-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
storage: make static storages query real storages for some actions #855
storage: make static storages query real storages for some actions #855
Conversation
a6caa69
to
2bbf996
Compare
} | ||
|
||
func (s staticClientsStorage) CreateClient(c Client) error { | ||
return errors.New("static clients: read-only cannot create client") | ||
if s.isStatic(c.ID) { | ||
return errors.New("static clients: read-only cannot create client") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we show a different error message that implies that the client already exists as a static client? Similar comment for CreatePassword
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like adding yet another sentinel error :( Maybe we could introduce a storage.Error
interface instead? Something like
type ErrKind int
const (
ErrAlreadyExists ErrKind = iota
ErrNotFound
ErrNotModifiable
ErrUnknown
)
type Error interface {
Kind() ErrKind
}
Then use that to do all of this custom detection?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice article on these kind of errors here: https://dave.cheney.net/2014/12/24/inspecting-errors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep that would be nice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something we want to address in this PR or later? I'm leaning towards later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok we could address it separately
s2 := storage.WithStaticClients(s, []storage.Client{c2}) | ||
c3 := storage.Client{ID: "spam", Secret: "spam_secret"} | ||
|
||
backing.CreateClient(c1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to add a similar test for Passwords?
If dex is configured with static passwords or clients, let the API still add or modify objects in the backing storage, so long as their IDs don't conflict with the static ones. List options now aggregate resources from the static list and backing storage.
2bbf996
to
4c39bc2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. Thanks for the test.
storage: make static storages query real storages for some actions
If dex is configured with static passwords or clients, let the API
still add or modify objects in the backing storage, so long as
their IDs don't conflict with the static ones. List options now
aggregate resources from the static list and backing storage.
Closes #735
Still needs unit tests.