Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merging to release-5.4.0: TT-12347 fix management of custom keys in mdcb installations (#6353) #6357

Merged
merged 1 commit into from
Jun 19, 2024
Merged

Merging to release-5.4.0: TT-12347 fix management of custom keys in mdcb installations (#6353) #6357

merged 1 commit into from
Jun 19, 2024

Conversation

buger
Copy link
Member

@buger buger commented Jun 19, 2024
edited by github-actions bot
Loading

User description

TT-12347 fix management of custom keys in mdcb installations (#6353)

User description

Description

Related Issue

https://tyktech.atlassian.net/browse/TT-12347

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing
    functionality to change)
  • Refactoring or add test (improvements in base code or adds test
    coverage to functionality)

Checklist

  • I ensured that the documentation is up to date
  • I explained why this PR updates go.mod in detail with reasoning
    why it's required
  • I would like a code coverage CI quality gate exception and have
    explained why

PR Type

Enhancement

Description

  • Changed the order of key search logic in the SessionDetail method of
    DefaultSessionManager.
  • Moved keyName to be appended after generating token with orgID.

Changes walkthrough 📝

Relevant files
Enhancement
auth_manager.go
Modify key search order in `SessionDetail` method               

gateway/auth_manager.go

  • Changed the order of key search logic in SessionDetail method.
  • Moved keyName to be appended after generating token with orgID.
    		•  +3/-1     

    💡 PR-Agent usage:
    Comment /help on the PR to get a list of all available PR-Agent tools
    and their descriptions

    PR Type

    Enhancement, Tests

    Description

    • Updated the key search logic in the SessionDetail method to handle custom keys more effectively.
    • Enhanced the ProcessKeySpaceChanges method to include fallback deletion using token ID.
    • Added new tests to verify the processing of custom keys in the edge gateway.
    • Included tests for fallback key deletion using token ID.

    Changes walkthrough 📝

    Relevant files
    Enhancement
    auth_manager.go
    Update key search logic in SessionDetail method                   

    gateway/auth_manager.go

  • Changed the order of key search logic in the SessionDetail method.
  • Added custom key handling in the key search process.
    		•  +2/-2     
    rpc_storage_handler.go
    Enhance key deletion logic in ProcessKeySpaceChanges         

    gateway/rpc_storage_handler.go

  • Modified ProcessKeySpaceChanges to handle custom key deletion.
  • Added deleteUsingTokenID function for fallback deletion using token
    ID.
    		•  +18/-1   
    Tests
    auth_manager_test.go
    Add tests for custom key processing in edge gateway           

    gateway/auth_manager_test.go

  • Added TestCustomKeysEdgeGw to check custom key processing.
  • Included test cases for custom keys and base64 representation.
    		•  +98/-0   
    rpc_storage_handler_test.go
    Add tests for fallback key deletion using token ID             

    gateway/rpc_storage_handler_test.go

  • Added TestDeleteUsingTokenID to verify fallback deletion using token
    ID.
  • Included test cases for custom key ID and non-existent TokenID.
    		•  +63/-0   

    💡 PR-Agent usage:
    Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    @sredxny
    TT-12347 fix management of custom keys in mdcb installations (#6353)
    34dc90a 
    ### **User description**
<!-- Provide a general summary of your changes in the Title above -->

## Description

<!-- Describe your changes in detail -->

## Related Issue

https://tyktech.atlassian.net/browse/TT-12347

## Motivation and Context

<!-- Why is this change required? What problem does it solve? -->

## How This Has Been Tested

<!-- Please describe in detail how you tested your changes -->
<!-- Include details of your testing environment, and the tests -->
<!-- you ran to see how your change affects other areas of the code,
etc. -->
<!-- This information is helpful for reviewers and QA. -->

## Screenshots (if appropriate)

## Types of changes

<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test
coverage to functionality)

## Checklist

<!-- Go over all the following points, and put an `x` in all the boxes
that apply -->
<!-- If there are no documentation updates required, mark the item as
checked. -->
<!-- Raise up any additional concerns not covered by the checklist. -->

- [ ] I ensured that the documentation is up to date
- [ ] I explained why this PR updates go.mod in detail with reasoning
why it's required
- [ ] I would like a code coverage CI quality gate exception and have
explained why


___

### **PR Type**
Enhancement


___

### **Description**
- Changed the order of key search logic in the `SessionDetail` method of
`DefaultSessionManager`.
- Moved `keyName` to be appended after generating token with `orgID`.


