(HMS-4562) Allow Blueprints update without changing User password #1298
Conversation
|
Can one of the admins verify this patch? |
andywaltlova
force-pushed
the
feat/keep-cust-user-password-update
branch
from
1a5cd6f
to
6ca3161
Compare
|
Current logic: During blueprint update user can
I don't think I can make step 3 work differently without messing with database structure, the behavior of nil is dependent on how pxe and postgres behaves, nil is no-op |
andywaltlova
force-pushed
the
feat/keep-cust-user-password-update
branch
from
0b2f5bb
to
7cef38b
Compare
It sounds a little bit complicated and while I agree with some points, here is a suggestion for easy to understand behavior:
|
but then how will you be able to update the user in the blueprint? E.g. what if I want keep the user names and remove the passwords in favor of ssh keys? One of the obvious solutions would be to just instruct the users to remove the whole user customizations and then recreate it or to just create new blueprint, if thats fine then I think we can simplify it as you suggested :) |
|
Good point, then I am thinking using the empty password case as "remove password" behavior. |
Yeah thats what is there right now, but since the customization is saved as an json raw message, in database that means it will equal to empty string and not NULL, essentially I don't think that's bad, but thats why the code is more complicated because I have to count with possibility that if someone removes password it won't be null but can be also empty string and then make sure every time that at least one of ssh_key or password is not empty (not null and not empty string) Just to be clear, the suggestion you have about
So if just not passing password counts toward this criteria (password=nil), it will just keep password as it was and I can remove the |
|
Just for the record, we are elaborating on the design trying to explore alternative solutions to the problem. We will report back once we agree on something. |
andywaltlova
force-pushed
the
feat/keep-cust-user-password-update
branch
from
7cef38b
to
d5ac6e5
Compare
There was a problem hiding this comment.
Here is my initial review, I think the most important thing is to isolate the most complex logic into a separate function that takes a pointer to User type and modifies it accordingly. This way, you will be able to easily write a tabular tests for all possible test cases. This will simplify the overall HTTP handler tests where you only need to cover positive test case.
internal/v1/handler_blueprints.go
Outdated
| if u.Password != nil { | ||
| *u.Password = redactedPassword | ||
| u.Password = nil | ||
| } | ||
| } |
There was a problem hiding this comment.
This should be just:
u.Password = nil
It is cleaner and faster to just overwrite a value with a new one, even without effect.
Quite frankly, since this method is now a one-liner I encourage you to get rid of it and expand it everywhere.
There was a problem hiding this comment.
What I really meant was this:
func (u *User) RedactPassword() {
// no need to do this: if u.Password != nil
u.Password = nil
}
If password is nil and you set it to nil it is faster and two lines shorter than:
- Check if it is
nil - Set it to
nil
In other words: redacting is operation that simply removes a password before we return the data to the user, no matter what the original value was.
There was a problem hiding this comment.
Ok this looks awesome, few small nitpicks and one big ask.
I would love to see a table-driven test for method called isValidForUpdate (I actually ask you to rename it). Test for various inputs we covered in the Jira epic description.
internal/v1/handler_blueprints.go
Outdated
| if u.Password != nil { | ||
| *u.Password = redactedPassword | ||
| u.Password = nil | ||
| } | ||
| } |
There was a problem hiding this comment.
What I really meant was this:
func (u *User) RedactPassword() {
// no need to do this: if u.Password != nil
u.Password = nil
}
If password is nil and you set it to nil it is faster and two lines shorter than:
- Check if it is
nil - Set it to
nil
In other words: redacting is operation that simply removes a password before we return the data to the user, no matter what the original value was.
|
Correction: it looks I missed the handler test, it covers all important cases. Feel free to ignore my comment about a new TDD test for the newly created function. Not needed. |
andywaltlova
force-pushed
the
feat/keep-cust-user-password-update
branch
from
fa64513
to
86af8b4
Compare
andywaltlova
force-pushed
the
feat/keep-cust-user-password-update
branch
from
ed29ccb
to
58f5b31
Compare
|
An actual (relevant) test failure. |
andywaltlova
force-pushed
the
feat/keep-cust-user-password-update
branch
from
58f5b31
to
9ea4b5d
Compare
Password is not returned in API response at all Empty string for password or ssh key can be used for removal Nil value for password or ssh key will keep previous value. Signed-off-by: Andrea Waltlova <[email protected]>
andywaltlova
force-pushed
the
feat/keep-cust-user-password-update
branch
from
9ea4b5d
to
812f06d
Compare
Codecov ReportAttention: Patch coverage is
|
|
/retest |
|
Thanks for the help with CI! Great work @andywaltlova. |
HMS-4562
See the issue for detailed acceptance criteria, in short the PR:
<REDACTED>value is not used at all, instead users password property is omitted from response