add ability to list all groups #612
Conversation
Signed-off-by: Joshua Rubin <[email protected]>
|
Hey @joshuarubin the way you solved it is perfect. It is common to have a resource endpoints The only thing I would like to change is to remove I will now review your code changes and leave comments where they fit. |
|
Damn, halfway through the review I noticed that you made this against the 0.9.x branch. I would much rather see it done against the 0.10.0 one, is that an issue for you? |
|
We would like to be able to get this functionality ASAP which would be less risky if we can stay on 0.9.x. However, I don't think it would be too hard to cherry pick the commits and get it working on master. If we can merge this into 0.9.x, I'll set up another PR to get it into master. |
docs/api.swagger.yaml
Outdated
| @@ -1376,8 +1376,8 @@ paths: | |||
| /warden/groups: | |||
| get: | |||
| description: >- | |||
| The subject making the request needs to be assigned to a policy | |||
| containing: | |||
| The subject making the request, if member is specified, needs to be | |||
There was a problem hiding this comment.
As discussed in my comment, I'd like to revert this and replace this with a policy check against rn:hydra:warden:groups
docs/api.swagger.yaml
Outdated
| The subject making the request needs to be assigned to a policy | ||
| containing: | ||
| The subject making the request, if member is specified, needs to be | ||
| assigned to a policy containing: |
There was a problem hiding this comment.
As discussed in my comment, replace this with one check to rn:hydra:warden:groups
docs/api.swagger.yaml
Outdated
| @@ -1403,8 +1420,8 @@ paths: | |||
| tags: | |||
| - warden | |||
| - groups | |||
| summary: Find group IDs by member | |||
| operationId: findGroupsByMember | |||
| summary: Find group IDs | |||
There was a problem hiding this comment.
In fact, we're receiving the full group payload (no longer only their IDs). This isn't your fault, but mine since I forgot to update the header title. But since you're already at it, maybe you could change that too ... :)
There was a problem hiding this comment.
This applies to the 0.10.x branch - for the 0.9.x branch this is correct.
warden/group/handler.go
Outdated
| @@ -40,11 +41,11 @@ func (h *Handler) SetRoutes(r *httprouter.Router) { | |||
| r.DELETE(GroupsHandlerPath+"/:id/members", h.RemoveGroupMembers) | |||
| } | |||
|
|
|||
| // swagger:route GET /warden/groups warden groups findGroupsByMember | |||
| // swagger:route GET /warden/groups warden groups findGroups | |||
There was a problem hiding this comment.
This should actually be renamed to listGroups
warden/group/handler.go
Outdated
| // | ||
| // Find group IDs by member | ||
| // Find group IDs |
There was a problem hiding this comment.
For 0.9.x this should be List group IDs
warden/group/manager_sql.go
Outdated
| @@ -123,6 +125,28 @@ func (m *SQLManager) RemoveGroupMembers(group string, subjects []string) error { | |||
| return nil | |||
| } | |||
|
|
|||
| func (m *SQLManager) ListGroups(limit, offset int64) ([]string, error) { | |||
| if limit < 0 { | |||
There was a problem hiding this comment.
I think it should be fine to set limit to 0 (or 1) if it's below 0
warden/group/manager_sql.go
Outdated
| return nil, errors.New("limit can't be less than 0") | ||
| } | ||
|
|
||
| if offset < 0 { |
There was a problem hiding this comment.
I think it should be fine to set offset to 0 if it's below 0
| @@ -85,6 +85,8 @@ func connectToPG() { | |||
| } | |||
|
|
|||
| func TestManagers(t *testing.T) { | |||
| t.Parallel() | |||
There was a problem hiding this comment.
This is nice, I totally did not know about that flag. That way, postgres and mysql will be run alongside. This should be everywhere. Thank you!
warden/group/manager_sql.go
Outdated
| limit = 500 | ||
| } | ||
|
|
||
| if err := m.DB.Select(&q, m.DB.Rebind("SELECT id from hydra_warden_group ORDER BY id LIMIT ? OFFSET ?"), limit, offset); err != nil { |
There was a problem hiding this comment.
I'm not sure about the order clause here, what it's goal?
There was a problem hiding this comment.
ORDER BY is required to ensure that the paging is consistent.
https://www.postgresql.org/docs/8.2/static/queries-limit.html
There was a problem hiding this comment.
Oh, I did not know that! Then this is fine!
| res = append(res, g.ID) | ||
| } | ||
|
|
||
| sort.Strings(res) |
There was a problem hiding this comment.
