feat: Introduce server component mode limitations #35994
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Alberto Leal <[email protected]>
Required since #35490.
…method The root motivation is to have `override_settings` work as expected in a testing context. To that end, move a lot of infrastructure related to creating the body of a method override into the new ModeLimited class in servermode.py, a base class for the other decorators. Also made some opportunistic improvements and reorganizations.
markstory
reviewed
Jul 12, 2022
| MONOLITH = "MONOLITH" | ||
| CONTROL = "CONTROL" | ||
| CUSTOMER = "CUSTOMER" | ||
| FRONTEND = "FRONTEND" |
There was a problem hiding this comment.
What is the FRONTEND mode for?
There was a problem hiding this comment.
@markstory it's for running Sentry as a static file webserver.
There was a problem hiding this comment.
Yeah, it's kind of a placeholder as I don't know if it will actually be needed on any of the individual request handlers mapped in Django. If the front-end silo's only job is serving static files, then by definition there is no business logic to tag. This is here because I wasn't sure if that assumption would hold. But, if it does, we can delete the enum value.
dashed
approved these changes
Jul 25, 2022
dashed
approved these changes
Jul 26, 2022
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously submitted for incremental review in:
What this is
Some custom decorators that we'll soon apply to all (or most) endpoint and model classes in the code base. If you set an environment variable declaring the server to be in a particular "mode", decorated endpoints and models will be available only in that mode. (This excludes "monolith mode", which is the default where everything is available.)
If an "unavailable" model is accessed, an exception is raised. Models can allow read-only access from one mode and write access from another.
If a request hits an "unavailable" endpoint, it will return a 404 status, effectively making the endpoint nonexistent on that server as far as the outside world is concerned. There is a setting (for dev and testing environments) that raises an exception instead.
What it's for
This is motivated by a future move to a geographically distributed architecture. In such an architecture, individual server nodes will store only a subset of the data that's currently in Sentry's DB schema. Accordingly, those nodes will provide only a subset of the services. The decorators designate which database tables and API services will exist in each kind of node.
For the time being, the decorators are best understood as a tool for simulating that architecture. When you are running a dev stack in "control" mode, you are essentially pretending that only the "control" tables exist. If a "control" API service crosses the boundary and attempts to read a "customer" table, you get a conspicuous error and something to fix. Automated tests can be similarly scoped, where they're expected to work in a particular mode.
Future work, we hope, will bring reality into line with the simulation. The decorators should be able to stick around permanently, if only to provide more informative errors if a boundary-crossing bug emerges.
Obviously, only "monolith mode" is supported for production use. Because monolith mode is the default configuration, it should be safe to merge and ship this as-is.