Add xDS group service.

[minwoox]

Motivation:
A user might want to manage her own xDS resources with a group of people who have permission to create and update these resources. By creating an xDS group (a Central Dogma repository), she can easily manage these xDS resources and grant write permissions to specific people, allowing them to manage the resources under Central Dogma's authorization system.

Modifications:

• Added XdsGroupService to create a group, which is a Central Dogma repository.
  • With this group, a user can easily manage privileged people under the Central Dogma authorization system.
  • xds_group.proto file is also added.
    • All proto files might be published in a separate module later for other clients such as LEGY.
• Removed MetadataServiceInjector.
  • MetadataService is injected when a decorator is created using a DependencyInjector.

Result:

• You can now create xDS groups to manage your xDS resources under the Central Dogma authorization system.

[jrhee17]

Looks good overall, the /groups prefix is the only issue bothering me. The rest looks good 👍

[jrhee17]

Taking another look at this PR, it seems like we're going need to extra logic to remove/add groups/ in all user-facing locations. i.e. API paths, DTOs, UI, metrics, etc.. I'm not sure if it's realistic and worth it to ensure this.

Do you mind explaining why we need this prefix again?

[minwoox]

Like I said before, I'm trying to adhere to the AIP as much as possible:
https://google.aip.dev/122
It recommends in this way:

publishers/123/books/les-miserables
users/vhugo1802

Resource name components should usually alternate between collection identifiers (example: publishers, books, users) and resource IDs (example: 123, les-miserables, vhugo1802).

we're going need to extra logic to remove/add groups/ in all user-facing locations.

Yeah, that is true. But the logic isn't so many, and we still need that logic for validating and removing group name from the cluster name.
I thought the format (groups/{group}/clusters/{cluster}), which follows the guideline, was much better than the original format ({group}/{cluster}).

[jrhee17]

If you're strong on following the AIP, then sure. Ideally I prefer that there is a cross-cutting solution to apply this, but I guess we'll be doing this manually then.

e.g. If a new API is added where groupName is the parameter, we should be conscious to add/remove the prefix.

[minwoox]

Ideally I prefer that there is a cross-cutting solution to apply this

I also prefer applying the cross-cutting solution, which is why I hesitated to follow the AIP at first. 😕 However, I've decided to try using gRPC for this API, and it’s not easy to apply AOP even if I don’t follow AIP because it needs parameters in the message.
I also considered abandoning gRPC and just using REST, but decided against it. So, I followed the AIP.

[jrhee17]

Question) Just so I understand the current state, IIUC only admins have access to internal projects. Hence, am I understanding correctly that only admins will be able to use XdsGroupService for now?

[minwoox]

Anyone can use the XdsGroupService for now as I talked before.
https://github.com/line/centraldogma/pull/981/files#diff-6530b293347a15e8133c26cfb4221f0b565c32f0a6cccb8c1d44c0d78108c8bfR62

After modifying the authorization system similar to GitHub, anyone can create a group, and the one who created the group can add anyone or tokens to the group who will have the write permission for the resources in the group.

[jrhee17]

I see, I must have glanced through the diffset. I understood that for now, anyone can create/delete anyone's group 👍

[jrhee17]

Note: I'm curious on how we'll deal with handling exceptions later on as sometimes we perform special operations like in ReplicationLagTolerantCentralDogma for RevisionNotFoundException.

For now, I assume creating a repository and getting the repository immediately won't necessary succeed if the get is from a different replica.

Anyways, I guess the current approach is fine for now

[minwoox]

That's a good question. I will add the gRPC exception handler for the xDS services after I all set up the services.

[jrhee17]

Note: This is a red flag personally since I think there is always the possibility that additional fields will need to be added. Having said this, I guess it's fine to try adhering to the AIP like you proposed for now.

[minwoox]

This is a red flag personally since I think there is always the possibility that additional fields will need to be added.

Would you mind explaining which fields are likely to be added later?
If that's reasonable, I will define a message and return it instead of the Empty.

[jrhee17]

Let's just follow the AIP for now since the point is to ease these types of discussions.

[jrhee17]

👍 👍 👍

[ikhoon]

Thanks!

[ikhoon]

Optional) What do you think of using Reactive-gRPC instead of the vanilla gRPC? It is only used for server modules so we are relatively free of dependencies. Reactive-gRPC could remove boilerplate code such as .onNext() + .onCopmlete().

[minwoox]

Thanks for the suggestion. 👍
Well, honestly, I didn't want to use any other gRPC libraries because the logic is relatively simple (All methods are unary) and it might take more time (maybe just for me) when troubleshooting.

However, that doesn't mean that I will never use grpc-reactor. I will definitely use it when I think it gives more advantages or when I want to use it. 🤣