New API: list vulnerabilities by namespace #82
Conversation
| @@ -141,6 +141,9 @@ const ( | |||
| searchVulnerabilityForUpdate = ` FOR UPDATE OF v` | |||
| searchVulnerabilityByNamespaceAndName = ` WHERE n.name = $1 AND v.name = $2 AND v.deleted_at IS NULL` | |||
| searchVulnerabilityByID = ` WHERE v.id = $1` | |||
| searchVulnerabilityByNamespace = ` WHERE n.name = $1 AND v.deleted_at IS NULL | |||
| ORDER BY v.name | |||
| LIMIT $2 offset $3` | |||
There was a problem hiding this comment.
To ensure good performances at scale, we try to avoid using OFFSET but instead use WHERE id >= $3 ORDER BY l.ID LIMIT $2. And then to avoid leaking that internal identifier, we encrypt the id at the API level. See how notifications work.
|
Thanks! I just wrote some comments ~ |
|
Update by encrypting page, just like notificationPage. |
| @@ -316,3 +319,24 @@ func pageNumberToToken(page database.VulnerabilityNotificationPageNumber, key st | |||
|
|
|||
| return string(tokenBytes) | |||
| } | |||
|
|
|||
| func tokenToNumber(token, key string) (int, error) { | |||
There was a problem hiding this comment.
We could definitely only have one function for marshaling and one function for unmarshaling for tokens. Just make it only return an error and you can pass a newly allocated type by reference similar to normal JSON unmarshalling.
Signed-off-by: liangchenye <liangchenye@huawei.com>
Signed-off-by: liangchenye <liangchenye@huawei.com>
Signed-off-by: liangchenye <liangchenye@huawei.com>
|
@jzelinskie good idea! updated by using tokenMarshal/tokenUnmarshal |
| @@ -215,7 +215,8 @@ func NotificationFromDatabaseModel(dbNotification database.VulnerabilityNotifica | |||
|
|
|||
| var nextPageStr string | |||
| if nextPage != database.NoVulnerabilityNotificationPage { | |||
| nextPageStr = pageNumberToToken(nextPage, key) | |||
| nextPageBytes, _ := tokenMarshal(nextPage, key) | |||
There was a problem hiding this comment.
gofmt -s would rewrite this to nextPageBytes := pageNumberToToken(nextPage, key)
There was a problem hiding this comment.
Sorry, I don't get it.
There was a problem hiding this comment.
run gofmt -s on this file
There was a problem hiding this comment.
Yes, but nothing changes.
And pageNumberToToken is already replaced by tokenMarshal.
There was a problem hiding this comment.
Ah! I'm sorry for the confusion. Usually gofmt -s drops the ignored value if it's second.
…d error Signed-off-by: liangchenye <liangchenye@huawei.com>
| @@ -8,6 +8,7 @@ | |||
| - [Namespaces](#namespaces) | |||
| - [GET](#get-namespaces) | |||
| - [Vulnerabilities](#vulnerabilities) | |||
| - [List](#get-namespacesnsnamevulnerabilities) | |||
There was a problem hiding this comment.
I wish there was a better way to put this, because I was using HTTP verbs for all of these and technically this is a GET
|
I think we're pretty much ready to merge that PR @jzelinskie? Except if you can find some better wording for the API docs. Again, thanks a lot @liangchenye for this great and much appreciated contribution! That's awesome, we're all very excited 👍 |
|
LGTM |
*: list vulnerabilities by namespace
jzelinskie
added
kind/feature request
#80
Signed-off-by: liangchenye liangchenye@huawei.com