Added resource_name column to all the scanners, added schema update handles in scanner dao

[joecheuk]

Resolves #1828 , #109

[blueandgold]

Thanks for adding this, it's awesome to have a way to make the schema changes. Just a comment on where the update is run.

[blueandgold]

As discussed, it would be awesome if the running of the schema update can be moved outside of the forseti application, so that the db update operation doesn't have to run everytime the forseti application starts up, and users can have the chance to backup their database before their db schema is actually updated. This will also require a documentation change to our upgrade instruction as well.

[blueandgold]

This is great.... where is the change in the startup script, that will call the db_migrator.py?

[blueandgold]

What happens if this is called again when the resource_name column already exists? Should there be error handling or logging?

[joecheuk]

Added error handling in db_migrator.py.

[blueandgold]

How about calling this db_migrator.py for a proper noun?

[joecheuk]

Renamed to db_migrator.py

[codecov]

Codecov Report

Merging #1864 into dev will decrease coverage by 0.01%.
The diff coverage is 50%.

@@            Coverage Diff             @@
##              dev    #1864      +/-   ##
==========================================
- Coverage   89.25%   89.24%   -0.02%     
==========================================
  Files         161      161              
  Lines       12004    12008       +4     
==========================================
+ Hits        10714    10716       +2     
- Misses       1290     1292       +2

Impacted Files	Coverage Δ
...oud/forseti/scanner/audit/bigquery_rules_engine.py	95.83% <ø> (ø)	⬆️
...forseti/scanner/audit/enabled_apis_rules_engine.py	88.49% <ø> (ø)	⬆️
...r/audit/instance_network_interface_rules_engine.py	92.64% <ø> (ø)	⬆️
...d/forseti/scanner/audit/ke_version_rules_engine.py	88.88% <ø> (ø)	⬆️
...loud/forseti/scanner/audit/buckets_rules_engine.py	81.92% <ø> (ø)	⬆️
...seti/scanner/audit/forwarding_rule_rules_engine.py	92% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/cloudsql_rules_engine.py	79.26% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/log_sink_rules_engine.py	93.7% <ø> (ø)	⬆️
...ner/scanners/instance_network_interface_scanner.py	0% <ø> (ø)	⬆️
...ud/forseti/scanner/audit/blacklist_rules_engine.py	93.18% <ø> (ø)	⬆️
... and 6 more

[blueandgold]

Looks great overall, some small comments.

[blueandgold]

Why sleep 5.... can it take more than 5 seconds?

[joecheuk]

The migrator script should block until the upgrade is finished, removed the sleep statement.

[blueandgold]

I would be clear that this updating the schema, and add if necessary at the end.

echo "Attempting to update database schema. if necessary."

[joecheuk]

Updated.

[blueandgold]

How about using LOGGER.exception() here?

LOGGER.exception('Unexpected error happened when attempting to update database schema.')

[joecheuk]

Updated.

[blueandgold]

This should be LOGGER.error(), rather than info()

If this is OperationalError, can we be more specific in the log message what might have happened?

[joecheuk]

This is expected when the table already has that column/column already deleted, I think info makes more sense so user won't need to worry about seeing the message at error level. Added log message in the update_schema method so we know what is failing.

[blueandgold]

There is no log message in the update_schema()

[joecheuk]

There is an info log in the update_schema method - LOGGER.info('Attempting to create column: %s', col_name)

[blueandgold]

Should we also add the table name here? Or is that already in the stacktrace?

[joecheuk]

Updated.

[blueandgold]

Method name should start with verb first. So, update_schema(), which is also consistent with migrate_schema(). Or is there a reason to call this schema_update()?

[joecheuk]

Renamed to update_schema

[blueandgold]

Can we do this? Which will make it easier to add more tables in the future?

declaritive_bases = [scanner_dao.BASE, inventory_dao.BASE]

for base in declaritive_bases:
    migrate_schema(sql_engine, base)

[joecheuk]

Updated.

[joecheuk]

Hi @ahoying , can you take a look at this PR again? This would be the final version if no new bugs were found.

