Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tenant: introduce systemtenant #863

Merged
merged 4 commits into from
Nov 21, 2024
Merged

tenant: introduce systemtenant #863

merged 4 commits into from
Nov 21, 2024

Conversation

stefanhengl
Copy link
Member

@stefanhengl stefanhengl commented Nov 21, 2024
edited
Loading

Some tasks, such as loading shards, require priviledged access on startup. Here I introduce systemtenant which we can use for these kinds of things.

This is motivated by a bug where the symbol sidebar in multi-tenant node wouldn't work because ranked shards were not loaded correctly which in turn caused SelectRepoSet to return 0 shards always.

Test plan:

  • added unit test
  • manual testing: symbol sidebar works now

keegancsmith
keegancsmith reviewed Nov 21, 2024
View reviewed changes
Copy link
Member

@keegancsmith keegancsmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added this to try make us a bit more robust in selectRepoSet #864

I think you should rename EqualsID to communicate at the call sites that it is about allowing the reading of tenant id's data.

I tried my hardest to think of another way we can get at this repository data without introducing a way of bypassing tenant checks. I failed and think this is the most robust way we have.

shards/shards.go Outdated Show resolved Hide resolved
@stefanhengl
tenant: introduce systemtenant
46af1c2 
Some tasks, such as loading shards, require priviledged access on
startup. Here I introduce a systemtenant we can use for these things.

This is motivated by bug where the symbol sidebar in multi-tenant node
wouldn't work because ranked shards were not loaded correctly which in
turn caused `SelectRepoSet` to return 0 shards always.

Test plan:
- added unit test
- manual testing: symbol sidebar works now
@stefanhengl
rename EqualsID, simplify systemtenant
934161c
keegancsmith
keegancsmith approved these changes Nov 21, 2024
View reviewed changes
Copy link
Member

@keegancsmith keegancsmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

I think if you are worried about misuse of systemtenant you can give it a name like systemtenant.DangerousCtxAvoidUsingMe and then the developer using it has to justify it :)

@keegancsmith
Copy link
Member

Another idea to avoid misuse is maybe not exporting the ctx, which can accidentally leak around, but maybe only add one function to servicetenant for now which looks like this func UnsafeList(searcher, zoekt.ListOptions) ...

@stefanhengl
Copy link
Member Author

stefanhengl commented Nov 21, 2024
edited
Loading

Another idea to avoid misuse is maybe not exporting the ctx, which can accidentally leak around, but maybe only add one function to servicetenant for now which looks like this func UnsafeList(searcher, zoekt.ListOptions) ...

I like that one

EDIT:

Spoke too early. I am running into circular imports again. I will go with UnsafeCtx for now.

@stefanhengl stefanhengl marked this pull request as ready for review November 21, 2024 14:43
keegancsmith
keegancsmith approved these changes Nov 21, 2024
View reviewed changes
shards/shards.go Show resolved Hide resolved
@stefanhengl stefanhengl merged commit 7af9f84 into main Nov 21, 2024
8 checks passed
@stefanhengl stefanhengl deleted the sh/mt/systemtenant branch November 21, 2024 15:04
jtibshirani
jtibshirani reviewed Nov 21, 2024
View reviewed changes
shards/shards.go
@@ -1064,7 +1065,10 @@ func (s *shardedSearcher) getLoaded() loaded {

func mkRankedShard(s zoekt.Searcher) *rankedShard {
q := query.Const{Value: true}
result, err := s.List(context.Background(), &q, nil)
// We need to use UnsafeCtx here, otherwise we cannot return a proper
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would there be a way to bypass List and load the repo metadata directly? So this just obviously becomes a low-level, privileged operation. This would introducing systemtenant just for this single privileged call. Or maybe it's not possible to refactor things to support this 🤔

I'm not an expert on this code and totally lack context, so just ignore me if this not helpful :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My initial thoughts was around this, but I couldn't think of a nice way. EG we want to take into account tombstones/etc and anything else we may add to List in the future. So using List feels like the cleanest approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtibshirani jtibshirani jtibshirani left review comments

@keegancsmith keegancsmith keegancsmith approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stefanhengl @keegancsmith @jtibshirani