feat(secrets): add secret metadata #206
Conversation
Codecov Report
@@ Coverage Diff @@
## master #206 +/- ##
==========================================
+ Coverage 96.66% 96.70% +0.04%
==========================================
Files 53 53
Lines 5509 5589 +80
==========================================
+ Hits 5325 5405 +80
Misses 137 137
Partials 47 47
|
library/secret.go
Outdated
| @@ -26,6 +26,10 @@ type Secret struct { | |||
| Images *[]string `json:"images,omitempty"` | |||
| Events *[]string `json:"events,omitempty"` | |||
| AllowCommand *bool `json:"allow_command,omitempty"` | |||
| CreateTime *string `json:"create_time,omitempty"` | |||
| CreatedBy *string `json:"created_by,omitempty"` | |||
| UpdateTime *string `json:"update_time,omitempty"` | |||
There was a problem hiding this comment.
Thoughts on making this UpdatedAt?
I think that is a more common naming convention for a field like this.
There was a problem hiding this comment.
Hilariously, updated_at seems to be a Postgres trigger keyword (at least in the testing DB), which causes it to override any user input and instead put the .Now() timestamp in the field. Any thoughts on a different name? CreatedTs and UpdatedTs maybe? Open to suggestions
There was a problem hiding this comment.
I think this is actually related to the Golang library we're using for this:
https://github.com/go-gorm/gorm
I found these docs which appear to describe the issue you're referencing:
https://gorm.io/docs/models.html#Creating-Updating-Time-Unix-Milli-Nano-Seconds-Tracking
This issue might be related?
There was a problem hiding this comment.
Thanks for the PR! Few additional things:
- Assuming that
CreatedByandUpdatedBywill reference User IDs, we should match the type, ie. change fromstringtoint64. - I think we'll need to add these new fields to
/database/secret.goas well - No action for this PR, but just a reminder that we will need to have an accompanying PR that adds the fields in https://github.com/go-vela/server/tree/master/database as well
|
Just a clarifying question, |
Yes that is the current plan |
|
Cool! Just checking, I generally recommend linking the issue in the body of the PR. Helps with that extra context and create circular deps to the PR to issue etc. |
Absolutely! It was an internal request that wasn't duplicated to the community issue board yet. Here it is for reference: https://github.com/go-vela/community/issues/428 |
- adding functionality for this attribute increases scope by a large margin - will start with this smaller change (timestamps and authors)
|
https://github.com/go-vela/server/pull/526 Draft PR in the go-vela/server that would accompany this one |
database/secret.go
Outdated
| CreatedAt sql.NullInt64 `sql:"created_at"` | ||
| CreatedBy sql.NullInt64 `sql:"created_by"` | ||
| UpdatedAt sql.NullInt64 `sql:"updated_at"` | ||
| UpdatedBy sql.NullInt64 `sql:"updated_by"` |
There was a problem hiding this comment.
Is it safe to assume that CreatedBy and UpdatedBy are int64 types since they'll store the user's ID?
Lines 48 to 58 in 911ffbe
IIRC, they were string types earlier which is why I'm asking.
There was a problem hiding this comment.
Yes after taking a look at that User struct, I thought it best to change those to int64 types. Originally I thought it might be stored as a name, but I believe int64 is best.
There was a problem hiding this comment.
@ecrupper ok thanks for the extra information 👍
Out of curiosity, could you elaborate on why int64 is the approach we're choosing?
I think I tend to agree that from the data storage perspective, int64 is better than string for the database.
However, my concern with this approach has to do with data access and usage patterns.
Today, there isn't a great way to query a user by their ID in Vela.
So if I'm looking at a secret with the UI/CLI/API, I would only be able to see the user's ID who created/updated it.
To actually see what user created/updated the secret, I'd have to ask an admin "Who is user <id> in Vela?"
Perhaps one way to address this is to add a new endpoint to Vela which allows looking a user up by their ID?
Otherwise we could consider storing the user's Name rather than ID in the secret object?
What are your thoughts on this?
There was a problem hiding this comment.
That's a great point. Originally I was thinking in terms of consistency (if there's a User table with IDs as their primary key, it would make sense to have any reference to a User in another table be their ID). However, after considering the end user as you said, I agree that it should be a string. Not only would it save the UI an extra API call, but considering the CLI, running another command to find the name associated with a User ID seems tedious. I'll make that change!
There was a problem hiding this comment.
fwiw, i proposed user id initially to be consistent with the repo object in the repos table where we use int64 for user id. another instance where user name could be beneficial when trying to figure out who "owns" a repo.
in the future we might consider embedding the user struct in the response similar to how github does it for some of it's objects (eg. check response here: https://docs.github.com/en/rest/reference/issues#get-an-issue).
(waiting for @JordanSussman to chime in with the obligatory GraphQL commentary 😄)
thanks for the work and revisions @ecrupper !
There was a problem hiding this comment.
(waiting for @JordanSussman to chime in with the obligatory GraphQL commentary 😄)
Don't tempt me with a good time! Would love to add a v2 API with graphql and/or parameters to allow parsed output.
Adding more metadata for secrets including the created time, user that created the secret, last updated time, and the build id of the last build where it was used