Add initial introduction of providers to the database

[JAORMX]

This simply replaces the usages of the github provider checks and instead
provides a simple implementation of providers that will be expanded upon.

The intent is to leave the same functionality as-is, but instead rely on a
provider that's installed on every organization by default.

I've left traces of how the implementation will evolve by adding a definition
and a providers_type column to the providers database. These will serve as the means
of instantiating providers dynamically, instead of always building the github one
as we do today. But, to keep things short, I've left that out of this PR.

Related-to: stacklok/epics#34

[jhrozek]

Two quick comments, I need to wrap my head around where are you going with this. I /really/ like that we would get rid of referencing GitHub everywhere with a constant though!

[jhrozek]

Not strictly related to what this work is trying to accomplish, but shouldn't we create higher numbered migrations from this point on?

[JAORMX]

Because of patches like this (work that still needs to be done) is why I was not too keen on freezing the initial migration and starting to work on higher numbers.

[JAORMX]

The change from group IDs to projects will be equally disruptive.

[evankanderson]

If providers are nested under group_ids, do we need an explicit group_id on this table and the following ones?

[JAORMX]

I'm a bit confused by this comment, there is a group I'd in this table and most of the ones I've changed.

[evankanderson]

That was my point -- if provider_id is unique by group, then if you know the provider_id, you know the corresponding group. My suggestion was to remove the group_id field here, since it was redundant with the provider. (Alternatively, since providers are unique by group_id and name, you could have a provider_name here along with the group_id and use that to index into the Providers table -- possibly even as a primary index rather than the UUID.)

I think part of this is that my brain is used to thinking about partitioning SQL data stores across shards, and I'm trying to latch onto those sharding keys as an organizing mechanism even though we don't need it for scale at this point.

[JAORMX]

ah! I see the misunderstanding. No, there could be several providers in one group. The name is just unique.

[evankanderson]

There can be several providers in one group, but we want to maintain the constraint that <this row>.group_id == <this row>.provider_id.<providers row>.group_id, right? I'm not sure there's a good way to express that in SQL; I was suggesting that we could remove the <this row>.group_id, or use group_id and and provider_name to avoid possible future database inconsistencies, e.g.

CREATE TABLE provider_access_tokens (
    id SERIAL PRIMARY KEY,
    group_id INTEGER NOT NULL REFERENCES groups(id) ON DELETE CASCADE,
    provider TEXT NOT NULL,
    owner_filter TEXT,
    encrypted_token TEXT NOT NULL,
    expiriation_time TIMESTAMP NOT NULL,
    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMP NOT NULL DEFAULT NOW()
    FOREIGN KEY (group_id, provider) REFERENCES providers(group_id, name) ON DELETE CASCADE
);

[evankanderson]

Is this group_id as we'd generally conceive of it? (Maybe I shouldn't poke that sleeping bear...)

[JAORMX]

Yes, which in the near future will have to change to projects

[evankanderson]

Sorry, I specifically meant the spelling was different than elsewhere.

[JAORMX]

oh, yeah, I don´t know why that is. We should probably change this in a separate PR.

[evankanderson]

I don't think we need groupID here anymore.

[evankanderson]

Do we have a guess as to how many more database drops we have coming up? Should we plan for weekly drops until the second week of October, or is this the last one we forsee?

[JAORMX]

Two drops based on providers, one drop based.on group to projects, then one on IAM. That's what I foresee.

[evankanderson]

Thanks for the forecast on database drops. A few clarifications, but I'm willing to drop my required change.

Agreed on number of times we drop the database.

[JAORMX]

I talked with @yrobla and ended up changing the logic for the RevokeOAuthTokens call to what it intended to be with this providers concept.

[evankanderson]

(Let me know when you want another review)

[JAORMX]

Now 😃

[JAORMX]

@jhrozek could you also take a look at this one when you get a chance? Would really use as many eyes as possible here.

[jhrozek]

@jhrozek could you also take a look at this one when you get a chance? Would really use as many eyes as possible here.

Sure, thanks for the reminder!

[jhrozek]

I didn't really find any issues during code review. I only left one comment.

[jhrozek]

Just a question and something that can be fixed in a migration later on - why did you choose this particular set for GitHub? I understand github and git, but what would we use rest for here? Also, did you consider adding oci since ghcr.io is tied to GitHub and we already support it (although in kind of a tacky way) for artifacts?

Not saying this is wrong, I'm just trying to picture how would other providers look like.

[JAORMX]

I didn't really see full-straight forward support for an oci provider from github. I can add it once I work on separating implementations from interfaces.

[evankanderson]

A few minor comments, but LGTM

[evankanderson]

Do you want to keep this REFERENCES foreign key constraint? I suppose it's not strictly needed...

[JAORMX]

it's part of the group_id + provider foreign key. Are you suggesting we re-add it?

[evankanderson]

It's also a foreign key into the groups table, but we can rely on the transitive ON DELETE CASCADE from providers if we prefer.

[evankanderson]

Hmm -- the way we've done this right now, we don't pass pull_request or package type events through to s.parseRepoEvent. Not to fix here, but it feels like we should be using watermill's built-in fanout, as tested here:

https://github.com/stacklok/mediator/blob/main/internal/events/eventer_test.go#L88

[JAORMX]

That's a good point, we probably need to revisit this and reverify the logic. Right now what we do in each function is build a message with appropriate metadata for the event handler. Each branch will have a little more metadata needed, but I guess most of this could be refactored into pieces to be more readable.

[evankanderson]

Would this make more sense to execute as raw SQL if that happens?

[JAORMX]

Now that you raise this, I think I would prefer this to be part of an administrator's playbook instead of a function an admin can do via the control plane. This merely documented what the feature was intended for and made it work with the newer logic. Let me raise a bug to remove this altogether in further iterations.

This does indeed remove the tokens from the DB, but it also calls the GH API to invalidate the token, so that part might need a nice utility. We could have it as a separate sub-command or a separate container an admin could leverage.

[evankanderson]

nit: You could put in.GroupId up in the assignment on line 263 if you want, since changes to the request message will be ignored when you return an error.

[evankanderson]

At some point, we should record a metric here, but feel free to hold off for a future PR.

[JAORMX]

Rebased and addressed some of the comments.

[rdimitrov]

Small nit, but noticed that on some places you missed using the providerError (and used its code representation) when searching for a provider.

[jhrozek]

I think most if not all comments have been addressed and the PR is now large enough that it makes sense to just keep on going with incremental PRs.

[evankanderson]

It's also a foreign key into the groups table, but we can rely on the transitive ON DELETE CASCADE from providers if we prefer.