[ahoying]

I didn't review the content of every resource_name field in the scanners to ensure that was the best value for the field, but the code LGTM.

[ahoying]

Super nit, use a comma after schema, not period: "schema, if necessary"

[joecheuk]

Thanks for pointing that out, that should definitely be a comma, updated!

[blueandgold]

A couple of quick comments.

[blueandgold]

qq, in the future, as we have more columns to add, how would they be handled? This time, we want to add resource_name, next time we want to add xyz. It's hard to see how xyz would fit here.

[joecheuk]

You will add the column as an attribute to the class and add the column creation logic in this method,

i.e.
class Violation(BASE):
xyz = Column(...)

  def update_schema(table):
         col = Column('resource_name', String(256), default='')
         col.create(table, populate_default=True)

         col = Column('xyz', String(256), default='')
         col.create(table, populate_default=True)

[blueandgold]

Right, that's what I thought. I think you should make col_name into a list of tuples [(name, type, default), ....]

And then just loop?

Or else just hardcode the name into the Column(), instead of having a variable col_name to track it.

[joecheuk]

Updated to hard code the column name

[blueandgold]

There is no log message in the update_schema()

[blueandgold]

if the pattern is to add the column as you mentioned, then should we surround try/except around each col.create()? Otherwise, when adding xyz in the future, would the execution reach xyz if resource_name already exists?

         col = Column('resource_name', String(256), default='')
         col.create(table, populate_default=True)

         col = Column('xyz', String(256), default='')
         col.create(table, populate_default=True)

[blueandgold]

For support purposes, will we ever need to know which columns are updated in which forseti versions?

[blueandgold]

What if we want to add more columns in the future? Shouldn't we use a list?:

columnMapping = {'CREATE', [column1, column2, ..]}

[joecheuk]

Updated.

[blueandgold]

Why camel casing?

[joecheuk]

Updated.

[blueandgold]

Can we avoid abbreviation here?

def create_column(table, column):

[joecheuk]

Updated.

[blueandgold]

Can you be more specific on the Column and Table object's type here? Other than just 'Column` and Tables.

[joecheuk]

Updated.

[blueandgold]

def drop_column(table, column):

[joecheuk]

updated.

[blueandgold]

Be consistent with the update_schema() method, so update_schema_method_name would be better.

update_schema_method_name = 'update_schema'

[joecheuk]

updated.

[blueandgold]

Better as:

update_schema = getattr(subclass, update_schema_method_name, None)

[joecheuk]

updated.

[blueandgold]

Again, why camel casing?

[joecheuk]

Updated.

[blueandgold]

This method does not do any update. It would be better to be called as get_update_actions() or get_migrate_actions().

[joecheuk]

Updated.

[blueandgold]

Should there be a try/except around this line, so that if a column exists, then it can move to the next column?

[joecheuk]

Updated.

[blueandgold]

A few more nits here.

[blueandgold]

Can we move the list out, so that it's easier to read?

columns_to_create = [
    Column('resource_name',  String(256), default=''),
    Column('abc',  String(256), default=''),
    Column('xyz',  String(256), default=''),
]

column_mapping = {
    'CREATE': columns_to_create,
    DELETE: columns_to_delete,
}

[joecheuk]

Updated

[blueandgold]

Instead of column_mapping, it would document better if the naming is schema_update_mapping or schema_action_mapping

[joecheuk]

Updated

[blueandgold]

This line here needs to be consistent with the naming comment above.

[joecheuk]

Updated

[blueandgold]

Looks great, just one more nit.

[blueandgold]

Just one more nit: this line is a bit inconsistent. We should make it read more smoothly as:

schema_update_actions = get_schema_update_actions()

[joecheuk]

Updated

[codecov]

Codecov Report

Merging #1864 into dev will decrease coverage by 0.02%.
The diff coverage is 40%.

