Problem/Motivation
In #2432791: Skip Config::save schema validation of config data for trusted data we decided to not calculate configuration dependencies when we are working with trusted data.
But, it is possible for a module in hook_entity_create or hook_entity_ENTITY_TYPE_create to influence dependencies.
Issue priority
Critical because "Cause loss/corruption of stored data."
"Incorrect dependencies can lead to things being deleted when the shouldn't and not being deleted when they should." (#14)
Proposed resolution
calculate dependencies even for trusted data
+++ b/core/lib/Drupal/Core/Config/Entity/ConfigEntityBase.php
@@ -341,7 +341,7 @@ public function preSave(EntityStorageInterface $storage) {
- if (!$this->isSyncing() && !$this->trustedData) {
+ if (!$this->isSyncing()) {
Remaining tasks
User interface changes
No.
API changes
No.
Data model changes
No.
Comment | File | Size | Author |
---|---|---|---|
#66 | 2520526-2-64.patch | 23.3 KB | alexpott |
#66 | 2520526-62-64-interdiff.txt | 4.53 KB | alexpott |
#62 | 2520526-2-62.patch | 21.81 KB | alexpott |
#62 | 2520526-61-62-interdiff.txt | 2.07 KB | alexpott |
#61 | 2520526-57-61-interdiff.txt | 5.34 KB | alexpott |
Comments
Comment #1
catchComment #2
alexpottComment #3
swentel CreditAttribution: swentel commentedSo, would the test fail without this change ? Because I can't find calls to trustData when creating an entity anywhere.
The use statement doesn't seem to be used, so can go away ?
Comment #4
Eli-TRemoved redundant use statement identified in #3, otherwise the original patch looks good.
Also to confirm the test does fail without the change.
Comment #6
Eli-TPatch in #2 also currently fails testing locally when applied to current HEAD.
Comment #10
alexpottFixed the patch... although hmmm.
Comment #13
alexpottComment #14
alexpottConsidering that configuration is being saved with incorrect dependencies and the affects that that can have I think this is a critical issue. Incorrect dependencies can lead to things being deleted when the shouldn't and not being deleted when they should.
Comment #15
dawehnerThis patch seems not to add test coverage for this bit?
Comment #16
Wim LeersThis is the key change. I've verified locally that there is test coverage: reverting this change causes the updated
ConfigInstallTest
to fail.So this was a missing dependency.
Isn't that technically out of scope for this issue? And agreed with @dawehner that test coverage for this is missing.
I don't understand what change in this patch can cause some dependencies to be omitted.
I do understand that additional dependencies can appear.
I don't understand how this patch can cause listed dependencies to have a different order.
I don't understand how the changes in this patch can cause dependencies to change.
Comment #17
yched CreditAttribution: yched commentedRegarding entity_reference : this is why we really should proceed with #2429191: Deprecate entity_reference.module and move its functionality to core (which is 99% ready)
Atm, entity_reference.module is not needed for e_r base fields (Core now contains the full-featured e_r field type), but only to create configurable e_r fields. That is an arbitrary split at this point. (I think that explains the hunks mentioned by @Wim)
Comment #18
YesCT CreditAttribution: YesCT commentedcritical so the rc deadline tag is not needed.
filled out more in the summary. seems like no api or data model changes.
Comment #19
alexpottRe #16
Comment #20
alexpottHere is a test and a test only patch (which is the interdiff)
Comment #24
alexpottComment #25
jibranSeems ready to me.
Comment #26
dawehnerThank you alex!
Comment #27
xjmThis looks like it needs an upgrade path (or several actually) -- if there are all these config entities on existing sites that are missing dependencies, and furthermore shipped entities with wrong dependencies, then we also need to update those existing sites.
Also, some manual testing would be a really good idea, given the broad impact of this bug and fix.
Comment #28
cosmicdreams CreditAttribution: cosmicdreams as a volunteer commentedWhat is a scenario that you would like to be tested?
