-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Notify Spar when a team is deleted #519
Conversation
bfa7302
to
75c5fcb
Compare
eb0153d
to
18ef172
Compare
bd1108e
to
42cd509
Compare
42cd509
to
cfe7489
Compare
@fisx What other things should I do in Spar when a team is deleted? Should I delete relevant entries from |
tables to be cleaned up from looking at it should be straight-forward to decide which rows are dangling and need to removed, no? the other tables should be harmless: bind cookies, authn_requests, assertions, verdict formats are all only needed during or after an authentication response has been validated, which won't be successful without the issuer mapping to an idp id. not sure this answers your question? |
@fisx Please look at the last commit. |
looks good! i'll review the rest now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Let me know if you don't want to write the test yourself.)
|
||
-- | Notify Spar that a team is being deleted. | ||
deleteTeam :: TeamId -> Galley () | ||
deleteTeam tid = do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't find a test. I would add it to spar integration tests and make it create a team, owner, idp, two sso users create via a scim token, and then delete it all and look at the scim, saml data in spar, user data on brig, and team data on galley. Helpers of interest:
wire-server/services/spar/test-integration/Util/SCIM.hs
Lines 46 to 49 in ce105f4
registerIdPAndSCIMToken :: HasCallStack => TestSpar (ScimToken, (UserId, TeamId, IdP)) registerIdPAndSCIMToken = do team@(_owner, teamid, idp) <- registerTestIdP (, team) <$> registerSCIMToken teamid (Just (idp ^. idpId)) wire-server/services/spar/test-integration/Util/Core.hs
Lines 659 to 676 in ce105f4
runSparCass :: (HasCallStack, m ~ Client, MonadIO m', MonadReader TestEnv m') => m a -> m' a runSparCass action = do env <- ask liftIO $ runClient (env ^. teCql) action runSparCassWithEnv :: ( HasCallStack , m ~ ReaderT Data.Env (ExceptT TTLError Cas.Client) , MonadIO m', MonadReader TestEnv m' ) => m a -> m' a runSparCassWithEnv action = do env <- ask denv <- Data.mkEnv <$> (pure $ env ^. teOpts) <*> liftIO getCurrentTime val <- runSparCass (runExceptT (action `runReaderT` denv)) either (liftIO . throwIO . ErrorCall . show) pure val - you can write helpers to connect to brig, galley cassandras in analogy to
runSparCass
.
9e1240f
to
e12c968
Compare
@fisx The test has been written by me and Tiago |
Me and Tiago wrote the test |
e12c968
to
320fa15
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments, but if you are confident that the two tests that you deleted serve no purpose then I'm happy with this.
issuer = idp ^. SAML.idpMetadata . SAML.edIssuer | ||
Data.deleteIdPConfig idpid issuer team | ||
Data.deleteUsersByIssuer issuer | ||
wrapMonadClient $ Data.deleteTeam team |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good idea!
import Bilge | ||
import Bilge.Assert | ||
import Control.Lens | ||
import Data.ByteString.Conversion | ||
import Imports |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry... :-/
-- | ||
-- The token from 'team_provisioning_by_token': | ||
do tokenInfo <- runSparCass $ Data.lookupScimToken tok | ||
liftIO $ tokenInfo `shouldBe` Nothing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[mumbling to myself] there is shouldReturn
, which would make this more concise and arguably more readable, but it's in IO and not in MonadIO, so I'm not sure how to rewrite this. i really should write mutants of all the should*
functions in MonadIO...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should
functions should absolutely be in MonadIO
and I've also been mumbling to myself about this for quite some time.
We can use http://hackage.haskell.org/package/hspec-expectations-lifted-0.10.0/docs/Test-Hspec-Expectations-Lifted.html but I'd rather have a homegrown library which would also contain some other common expectations that I end up reimplementing from time to time.
do let issuer = idp ^. SAML.idpMetadata . SAML.edIssuer | ||
mbIdp <- runSparCass $ Data.getIdPIdByIssuer issuer | ||
liftIO $ mbIdp `shouldBe` Nothing | ||
do idps <- runSparCass $ Data.getIdPConfigsByTeam tid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this one doesn't have a comment line. :-)
@@ -203,20 +210,44 @@ testSPStoreID store unstore isalive = do | |||
isit <- runSparCassWithEnv $ isalive xid | |||
liftIO $ isit `shouldBe` True | |||
|
|||
context "after TTL" $ do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why did these two tests go away? can i have them back?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no idea :/ I'll get them back.
320fa15
to
d9aad9a
Compare
Fixed everything. Sorry for the force-push though |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW 👍
Delete tokens when the issuer is deleted?