Notify Spar when a team is deleted

[neongreen]

• Delete tokens when the team is deleted
• Delete tokens when the issuer is deleted?
• PRs to hegemony and cailleach about adding Spar to galley.yaml

[neongreen]

@fisx What other things should I do in Spar when a team is deleted? Should I delete relevant entries from team_idp?

[fisx]

@fisx What other things should I do in Spar when a team is deleted? Should I delete relevant entries from team_idp?

tables to be cleaned up from looking at services/spar/schema/src/V*.hs: user, idp, issuer_idp, team_idp, team_provisioning_by_team, team_provisioning_by_token.

it should be straight-forward to decide which rows are dangling and need to removed, no?

the other tables should be harmless: bind cookies, authn_requests, assertions, verdict formats are all only needed during or after an authentication response has been validated, which won't be successful without the issuer mapping to an idp id.

not sure this answers your question?

[neongreen]

@fisx Please look at the last commit.

[fisx]

@fisx Please look at the last commit.

looks good! i'll review the rest now.

[fisx]

(Let me know if you don't want to write the test yourself.)

[fisx]

Can't find a test. I would add it to spar integration tests and make it create a team, owner, idp, two sso users create via a scim token, and then delete it all and look at the scim, saml data in spar, user data on brig, and team data on galley. Helpers of interest:

• wire-server/services/spar/test-integration/Util/SCIM.hs

  Lines 46 to 49 in ce105f4

  	registerIdPAndSCIMToken :: HasCallStack => TestSpar (ScimToken, (UserId, TeamId, IdP))
  	registerIdPAndSCIMToken = do
  	team@(_owner, teamid, idp) <- registerTestIdP
  	(, team) <$> registerSCIMToken teamid (Just (idp ^. idpId))

• wire-server/services/spar/test-integration/Util/Core.hs

  Lines 659 to 676 in ce105f4

  	runSparCass
  	:: (HasCallStack, m ~ Client, MonadIO m', MonadReader TestEnv m')
  	=> m a -> m' a
  	runSparCass action = do
  	env <- ask
  	liftIO $ runClient (env ^. teCql) action
  	runSparCassWithEnv
  	:: ( HasCallStack
  	, m ~ ReaderT Data.Env (ExceptT TTLError Cas.Client)
  	, MonadIO m', MonadReader TestEnv m'
  	)
  	=> m a -> m' a
  	runSparCassWithEnv action = do
  	env <- ask
  	denv <- Data.mkEnv <$> (pure $ env ^. teOpts) <*> liftIO getCurrentTime
  	val <- runSparCass (runExceptT (action `runReaderT` denv))
  	either (liftIO . throwIO . ErrorCall . show) pure val

• you can write helpers to connect to brig, galley cassandras in analogy to runSparCass.

[neongreen]

@fisx The test has been written by me and Tiago

[neongreen]

Me and Tiago wrote the test

[fisx]

Some comments, but if you are confident that the two tests that you deleted serve no purpose then I'm happy with this.

[fisx]

good idea!

[fisx]

sorry... :-/

[fisx]

[mumbling to myself] there is shouldReturn, which would make this more concise and arguably more readable, but it's in IO and not in MonadIO, so I'm not sure how to rewrite this. i really should write mutants of all the should* functions in MonadIO...

[neongreen]

should functions should absolutely be in MonadIO and I've also been mumbling to myself about this for quite some time.

We can use http://hackage.haskell.org/package/hspec-expectations-lifted-0.10.0/docs/Test-Hspec-Expectations-Lifted.html but I'd rather have a homegrown library which would also contain some other common expectations that I end up reimplementing from time to time.

[fisx]

this one doesn't have a comment line. :-)

[fisx]

why did these two tests go away? can i have them back?

[neongreen]

I have no idea :/ I'll get them back.

[neongreen]

Fixed everything. Sorry for the force-push though

[tiago-loureiro]

FWIW 👍