Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(destination): oauth stats prefix #4033

Merged
merged 12 commits into from
Nov 3, 2023
Merged

fix(destination): oauth stats prefix #4033

merged 12 commits into from
Nov 3, 2023

Conversation

sanpj2292
Copy link
Contributor

@sanpj2292 sanpj2292 commented Oct 30, 2023
edited
Loading

Description

Prefix for some of the stats in OAuth module was missing. We have made some defaults instead of relying on the ones that are sent as arguments.

Linear Ticket

Resolves INT-939

Security

  • The code changed/added as part of this pull request won't create any security issues with how the software is being used.

fix: oauth stats prefix
9693043 
Signed-off-by: Sai Sankeerth <sanpj2292@github.com>
@sanpj2292 sanpj2292 self-assigned this Oct 30, 2023
fracasula
fracasula reviewed Oct 30, 2023
View reviewed changes
Copy link
Collaborator

@fracasula fracasula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GetTokenInfo is also creating stats like this:

defer func() {
	authStats.statName = fmt.Sprintf("%v_total_req_latency", refTokenParams.EventNamePrefix)
	// ...
}()

I know that it's called at the moment by FetchToken and RefreshToken only but the method is part of the public API. Since it is exported, someone might call this method and pass an empty prefix and break the metrics again.

Also the approach seems a bit fragile in my opinion, why not just do:

defer func() {
	authStats.statName = "total_req_latency"
	if refTokenParams.EventNamePrefix != "" {
		authStats.statName = refTokenParams.EventNamePrefix + "_" + authStats.statName
	}
	// ...
}()

This way we would also decrease the risk of other people breaking this code.

@sanpj2292
Copy link
Contributor Author

sanpj2292 commented Oct 30, 2023
edited
Loading

GetTokenInfo is also creating stats like this:

defer func() {
	authStats.statName = fmt.Sprintf("%v_total_req_latency", refTokenParams.EventNamePrefix)
	// ...
}()

I know that it's called at the moment by FetchToken and RefreshToken only but the method is part of the public API. Since it is exported, someone might call this method and pass an empty prefix and break the metrics again.

Also the approach seems a bit fragile in my opinion, why not just do:

defer func() {
	authStats.statName = "total_req_latency"
	if refTokenParams.EventNamePrefix != "" {
		authStats.statName = refTokenParams.EventNamePrefix + "_" + authStats.statName
	}
	// ...
}()

This way we would also decrease the risk of other people breaking this code.

There is no public interface to call GetTokenInfo. It can only be invoked by either FetchToken or RefreshToken. Do you still think the approach is fragile ?
Also the reason why we are sending EventNamePrefix as argument is to know who is the caller, is it being called by RefreshToken or is it being called from FetchToken

Let me know your thoughts

@cisse21
Copy link
Member

cisse21 commented Oct 30, 2023

GetTokenInfo is also creating stats like this:

defer func() {
	authStats.statName = fmt.Sprintf("%v_total_req_latency", refTokenParams.EventNamePrefix)
	// ...
}()

I know that it's called at the moment by FetchToken and RefreshToken only but the method is part of the public API. Since it is exported, someone might call this method and pass an empty prefix and break the metrics again.
Also the approach seems a bit fragile in my opinion, why not just do:

defer func() {
	authStats.statName = "total_req_latency"
	if refTokenParams.EventNamePrefix != "" {
		authStats.statName = refTokenParams.EventNamePrefix + "_" + authStats.statName
	}
	// ...
}()

This way we would also decrease the risk of other people breaking this code.

There is no public interface to call GetTokenInfo. It can only be invoked by either FetchToken or RefreshToken. Do you still think the approach is fragile ? Also the reason why we are sending EventNamePrefix as argument is to know who is the caller, is it being called by RefreshToken or is it being called from FetchToken

Let me know your thoughts

If we just want to know who is the caller wouldn't it be better to pass it as a tag rather than being present in stat name?

@fracasula
Copy link
Collaborator

There is no public interface to call GetTokenInfo.

GetTokenInfo is the public API and with API I mean package API because the method is exported so it can be called by whomever imports the package and break things.

What about @cisse21 proposal?

@sanpj2292
Copy link
Contributor Author

sanpj2292 commented Oct 30, 2023
edited
Loading

If we just want to know who is the caller wouldn't it be better to pass it as a tag rather than being present in stat name?

