Documentation: add a document on storage options #632
Conversation
There was a problem hiding this comment.
Overall this looks good.
I have a lot of feedback, but most of it is related to following the style guide. As far as the word choice and sentence flow goes you can take my feedback with a grain of salt.
As far as enforcing the coreos/docs style guide goes:
- Links should follow the
[link text][ref], with[ref]: urlat the bottom of the file. - Headings ought to be in sentence heading.
I'll make a PR with a reference to the coreos docs style guide to the CONTRIBUTING.md doc ASAP.
|
|
||
| ## Caveat: Running replicated instances | ||
|
|
||
| Validation is still being done to ensure correctness when multiple instances of dex are using the same backing storage. While everything "should just work", edge cases require time to investigate and write tests for. This work can be followed on the issue tracker [here](https://github.com/coreos/dex/issues/600). |
There was a problem hiding this comment.
- Reference style hyperlinks (
[hyperlinked text][label])
There was a problem hiding this comment.
I would reword this to be:
Dex performs correctness validation when multiple instances use the same backing storage. This should "Just Work" but when it doesn't you should check out the [dex issue tracker][dex-issue-tracker-url] and add or comment on a relevant issue.
There was a problem hiding this comment.
Dex performs correctness validation when multiple instances use the same backing storage.
That's not the same thing. This is stating that we still need to write the tests to prove correctness and you probably shouldn't be running these kind of setups in the first place. How does this sound?
Tests still need to be written to validate that multiple instances of dex behave correctly when using the same storage.
While there aren't any technical limitations, edge cases have been observed and progress on these kind of bugs can be found on the[dex issue tracker].
|
|
||
| Regardless of the implementation, dex saves sensitive data in its backing storage: signing keys, bcrypt'd passwords, etc. Storage breaches are serious because attacks may propagate to any application which relies on dex. Whatever storage option used, transport security and database ACLs are both musts. | ||
|
|
||
| ## Caveat: Running replicated instances |
There was a problem hiding this comment.
- Sentence style headings (
## Only the first character and proper nouns are capitalized)
| description: "An OAuth2 client." | ||
| ``` | ||
|
|
||
| Once the `ThirdPartyResource` is created, custom resources can be created at a namespace level (though there will be a gap between the `ThirdPartyResource` being created and the API server accepting the custom resource). While most fields are user defined, the API server still respects the common `ObjectMeta` and `TypeMeta` values. For example names are still restricted to a small set of characters, and the `resourceVersion` field can be used for an [atomic compare and swap](https://github.com/kubernetes/kubernetes/blob/release-1.4/docs/devel/api-conventions.md#concurrency-control-and-consistency). |
There was a problem hiding this comment.
- Reference style hyperlinks (
[hyperlinked text][label])
| caFile: /etc/dex/postgres.ca | ||
| ``` | ||
|
|
||
| The SSL "mode" corresponds to the `github.com/lib/pq` package [connection options](https://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters). If unspecified, dex defaults to the strictest mode "verify-full". |
There was a problem hiding this comment.
- Reference style hyperlinks (
[hyperlinked text][label])
|
|
||
| Each storage implementation bears a large ongoing maintenance cost and needs to be updated every time a feature requires storing a new type. Bugs often require in depth knowledge of the backing software, and much of this work will be done by developers who are not the original authors. Changes to dex which add new storage implementations are not merged lightly. | ||
|
|
||
| Those who still want to construct a proposal for a new storage should review the following packages: |
There was a problem hiding this comment.
- Put this under a third-tier heading
### New storage option references
There was a problem hiding this comment.
Wouldn't that imply that it's part of the SQL section (as it's not)?
There was a problem hiding this comment.
The above second-tier heading is ## adding a new storage option, so putting a third-tier heading should make it obvious that this is a sub-topic of ## adding a new storage option.
This fine-grain organization makes the table of contents on coreos.com more useful.
|
|
||
| Migrations are performed automatically on the first connection to the SQL server (it does not support rolling back). Because of this, dex requires being able to add and alter the tables for its database. | ||
|
|
||
| NOTE: Previous versions of dex required symmetric keys to encrypt certain values before sending them to the database. This feature has not been ported to V2 yet, though it may be added later (but possibly without a migration path for users of the current implementation). |
There was a problem hiding this comment.
I would reword the last second sentence to be
This feature has not yet been ported to dex v2. If it is added later there may not be a migration path for current v2 users.
|
|
||
| ### Postgres | ||
|
|
||
| Dex authenticates to Postgres with a username and password. As stated above, because dex performs migrations, it requires privileged access to its own database. Database table names are not configurable, and to prevent table name clashes with other applications admins should expect to dedicated a database for dex's sole use. |
There was a problem hiding this comment.
I would reword this paragraph to be:
Admins may want to dedicate a database to dex for the following reasons:
- Dex requires privileged access to its database because it performs migrations.
- Dex's database table names are not configurable; when shared with other applications there may be table name clashes.
|
|
||
| Those who still want to construct a proposal for a new storage should review the following packages: | ||
|
|
||
| * `github.com/coreos/dex/storage`: Interface definitions which the storage must implement. NOTE: This package is not stable. |
There was a problem hiding this comment.
This should be a clickable link.
There was a problem hiding this comment.
We can't link to a godoc.org until we've made this branch the default branch. Part of that getting to that point is writing docs like this :)
There was a problem hiding this comment.
Fair enough. I wanted to click on it and figured readers would too, but if it's technically not an option that's 👍
| Those who still want to construct a proposal for a new storage should review the following packages: | ||
|
|
||
| * `github.com/coreos/dex/storage`: Interface definitions which the storage must implement. NOTE: This package is not stable. | ||
| * `github.com/coreos/dex/storage/conformance`: Conformance tests which storage implementations must pass. |
There was a problem hiding this comment.
This should be a clickable link.
|
|
||
| * Integration testing setups (Travis and developer workstations). | ||
| * Transactional requirements: atomic deletes, updates, etc. | ||
| * Is there an established, reasonable Go client? |
There was a problem hiding this comment.
I would reword this last bullet to be:
- Is there an established and reasonable Go client?
|
@ElijahCaine thanks. Have a few counter comments, but other than that will rework this PR later today. |
ericchiang
force-pushed
the
dev-docs-storage-options
branch
from
4475ce7 to
7928ea0
Compare
|
@ElijahCaine updated with a second commit. Going to leave this here if you want to add any last second notes. Will squash and merge in a bit. |
There was a problem hiding this comment.
Hey Eric, this all looks really good.
I misspoke earlier when I said sentences were on their own lines, the style guide actually says that it's one paragraph per line. If you could revert that formatting to what you had earlier (sorry again!) and the line numbering change I commented on, I'll give this the thumbs up.
| When using Postgres, admins may want to dedicate a database to dex for the following reasons: | ||
|
|
||
| 1. Dex requires privileged access ot its database because it performs migrations. | ||
| 1. Dex's database table names are not configurable; when shared with other applications there may be table name clashes. |
|
Haha, thanks I'll update again. |
ericchiang
force-pushed
the
dev-docs-storage-options
branch
from
7928ea0 to
6c48398
Compare
fyi @dghubble there's some third party resource docs here.