-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added a logic to disconnect users from ServiceNow on change of the encryption secret. #171
base: master
Are you sure you want to change the base?
Added a logic to disconnect users from ServiceNow on change of the encryption secret. #171
Conversation
…e of the encryption secret. (#42) * [MI-2032]: Modified the error when a user updates his encryption secret * [MI-2032]: Review fixes done 1. Fixed linting errors * [MI-2032]: Review fixes done 1.Improved code quality * [MI-2032]: Review fixes done 1. Improved code quality * [MI-2032]: Added a logic that if we change the encryption secret then at that time only all the users will be disconnected from service now. * [MI-2032]: Modified code quality * [MI-2032]: Review fixes done 1. Improved code quality * [MI-2032]: Review fixes done 1. Implemented separate goroutine to delete users * [MI-2032]: Review fixes done 1. Used goroutines inside a loop 2. Improved code readability
@hanzei the below PR is ready for review. Can please assign the designated reviewer to it. |
if oldEncryptionSecret != "" && oldEncryptionSecret != p.getConfiguration().EncryptionSecret { | ||
go p.store.DeleteUserTokenOnEncryptionSecretChange() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we delete the users even if the oldEncryptionSecret
is blank? As long as the secret changed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR 👍
I'm wondering how the code behaves in a HA environment. Are there issues that can arise when multiple servers race to delete the user list?
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #171 +/- ##
==========================================
- Coverage 65.40% 63.85% -1.55%
==========================================
Files 17 17
Lines 2064 2114 +50
==========================================
Hits 1350 1350
- Misses 674 724 +50
Partials 40 40 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR above has been tested for the following scenario:-
- On changing the encryption secret in MM, the connected users are disconnected from Servicenow.
The PR was working fine for the above condition, LGTM. Approved.
@hanzei #171 (review) QA tested this PR for the HA environment and its working perfectly fine. |
I'm leaving it to @mickmister to suggest next steps on this PR |
server/plugin/kv.go
Outdated
wg := new(sync.WaitGroup) | ||
mu := new(sync.Mutex) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right now we add to this wait group once per user. That seems a bit excessive. What if there are a very large amount of users? We should probably fan this out with at most 5-10 goroutines at a time. @hanzei Thoughts on this? Also, with the current strategy we would be slamming the database all at once, and on multiple nodes in an HA environment as @hanzei pointed out.
We definitely want to coordinate this so it only runs on one node. We can use cluster.Mutex to coordinate this. We did something similar (a "migration" of sorts) using this here mattermost/mattermost-plugin-gitlab#361.
This PR is a bit different though, since this will be run "on demand" when the secret changes. Here's how I see this working:
- We check if the secret changed as usual. If not changed, do normal stuff without any of the below steps
- We fetch a mutex for
delete-all-users
- With the mutex, we check the kv store key
delete-all-users-running
(@hanzei wondering about race conditions here, where the database may not be "ready" to return the freshly set key on another node's database connection. We've run into these timing things before where the kvstore had not reflected the most recently updated state in real-time)- If the key does exist
- Immediately release the mutex
- Do not call
DeleteAllUsers
- If the key does not exist
- Set the
delete-all-users-running
value totrue
- In a defer block right below that, remove the
delete-all-users-running
key - Immediately release the mutex
- Call
DeleteAllUsers
- Set the
- If the key does exist
This can all be done in a goroutine in OnConfigurationChange
so we don't block that function from returning
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We definitely want to coordinate this so it only runs on one node. We can use cluster.Mutex to coordinate this. We did something similar (a "migration" of sorts) using this here mattermost/mattermost-plugin-gitlab#361.
Strong 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder why we are fanning out the requests at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I'm thinking the same now. I think we should do this synchronously here with no wait group or goroutines. @Kshitij-Katiyar What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, I think we should do this synchronously as this is a very minor edge case as well. @mickmister
…sers and goroutines
…icenow into fix_issue_encryption_secret_change
@hanzei @mickmister fixed the review comments. Please re-review. |
@mickmister @hanzei Gentle reminder to re-review the PR |
There's no customer reported ticket associated with this, so I'm not sure if this is a priority that should require this complexity |
This was a problem we faced while developing, that's why we have added this feature as an enhancement. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR mostly LGTM. I think the goroutines used to fetch all users may be unnecessary. Otherwise looks good 👍
server/plugin/kv.go
Outdated
wg := new(sync.WaitGroup) | ||
mu := new(sync.Mutex) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I'm thinking the same now. I think we should do this synchronously here with no wait group or goroutines. @Kshitij-Katiyar What do you think?
@mickmister fixed the review comments. Please re-review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just one suggestion to remove the lock since we're doing this synchronously now
@mickmister fixed the review comments. Please re-review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work. I needed a few reads to understood what was going on, left my thought in comments but not blocking.
This would be fairly useful for other plugins as well @mickmister (mattermost/mattermost-plugin-google-calendar#61)
@fmartingr Fixed the review fixes. Please re-review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re-approved. Thanks for addressing my concerns!
Summary
When an admin changes the encryption secret then all the users will be disconnected from ServiceNow and they have to reconnect their accounts to ServiceNow.