Skip to content

Add new 2nd gen Firestore auth context triggers#1519

Merged
blidd-google merged 12 commits intomasterfrom
blidd.firestore-v2-auth-context
Apr 4, 2024
Merged

Add new 2nd gen Firestore auth context triggers#1519
blidd-google merged 12 commits intomasterfrom
blidd.firestore-v2-auth-context

Conversation

@blidd-google
Copy link
Copy Markdown
Contributor

@blidd-google blidd-google commented Feb 1, 2024
edited
Loading

Auth context support has only been available for RTDB 1st gen functions — until now! The Firestore and Eventarc teams have recently added support for Firestore Cloud Events to include event actor information, adding four new event types. These changes enable us to offer four new 2nd gen Firestore trigger types whose events will additionally contain the auth context along with the existing event data:

  • onDocumentWrittenWithAuthContext
  • onDocumentUpdatedWithAuthContext
  • onDocumentCreatedWithAuthContext
  • onDocumentDeletedWithAuthContext

The API is very similar to the existing 2nd gen Firestore triggers API; however, users should take special care to avoid event loss when migrating from the original 2nd gen Firestore trigger to the auth-context trigger. See the migration guide for more details about best practices.

@blidd-google blidd-google self-assigned this Feb 1, 2024
@blidd-google blidd-google mentioned this pull request Feb 1, 2024
Merged
@blidd-google blidd-google requested a review from egilmorez March 7, 2024 19:46
exaby73
exaby73 reviewed Mar 17, 2024
View reviewed changes
Comment thread src/v2/providers/firestore.ts

/**
* Event handler which triggers when a document is updated in Firestore.
*
Copy link
Copy Markdown
Contributor

@exaby73 exaby73 Mar 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The following doc was not added here:

This trigger will also provide the authentication context of the principal who triggered the event.

egilmorez
egilmorez reviewed Mar 21, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@egilmorez egilmorez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of things for you, thanks!

Comment thread src/v2/providers/firestore.ts Outdated
}

/**
* Event handler which triggers when a document is created, updated, or deleted in Firestore.
Copy link
Copy Markdown
Contributor

@egilmorez egilmorez Mar 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This and most other instances of "which" in these comments is better as "that" (more restrictive, rather than additive).

https://prowritingaid.com/art/438/-Which--or--That-%3A-Know-When-to-Use-Each.aspx

Comment thread src/v2/providers/firestore.ts Outdated

/**
* Event handler which triggers when a document is created, updated, or deleted in Firestore.
* This trigger will also provide the authentication context of the principal who triggered the event.
Copy link
Copy Markdown
Contributor

@egilmorez egilmorez Mar 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest "also provides"

Avoid "will" wherever you can. Please check this globally in this PR, thanks!

inlined
inlined reviewed Apr 1, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@inlined inlined left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where's the withInit calls? Is this based on an old CL?

Comment thread src/v2/providers/firestore.ts Outdated
/** The document path */
document: string;
/** The type of principal that triggered the event */
authType?: AuthType;
Copy link
Copy Markdown
Member

@inlined inlined Apr 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These will always be populated in the new event type, right? If so, we should create a separate event type where the fields are omitted in the previous event handlers and guaranteed to exist in the new ones.

Copy link
Copy Markdown
Contributor Author

@blidd-google blidd-google Apr 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@exaby73 actually made the same suggestion when implementing the triggers in the Python SDK, but my reasoning for using the same event type is that we had discussed plans for aliasing onDocumentX to onDocumentXWithAuthContext in the next major release of the SDK, which may pollute the namespace a bit and cause confusion; a user writing a onDocumentX function will need to use the FirestoreEventWithAuthContext interface as opposed to just a single FirestoreEvent interface. The additional authId field is also optional and not guaranteed to exist in the delivered event.

But I also see the argument for having a separate event type. WDYT? Happy to make the changes and coordinate with @exaby73 to restore his old changes if we think the correct approach.

Copy link
Copy Markdown
Member

@inlined inlined Apr 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty strongly in favor of fields being non-optional when they will always be provided and omitted when they will never be provided (in TypeScript at least. I'm not the expert for Python)

Comment thread src/v2/providers/firestore.ts Outdated
/** A Firestore QueryDocumentSnapshot */
export type QueryDocumentSnapshot = firestore.QueryDocumentSnapshot;

type AuthType = "service_account" | "api_key" | "system" | "unauthenticated" | "unknown";
Copy link
Copy Markdown
Member

@inlined inlined Apr 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we document when "unknown" will happen and if there are any assumptions the dev can make (e.g. that it's from an admin context)?

Copy link
Copy Markdown
Member

@inlined inlined Apr 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also wouldn't hurt to export.

Copy link
Copy Markdown
Contributor Author

@blidd-google blidd-google Apr 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep the CL is a few months old, quite a few things have changed in the meantime!

@blidd-google blidd-google force-pushed the blidd.firestore-v2-auth-context branch from 393c5e1 to 0c51861 Compare April 1, 2024 18:12
inlined
inlined reviewed Apr 1, 2024
View reviewed changes
Comment thread spec/v2/providers/firestore.spec.ts
colerogers
colerogers reviewed Apr 2, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@colerogers colerogers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm after addressing @inlined's concerns

blidd-google and others added 5 commits April 3, 2024 11:16
@blidd-google
separate out event type with auth context
aa8df0f
@blidd-google
Revert "post rebase"
c5bda98 
This reverts commit 0c51861.
@blidd-google
post rebase
92853d5
@blidd-google
Revert "separate out event type with auth context"
8c83dd8 
This reverts commit aa8df0f.
@inlined @blidd-google
Ugly type safety (#1548)
3902b80 
* Ugly typesafety

* Formatter

* consolidate make firestore event fns and simplify typings

---------

Co-authored-by: Brian Li <blidd@google.com>
inlined
inlined approved these changes Apr 3, 2024
View reviewed changes
Comment thread src/v2/providers/firestore.ts Outdated
// const fn = (
// event: FirestoreEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>> & {
// foo: string;
// }
Copy link
Copy Markdown
Member

@inlined inlined Apr 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove dead code

@blidd-google blidd-google merged commit 53f7204 into master Apr 4, 2024
@inlined inlined deleted the blidd.firestore-v2-auth-context branch April 7, 2024 15:31
@Bullfrog1234 Bullfrog1234 mentioned this pull request Apr 23, 2024
Closed
@wilpar
Copy link
Copy Markdown

wilpar commented May 3, 2024

migration guide link in the original post is 404.

@gr00nd gr00nd mentioned this pull request May 23, 2024
Open
@X-oss-byte X-oss-byte mentioned this pull request May 24, 2024
Open
@X-oss-byte X-oss-byte mentioned this pull request May 25, 2024
Closed
@aravindvnair99 aravindvnair99 mentioned this pull request Jun 10, 2024
Closed
@5twelve 5twelve mentioned this pull request Aug 8, 2024
Open
This was referenced Sep 6, 2024
Open
Open
@snyk-io snyk-io Bot mentioned this pull request Nov 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@egilmorez egilmorez egilmorez left review comments

@colerogers colerogers colerogers left review comments

@inlined inlined inlined approved these changes

+1 more reviewer

@exaby73 exaby73 exaby73 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@blidd-google blidd-google

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@blidd-google @wilpar @inlined @egilmorez @colerogers @exaby73