Skip to content

chore: handle deleted organizations in idp sync #17405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Apr 16, 2025
Merged

chore: handle deleted organizations in idp sync #17405

merged 13 commits into from
Apr 16, 2025
+242 −33

Conversation

Emyrk
Copy link
Member

@Emyrk Emyrk commented Apr 15, 2025
edited
Loading

Deleted organizations are still attempting to sync members. This causes an error on inserting the member, and would likely cause issues later in the sync process even if that member is inserted. Deleted orgs should be skipped.

The error that arises:

=== RUN   TestSyncOrganizations/OK
    organizations_test.go:94: 
        	Error Trace:	/home/steven/go/src/github.com/coder/coder/coderd/idpsync/organizations_test.go:94
        	Error:      	Received unexpected error:
        	            	add user to organization:
        	            	    github.com/coder/coder/v2/coderd/idpsync.AGPLIDPSync.SyncOrganizations
        	            	        /home/steven/go/src/github.com/coder/coder/coderd/idpsync/organization.go:129
        	            	  - pq: duplicate key value violates unique constraint "organization_members_pkey"

@Emyrk Emyrk marked this pull request as ready for review April 15, 2025 18:26
@Emyrk Emyrk requested a review from aslilac April 15, 2025 18:30
@Emyrk Emyrk force-pushed the stevenmasley/org_idp_sync branch from f1878af to 9bdf31d Compare April 15, 2025 18:31
Emyrk
Emyrk commented Apr 15, 2025
View reviewed changes
coderd/database/dbmem/dbmem.go
Comment on lines +2360 to +2366
deleted := false
q.data.organizationMembers = slices.DeleteFunc(q.data.organizationMembers, func(member database.OrganizationMember) bool {
match := member.OrganizationID == arg.OrganizationID && member.UserID == arg.UserID
deleted = deleted || match
return match
})
if len(deleted) == 0 {
if !deleted {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A dbmem bug I found

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh this is nasty, took me a minute to realize what the bug was. 💀

if you want, rather than track deleted yourself, you could do something like

	newMembers := slices.DeleteFunc(q.data.organizationMembers, func(member database.OrganizationMember) bool {
		return member.OrganizationID == arg.OrganizationID && member.UserID == arg.UserID
	})
	if len(newMembers) == len(q.data.organizationMembers) {
		return sql.ErrNoRows
	}
	q.data.organizationMembers = newMembers

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had thought about that as well. That felt a bit less direct and less intuitive to me though, so I went with the crude and simple lol

coderd/database/queries/organizations.sql
Comment on lines +58 to +64
-- Optionally provide a filter for deleted organizations.
CASE WHEN
sqlc.narg('deleted') :: boolean IS NULL THEN
true
ELSE
deleted = sqlc.narg('deleted')
END AND
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adds the ability to query for all orgs, regardless of deletion

Emyrk added 10 commits April 15, 2025 15:54
@Emyrk
test: add unit test to excercise bug when idp sync hits deleted orgs
6046b56 
Deleted organizations are still attempting to sync members.
This causes an error on inserting the member, and would likely
cause issues later in the sync process even if that member is
inserted. Deleted orgs should be skipped.
@Emyrk
feat: remove users from deleted organizations in idp org sync
c1cc257 
Idp sync should exclude deleted organizations and auto remove
members. They should not be members in the first place.
@Emyrk
add some test noise
c267137
@Emyrk
gen + lint
a9a9cfa
@Emyrk
update test with more cases
349cec2
@Emyrk
add test to go to zero orgs
47e76f1
@Emyrk
test: add deleted organization noise to existing enterprise idp sync …
764b944 
…test
@Emyrk
linting
92744cf
@Emyrk
more comments
6ddd69e
@Emyrk
fix dbmem test case
909c895
@Emyrk Emyrk force-pushed the stevenmasley/org_idp_sync branch from 7b0cb6c to 909c895 Compare April 15, 2025 20:54
aslilac
aslilac approved these changes Apr 15, 2025
View reviewed changes
coderd/idpsync/organization.go
Comment on lines +118 to +120
// If you pass in an empty slice to the db arg, you get all orgs. So the slice
// has to be non-empty to get the expected set. Logically it also does not make
// sense to fetch an empty set from the db.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah but this turns it into our problem. wouldn't this usually be the result of a configuration error?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't follow. You can configure it such that a user is in 0 orgs. Even if it's a configuration mistake on the admin, it is a valid configuration.

@Emyrk Emyrk merged commit 669e790 into main Apr 16, 2025
34 checks passed
@stirby
Copy link
Collaborator

stirby commented Apr 16, 2025

/cherry-pick release/2.20

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Apr 16, 2025
@Emyrk
test: add unit test to excercise bug when idp sync hits deleted orgs (#…
125b50b 
…17405)

Deleted organizations are still attempting to sync members. This causes
an error on inserting the member, and would likely cause issues later in
the sync process even if that member is inserted. Deleted orgs should be
skipped.
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Apr 16, 2025
Merged
@matifali
Copy link
Member

/cherry-pick release/2.21

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Apr 16, 2025
@Emyrk
test: add unit test to excercise bug when idp sync hits deleted orgs (#…
a6ceefb 
…17405)

Deleted organizations are still attempting to sync members. This causes
an error on inserting the member, and would likely cause issues later in
the sync process even if that member is inserted. Deleted orgs should be
skipped.
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Apr 16, 2025
Open
@Emyrk Emyrk changed the title test: add unit test to excercise bug when idp sync hits deleted orgs chore: handle deleted organizations in idp sync Apr 22, 2025
matifali pushed a commit that referenced this pull request Apr 22, 2025
@gcp-cherry-pick-bot @Emyrk
test: add unit test to excercise bug when idp sync hits deleted orgs …
7670820 
…(cherry-pick #17405) (#17423)

Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aslilac aslilac aslilac approved these changes

Assignees

@Emyrk Emyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Emyrk @stirby @matifali @aslilac