-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tenant package relies on mutable global state #443
Comments
A few things of note as I've been testing this locally with Mimir:
Per the Cortex documentation referenced in the code and the Mimir documentation, both of these case should have been disallowed to begin with: tenant IDs can't be longer than 150 characters, |
56quarters
added a commit
that referenced
this issue
Nov 29, 2023
Remove the ability to set a global "default" parser for tenant IDs since this makes uses of this package fragile and bug prone. This also removes the `SingleResolver` struct which does not support multiple tenant IDs and was previously the default logic. All code for parsing tenant IDs is now aware of multiple tenant IDs separated by a `|` character. Consumers that don't want to support multiple tenant IDs at all should use the `TenantID()` method which returns an error if there are multiple tenant IDs. Consumers that wish to opptionally support multiple tenant IDs should validate incoming input to ensure only a single ID is present. Fixes #443 Signed-off-by: Nick Pillitteri <nick.pillitteri@grafana.com>
2 tasks
56quarters
added a commit
that referenced
this issue
Nov 29, 2023
Remove the ability to set a global "default" parser for tenant IDs since this makes uses of this package fragile and bug prone. This also removes the `SingleResolver` struct which does not support multiple tenant IDs and was previously the default logic. All code for parsing tenant IDs is now aware of multiple tenant IDs separated by a `|` character. Consumers that don't want to support multiple tenant IDs at all should use the `TenantID()` method which returns an error if there are multiple tenant IDs. Consumers that wish to optionally support multiple tenant IDs should validate incoming input to ensure only a single ID is present. This changes the default behavior of `TenantID()` and `TenantIDs()` in two ways: * `SingleResolver` did not previously enforce a limit on the length of a tenant ID. A limit of 150 characters is now enforced. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. * `SingleResolver` previously allowed tenant IDs to contain the `|` character. This is no longer allowed as part of a tenant ID and instead will be treated as a divided between multiple tenant IDs. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. Fixes #443 Signed-off-by: Nick Pillitteri <nick.pillitteri@grafana.com>
56quarters
added a commit
that referenced
this issue
Nov 29, 2023
Remove the ability to set a global "default" parser for tenant IDs since this makes uses of this package fragile and bug prone. This also removes the `SingleResolver` struct which does not support multiple tenant IDs and was previously the default logic. All code for parsing tenant IDs is now aware of multiple tenant IDs separated by a `|` character. Consumers that don't want to support multiple tenant IDs at all should use the `TenantID()` method which returns an error if there are multiple tenant IDs. Consumers that wish to optionally support multiple tenant IDs should validate incoming input to ensure only a single ID is present. This changes the default behavior of `TenantID()` and `TenantIDs()` in two ways: * `SingleResolver` did not previously enforce a limit on the length of a tenant ID. A limit of 150 characters is now enforced. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. * `SingleResolver` previously allowed tenant IDs to contain the `|` character. This is no longer allowed as part of a tenant ID and instead will be treated as a divider between multiple tenant IDs. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. Fixes #443 Signed-off-by: Nick Pillitteri <nick.pillitteri@grafana.com>
56quarters
added a commit
that referenced
this issue
Dec 15, 2023
Remove the ability to set a global "default" parser for tenant IDs since this makes uses of this package fragile and bug prone. This also removes the `SingleResolver` struct which does not support multiple tenant IDs and was previously the default logic. All code for parsing tenant IDs is now aware of multiple tenant IDs separated by a `|` character. Consumers that don't want to support multiple tenant IDs at all should use the `TenantID()` method which returns an error if there are multiple tenant IDs. Consumers that wish to optionally support multiple tenant IDs should validate incoming input to ensure only a single ID is present. This changes the default behavior of `TenantID()` and `TenantIDs()` in two ways: * `SingleResolver` did not previously enforce a limit on the length of a tenant ID. A limit of 150 characters is now enforced. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. * `SingleResolver` previously allowed tenant IDs to contain the `|` character. This is no longer allowed as part of a tenant ID and instead will be treated as a divider between multiple tenant IDs. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. Fixes #443 Signed-off-by: Nick Pillitteri <nick.pillitteri@grafana.com>
56quarters
added a commit
that referenced
this issue
Dec 18, 2023
Remove the ability to set a global "default" parser for tenant IDs since this makes uses of this package fragile and bug prone. This also removes the `SingleResolver` struct which does not support multiple tenant IDs and was previously the default logic. All code for parsing tenant IDs is now aware of multiple tenant IDs separated by a `|` character. Consumers that don't want to support multiple tenant IDs at all should use the `TenantID()` method which returns an error if there are multiple tenant IDs. Consumers that wish to optionally support multiple tenant IDs should validate incoming input to ensure only a single ID is present. This changes the default behavior of `TenantID()` and `TenantIDs()` in two ways: * `SingleResolver` did not previously enforce a limit on the length of a tenant ID. A limit of 150 characters is now enforced. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. * `SingleResolver` previously allowed tenant IDs to contain the `|` character. This is no longer allowed as part of a tenant ID and instead will be treated as a divider between multiple tenant IDs. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. Fixes #443 Signed-off-by: Nick Pillitteri <nick.pillitteri@grafana.com>
56quarters
added a commit
that referenced
this issue
Dec 19, 2023
Remove the ability to set a global "default" parser for tenant IDs since this makes uses of this package fragile and bug prone. This also removes the `SingleResolver` struct which does not support multiple tenant IDs and was previously the default logic. All code for parsing tenant IDs is now aware of multiple tenant IDs separated by a `|` character. Consumers that don't want to support multiple tenant IDs at all should use the `TenantID()` method which returns an error if there are multiple tenant IDs. Consumers that wish to optionally support multiple tenant IDs should validate incoming input to ensure only a single ID is present. This changes the default behavior of `TenantID()` and `TenantIDs()` in two ways: * `SingleResolver` did not previously enforce a limit on the length of a tenant ID. A limit of 150 characters is now enforced. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. * `SingleResolver` previously allowed tenant IDs to contain the `|` character. This is no longer allowed as part of a tenant ID and instead will be treated as a divider between multiple tenant IDs. This has always been the documented behavior as far back as Cortex, where this code originated. Not enforcing it was an oversight. Fixes #443
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
tenant
package is used for (among other things) extracting a tenant ID from acontext.Context
.There are two separate implementations of this logic:
|
and so can return multiple tenant IDs from a context.|
and so returns an error in this case.There is a
WithDefaultResolver
that changes which logic is used, via mutating a global. Mimir and Loki do this in response to some form of multi-tenant queries being enabled or disabled by configuration.This is a problem because the behavior of huge portions of each database can change by changes made far away from the code in question. It also makes it more difficult to unit test the code in question since adjusting the global state for a single test affects the behavior of every other test.
I propose:
WithDefaultResolver
method to prevent mutation of global stateMultiResolver
would move to the globaltenant.TenantID()
andtenant.TenantIDs()
methods.SingleResolver
,MultiResolver
, andResolver
unnecessaryThis would require changes in Mimir and Loki to reject multi-tenant queries when they aren't enabled. However, this would result in a better design anyway since the databases are checking for and enforcing exactly what they intend to enforce.
The text was updated successfully, but these errors were encountered: