feat(dashboard api): user/team provisioning handlers#2335
Open
ben-fornefeld wants to merge 107 commits intomainfrom
Open
feat(dashboard api): user/team provisioning handlers#2335ben-fornefeld wants to merge 107 commits intomainfrom
ben-fornefeld wants to merge 107 commits intomainfrom
Conversation
… while enqueuing for processing
…om/e2b-dev/infra into feature/supabase-users-sync-worker
…d recovery mechanisms - Updated the sync runner to use `RunWithRestart` for improved error recovery. - Introduced a new `UserSyncQueue` model to manage user synchronization tasks. - Added SQL migration for creating the `user_sync_queue` table with necessary triggers. - Implemented tests for the processor and supervisor to ensure robust handling of retries and panics. - Refactored existing queries to target the new `public.user_sync_queue` table.
…agement - Introduced `supabase_auth_user_sync_enabled` variable to control user synchronization. - Updated Nomad job configuration to include the new sync setting. - Added Google Secret Manager resources for managing the sync configuration securely. - Enhanced the dashboard API to utilize the new sync configuration in processing logic. - Refactored related components to improve error handling and logging for the sync process.
- Replaced the previous `Store` implementation with a new structure that integrates both authentication and main database queries. - Updated the `Runner` and `NewRunner` functions to accommodate the new database client structure. - Removed obsolete SQL queries and migration files related to the `user_sync_queue` table. - Enhanced the test suite to reflect changes in the runner's initialization and database interactions.
- Updated the `TestSupabaseAuthUserSyncRunner_EndToEnd` to apply necessary database migrations before running tests. - Refactored the `SetupDatabase` function to include a new method `ApplyMigrations` for better migration management.
Made-with: Cursor
- Introduced a new process outcome `ready_to_ack` to streamline acknowledgment handling. - Refactored the `process` method to prepare for batch acknowledgment of processed items. - Added a new `AckBatch` method in the store to handle multiple acknowledgments efficiently. - Updated the `Runner` to process items in batches and finalize acknowledgments accordingly. - Removed obsolete SQL query for single item acknowledgment as part of the refactor. - Enhanced tests to cover new deletion logic and acknowledgment scenarios.
…references - Deleted the `auth_db_connection_string` secret and its version from the GCP configuration. - Updated references in `main.tf` and `nomad/main.tf` to use the `postgres_connection_string` instead. - Removed the corresponding variable declaration from `variables.tf` to clean up unused configurations.
- Updated the dashboard API module to separate base and extra environment variables. - Introduced a precondition to prevent conflicts with reserved keys in extra environment variables. - Modified the HCL job configuration to iterate over environment variables dynamically. - Adjusted variable declarations to reflect the new structure for extra environment variables.
…0 across multiple packages
…om/e2b-dev/infra into feature/supabase-users-sync-worker
…om/e2b-dev/infra into feature/supabase-users-sync-worker
…riable handling - Updated the AuthUserSyncWorker to utilize OpenTelemetry metrics for better monitoring. - Refactored the Makefile to improve environment variable exportation and streamline build/run commands. - Removed outdated SQL query files related to user sync queue operations to clean up the codebase. - Adjusted the database migration script to drop the auth_custom schema if it exists, ensuring a cleaner migration process.
Made-with: Cursor
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Allow dashboard-api to use a dedicated SUPABASE_DB_CONNECTION_STRING while keeping the existing fallback to POSTGRES_CONNECTION_STRING. Thread the new setting through Terraform so deployments can configure the worker without reusing the auth DB connection string.
Keep dashboard-api specific env wiring explicit, restore NODE_ID and PORT in the Nomad job spec, and remove generic dashboard-api env passthrough. Also trim unrelated lint churn from the branch and scope the remaining test/migration helpers to the auth user sync worker flow.
…management' into feature/dashboard-api-user-team-management
…-user-team-management # Conflicts: # .env.gcp.template # iac/modules/job-dashboard-api/main.tf # iac/modules/job-dashboard-api/variables.tf # iac/provider-gcp/main.tf # iac/provider-gcp/nomad/main.tf # iac/provider-gcp/nomad/variables.tf # iac/provider-gcp/variables.tf # packages/dashboard-api/go.mod # packages/dashboard-api/internal/backgroundworker/auth_user_sync_test.go # packages/dashboard-api/internal/cfg/model.go # packages/dashboard-api/main.go # packages/db/pkg/supabase/migrations/20260401000001_river_auth_custom_schema.sql # packages/db/pkg/supabase/migrations/20260401000003_river_auth_user_sync_triggers.sql
…-user-team-management # Conflicts: # packages/dashboard-api/internal/api/api.gen.go
Keep upstream billing status codes in team creation responses and report invalid create-team requests so traces retain the real failure cause.
Mark the create-team provisioning status subtests parallel so the handler tests match the repo's lint rules and CI passes.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 1e49371. Configure here.
| zap.String("team.provision.reason", req.Reason), | ||
| zap.String("team.provision.sink", sink), | ||
| } | ||
| } |
There was a problem hiding this comment.
Slice append on provisionLogFields may mutate shared backing array
Low Severity
provisionLogFields returns a slice literal with len=cap=4. When callers use append(provisionLogFields(...), ...), Go allocates a new array so it's safe today. However, if any field is ever added to this base slice, the capacity would grow, and the append pattern in noop_sink.go and http_sink.go could start mutating the original slice. Returning the result of append assigned to a new variable (as callers do) is safe, but the pattern is fragile. Consider returning a copy or pre-allocating extra capacity to make intent explicit.
Reviewed by Cursor Bugbot for commit 1e49371. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
We need a way to create (default) teams inside the
dashboard-api. Along with that, we need an optional way, to (a)synchronously provision external team resources, for every team creation. This PR is part of a bigger DB migration and enables us to deprecate DB triggers, which would prevent us doing the DB migration.The changes in this PR orchestrate external team provisioning for certain environments that require it, like E2B Cloud.