Sorting makes sense here because maps don't have an order.
I would love to see that. If you find the time, I'd also love to see that for #605 :) |
Signed-off-by: Joshua Rubin <[email protected]>
|
OK. Updated with changes from review. Still don't know how to generate the api.swagger.yaml so I hope it's correct. |
|
Nice! I'll go over the changes one more time. Regarding swagger, check out this script from the 0.10.x branch. Please make sure to use the latest stable version of go-swagger. |
warden/group/handler.go
Outdated
| @@ -40,11 +41,11 @@ func (h *Handler) SetRoutes(r *httprouter.Router) { | |||
| r.DELETE(GroupsHandlerPath+"/:id/members", h.RemoveGroupMembers) | |||
| } | |||
|
|
|||
| // swagger:route GET /warden/groups warden groups findGroupsByMember | |||
| // swagger:route GET /warden/groups warden groups findGroups | |||
warden/group/handler.go
Outdated
| // | ||
| // Find group IDs by member | ||
| // Find group IDs |
warden/group/handler.go
Outdated
| // | ||
| // The subject making the request needs to be assigned to a policy containing: | ||
| // The subject making the request, if member is specified, needs to be assigned to a policy containing: |
There was a problem hiding this comment.
This line and the following policy can be removed, as discussed in the comments
warden/group/handler.go
Outdated
| @@ -66,24 +77,65 @@ func (h *Handler) SetRoutes(r *httprouter.Router) { | |||
| // oauth2: hydra.groups | |||
| // | |||
| // Responses: | |||
| // 200: findGroupsByMemberResponse | |||
| // 200: findGroupsResponse | |||
warden/group/handler.go
Outdated
| return | ||
| } | ||
|
|
||
| offset, err := intFromQuery(r, "offset") |
There was a problem hiding this comment.
If you supply a default value, no error checking is requried and you can save the limit == 0 check!
Signed-off-by: Joshua Rubin <[email protected]>
|
OK. Updated again. |
warden/group/manager_sql.go
Outdated
| offset = 0 | ||
| } | ||
|
|
||
| var q []string |
There was a problem hiding this comment.
If no results are returned, this will be nil which in turn will return null in the JSON response (see https://play.golang.org/p/7H6y1t2mdd ). To avoid this please initialize the slice (q := []string{})
warden/group/manager_memory.go
Outdated
| return nil, nil | ||
| } | ||
|
|
||
| var res []string |
There was a problem hiding this comment.
If no results are returned, this will be nil which in turn will return null in the JSON response (see https://play.golang.org/p/7H6y1t2mdd ). To avoid this please initialize the slice (q := []string{})
Signed-off-by: Joshua Rubin <[email protected]>
|
Nice catch. I think everything should be ready now. |
|
Thank you! |
* vendor: support dep (#606) * fix go-jose Signed-off-by: Joshua Rubin <[email protected]> * add Gopkg.toml Signed-off-by: Joshua Rubin <[email protected]> * add tests for dep Signed-off-by: Joshua Rubin <[email protected]> * fix glide build Signed-off-by: Joshua Rubin <[email protected]> * warden/groups: add ability to list all groups (#612) * add ability to list all groups Signed-off-by: Joshua Rubin <[email protected]> * update based on review comments Signed-off-by: Joshua Rubin <[email protected]> * a few more updates from review Signed-off-by: Joshua Rubin <[email protected]> * ensure group lists dont return nil Signed-off-by: Joshua Rubin <[email protected]> * support es256 Signed-off-by: Joshua Rubin <[email protected]> * update jwk tests Signed-off-by: Joshua Rubin <[email protected]>
This is to satisfy #594
I'm not sure if the
api.swagger.yamlfile is complete/correct since thegen-swagger.shscript produces the uncommittedapi.swagger.jsonfile.The API is also a little strange as the
GET /warden/groupsendpoint already existed and previously required amemberparam (andGET /warden/groups/<id>refers to the group id, not the member id).Now
GET /warden/groupsOPTIONALLY uses thememberparam. If it exists, the behavior is the same as before so there are no API regressions.However, if
memberdoes not exist, then it is assumed that the user wants to list all groups. In this case, the required policy resource changes (fromrn:hydra:warden:groups:<member>torn:hydra:warden:groups). Additionally, thelimitandoffsetparameters are used if they exist.limitdefaults to500if not specified (the same asGET /policies).