kong icon indicating copy to clipboard operation
kong copied to clipboard
verified publisher icon Kong

refactor(DAO): introduce validate and fix check

Open StarlightIbuki opened this issue 2 years ago • 5 comments

DO NOT MERGE!

This PR causes a breaking change. We planed this for 4.0.

Review Note

Please check "Hide whitespace" when reviewing.

Summary

@flrgh:

  1. This has_common_protocol_with_service() validation function is a liar and does not actually check the service protocol.
  2. For both routes and services, the protocol checks happen before the input is populated with default values, so a plugin payload with an explicit { "protocols": [ "http" ] } will [correctly] result in a validation error, but a plugin payload with protocols omitted will be [erroneously] accepted.

We want validation to be after default values are populated.

I noticed that insert/update/upsert shares code. It seems reasonable to add a validation handler, which happens before a real DB operation, after the auto_field_process.

Another advantage of this method is that it won't break other uses. We could still override the insert/update/upsert method to do the validation.

Checklist

  • [x] The Pull Request has tests (covered by original test)
  • [x] There's an entry in the CHANGELOG
  • [ ] N/AThere is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Full changelog

  • Refactoring the DAO: adding a method named "validate", happen before strategy.insert/update/upsert.
  • Fix the test. The original test relies on the ordering of checks(protocol check happens before other schema checks).

Behavior:

  • For plugins attached to a service:
    • Before the change, it needs to match at least one protocol of a route attached to the service if any;
    • After the change, it needs to match the service's protocol
  • For both: the check is done after populating the default values

Issue reference

Fix FTI-4436

StarlightIbuki avatar Apr 25 '23 06:04 StarlightIbuki

@bungle Could review this again?

StarlightIbuki avatar May 12 '23 06:05 StarlightIbuki

This feels like small but potentially breaking change.

  1. we allow "invalid" configurations currently and then can be stored in database
  2. we make our validations more correct BUT restricting, which would make the previous database start to fail now

@hbagdi?

bungle avatar Jun 08 '23 09:06 bungle

I agree with @bungle 's worries.

I think we can live with this bug till 4.0. We can choose to emit warnings only. This change only affects protocol checking. Only if we intentionally apply this new handler to a DAO entity will it affect its behavior (otherwise it remains the same behavior as before). So the idea of emitting warnings is feasible.

StarlightIbuki avatar Jun 12 '23 02:06 StarlightIbuki

Converting to draft as we changed the solution.

StarlightIbuki avatar Jun 13 '23 07:06 StarlightIbuki

ok

machphy avatar Feb 04 '24 18:02 machphy