___



### **Changes walkthrough** 📝
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement
</strong></td><td><table>
<tr>
  <td>
    <details>
<summary><strong>auth_manager.go</strong><dd><code>Modify key search
order in `SessionDetail` method</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; </dd></summary>
<hr>

gateway/auth_manager.go
<li>Changed the order of key search logic in <code>SessionDetail</code>
method.<br> <li> Moved <code>keyName</code> to be appended after
generating token with <code>orgID</code>.<br>


</details>
    

  </td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/6353/files#diff-311e18b071d244ed1615c0019215b633278679df373288b3451bcc5cf7c52c4e">+3/-1</a>&nbsp;
&nbsp; &nbsp; </td>
</tr>                    
</table></td></tr></tr></tbody></table>

___

> 💡 **PR-Agent usage**:
>Comment `/help` on the PR to get a list of all available PR-Agent tools
and their descriptions

(cherry picked from commit d3f52ab)
    @buger buger enabled auto-merge (squash) June 19, 2024 13:17
    @github-actions GitHub Actions
    Copy link
    Contributor

    PR Reviewer Guide 🔍

    ⏱️ Estimated effort to review [1-5] 4
    🧪 Relevant tests Yes
    🔒 Security concerns No
    ⚡ Key issues to review Possible Bug:
    The logic in gateway/auth_manager.go modifies the toSearchList by first clearing it and then adding keyName back in a separate step. This could potentially introduce bugs or inefficiencies in key management. Consider refactoring to append directly without clearing first.
    Redundancy:
    In gateway/rpc_storage_handler.go, the error handling and logging within deleteUsingTokenID might be verbose and could be streamlined for clarity and performance.

    @github-actions GitHub Actions
    Copy link
    Contributor

    API Changes

    no api changes detected

    @github-actions GitHub Actions
    Copy link
    Contributor

    PR Code Suggestions ✨

    CategorySuggestion                                                                                                                                    Score
    Best practice
    Prevent deletion operations on empty keys to avoid errors

    Add a check to ensure that the key is not empty before attempting deletion operations in
    deleteUsingTokenID to prevent unnecessary processing and potential errors.

    gateway/rpc_storage_handler.go [1156-1158]

    +if key == "" {
+    log.Warn("attempted to delete an empty key")
+    return http.StatusBadRequest, fmt.Errorf("key is empty")
+}
 id, err := storage.TokenID(key)
 if err == nil {
     _, status = r.Gw.handleDeleteKey(id, orgId, "-1", resetQuota)
 }
    Suggestion importance[1-10]: 9

    Why: This suggestion is highly relevant as it adds a safeguard against processing empty keys, which can prevent runtime errors and unnecessary operations, thereby improving the reliability of the code.

    		9
    Handle cases where Token ID is not found more explicitly in the deletion logic

    Ensure that the deleteUsingTokenID function handles the case where TokenID is not found
    more gracefully, possibly by returning a custom error or a specific status code.

    gateway/rpc_storage_handler.go [1156-1158]

     id, err := storage.TokenID(key)
-if err == nil {
-    _, status = r.Gw.handleDeleteKey(id, orgId, "-1", resetQuota)
+if err != nil {
+    log.Warnf("Token ID not found for key: %v", key)
+    return http.StatusNotFound, err
 }
+_, status = r.Gw.handleDeleteKey(id, orgId, "-1", resetQuota)
    Suggestion importance[1-10]: 8

    Why: This suggestion improves the robustness of the function by explicitly handling cases where the TokenID is not found, which can prevent potential issues and make the code more maintainable.

    		8
    Enhancement
    Improve error handling and logging in key deletion logic

    Refactor the error handling in deleteUsingTokenID to handle different error types
    distinctly and log them appropriately for better debugging and maintenance.

    gateway/rpc_storage_handler.go [1122]

     if err != nil {
-    log.Debugf("cannot remove key:%v status: %v", key, status)
+    if errors.Is(err, someSpecificError) {
+        log.Errorf("specific error occurred: %v", err)
+    } else {
+        log.Errorf("error removing key: %v, status: %v", key, status)
+    }
 }
    Suggestion importance[1-10]: 7

    Why: The suggestion improves error handling by distinguishing between different error types and logging them appropriately, which enhances debugging and maintenance. However, it is not crucial for the functionality of the code.

    		7

    @sonarcloud SonarCloud
    Copy link

    sonarcloud bot commented Jun 19, 2024

    Quality Gate Passed Quality Gate passed

    Issues
    0 New issues
    0 Accepted issues

    Measures
    0 Security Hotspots
    92.3% Coverage on New Code
    0.0% Duplication on New Code

    See analysis details on SonarCloud

    @buger buger merged commit d067b91 into release-5.4.0 Jun 19, 2024
    34 checks passed
    @buger buger deleted the merge/release-5.4.0/d3f52ab09057c3a729e0c5ae0c75522af13937f8 branch June 19, 2024 13:41
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    enhancement Review effort [1-5]: 4 Tests
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.

    None yet
    2 participants
    @buger @sredxny