-
Notifications
You must be signed in to change notification settings - Fork 503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: refactor secret service and secret backend service to use the new atomic run #18106
base: main
Are you sure you want to change the base?
Conversation
8ae4db2
to
c6bdbf0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The permission checks can't be done inside the txn; to clarify - the calls to check leadership must be done outside the txn. The rest of the db lookups can occur inside the txn.
18f6983
to
358ba9d
Compare
…inside transaction;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few questions to discuss.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for progress. Couple of additional comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you. Just a few small things and a couple of things to follow up on. We can land this and make progress.
bcd4bf0
to
0e59fb7
Compare
0e59fb7
to
82e2835
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want @manadart to approve this before landing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments based on a once over.
There is a lot to be done here to get what I would view as correct use of RunAtomic
.
This patch is too big. I would attack one service method at a time rather than trying to do everything at once and needing rounds of follow-ups.
} | ||
|
||
err = db.Txn(ctx, func(ctx context.Context, tx *sqlair.TX) error { | ||
return domain.Run(ctx, func(ctx context.Context, tx *sqlair.TX) error { | ||
if err := st.createSecret(ctx, tx, version, uri, secret, st.checkUserSecretLabelExists); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The closure passed here does validation that should be invoked at the service layer.
label := "" | ||
if secret.Label != nil { | ||
label = *secret.Label | ||
} | ||
err = db.Txn(ctx, func(ctx context.Context, tx *sqlair.TX) error { | ||
return domain.Run(ctx, func(ctx context.Context, tx *sqlair.TX) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The UUID by name retrieval in this block should be done up in the service.
label := "" | ||
if secret.Label != nil { | ||
label = *secret.Label | ||
} | ||
err = db.Txn(ctx, func(ctx context.Context, tx *sqlair.TX) error { | ||
return domain.Run(ctx, func(ctx context.Context, tx *sqlair.TX) error { | ||
dbSecretOwner := secretUnitOwner{SecretID: uri.ID, Label: label} | ||
|
||
selectUnitUUID := `SELECT &unit.uuid FROM unit WHERE name=$unit.name` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
} | ||
|
||
// UpdateSecret creates a secret with the specified parameters, returning an | ||
// error satisfying [secreterrors.SecretNotFound] if the secret does not exist. | ||
// It also returns an error satisfying [secreterrors.SecretLabelAlreadyExists] | ||
// if the secret owner already has a secret with the same label. | ||
func (st State) UpdateSecret( | ||
ctx context.Context, uri *coresecrets.URI, secret domainsecret.UpsertSecretParams, | ||
ctx domain.AtomicContext, uri *coresecrets.URI, secret domainsecret.UpsertSecretParams, | ||
) error { | ||
if !secret.HasUpdate() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Validation for the service layer.
} | ||
revisionResult = make([][]*domainsecret.SecretRevision, len(secrets)) | ||
for i, secret := range secrets { | ||
revisionResult[i], err = st.listSecretRevisionsWithData(ctx, tx, secret.URI) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Potato. Surely we can get this all at once.
This PR refactored
secret
andsecretbackend
domain packages to run state calls in the same transaction using the new atomic run.No feature changes.
Checklist
Integration tests, with comments saying what you're testingdoc.go added or updated in changed packagesQA steps
unit tests and bash tests.
Documentation changes
No
Links
Jira card: JUJU-6268