Refactor feature flag to support more modules #1057
Conversation
|
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
|
/cc @baurine @breeswish |
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
1794cbe
to
fd7dd71
Compare
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
58edb58
to
5d2db5d
Compare
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
5d2db5d
to
8bd2e44
Compare
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
6e1f58d
to
74a0937
Compare
|
@breeswish |
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
cfa75dc
to
31f4aa4
Compare
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
31f4aa4
to
4857960
Compare
| @@ -40,7 +42,7 @@ func Default() *Config { | |||
| TiDBTLSConfig: nil, | |||
| EnableTelemetry: true, | |||
| EnableExperimental: false, | |||
| FeatureVersion: "", | |||
| FeatureVersion: version.PDVersion, | |||
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
c5f06d5
to
43b297d
Compare
pkg/apiserver/user/auth.go
Outdated
| @@ -88,8 +91,9 @@ func NewAuthService() *AuthService { | |||
| } | |||
|
|
|||
| service := &AuthService{ | |||
| middleware: nil, | |||
| authenticators: map[utils.AuthType]Authenticator{}, | |||
| FeatureFlagNonRootLogin: featureFlagRegistry.Register("nonRootLogin", ">= 5.3.0"), | |||
There was a problem hiding this comment.
Seems that this FeatureFlagNonRootLogin is not used. It doesn't look good as this may imply that this protection is purely happening at frontend and there is no backend protection for corresponding features.
There was a problem hiding this comment.
Create a new PR #1089 to refactor the "non root login" for better review experience.
| @@ -30,6 +31,8 @@ var ( | |||
| ) | |||
|
|
|||
| type AuthService struct { | |||
| FeatureFlagNonRootLogin *featureflag.FeatureFlag | |||
There was a problem hiding this comment.
This feature should be placed inside SQL auth, as only SQL auth needs it and other kind of auth does not care about the "non root login".
util/featureflag/featureflag.go
Outdated
| _ = c.Error(ErrFeatureUnsupported.New(f.name)) | ||
| c.AbortWithStatus(http.StatusForbidden) |
There was a problem hiding this comment.
Seems that there is an "Abort". I'm worrying whether this is compatible with the standard rest.ErrorHandlerFn. Could you add a test to verify it?
util/featureflag/featureflag.go
Outdated
| "github.com/pingcap/tidb-dashboard/util/rest" | ||
| ) | ||
|
|
||
| var ErrFeatureUnsupported = rest.ErrForbidden.NewSubtype("feature_unsupported") |
There was a problem hiding this comment.
Oh. I'm sorry, I misled you. There is no way to attach the error status code into the error type for now.
Please use HTTPCodeProperty when initializing errors:
var ErrFeatureUnsupported = ErrNS.xxxx()
_ = c.Error(ErrFeatureUnsupported.NewWithNoMessage().WithProperty(HTTPCodeProperty(http.StatusForbidden)))or:
_ = c.Error(rest.ErrForbidden.New("<ErrorMessages>"))The whole point is to avoid the necessarilty to call c.Status() or c.AbortWithStatus() manually.
…oard into refactor/feature-flag
shhdgit
force-pushed
the
refactor/feature-flag
branch
2 times, most recently
from
8cfd8e1
to
c6c075a
Compare
shhdgit
force-pushed
the
refactor/feature-flag
branch
from
c6c075a
to
0623ecc
Compare
|
/merge |
|
This pull request has been accepted and is ready to merge. Commit hash: 0623ecc
|
util/featureflag/featureflag_test.go
Outdated
| e2.Use(func(c *gin.Context) { | ||
| c.Next() |
There was a problem hiding this comment.
