1,32 @@ | |||
'use strict' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i am of the opinion that we should no add these for the Udaru users, they will make their own constraints if they really want but probably that will cause issues with keeping the migration up to date.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes if we change constraints in future migrations theirs will be dropped...
key1: val1, | ||
key2: val2 | ||
} | ||
return "'" + JSON.stringify(obj) + "'::JSONB" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the connection will probably time out after a while but it is a good practice to release it when not used anymore
lib/core/lib/ops/validation.js
Outdated
@@ -4,14 +4,39 @@ const Joi = require('joi') | |||
|
|||
const requiredString = Joi.string().required() | |||
const requiredStringId = Joi.string().required().max(128) | |||
const MetaData = Joi.object().optional().description('Arbitrary Metadata').label('MetaData') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we remove "arbitrary" from the description?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK
lib/core/lib/ops/validation.js
Outdated
|
||
const PolicyIdObject = Joi.object({ | ||
id: Joi.string().required().description('Policy Id'), | ||
variables: Joi.object().description('A list of the veriables with their fixed values').label('variables') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
veriables->variables
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done, need spellchecjker
lib/core/lib/ops/validation.js
Outdated
const PolicyIdObject = Joi.object({ | ||
id: Joi.string().required().description('Policy Id'), | ||
variables: Joi.object().description('A list of the veriables with their fixed values').label('variables') | ||
}).required().description('Policy Id Object, alternatively supply string instead').label('PolicyIdObject') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Policy Id Object, alternatively supply string instead
i would say here something along the lines of:
Policy Object (a {key, variable} pair) or a string representing the policy id
to make it easier for the user to understand what it does
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about
'Policy object ({id, variables}) OR policy id string'
if we say key variable pair they might mix up with key value pair...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved out to the array because not showing in docs anyway
lib/core/lib/ops/validation.js
Outdated
|
||
const PolicyIdObject = Joi.object({ | ||
id: Joi.string().required().description('Policy Id'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from what i saw the IDs are of type requiredStringId
that has a max length limitation
Joi.string().required().description('Policy Id') -> requiredStringId.description('PolicyId')
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm gonna create PolicyId as a requiredId String and reuse that within the PolicyObject too
I'm going to raise a change request for updating our models to share between validation.js and swagger.js
lib/core/lib/ops/validation.js
Outdated
const PolicyIdsArray = Joi.array().required().items(requiredPolicy).description('can be array of objects with id:string, variables:object properties OR an array of string ids').label('PolicyIdsArray') | ||
const UsersArray = Joi.array().required().items(requiredString).description('User IDs').label('UsersArray') | ||
const TeamsArray = Joi.array().required().items(requiredString).description('Teams IDs').label('TeamsArray') | ||
const ResourcesArray = Joi.array().max(10).items(requiredString.description('A single resource')).single().required().description('A list of Resources').label('ResourcesArray') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this limit of 10 added? where does this come from? does pbac impose any limits on this? we should remove this limit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
max(10) wasn't added, it was declared previously inline on resources: property,
not its declared in specific object to prevent repeating model (see line 41 below)
resources: Joi.array().max(10).items(requiredString.description('A single resource')).single().required().description('A list of Resources'),
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ps I noticed the limit and thought it was odd, don't know if there is a limit on PBAC, if not it should definitely be removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removing, it's not a restriction on our output models, though that wouldn't break anything, input rules more important as if we restrict output and input is different we're in trouble...
lib/core/lib/ops/validation.js
Outdated
const StatementObject = Joi.object({ | ||
Effect: Joi.string().valid('Allow', 'Deny').label('Effect'), | ||
Action: Joi.array().items(Joi.string()).label('Action'), | ||
Resource: Joi.array().items(Joi.string()).label('Resource'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
both action and resource should have a minimum one element
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you want me to add for this version?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doesn't break tests, done.
lib/core/lib/ops/validation.js
Outdated
Condition: Joi.object().label('Condition') | ||
}).label('StatementObject') | ||
|
||
const StatementsArray = Joi.array().items(StatementObject).label('StatementsArray') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minimum one element
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
lib/plugin/swagger.js
Outdated
if (listType === TEAMS) return Teams | ||
if (listType === TEAMREFS) return TeamRefs | ||
if (listType === USERS) return Users | ||
if (listType === ORGANIZATIONS) return Organizations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could put these on an object and just say return mapper[listType]
instead of all the ifs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, i was being silly there, much tidier now, i don't even need lookup, i can pass directly to list getList
Add request id for the resource builder
Lots of changes here guys, all the tests still pass and the new ones I wrote pass...
Migration to 7
Fixtures updated (thought prob should have just handled in test)
Updates to core, validation, swagger for hapi for org, teams, users
Updates to the routes for org, teams, users
updated end to end and core tests too.
@dberesford @mihaidma
C.