Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0F354741B for ; Sat, 27 Aug 2011 21:20:55 +0000 (UTC) Received: (qmail 13355 invoked by uid 500); 27 Aug 2011 21:20:54 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 13187 invoked by uid 500); 27 Aug 2011 21:20:53 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 13179 invoked by uid 99); 27 Aug 2011 21:20:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 27 Aug 2011 21:20:53 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of paul.joseph.davis@gmail.com designates 209.85.212.52 as permitted sender) Received: from [209.85.212.52] (HELO mail-vw0-f52.google.com) (209.85.212.52) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 27 Aug 2011 21:20:47 +0000 Received: by vws16 with SMTP id 16so5537980vws.11 for ; Sat, 27 Aug 2011 14:20:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=diHu9fhK5hy2IbqjR1WZQWD9HxHp/i5rAzNCqaKOqLU=; b=n5rseE8/GtBrJm68rsUEkBmNIXClJL4yhko+otsQ7xb6SuhYS/ygs61Aplx6WCn5Cz lo0hPWnVvk+tzHkt8h+OkO616EhZtIvBNJoc9YdWcmaX85cwpLw90CkgrG30llgfpzlQ booZEIE6n+JaMNvnZ1yxPtDzrfvBCo8jnSKMU= Received: by 10.52.94.18 with SMTP id cy18mr2641059vdb.101.1314480026086; Sat, 27 Aug 2011 14:20:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.29.1 with HTTP; Sat, 27 Aug 2011 14:19:46 -0700 (PDT) In-Reply-To: References: <111A4F0F-6055-435B-8FF9-8D48CC058E4D@apache.org> From: Paul Davis Date: Sat, 27 Aug 2011 16:19:46 -0500 Message-ID: Subject: Re: The _security object should be versioned To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Sat, Aug 27, 2011 at 3:35 PM, Randall Leeds wr= ote: > On Sat, Aug 27, 2011 at 12:05, Chris Anderson wrote: > >> On Sat, Aug 27, 2011 at 9:14 AM, Benoit Chesneau >> wrote: >> >> > _security doc or object is something we need available each time we op= en >> a >> > db thoug. So having it in db headers has a lot of sense imo. =A0If it'= s >> savd >> > with #full_doc_* semantic does it means it will be saved in the db, an= d >> we >> > keep a pointer to it in the db header ? Or would it still be saved in = the >> db >> > header? >> > >> > >> > - benoit >> > >> >> Currently a pointer to it is stored in the db header. The pointer >> could be to whatever, wouldn't change things. So if full_doc_info >> solves the original question, that works for me. >> >> I think for 2.0 we should consider whether to move it to a _local/doc >> or not. Part of the point of the original implementation is >> simplicity. If it stops being simple we should feel free to refactor >> as long as we don't break people's expectations. >> > > > How's this for a way forward? > > 1) Refactor couch_db_updater:merge_rev_trees so that the action of mergin= g a > revision tree is decoupled from the maintenance of the by_seq index. In > particular, I would love to see a function which just merges a single > document's revision tree. That code can be re-used for folding over all t= he > regular document updates that affect the _changes/by_seq index and also u= sed > for the _security object. > > 2) Promote _security to a #full_doc_info record. Keep a pointer to it in = the > db header still. Write the upgrade code. > > 3) Let the current _security API stay as it is (it has to until 2.0, > right?), with clobbering/auto-rev-bump semantics. This is not so differen= t > from the case of regular document creation, where we treat it as an impli= cit > update to the {0, []} revision. That should make incomplete updates to a > cluster-wide _security object resolvable for fork maintainers (I'm lookin= g > at you, Paul). > > 4) Bump any discussion of an explicit MVCC API at the HTTP level for > _security and all discussion of _local docs to another time/thread. > Yes to all of this except bumping MVCC HTTP discussion. I haven't yet convinced myself that its doable without exposing the standard _rev semantics to clients. And as Chris mentions it'd probably already fit into most people's current update patterns. It does seem like there's a possibility to hide it from clients but I'm not sure that's appropriate here.