Handling of entityVersion in JPA map storage provider on upgrades #9640

ahus1 · 2022-01-19T13:48:25Z

ahus1
Jan 19, 2022
Collaborator

Problem statement

The current JPA map storage implementation has one field entityVersion that identifies the schema version. This identifies (a) the format the JSON has been written in and (a) might show how and if some additional search columns/tables have been filled.

The JSON is migrated on read, and when the entity is updated the entity version is updated to the current entity version from the perspective of the now running Keycloak version. It also ensures that it only reads entity versions that are the current supported version +1; it will fail with a IllegalArgumentException on any higher version (see JpaEntityMigration).

This sums up as:

write entities with the current entity version to the database
read any entity version from the DB that is smaller or equal to the current plus one

This could fail in the following way:

read a version of the next version (N+1) that has additional fields in the JSON.
JsonbType will ignore any additional field
after an update has been made, the entity will be written to the database with the JSON format for version (N), and the new fields will be lost.
The current implementation will keep the entity version (N+1) so there will be no way to determine that the fields have been removed or a migration needs to be implemented.

This could also fail in ways that a additional fields are not updated by the (N) Keycloak version what would need to be updated by a (N+1) entity version.

How to update an entity that has been written to the database with a (N+1) version is not handled in the concept document here: https://github.com/keycloak/keycloak-community/blob/main/design/keycloak.x/storage-persistence.md

Approach

Apply a defensive programming style to throw an exception when attempting to write an entity that has a newer version in the database.
Rework repetitive calls to checkEntityVersionForUpdate() in JpaClientEntity to a method annotated with @PreUpdate and @PrePersist, so that is called whenever a SQL insert or update is triggered.

Out of scope / future task: In a no-downtime scenario write access could be redirected only to the new versions of Keycloak (assuming a green-blue-deployment scenario).

Benefits

Ensuring that only consistent data, and newer fields from later versions are not removed.
Simple approach to make the existing implementation safe to not write old format JSON to a new entity version database row
Simplify the update of the entity version by not calling checkEntityVersionForUpdate() in multiple places.
Leave the more complicated approach of a hierarchical version number for a future date where a practical example is at hand.

Alternatives

Leave it "as is".
Discuss how a hierarchical version number could be implemented now - a practical example would be required.

vramik · 2022-01-19T17:23:43Z

vramik
Jan 19, 2022
Collaborator

JsonbType will ignore any additional field

I believe it shouldn't ignore the additional fields. When new version of schema will need to be introduced, there'd be also be needed to add a migration step into particular MIGRATORS (e.g. JpaClientMigration.MIGRATORS) ... some examples could be found here.

So during reading (deserializing) json the object would be migrated to be usable in current version (and updated only when any write operaton is performed).

0 replies

ahus1 · 2022-01-20T09:15:05Z

ahus1
Jan 20, 2022
Collaborator Author

@vramik - my previous note was incomplete and therefore wrong. Please let me add to my previous statement:

when the JsonbType reads a JSON of a previous entity version, it will update the JSON with the known migrations to version N
when it reads JSON of a version N+1, it will assume that it can read the data and that it is compatible for reading and will continue in processing and call MAPPER.treeToValue(tree, valueType). IMHO this will at the moment discard any unknown field.
when it would then write back the data, the entity version will stay on N+1, but the new field will be lost. In addition, the serialization format written by MAPPER.writeValueAsString(value) will be the format of version N, not the format of N+1 as indicated in the entityVersion.

Therefore migrations won't help here, as they can handle N+1 versions.

0 replies

ahus1 · 2022-01-20T13:42:45Z

ahus1
Jan 20, 2022
Collaborator Author

Summary of a discussion within the storage team:

There is the additional requirement to do a rollback to a previous Keycloak version that also includes falling back on a previous storage version N after entities have been written with N+1 version.

This then requires that a N version can write entities with a N+1 version. To do that consistently, it would then need to downgrade the entity version stored in the database as well.

Being able to write the N version to the database puts restrictions on the kind of changes that could be made to the schema; it might require adding a new column and not using it for data that must not be lost by a rollback.

Action items for @ahus1:

update the storage concept to detail what happens when writing to a record of version N+1 with a N version, and why this is important for rollbacks.
update the JPA map implementation that it will downgrade the entity version on write if it has been stored with a newer version.

1 reply

ahus1 Jan 21, 2022
Collaborator Author

The original docs contained the following paragraph that I missed:

For each of the entities [...], the current store version is the entity schema version that the store uses for writing objects.

The PR above tries to elaborate on downgrades so a future me could see the implications this has.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Handling of entityVersion in JPA map storage provider on upgrades #9640

Uh oh!

{{title}}

Uh oh!

Replies: 3 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Handling of entityVersion in JPA map storage provider on upgrades #9640

Uh oh!

ahus1 Jan 19, 2022 Collaborator

Problem statement

Approach

Benefits

Alternatives

Replies: 3 comments · 1 reply

Uh oh!

Uh oh!

vramik Jan 19, 2022 Collaborator

Uh oh!

ahus1 Jan 20, 2022 Collaborator Author

Uh oh!

Uh oh!

ahus1 Jan 20, 2022 Collaborator Author

Uh oh!

ahus1 Jan 21, 2022 Collaborator Author

ahus1
Jan 19, 2022
Collaborator

Replies: 3 comments 1 reply

vramik
Jan 19, 2022
Collaborator

ahus1
Jan 20, 2022
Collaborator Author

ahus1
Jan 20, 2022
Collaborator Author

ahus1 Jan 21, 2022
Collaborator Author