Make sources.filesystem_id non-nullable #6350
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
legoktm
added a commit
that referenced
this pull request
Mar 18, 2022
* Upgrade mypy to 0.941 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
This was referenced Mar 18, 2022
legoktm
force-pushed
the
filesystem-id-non-null
branch
from
870ebcc
to
fc72191
Compare
Codecov Report
@@ Coverage Diff @@
## develop #6350 +/- ##
===========================================
- Coverage 84.00% 83.95% -0.05%
===========================================
Files 61 62 +1
Lines 4295 4307 +12
Branches 522 522
===========================================
+ Hits 3608 3616 +8
- Misses 564 568 +4
Partials 123 123
📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more |
legoktm
added a commit
that referenced
this pull request
Mar 21, 2022
* Upgrade mypy to 0.941 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
legoktm
added a commit
that referenced
this pull request
Mar 22, 2022
* Upgrade mypy to 0.941 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Drop the explicit type comments now that mypy can infer them.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
legoktm
added a commit
that referenced
this pull request
Mar 23, 2022
* Upgrade mypy to 0.941 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Drop the explicit type comments now that mypy can infer them.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
|
I tried to git blame on whether we were ever intentionally writing NULLs to filesystem_id and didn't really find anything (but also the filesystem_id column dates back to the initial SQLAlchemy commit, so it's super old!). I am relatively confident that there aren't NULLs lying around because SD would blow up pretty quickly in the app code if filesystem_id was NULL, so moving this to ready for review. |
legoktm
added a commit
that referenced
this pull request
Mar 31, 2022
* Upgrade mypy to 0.942 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* Since we need to install extra packages and need other dependencies
like Flask, move mypy into test-requirements.txt and run it via the
dev container.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Drop the explicit type comments now that mypy can infer them.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
Fixes #6358.
legoktm
added a commit
that referenced
this pull request
Mar 31, 2022
* Upgrade mypy to 0.942 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* Since we need to install extra packages and need other dependencies
like Flask, move mypy into test-requirements.txt and run it via the
dev container.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Drop the explicit type comments now that mypy can infer them.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
Fixes #6358.
|
Poked around a bit as well (including manually setting a source's filesystem_id to null and seeing what happens) - returning users are authenticated by generating the expected filesystem_id and querying the database for it. So, if a source's filesystem_id field is ever set to null, they can't log back in. Probably what this means for this PR is that just deleting sources with a null filesystem_id value is a valid migration strategy, as their submissions are already effectively orphaned and will get swept up in the nightly jobs to detect disconnected files/entries. |
|
Deleting a source is not the easiest thing in alembic because we need to clean up referential tables, but it seems doable. |
legoktm
force-pushed
the
filesystem-id-non-null
branch
from
fc72191
to
9725557
Compare
|
Moving back to draft state, I pushed my work from today but there's still a bit more to do in the migration, we delete stuff out of sources, replies, submissions, but aren't then deleting stuff that refer to those replies and submissions... |
legoktm
force-pushed
the
filesystem-id-non-null
branch
2 times, most recently
from
f5d52e6
to
27515a2
Compare
legoktm
force-pushed
the
filesystem-id-non-null
branch
2 times, most recently
from
a160a6b
to
0fb2dd9
Compare
legoktm
added a commit
that referenced
this pull request
Apr 7, 2022
* Upgrade mypy to 0.942 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* Since we need to install extra packages and need other dependencies
like Flask, move mypy into test-requirements.txt and run it via the
dev container.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Drop the explicit type comments now that mypy can infer them.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
Fixes #6358.
legoktm
force-pushed
the
filesystem-id-non-null
branch
from
0fb2dd9
to
9d1efc8
Compare
legoktm
added a commit
that referenced
this pull request
Apr 12, 2022
* Upgrade mypy to 0.942 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* Since we need to install extra packages and need other dependencies
like Flask, move mypy into test-requirements.txt and run it via the
dev container.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Drop the explicit type comments now that mypy can infer them.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
Fixes #6358.
zenmonkeykstop
approved these changes
Apr 19, 2022
There was a problem hiding this comment.
Tested as follows:
- set up 2.3.1 prod VM environment, created multiple sources, nulled out the filesystem ID for one of them.
- Confirmed that a 500 error is thrown on the All Sources page due to the missing filesystem_id (so this unlikely scenario would have been immediately noticeable)
- used the upgrade scenario procedure to update the prod instance with debs built from this branch
- confirmed that the All Sources page no longer 500s out and displays only the non-nulled sources.
- confirmed that replies and message from those sources are still available for download
- confirmed that the nulled source was deleted from the database
- confirmed that the filesystem_id field has nullable=false applied.
LGTM!
legoktm
added a commit
that referenced
this pull request
Apr 19, 2022
* Upgrade mypy to 0.942 and sqlalchemy-stubs to 0.4. Type stubs are no
longer bundled with mypy, so we need to explicitly install various
types-{name} packages.
* Since we need to install extra packages and need other dependencies
like Flask, move mypy into test-requirements.txt and run it via the
dev container.
* The main issue spotted by the SQLAlchemy plugin, that
sources.filesystem_id is nullable, is being fixed in a separate PR:
#6350.
* Drop the explicit type comments now that mypy can infer them.
* Use `--explicit-package-bases` when running mypy, so it treats the
securedrop/admin directories as modules regardless of whether
`__init__.py` files exist. This is needed so the two tests/
directories don't conflict with each other.
* Add missing return types to all schema changes and the templates that
generate them.
* In the `create_source_uuid_column` migration, drop the use of
`quoted_name()`. For some reason mypy doesn't like it, but more
importantly we don't need it in SQLite and we don't use it in any
other schema change.
* Make SecureTemporaryFile.write()'s return type match its parent by
returning the number of bytes that were written.
Fixes #6346.
Fixes #6358.
35 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review
Description of Changes
We already set this field all the time and in all places expect it to be
a string, not checking if its None first.
Discovered by the mypy work I'm doing in #6346.
Refs #6226.
Testing
alembic upgrade headto apply this schema change, and try to log in with the source. Verify you can log in properly.Deployment
Any special considerations for deployment? No, just a normal schema change.
Checklist
make lint) and tests (make test) pass in the development container