Check security properties in the main transaction#2300
Merged
nickva merged 3 commits intoprototype/fdb-layerfrom Nov 14, 2019
Merged
Check security properties in the main transaction#2300nickva merged 3 commits intoprototype/fdb-layerfrom
nickva merged 3 commits intoprototype/fdb-layerfrom
Conversation
nickva
force-pushed
the
check-security-in-transaction
branch
from
8e601a6 to
c8d152c
Compare
Previously we checked security properties in a separate transaction, after opening the db or fetching it from the cache. To avoid running an extra transaction move the check inside the main transaction right after the metadata check runs. That ensure it will be consistent and it won't be accidentally missed as all operations run the `ensure_current` metadata check. Also remove the special `get_config/2` function in `fabric2_fdb` for getting revs limit and security properties and just read them directly from the db map.
nickva
force-pushed
the
check-security-in-transaction
branch
5 times, most recently
from
d601c59 to
91cca43
Compare
Contributor
Author
|
Quick benchmark with this PR: prototype/fdb-layer (FDB master): This PR: add_docs.py: https://gist.github.com/nickva/5d88c389d45ab538950a5e0f34b7d2ae First ran script once to create and populate db then run again to read the documents With the chttpd_auth_request security check back in got: |
davisp
requested changes
Nov 14, 2019
Member
davisp
left a comment
davisp
left a comment
There was a problem hiding this comment.
Looks good overall. Few questions though.
Previously, a stale db handle could be re-used across a few separate transactions. That would result in the database getting re-opened before every one of those operations. To prevent that from happening, check the cache before the transaction starts, and if there is a newer version of the db handle and use that.
Previously `set_config/3` needed keys and values to be transalted to binaries, now that is done inside the function. It's a bit more consistent as binary config values and encodings are better encapsulated in the `fabric2_fdb` module. Since `set_config` does, it made sense to update get_config as well. There, it turns out it was used only to load configuration setting after a db open, so the function was renamed to `load_config` and was made private.
nickva
force-pushed
the
check-security-in-transaction
branch
from
91cca43 to
5e55060
Compare
davisp
approved these changes
Nov 14, 2019
Member
davisp
left a comment
davisp
left a comment
There was a problem hiding this comment.
One minor nit, but +1 once you tweak the map update operations.
nickva
added a commit
that referenced
this pull request
Nov 14, 2019
Forgot to push this in the previous PR so made a new commit. #2300 (comment)
nickva
added a commit
that referenced
this pull request
Nov 14, 2019
Forgot to push this in the previous PR so made a new commit. #2300 (comment)
davisp
pushed a commit
that referenced
this pull request
Feb 26, 2020
Forgot to push this in the previous PR so made a new commit. #2300 (comment)
davisp
pushed a commit
that referenced
this pull request
Feb 27, 2020
Forgot to push this in the previous PR so made a new commit. #2300 (comment)
davisp
pushed a commit
that referenced
this pull request
Mar 2, 2020
Forgot to push this in the previous PR so made a new commit. #2300 (comment)
davisp
pushed a commit
that referenced
this pull request
Mar 2, 2020
Forgot to push this in the previous PR so made a new commit. #2300 (comment)
davisp
pushed a commit
that referenced
this pull request
Sep 9, 2020
Forgot to push this in the previous PR so made a new commit. #2300 (comment)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously we checked security properties in a separate transaction, after
opening the db or fetching it from the cache. To avoid running an extra
transaction move the check inside the main transaction right after the metadata
check runs. That ensure it will be consistent and it won't be accidentally
missed as all operations run the
ensure_currentmetadata check.Also remove the special
get_config/2function infabric2_fdbfor gettingrevs limit and security properties and just read them directly from the db map.
Test with:
make && make eunit apps=fabric,couch_views,couch_jobsmake && make elixir tests=test/elixir/test/basics_test.exs,test/elixir/test/replication_test.exs,test/elixir/test/map_test.exs,test/elixir/test/all_docs_test.exs,test/elixir/test/bulk_docs_test.exs