8000 feat: add base document db annotation, WithSourceDocumentAnnotations and WithRevisedDocumentAnnotations functions by ashearin · Pull Request #211 · bomctl/bomctl · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: add base document db annotation, WithSourceDocumentAnnotations and WithRevisedDocumentAnnotations functions #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Dec 3, 2024
Merged

feat: add base document db annotation, WithSourceDocumentAnnotations and WithRevisedDocumentAnnotations functions #211

merged 16 commits into from
Dec 3, 2024

Conversation

ashearin
Copy link
Member
@ashearin ashearin commented Nov 14, 2024
edited
Loading

Description

Adds an annotation for storing the uuid of the 'base' document when creating a new, modified document from one imported/fetched into the cache. In the added function the new document is called a revision.

All names are open to suggestions if you feel they don't capture the intent properly.

Also added a AddDocumentRevision function that takes in two sbom documents, the base document and the newly created revision document and setting appropriate annotations, including the base document uuid annotation, and moves the alias 'pointer' to the latest revision of the document, if an alias is present on the original.

Fixes #203
Related to #81

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • Expanded Unit tests

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings

@ashearin ashearin self-assigned this Nov 14, 2024
@ashearin ashearin requested a review from a team as a code owner November 14, 2024 04:49
jhoward-lm
jhoward-lm reviewed Nov 15, 2024
View reviewed changes
@ashearin ashearin requested a review from jhoward-lm November 15, 2024 23:38
jhoward-lm
jhoward-lm reviewed Nov 17, 2024
View reviewed changes
@jhoward-lm
Copy link
Contributor
jhoward-lm commented Nov 17, 2024
edited
Loading

From a design perspective, to reduce duplication, how would you feel about this?

  • Keep the original method AddDocument but update it to accept 0 or more annotations
  • Update AddOriginDocument so that all it does is create a []*ent.Annotation (or ent.Annotations, same thing) and call AddDocument with it. No need to call Store from multiple places
  • Rename AddOriginDocument --> 8000 AddSourceDocument to stick with the alias name conventions (e.g. bomctl_annotation_source_format, bomctl_annotation_source_hash, etc.)
  • Instead of creating AddDocumentRevision, I'd prefer a method like CreateBaseDocumentAnnotation that just generates the UUID for a document and returns the annotation that can then be passed to AddDocument
func (backend *Backend) AddDocument(sbomData []byte, ...annotations *ent.Annotation) (*sbom.Document, error) {
    // create ent.BackendOptions with the annotations slice

    // call backend.Store
}

func (backend *Backend) AddSourceDocument(sbomData []byte) (*sbom.Document, error) {
    // create slice of format, hash, and data annotations

    // call backend.AddDocument(sbomData, annotations...)
}

func (backend *Backend) CreateBaseDocumentAnnotation(document *sbom.Document) (*ent.Annotation, error) {
    baseUUID, err := ent.GenerateUUID(base)
    if err != nil {
        return nil, fmt.Errorf("%w", err)
    }

    return &ent.Annotation{
        Name: BaseDocumentAnnotation,
        Value: string(baseUUID),
        IsUnique: true,
    }
}

@ashearin
Copy link
Member Author
ashearin commented Nov 17, 2024
edited
Loading

From a design perspective, to reduce duplication, how would you feel about this?

I like this. I tried to do something similar with Interfaces (any) initially, but I felt like it made it messy and harder to follow so I went with separate functions. I'll make the switch to follow your example

@ashearin
Copy link
Member Author
  • Instead of creating AddDocumentRevision, I'd prefer a method like CreateBaseDocumentAnnotation that just generates the UUID for a document and returns the annotation that can then be passed to AddDocument

Running through the logistics of your suggestion. Were you thinking the creation of a 'revised' document would look something like:

revision := sbom.NewDocument() // or whatever

baseDocAntn, err := be.CreateBaseDocumentAnnotation(base)
// check err

_, err = be.AddDocument(revision, baseDocAntn)
// check err

err = be.UpdateAliasReference(revision, base)
// check err

One of reasons I thought AddDocumentRevision was worth creating was to only have one call to a function and one error to check like:

revision := sbom.NewDocument() // or whatever

 _, err := be. AddDocumentRevision(revision, base)
// check err

And internal to AddDocumentRevision would be those three function calls it replaced. We just call AddDocument inside AddDocumentRevision with the appropriate annotations like we do inAddSourceDocument, keeping only the single call to store.

Also reading ahead (AKA I already have this code written, minus the updates from this conversation), when we add a 'latest' document annotation we'll have another function we have to call (to move the latest annotation to the revised doc) when we create a revised document that could be contained in AddDocumentRevision, keeping things clean and avoiding repeated calls.

