-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor feature flag to support more modules #1057
Conversation
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
/cc @baurine @breeswish |
1794cbe
to
fd7dd71
Compare
58edb58
to
5d2db5d
Compare
5d2db5d
to
8bd2e44
Compare
6e1f58d
to
74a0937
Compare
@breeswish |
cfa75dc
to
31f4aa4
Compare
31f4aa4
to
4857960
Compare
@@ -40,7 +42,7 @@ func Default() *Config { | |||
TiDBTLSConfig: nil, | |||
EnableTelemetry: true, | |||
EnableExperimental: false, | |||
FeatureVersion: "", | |||
FeatureVersion: version.PDVersion, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a nice improvement.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
c5f06d5
to
43b297d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the rest lgtm
pkg/apiserver/user/auth.go
Outdated
@@ -88,8 +91,9 @@ func NewAuthService() *AuthService { | |||
} | |||
|
|||
service := &AuthService{ | |||
middleware: nil, | |||
authenticators: map[utils.AuthType]Authenticator{}, | |||
FeatureFlagNonRootLogin: featureFlagRegistry.Register("nonRootLogin", ">= 5.3.0"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems that this FeatureFlagNonRootLogin is not used. It doesn't look good as this may imply that this protection is purely happening at frontend and there is no backend protection for corresponding features.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Create a new PR #1089 to refactor the "non root login" for better review experience.
@@ -30,6 +31,8 @@ var ( | |||
) | |||
|
|||
type AuthService struct { | |||
FeatureFlagNonRootLogin *featureflag.FeatureFlag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feature should be placed inside SQL auth, as only SQL auth needs it and other kind of auth does not care about the "non root login".
util/featureflag/featureflag.go
Outdated
_ = c.Error(ErrFeatureUnsupported.New(f.name)) | ||
c.AbortWithStatus(http.StatusForbidden) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems that there is an "Abort". I'm worrying whether this is compatible with the standard rest.ErrorHandlerFn
. Could you add a test to verify it?
util/featureflag/featureflag.go
Outdated
"github.com/pingcap/tidb-dashboard/util/rest" | ||
) | ||
|
||
var ErrFeatureUnsupported = rest.ErrForbidden.NewSubtype("feature_unsupported") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh. I'm sorry, I misled you. There is no way to attach the error status code into the error type for now.
Please use HTTPCodeProperty
when initializing errors:
var ErrFeatureUnsupported = ErrNS.xxxx()
_ = c.Error(ErrFeatureUnsupported.NewWithNoMessage().WithProperty(HTTPCodeProperty(http.StatusForbidden)))
or:
_ = c.Error(rest.ErrForbidden.New("<ErrorMessages>"))
The whole point is to avoid the necessarilty to call c.Status()
or c.AbortWithStatus()
manually.
…oard into refactor/feature-flag
8cfd8e1
to
c6c075a
Compare
c6c075a
to
0623ecc
Compare
/merge |
This pull request has been accepted and is ready to merge. Commit hash: 0623ecc
|
util/featureflag/featureflag_test.go
Outdated
e2.Use(func(c *gin.Context) { | ||
c.Next() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use CreateTestContext to test context directly. No need to use a middleware to test it. Example:
func TestDownload(t *testing.T) {
handler := New()
token := handler.mustGetDownloadToken(t, "foobar", "file.txt", time.Second*5)
r := httptest.NewRecorder()
c, _ := gin.CreateTestContext(r)
c.Request, _ = http.NewRequest(http.MethodGet, "/download?token="+token, nil)
handler.HandleDownloadRequest(c)
require.Len(t, c.Errors, 0)
require.Equal(t, http.StatusOK, r.Code)
require.Equal(t, `attachment; filename="file.txt"`, r.Header().Get("Content-Disposition"))
require.Equal(t, `application/octet-stream`, r.Header().Get("Content-Type"))
require.Equal(t, "foobar", r.Body.String())
// Download again
r = httptest.NewRecorder()
c, _ = gin.CreateTestContext(r)
c.Request, _ = http.NewRequest(http.MethodGet, "/download?token="+token, nil)
handler.HandleDownloadRequest(c)
require.Len(t, c.Errors, 1)
require.True(t, errorx.IsOfType(c.Errors[0].Err, rest.ErrBadRequest))
require.Contains(t, c.Errors[0].Error(), "Download file not found")
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! This is really helpful.
req2, _ := http.NewRequest("GET", "/ping", nil) | ||
e.ServeHTTP(w2, req2) | ||
|
||
r.Equal(http.StatusForbidden, w2.Code) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Forbidden means Unauthorized: The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.
However there is no way for this router to be authorized. So maybe BadRequest is better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, yes. I misunderstood the "forbidden".
* Revert "Release v2021.12.06.1 (#1084)" This reverts commit bcc43a0. * Compitable with different TiDB versions for conprof and non-root-login features (#1047) * make conprof independent * check feature enable * add check feature enable middleware * hide menu if feature is not enabled * refactor non root login switch by new design * i18n * yarn fmt * renaming * adjust fe code * refine * remove unused log * build(deps): bump ws from 5.2.2 to 5.2.3 in /ui (#1055) * CICD: Update the release pipeline for recent PD format policies (#1054) * fix i18n wording (#1056) * Refactor: Change util module to util package (#1052) * Refactor: Fix godot incorrectly add dot suffix to annotations (#1059) * lint: Add goheader for copyright lints (#1062) * Refactor: Migrate to use the `rest` package in util/ (#1060) * fix(*): globally delete/update data by GORM (#1065) * ui: bump dependencies (#1066) * refactor: Switch to use ziputil, netutil, reflectutil and fileswap (#1067) * Fix request header being pinned after pd profiling (#1069) * Integrate speedscope (#1064) * fix potential panic when GetPDInstances (#1075) Signed-off-by: crazycs <[email protected]> * Refactor: a new httpclient (#1073) * Refactor: Switch to use util/distro in all places (#1078) * chore: support import relative file URL (#1082) * Refactor: Move tools into a standalone module (#1079) * Fix script to embed the ui (#1088) * Fix script to embed the ui * Hack write_strings * Refactor feature flag to support more modules (#1057) * Drop sysutil dependency (#1093) * chore: add graph generation (#1085) * Refactor: Add TopologyProvider (#1098) * esbuild: i18n + dep (#1101) * script: Add a script to generate version matrix (#1104) * distro: support dynamic config (#1094) * chore: support multiple profiling types (#1095) * fix(distro): check distro_strings.json fmt by prettier (#1106) * script: fix generate assets (#1107) * Add integration test (#1083) * debug_api: Switch to use the new util (#1103) * refactor(ui): auto refresh button (#1105) * refactor(ui): auto refresh button * chore: update translation * fix: remain seconds * refine: refresh button * fix: onRefresh * fix: auto refresh * fix: continue tick * chore: add some comments * tweak: remaining refresh seconds * chore: clean code Co-authored-by: Wenxuan <[email protected]> * ui: refine conprof (#1102) * update wording * not check prom any more * replace time range component * i18n * support view profile by diffrent ways * extract ActionsButton * change download data format * refine * comments * Revert "comments" This reverts commit 3b03fdb. * fix view cpu profile fail * update state * hide action button if disable * address feedback * update release-version * sync with master Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wenxuan <[email protected]> Co-authored-by: Suhaha <[email protected]> Co-authored-by: Yini Xu <[email protected]> Co-authored-by: crazycs <[email protected]>
ref #1047 (comment)