@@            Coverage Diff             @@
##              dev    #1864      +/-   ##
==========================================
- Coverage   89.27%   89.25%   -0.03%     
==========================================
  Files         162      162              
  Lines       12177    12182       +5     
==========================================
+ Hits        10871    10873       +2     
- Misses       1306     1309       +3

Impacted Files	Coverage Δ
...oud/forseti/scanner/audit/bigquery_rules_engine.py	92.85% <ø> (ø)	⬆️
...forseti/scanner/audit/enabled_apis_rules_engine.py	88.49% <ø> (ø)	⬆️
...r/audit/instance_network_interface_rules_engine.py	92.64% <ø> (ø)	⬆️
...d/forseti/scanner/audit/ke_version_rules_engine.py	88.88% <ø> (ø)	⬆️
...loud/forseti/scanner/audit/buckets_rules_engine.py	81.92% <ø> (ø)	⬆️
...seti/scanner/audit/forwarding_rule_rules_engine.py	92% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/cloudsql_rules_engine.py	79.26% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/log_sink_rules_engine.py	93.7% <ø> (ø)	⬆️
...ner/scanners/instance_network_interface_scanner.py	0% <ø> (ø)	⬆️
...ud/forseti/scanner/audit/blacklist_rules_engine.py	93.18% <ø> (ø)	⬆️
... and 6 more

[codecov]

Codecov Report

Merging #1864 into dev will decrease coverage by 0.02%.
The diff coverage is 40%.

@@            Coverage Diff             @@
##              dev    #1864      +/-   ##
==========================================
- Coverage   89.33%   89.31%   -0.03%     
==========================================
  Files         162      162              
  Lines       12212    12217       +5     
==========================================
+ Hits        10910    10912       +2     
- Misses       1302     1305       +3

Impacted Files	Coverage Δ
...oud/forseti/scanner/audit/bigquery_rules_engine.py	92.85% <ø> (ø)	⬆️
...forseti/scanner/audit/enabled_apis_rules_engine.py	88.49% <ø> (ø)	⬆️
...r/audit/instance_network_interface_rules_engine.py	92.64% <ø> (ø)	⬆️
...d/forseti/scanner/audit/ke_version_rules_engine.py	88.88% <ø> (ø)	⬆️
...loud/forseti/scanner/audit/buckets_rules_engine.py	81.92% <ø> (ø)	⬆️
...seti/scanner/audit/forwarding_rule_rules_engine.py	92% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/cloudsql_rules_engine.py	79.26% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/log_sink_rules_engine.py	93.7% <ø> (ø)	⬆️
...ner/scanners/instance_network_interface_scanner.py	0% <ø> (ø)	⬆️
...ud/forseti/scanner/audit/blacklist_rules_engine.py	93.18% <ø> (ø)	⬆️
... and 6 more

[codecov]

Codecov Report

Merging #1864 into dev will decrease coverage by 0.02%.
The diff coverage is 40%.

@@            Coverage Diff             @@
##              dev    #1864      +/-   ##
==========================================
- Coverage   89.33%   89.31%   -0.03%     
==========================================
  Files         162      162              
  Lines       12212    12217       +5     
==========================================
+ Hits        10910    10912       +2     
- Misses       1302     1305       +3

Impacted Files	Coverage Δ
...oud/forseti/scanner/audit/bigquery_rules_engine.py	92.85% <ø> (ø)	⬆️
...forseti/scanner/audit/enabled_apis_rules_engine.py	88.49% <ø> (ø)	⬆️
...r/audit/instance_network_interface_rules_engine.py	92.64% <ø> (ø)	⬆️
...d/forseti/scanner/audit/ke_version_rules_engine.py	88.88% <ø> (ø)	⬆️
...loud/forseti/scanner/audit/buckets_rules_engine.py	81.92% <ø> (ø)	⬆️
...seti/scanner/audit/forwarding_rule_rules_engine.py	92% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/cloudsql_rules_engine.py	79.26% <ø> (ø)	⬆️
...oud/forseti/scanner/audit/log_sink_rules_engine.py	93.7% <ø> (ø)	⬆️
...ner/scanners/instance_network_interface_scanner.py	0% <ø> (ø)	⬆️
...ud/forseti/scanner/audit/blacklist_rules_engine.py	93.18% <ø> (ø)	⬆️
... and 6 more