Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AAP-32688: Support deletion of WCA API_KEY from Admin Portal (Backend) #1342

Merged
merged 20 commits into from
Oct 16, 2024
Merged

AAP-32688: Support deletion of WCA API_KEY from Admin Portal (Backend) #1342

merged 20 commits into from
Oct 16, 2024

Conversation

mabulgu
Copy link
Contributor

@mabulgu mabulgu commented Oct 11, 2024
edited
Loading

Jira Issue: https://issues.redhat.com/browse/AAP-32688

Description

See issue: https://issues.redhat.com/browse/AAP-32688

Testing

Scenarios tested

  • Delete api key and model id
  • Delete api key without model id
  • Try to delete api key that doesnt exist
  • Fail deleting model id and see api key is not deleted afterward.

Production deployment

  • [] This code change is ready for production on its own
  • This code change requires the following considerations before going to production: End to end tests should be added with a seperate PR on tests repo (Thanks @jameswnl for the reminder!)

manstis
manstis reviewed Oct 11, 2024
View reviewed changes
Copy link
Contributor

@manstis manstis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is a draft; but thought I'd take a quick "Friday afternoon" look.

ansible_ai_connect/ai/api/wca/api_key_views.py Show resolved Hide resolved
ansible_ai_connect/ai/api/wca/api_key_views.py Outdated Show resolved Hide resolved
ansible_ai_connect/ai/api/wca/api_key_views.py Show resolved Hide resolved
@mabulgu mabulgu changed the title [WIP] AAP-32688: Support deletion of WCA API_KEY from Admin Portal (Backend) AAP-32688: Support deletion of WCA API_KEY from Admin Portal (Backend) Oct 14, 2024
@mabulgu mabulgu marked this pull request as ready for review October 14, 2024 22:43
@mabulgu mabulgu requested a review from manstis October 14, 2024 22:50
manstis
manstis previously approved these changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@manstis manstis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

I know @jameswnl is concerned about the lack of an atomic transaction around deletion of the two secrets in AWS Secret Manager. I had a read and it does not seem possible to ensure a single transaction around their deletion.

I'm not sure what we can do about this.. other than moving the onus onto Users and having separate support for deleting the API Key and deleting the Model ID. Deleting the API Key but not* the Model ID leaves the system in an inconsistent state.

@jameswnl Thoughts?

@mabulgu
Copy link
Contributor Author

mabulgu commented Oct 15, 2024
edited
Loading

it does not seem possible to ensure a single transaction around their deletion.

@manstis yep. it's a concern. I actually thought about this but somehow missed to call again among all other things. What I would suggest is: we can try deleting model id first, then if it is successfull we can try deleting the key. If the model deletion fails, then we dont delete the key, but if we can delete the model but not the key, at least we will not end up with sth inconsistent but sth possible (an org can have a key but not a model id set). wdyt?

@manstis
Copy link
Contributor

manstis commented Oct 15, 2024

@mabulgu

@manstis yep. it's a concern. I actually thought about this but somehow missed to call again among all other things. What I would suggest is: we can try deleting model id first, then if it is successfull we can try deleting the key. If the model deletion fails, then we don't delete the key, but if we can delete the model but not the key, at least we will not end up with sth inconsistent but sth possible (an org can have a key but not a model id set). wdyt?

That seems a reasonable approach.

You might need to consider how we can propagate a scenario when deletion of the Model ID was successful but deletion of the API Key resulted in an error. We should be able to send some form of response/error back that we can use to show an information message to Users... it's an edge case; but might be worth considering.

@jameswnl
Copy link
Contributor

@manstis my suggestion to decouple the 2 deletions is meant to simply our logic (handling partial success situations etc). since you guys already did the handwork to handle them. I am fine :)

@mabulgu
add Marty's requests: signal for deletion, confirmation text update |…
046e972 
… delete model id before api key for partial atomocity
@mabulgu mabulgu requested a review from manstis October 15, 2024 15:02
@mabulgu
Copy link
Contributor Author

mabulgu commented Oct 15, 2024
edited
Loading

@manstis can you recheck when you have time pls? what are the changes:

  • Some test improvements as we changed the deletion order and added signals
  • Signals for deletions
  • Modal confirmation text change

@mabulgu
Copy link
Contributor Author

mabulgu commented Oct 15, 2024

@manstis @jameswnl once this goes to stage I will add a test here to cover deletion as well: https://github.com/ansible/ansible-wisdom-testing/blob/main/tests/ui/test_admin_ui.py

Thanks

@goneri
Copy link
Contributor

goneri commented Oct 15, 2024

My understanding was that if the api_key is missing, we can safely ignore the presence model_id. This because without the api_key, it won't be used and if the user set a new api_key, the model_id will also be overwritten.

I don't think we need to do an atomic change. Did I miss something?

goneri
goneri previously requested changes Oct 15, 2024
View reviewed changes
ansible_ai_connect/ai/api/wca/api_key_views.py Outdated Show resolved Hide resolved
@mabulgu mabulgu requested a review from goneri October 15, 2024 20:17
@jameswnl
Copy link
Contributor

I don't think we need to do an atomic change. Did I miss something?

There's a misunderstanding about the need for atomic change (I probably unintentionally planted this idea into @manstis ' head).

My suggestion is really about this

@mabulgu mabulgu dismissed goneri’s stale review October 16, 2024 11:22

@goneri thanks for the review. We reverted the logic where your comments were about. so hope you dont mind if I dismiss your review to have a fast merge for this one.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

manstis
manstis approved these changes Oct 16, 2024
View reviewed changes
Copy link
Contributor

@manstis manstis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 @mabulgu

Nice tests.

@mabulgu mabulgu merged commit 2169322 into main Oct 16, 2024
14 checks passed
@mabulgu mabulgu deleted the task/AAP-32688 branch October 16, 2024 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manstis manstis manstis approved these changes

@goneri goneri Awaiting requested review from goneri

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mabulgu @manstis @jameswnl @goneri