You can use CreateTestContext to test context directly. No need to use a middleware to test it. Example:
func TestDownload(t *testing.T) {
handler := New()
token := handler.mustGetDownloadToken(t, "foobar", "file.txt", time.Second*5)
r := httptest.NewRecorder()
c, _ := gin.CreateTestContext(r)
c.Request, _ = http.NewRequest(http.MethodGet, "/download?token="+token, nil)
handler.HandleDownloadRequest(c)
require.Len(t, c.Errors, 0)
require.Equal(t, http.StatusOK, r.Code)
require.Equal(t, `attachment; filename="file.txt"`, r.Header().Get("Content-Disposition"))
require.Equal(t, `application/octet-stream`, r.Header().Get("Content-Type"))
require.Equal(t, "foobar", r.Body.String())
// Download again
r = httptest.NewRecorder()
c, _ = gin.CreateTestContext(r)
c.Request, _ = http.NewRequest(http.MethodGet, "/download?token="+token, nil)
handler.HandleDownloadRequest(c)
require.Len(t, c.Errors, 1)
require.True(t, errorx.IsOfType(c.Errors[0].Err, rest.ErrBadRequest))
require.Contains(t, c.Errors[0].Error(), "Download file not found")
}There was a problem hiding this comment.
Thanks! This is really helpful.
| req2, _ := http.NewRequest("GET", "/ping", nil) | ||
| e.ServeHTTP(w2, req2) | ||
|
|
||
| r.Equal(http.StatusForbidden, w2.Code) |
There was a problem hiding this comment.
Forbidden means Unauthorized: The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.
However there is no way for this router to be authorized. So maybe BadRequest is better.
There was a problem hiding this comment.
Oh, yes. I misunderstood the "forbidden".
* Revert "Release v2021.12.06.1 (#1084)" This reverts commit bcc43a0. * Compitable with different TiDB versions for conprof and non-root-login features (#1047) * make conprof independent * check feature enable * add check feature enable middleware * hide menu if feature is not enabled * refactor non root login switch by new design * i18n * yarn fmt * renaming * adjust fe code * refine * remove unused log * build(deps): bump ws from 5.2.2 to 5.2.3 in /ui (#1055) * CICD: Update the release pipeline for recent PD format policies (#1054) * fix i18n wording (#1056) * Refactor: Change util module to util package (#1052) * Refactor: Fix godot incorrectly add dot suffix to annotations (#1059) * lint: Add goheader for copyright lints (#1062) * Refactor: Migrate to use the `rest` package in util/ (#1060) * fix(*): globally delete/update data by GORM (#1065) * ui: bump dependencies (#1066) * refactor: Switch to use ziputil, netutil, reflectutil and fileswap (#1067) * Fix request header being pinned after pd profiling (#1069) * Integrate speedscope (#1064) * fix potential panic when GetPDInstances (#1075) Signed-off-by: crazycs <chen.two.cs@gmail.com> * Refactor: a new httpclient (#1073) * Refactor: Switch to use util/distro in all places (#1078) * chore: support import relative file URL (#1082) * Refactor: Move tools into a standalone module (#1079) * Fix script to embed the ui (#1088) * Fix script to embed the ui * Hack write_strings * Refactor feature flag to support more modules (#1057) * Drop sysutil dependency (#1093) * chore: add graph generation (#1085) * Refactor: Add TopologyProvider (#1098) * esbuild: i18n + dep (#1101) * script: Add a script to generate version matrix (#1104) * distro: support dynamic config (#1094) * chore: support multiple profiling types (#1095) * fix(distro): check distro_strings.json fmt by prettier (#1106) * script: fix generate assets (#1107) * Add integration test (#1083) * debug_api: Switch to use the new util (#1103) * refactor(ui): auto refresh button (#1105) * refactor(ui): auto refresh button * chore: update translation * fix: remain seconds * refine: refresh button * fix: onRefresh * fix: auto refresh * fix: continue tick * chore: add some comments * tweak: remaining refresh seconds * chore: clean code Co-authored-by: Wenxuan <breezewish@pingcap.com> * ui: refine conprof (#1102) * update wording * not check prom any more * replace time range component * i18n * support view profile by diffrent ways * extract ActionsButton * change download data format * refine * comments * Revert "comments" This reverts commit 3b03fdb. * fix view cpu profile fail * update state * hide action button if disable * address feedback * update release-version * sync with master Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Wenxuan <breezewish@pingcap.com> Co-authored-by: Suhaha <jklopsdfw@gmail.com> Co-authored-by: Yini Xu <34967660+YiniXu9506@users.noreply.github.com> Co-authored-by: crazycs <crazycs520@gmail.com>
ref #1047 (comment)