Yes. It makes sense to send them as tags. Changing this now, doesn't make a lot of sense(I mean more from re-work point-of-view for a small change) but I can work on a fix that would make sure we would not get empty EventNamePrefix

There is an item to re-work on OAuth implementation where in this point will be kept in mind & then re-worked accordingly

@sanpj2292
Copy link
Contributor Author

If say there is dis-comfort about having GetTokenInfo as public method, I can make it private for now to stop someone from mis-using this. Let me know what you think

@sanpj2292 sanpj2292 changed the title fix: oauth stats prefix fix(destination): oauth stats prefix Oct 30, 2023
@fracasula
Copy link
Collaborator

@sanpj2292 wdyt of this instead? #4044

If say there is dis-comfort about having GetTokenInfo as public method, I can make it private for now to stop someone from mis-using this. Let me know what you think

It's not about discomfort, it's effectively a private method but it's exported. The package API should be designed by keeping in mind what is accessible from outside and what is not. That method should not be accessible, right?

Sai Sankeerth added 2 commits October 31, 2023 16:03
fix: stats logic for token, authStatus toggle methods
19d420a 
- include optional tags
- introduce action tag
- change stat names for token related ones
- change stat name for authStatus related ones
- remove eventNamePrefix
Merge remote-tracking branch 'origin' into fix.oauth-prefix
dcfdb2b
@sanpj2292
Copy link
Contributor Author

@fracasula @cisse21 I have made changes as requested, can you guys please check and let me know if they look good ?

fracasula
fracasula reviewed Oct 31, 2023
View reviewed changes
Copy link
Collaborator

@fracasula fracasula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't find any calls to SendTimerStats or SendCountStats with tags.
Wouldn't it make sense to just leave the metric names simpler (i.e. instead of token_request_latency => request_latency) and then pass a tag like action=fetch_token or refresh_token, etc...?

@sanpj2292
Copy link
Contributor Author

sanpj2292 commented Oct 31, 2023
edited
Loading

I can't find any calls to SendTimerStats or SendCountStats with tags.

This is done to add more flexibility. Can remove it as it is not being used

Wouldn't it make sense to just leave the metric names simpler (i.e. instead of token_request_latency => request_latency) and then pass a tag like action=fetch_token or refresh_token, etc...?

It feels incomplete for some of the stats. Instead i've added oauth_action as a prefix to all stats which makes it a little more complete IMHO(In My Humble Opinion)

@sanpj2292
Copy link
Contributor Author

I can't find any calls to SendTimerStats or SendCountStats with tags.

Removed it

@codecov Codecov
Copy link

codecov bot commented Nov 3, 2023

Codecov Report

Attention: 9 lines in your changes are missing coverage. Please review.

Comparison is base (408046d) 71.75% compared to head (edbacd7) 71.84%.
Report is 6 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4033      +/-   ##
==========================================
+ Coverage   71.75%   71.84%   +0.08%     
==========================================
  Files         374      374              
  Lines       54919    54916       -3     
==========================================
+ Hits        39407    39452      +45     
+ Misses      13188    13141      -47     
+ Partials     2324     2323       -1
Files Coverage Δ
regulation-worker/internal/delete/api/api.go 84.30% <100.00%> (-0.19%) ⬇️
services/oauth/oauth.go 85.28% <96.42%> (+0.03%) ⬆️
router/worker.go 82.21% <0.00%> (+0.10%) ⬆️
router/handle.go 70.68% <0.00%> (+0.79%) ⬆️

... and 11 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sanpj2292 sanpj2292 merged commit 307acc3 into master Nov 3, 2023
35 checks passed
@sanpj2292 sanpj2292 deleted the fix.oauth-prefix branch November 3, 2023 11:21
@atzoum atzoum mentioned this pull request Nov 8, 2023
Merged
1 task
This was referenced Nov 12, 2023
Closed
Merged
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fracasula fracasula fracasula approved these changes

@koladilip koladilip koladilip approved these changes

@atzoum atzoum Awaiting requested review from atzoum

@chandumlg chandumlg Awaiting requested review from chandumlg

Assignees

@sanpj2292 sanpj2292

Labels
server-team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sanpj2292 @cisse21 @fracasula @koladilip