feat(policy): 1660 transition Policy FQN indexing to a transaction ra…

…ther than an unmonitored side effect (#1782) ### Proposed Changes fix #1660 ### Checklist - [ ] I have added or updated unit tests - [ ] I have added or updated integration tests (if appropriate) - [ ] I have added or updated documentation ### Testing Instructions
opentdf · Dec 2, 2024 · 7c4c74f · 7c4c74f
1 parent 4a53744
commit 7c4c74f
Show file tree

Hide file tree

Showing 4 changed files with 124 additions and 79 deletions.
diff --git a/service/cmd/policy.go b/service/cmd/policy.go
@@ -44,21 +44,29 @@ var (
 				panic(fmt.Errorf("could not load config: %w", err))
 			}
 
-			res := dbClient.AttrFqnReindex(context.Background())
-			cmd.Print("Namespace FQNs reindexed:\n")
-			for _, r := range res.Namespaces {
-				cmd.Printf("\t%s: %s\n", r.ID, r.Fqn)
-			}
+			ctx := context.Background()
 
-			cmd.Print("Attribute FQNs reindexed:\n")
-			for _, r := range res.Attributes {
-				cmd.Printf("\t%s: %s\n", r.ID, r.Fqn)
-			}
+			// ignore error as dbClient.AttrFqnReindex will panic on error
+			_ = dbClient.RunInTx(ctx, func(txClient *policydb.PolicyDBClient) error {
+				res := txClient.AttrFqnReindex(ctx)
 
-			cmd.Print("Attribute Value FQNs reindexed:\n")
-			for _, r := range res.Values {
-				cmd.Printf("\t%s: %s\n", r.ID, r.Fqn)
-			}
+				cmd.Print("Namespace FQNs reindexed:\n")
+				for _, r := range res.Namespaces {
+					cmd.Printf("\t%s: %s\n", r.ID, r.Fqn)
+				}
+
+				cmd.Print("Attribute FQNs reindexed:\n")
+				for _, r := range res.Attributes {
+					cmd.Printf("\t%s: %s\n", r.ID, r.Fqn)
+				}
+
+				cmd.Print("Attribute Value FQNs reindexed:\n")
+				for _, r := range res.Values {
+					cmd.Printf("\t%s: %s\n", r.ID, r.Fqn)
+				}
+
+				return nil
+			})
 		},
 	}
 )

diff --git a/service/policy/attributes/attributes.go b/service/policy/attributes/attributes.go
@@ -200,17 +200,25 @@ func (s *AttributesService) CreateAttributeValue(ctx context.Context, req *conne
 		ActionType: audit.ActionTypeCreate,
 	}
 
-	item, err := s.dbClient.CreateAttributeValue(ctx, req.Msg.GetAttributeId(), req.Msg)
+	err := s.dbClient.RunInTx(ctx, func(txClient *policydb.PolicyDBClient) error {
+		item, err := txClient.CreateAttributeValue(ctx, req.Msg.GetAttributeId(), req.Msg)
+		if err != nil {
+			s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
+
+		auditParams.ObjectID = item.GetId()
+		auditParams.Original = item
+		s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
+
+		rsp.Value = item
+
+		return nil
+	})
 	if err != nil {
-		s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("attributeId", req.Msg.GetAttributeId()), slog.String("value", req.Msg.String()))
+		return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("value", req.Msg.String()))
 	}
 
-	auditParams.ObjectID = item.GetId()
-	auditParams.Original = item
-	s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
-
-	rsp.Value = item
 	return connect.NewResponse(rsp), nil
 }
 

diff --git a/service/policy/namespaces/namespaces.go b/service/policy/namespaces/namespaces.go
@@ -98,19 +98,26 @@ func (ns NamespacesService) CreateNamespace(ctx context.Context, req *connect.Re
 	}
 	rsp := &namespaces.CreateNamespaceResponse{}
 
-	n, err := ns.dbClient.CreateNamespace(ctx, req.Msg)
+	err := ns.dbClient.RunInTx(ctx, func(txClient *policydb.PolicyDBClient) error {
+		n, err := txClient.CreateNamespace(ctx, req.Msg)
+		if err != nil {
+			ns.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
+
+		auditParams.ObjectID = n.GetId()
+		auditParams.Original = n
+		ns.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
+
+		ns.logger.Debug("created new namespace", slog.String("name", req.Msg.GetName()))
+		rsp.Namespace = n
+
+		return nil
+	})
 	if err != nil {
-		ns.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("name", req.Msg.GetName()))
+		return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("namespace", req.Msg.String()))
 	}
 
