Remove namespace from identity manager, network map, and group manager calls #862
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The manager is initialized for a single namespace and can assume all calls are scoped within that namespace. The one exception is for "network version 1", where identities may have been registered on the legacy "ff_system" namespace. In this case, the identity manager will query "ff_system" instead of its assigned namespace (noting that this will only work if "ff_system" shares a database with that namespace). Signed-off-by: Andrew Richardson <andrew.richardson@kaleido.io>
Also add namespace as a param to all database queries on identities, verifiers, and groups. Switch group manager to go via identity manager for identity lookups, instead of going directly to the database (to preserve fallback resolutions on ff_system). Signed-off-by: Andrew Richardson <andrew.richardson@kaleido.io>
awrichar
changed the title
Codecov Report
@@ Coverage Diff @@
## main #862 +/- ##
==========================================
- Coverage 99.96% 99.96% -0.01%
==========================================
Files 300 300
Lines 19655 19610 -45
==========================================
- Hits 19649 19604 -45
Misses 5 5
Partials 1 1
Continue to review full report at Codecov.
|
awrichar
commented
Jun 15, 2022
| @@ -389,12 +388,13 @@ func (im *identityManager) cachedIdentityLookupByVerifierRef(ctx context.Context | |||
| return nil, err | |||
| } else if verifier == nil { | |||
| if namespace != core.LegacySystemNamespace && im.blockchain.NetworkVersion() == 1 { | |||
| // For V1 networks, fall back to SystemNamespace for looking up identities | |||
| // For V1 networks, fall back to LegacySystemNamespace for looking up identities | |||
| // This assumes that the system namespace shares a database with this manager's namespace! | |||
| return im.cachedIdentityLookupByVerifierRef(ctx, core.LegacySystemNamespace, verifierRef) | |||
There was a problem hiding this comment.
This is the one location where a manager is performing a lookup across namespaces to something other than the one to which it is scoped. As noted, it will only work if the database plugin is shared between this manager's namespace and the ff_system namespace. Side note: ff_system (when enabled) always uses the same set of plugins as the default namespace.
The alternative I considered was giving some sort of global access to the ff_system orchestrator and identity manager, so that other identity managers could specifically query them... but it seemed heavyweight for what is a soon-to-be deprecated behavior.
peterbroadhurst
approved these changes
Jun 20, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of FIR-12
Each manager is initialized for a single namespace and can assume all calls are scoped within that namespace This PR tackles identity manager, network manager, and group manager so they store and use that single namespace.
The one exception is for "network version 1", where identities may have been registered on the legacy "ff_system" namespace. In this case, the identity manager will query "ff_system" instead of its assigned namespace (noting that this will only work if "ff_system" shares a database with that namespace).