Not sure how many places we'll be eventually creating document revisions, but I'm assuming it'd be in more than one place.

Could also switch it up to AddRevisionDocument to align the function naming

@ashear 8000 in ashearin requested a review from jhoward-lm November 17, 2024 23:54
@ashearin ashearin force-pushed the 203-add-define-base-document-database-uuid-annotation branch from dd0f792 to d6a8731 Compare November 18, 2024 21:11
lallevato-lm
lallevato-lm reviewed Nov 20, 2024
View reviewed changes
@ghost
Copy link
ghost commented Nov 22, 2024

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 830b2d55:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@ashearin ashearin force-pushed the 203-add-define-base-document-database-uuid-annotation branch from ea95aa8 to dfc4ba1 Compare November 22, 2024 21:32
@jhoward-lm
Copy link
Contributor

Documenting discussion of this PR in an earlier call:

As a future effort, it might make sense to implement a functional options pattern for passing in a set of annotations to Backend.AddDocument

func WithSourceDataAnnotation(sbomData []byte) Option {
	return func(backend *Backend) {
		backend.Annotations = append(backend.Annotations, ent.Annotations{
			{
				Name:     SourceDataAnnotation,
				Value:    string(sbomData),
				IsUnique: true,
			},
		})
	}
}

or a combination of predefined annotations for different scenarios

@ashearin ashearin requested a review from jhoward-lm November 25, 2024 22:44
ashearin
ashearin commented 8000 Dec 2, 2024
View reviewed changes
@ashearin
Apply suggestions from code review
48957b4
67E6 
chore: comment clarifications

Signed-off-by: Allen Shearin <allen.p.shearin@gmail.com>
@ashearin ashearin requested a review from lallevato-lm December 2, 2024 22:40
jhoward-lm
jhoward-lm reviewed Dec 2, 2024
View reviewed changes
@ashearin ashearin requested a review from jhoward-lm December 3, 2024 00:25
@jhoward-lm
Copy link
Contributor

I believe for this commit, leaving it unset will cause the protobom/storage schema to randomly generate one, which won't match any document IDs in the database

jhoward-lm
jhoward-lm reviewed Dec 3, 2024
View reviewed changes
@ashearin
Copy link
Member Author
ashearin commented Dec 3, 2024

I believe for this commit, leaving it unset will cause the protobom/storage schema to randomly generate one, which won't match any document IDs in the database

What would I set it to in this situation? Would they all be the new/revised document uuid?

@jhoward-lm
Copy link
Contributor
jhoward-lm commented Dec 3, 2024
edited
Loading

What would I set it to in this situation? Would they all be the new/revised document uuid?

Should be uuid.Nil, but I got my wires crossed a little. It looks like the zero value for a field of uuid.UUID is uuid.Nil. So, leaving it off should be ok.

From protobom/storage Store method

	// Set each annotation's document ID if not specified.
	for _, a := range annotations {
		if a.DocumentID == uuid.Nil {
			a.DocumentID = id
		}
	}

@ashearin ashearin force-pushed the 203-add-define-base-document-database-uuid-annotation branch from f960596 to b5ed14f Compare December 3, 2024 16:14
@ashearin ashearin force-pushed the 203-add-define-base-document-database-uuid-annotation branch from 2ed7675 to a079191 Compare December 3, 2024 17:58
@ashearin ashearin added this to the v0.5 milestone Dec 3, 2024
@ashearin ashearin changed the title feat: add base document db annotation and addDocumentRevision method feat: add base document db annotation, WithSourceDocumentAnnotations and WithRevisedDocumentAnnotations functions Dec 3, 2024
@ashearin ashearin merged commit 2702216 into bomctl:main Dec 3, 2024
7 of 8 checks passed
@ashearin ashearin deleted the 203-add-define-base-document-database-uuid-annotation branch December 3, 2024 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhoward-lm jhoward-lm jhoward-lm approved these changes

@idunbarh idunbarh Awaiting requested review from idunbarh

@mfrystacky mfrystacky Awaiting requested review from mfrystacky

@lmphil lmphil Awaiting requested review from lmphil

@lallevato-lm lallevato-lm Awaiting requested review from lallevato-lm

Assignees

@ashearin ashearin

Labels
None yet
Projects
None yet
Milestone
v0.4.2
Development

Successfully merging this pull request may close these issues.

Add / Define base document database UUID annotation
4 participants
@ashearin @jhoward-lm @lmphil @lallevato-lm
0