-	auditParams.ObjectID = n.GetId()
-	auditParams.Original = n
-	ns.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
-
-	ns.logger.Debug("created new namespace", slog.String("name", req.Msg.GetName()))
-	rsp.Namespace = n
-
 	return connect.NewResponse(rsp), nil
 }
 

diff --git a/service/policy/unsafe/unsafe.go b/service/policy/unsafe/unsafe.go
@@ -57,25 +57,32 @@ func (s *UnsafeService) UnsafeUpdateNamespace(ctx context.Context, req *connect.
 		ObjectID:   id,
 	}
 
-	original, err := s.dbClient.GetNamespace(ctx, id)
-	if err != nil {
-		s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextGetRetrievalFailed, slog.String("id", id))
-	}
-
-	updated, err := s.dbClient.UnsafeUpdateNamespace(ctx, id, name)
+	err := s.dbClient.RunInTx(ctx, func(txClient *policydb.PolicyDBClient) error {
+		original, err := txClient.GetNamespace(ctx, id)
+		if err != nil {
+			s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
+
+		updated, err := txClient.UnsafeUpdateNamespace(ctx, id, name)
+		if err != nil {
+			s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
+
+		auditParams.Original = original
+		auditParams.Updated = updated
+
+		s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
+
+		rsp.Namespace = &policy.Namespace{
+			Id: id,
+		}
+
+		return nil
+	})
 	if err != nil {
-		s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextUpdateFailed, slog.String("id", id), slog.String("namespace", name))
-	}
-
-	auditParams.Original = original
-	auditParams.Updated = updated
-
-	s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
-
-	rsp.Namespace = &policy.Namespace{
-		Id: id,
+		return nil, db.StatusifyError(err, db.ErrTextUpdateFailed, slog.String("namespace", req.Msg.String()))
 	}
 
 	return connect.NewResponse(rsp), nil
@@ -163,25 +170,32 @@ func (s *UnsafeService) UnsafeUpdateAttribute(ctx context.Context, req *connect.
 		ObjectID:   id,
 	}
 
-	original, err := s.dbClient.GetAttribute(ctx, id)
-	if err != nil {
-		s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextGetRetrievalFailed, slog.String("id", id))
-	}
+	err := s.dbClient.RunInTx(ctx, func(txClient *policydb.PolicyDBClient) error {
+		original, err := txClient.GetAttribute(ctx, id)
+		if err != nil {
+			s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
 
-	updated, err := s.dbClient.UnsafeUpdateAttribute(ctx, req.Msg)
-	if err != nil {
-		s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextUpdateFailed, slog.String("id", id), slog.String("attribute", req.Msg.String()))
-	}
+		updated, err := txClient.UnsafeUpdateAttribute(ctx, req.Msg)
+		if err != nil {
+			s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
 
-	auditParams.Original = original
-	auditParams.Updated = updated
+		auditParams.Original = original
+		auditParams.Updated = updated
 
-	s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
+		s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
 
-	rsp.Attribute = &policy.Attribute{
-		Id: id,
+		rsp.Attribute = &policy.Attribute{
+			Id: id,
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, db.StatusifyError(err, db.ErrTextUpdateFailed, slog.String("attribute", req.Msg.String()))
 	}
 
 	return connect.NewResponse(rsp), nil
@@ -269,26 +283,34 @@ func (s *UnsafeService) UnsafeUpdateAttributeValue(ctx context.Context, req *con
 		ObjectID:   id,
 	}
 
-	original, err := s.dbClient.GetAttributeValue(ctx, id)
-	if err != nil {
-		s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextGetRetrievalFailed, slog.String("id", id))
-	}
+	err := s.dbClient.RunInTx(ctx, func(txClient *policydb.PolicyDBClient) error {
+		original, err := txClient.GetAttributeValue(ctx, id)
+		if err != nil {
+			s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
 
-	updated, err := s.dbClient.UnsafeUpdateAttributeValue(ctx, req.Msg)
-	if err != nil {
-		s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
-		return nil, db.StatusifyError(err, db.ErrTextUpdateFailed, slog.String("id", id), slog.String("attribute_value", req.Msg.String()))
-	}
+		updated, err := txClient.UnsafeUpdateAttributeValue(ctx, req.Msg)
+		if err != nil {
+			s.logger.Audit.PolicyCRUDFailure(ctx, auditParams)
+			return err
+		}
 
-	auditParams.Original = original
-	auditParams.Updated = updated
+		auditParams.Original = original
+		auditParams.Updated = updated
 
-	s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
+		s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams)
 
-	rsp.Value = &policy.Value{
-		Id: id,
+		rsp.Value = &policy.Value{
+			Id: id,
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, db.StatusifyError(err, db.ErrTextUpdateFailed, slog.String("value", req.Msg.String()))
 	}
+
 	return connect.NewResponse(rsp), nil
 }