Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: refactor identity persister #3101

Merged
merged 24 commits into from
Mar 3, 2023
Merged

feat: refactor identity persister #3101

merged 24 commits into from
Mar 3, 2023

Conversation

alnr
Copy link
Contributor

@alnr alnr commented Feb 14, 2023
edited
Loading

This is some groundwork to more easily plug different persisters into kratos.

I've shuffled some code around:

  • moved the persister code related to identites and session devices to their own packages.
  • the (new) IdentityPersister now uses a faster path to hydrate identity associations (addresses, credentials) in all cases, not just for session lookups.
  • moved to github.com/laher/mergefs in favor of github.com/ory/x/fsx: this allows merging on top of already merged filesystems to be more flexible with custom migrations
  • all kratos servers (public, admin, metrics) are now cancelable via context. Previously, you could only stop the server via SIGINT/SIGTERM
  • pass through driver options to the migrate command

Other notes:

  • the InternalCredentials field is no longer routinely used to get credentials. Instead, we use an intelligent join to get the data in one go. Please review carefully.

ref https://github.com/ory-corp/cloud/issues/4013

@alnr alnr self-assigned this Feb 14, 2023
@alnr alnr force-pushed the persister-dependencies branch 4 times, most recently from 0d3659e to 54d4d28 Compare February 14, 2023 17:54
@codecov
Copy link

codecov bot commented Feb 15, 2023
edited
Loading

Codecov Report

Merging #3101 (fc4daf1) into master (2d489e7) will increase coverage by 0.08%.
The diff coverage is 87.02%.

❗ Current head fc4daf1 differs from pull request most recent head b8a7b72. Consider uploading reports for the commit b8a7b72 to get more accurate results

@@            Coverage Diff             @@
##           master    #3101      +/-   ##
==========================================
+ Coverage   77.50%   77.58%   +0.08%     
==========================================
  Files         314      316       +2     
  Lines       19897    19908      +11     
==========================================
+ Hits        15421    15446      +25     
+ Misses       3285     3273      -12     
+ Partials     1191     1189       -2
Impacted Files Coverage Δ
cmd/hashers/argon2/loadtest.go 7.33% <ø> (ø)
cmd/jsonnet/format.go 50.00% <0.00%> (ø)
courier/smtp.go 69.56% <ø> (ø)
driver/registry_default.go 86.92% <0.00%> (+0.22%) ⬆️
hash/hasher_pbkdf2.go 78.37% <ø> (ø)
persistence/sql/persister_continuity.go 91.42% <ø> (ø)
persistence/sql/persister_courier.go 83.33% <0.00%> (ø)
selfservice/strategy/password/validator.go 93.10% <ø> (ø)
x/time.go 81.81% <ø> (ø)
identity/identity.go 88.05% <50.00%> (ø)
... and 21 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@alnr alnr marked this pull request as ready for review March 1, 2023 16:10
aeneasr
aeneasr reviewed Mar 2, 2023
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking pretty good already! Note to myself: i need to review the identity persister changes

identity/pool.go Outdated Show resolved Hide resolved
identity/test/pool.go
@@ -134,7 +132,6 @@ func TestPool(ctx context.Context, conf *config.Config, p interface {
assert.Empty(t, actual.RecoveryAddresses)
assert.Empty(t, actual.VerifiableAddresses)

require.Len(t, actual.InternalCredentials, 2)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reason for removal?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Software that imports kratos as a package might choose to hydrate the credentials in a different way, bypassing InternalCredentials. This tests implementational details, which we shouldn't do IMO.

LMKWYT.

session/manager_http.go Outdated Show resolved Hide resolved
aeneasr
aeneasr reviewed Mar 2, 2023
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Persister reviewed :) Great stuff! Conceptually, this is shippable. Just a few comments :)

persistence/sql/identity/persister_identity.go Outdated Show resolved Hide resolved
CaptainStandby
CaptainStandby reviewed Mar 3, 2023
View reviewed changes
Copy link
Contributor

@CaptainStandby CaptainStandby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just one question concerning SQL injection.

persistence/sql/identity/persister_identity.go Outdated Show resolved Hide resolved
persistence/sql/identity/persister_identity.go Outdated Show resolved Hide resolved
aeneasr
aeneasr reviewed Mar 3, 2023
View reviewed changes
go.mod Outdated Show resolved Hide resolved
aeneasr
aeneasr reviewed Mar 3, 2023
View reviewed changes
persistence/sql/update/update.go
Comment on lines +53 to +68
if err := c.Store.GetContext(ctx, &count, c.Dialect.TranslateSQL(stmt), v.GetID(), v.GetNID()); err != nil {
return sqlcon.HandleError(err)
} else if count == 0 {
return errors.WithStack(sqlcon.ErrNoRows)
}

//#nosec G201 -- TableName is static
stmt = fmt.Sprintf("UPDATE %s AS %s SET %s WHERE %s AND %s.nid = :nid",
quoter.Quote(model.TableName()),
model.Alias(),
cols.Writeable().QuotedUpdateString(quoter),
model.WhereNamedID(),
model.Alias(),
)

if _, err := c.Store.NamedExecContext(ctx, stmt, v); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just saw this (it exists in the current code too) - NamedExecContext should return the number of rows affected, which we could use to return an error. But anyways this is an optimization for another day and another PR!

@aeneasr aeneasr merged commit ceb5cc2 into master Mar 3, 2023
@aeneasr aeneasr deleted the persister-dependencies branch March 3, 2023 14:34
jonas-jonas
jonas-jonas reviewed Mar 3, 2023
View reviewed changes
persistence/sql/identity/persister_identity.go
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindByCredentialsIdentifier")
defer span.End()
otelx.End(span, &err)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did the defer go missing here? @alnr

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, well spotted!
#3145

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you for double checking @jonas-jonas 🙏

jonas-jonas
jonas-jonas reviewed Mar 3, 2023
View reviewed changes
persistence/sql/identity/persister_identity.go
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.findIdentityCredentialsType")
defer span.End()
otelx.End(span, &err)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here?

@alnr alnr mentioned this pull request Mar 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr left review comments

@jonas-jonas jonas-jonas jonas-jonas left review comments

@zepatrik zepatrik Awaiting requested review from zepatrik zepatrik is a code owner

@Benehiko Benehiko Awaiting requested review from Benehiko

@hperl hperl Awaiting requested review from hperl hperl is a code owner

@CaptainStandby CaptainStandby Awaiting requested review from CaptainStandby

Assignees

@alnr alnr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alnr @aeneasr @jonas-jonas @CaptainStandby