Comment #29
heddnIs #2574903: Examples should uninstall configuration a related item?
Comment #30
dawehnerLooking at the update path.
Comment #31
dawehnerThere we go.
Comment #34
Wim LeersI think it'd be clearer (and safer) to also test the expectations *before* running the updates, so that it's clear what exactly you expect to change.
Does this then also include optional config?
Either way: would be good to have explicit test coverage for optional config too.
Why these changes?
Comment #35
catch#34-3 #2429191: Deprecate entity_reference.module and move its functionality to core but also prior to that patch entity_reference was only required for field_ui not for programmatic creation.
Comment #36
pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commentedtrying to fix some of the test fails
Comment #37
pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commentedThis fixes some of them
Comment #40
pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commentedMight fix the other 2.
Comment #41
alexpottSo one other problem is that I think that we're adding these dependencies on the wrong level - we're adding on the FieldConfig level and not the FieldStorageConfig level. Going to try and address this.
Comment #42
jibranAdded entity tags to alert team entity. Removed upgrade path and upgrade path test tags as we have them now.
Comment #43
alexpottEntity reference field storages now depend on the module that provides there target entity type. What makes lots of sense. The fields (instances) inherit this dependency because they are all dependent on their field storages (obviously).
Comment #46
yched CreditAttribution: yched commentedNot familiar with the exact stakes of this patch, but the changes in the last interdiff in FieldItemInterface & EntityReferenceItem make total sense. We have FieldItemInterface::calculateDependencies() for the field config, there should definitely be an equivalent for the storage config.
Comment #47
dawehnerOh yeah I totally think that this is how you expect it to be.
Is this something existing or did you invented this here ?
Looking at the failures for a while.
Comment #48
dawehnerI'm actually quite happy that
Drupal\system\Tests\Installer\StandardInstallerTest
failed ...Here is a fix for the rest of the failures. Now the dependencies actually make more sense to be honest, like the tags field storage depending on taxonomy module.
Comment #49
Gábor Hojtsy"dependencies listing module" does not make sense. I think it wanted to be "dependencies listing THE module"?
Comment #50
Gábor HojtsyWrote change notice draft at https://www.drupal.org/node/2581375 for the new API addition. Found two more nits while writing it:
{@inheritdoc}
Let's add one line phpdoc on what does this supposed to test IMHO.
Comment #51
nlisgo CreditAttribution: nlisgo commentedcomma needed at the end of the line.
Comment #52
dawehnerThanks for the reviews, well someone please make a patch, I'm not necessarily online.
Comment #53
nlisgo CreditAttribution: nlisgo commentedI'll do it.
Comment #54
nlisgo CreditAttribution: nlisgo commentedComment #55
nlisgo CreditAttribution: nlisgo commentedThis addresses all but #50.1.
Because the class is not a test class but is only needed for FieldStorageConfigEntityUnitTest it is not appropriate to have @coversDefaultClass so could some who working on that provide an example doc please.
Comment #56
alexpottAdded the missing documentation requested by #50 and removed the ability of the field type plugins 'config_dependencies' info to end up in the field storage configuration as it already ends up in the field configuration.
Comment #57
claudiu.cristeaMore nits.
Comment #58
catchfield storage or other storage?
Why the ordering change?
Loads scan all?
Also what about optional config that doesn't actually depend on the module, then that module got uninstalled but the config stuck around?
Two nits one actual question.
Comment #59
alexpottGood questions and looking at the update function we're not dealing with optional config. Fixing that...
Comment #60
Wim Leers#59: RE: optional config, I asked about that in #34.2. Which is why I think #34.1 is worth having/doing too: it makes the expectations of pre-update and post-update much clearer, hence preventing accidental regressions.
Comment #61
alexpottre #58
I also fixed the fact we're weren't checking optional and uninstalled modules configuration. Thinking about it what happens if the module code no longer exists because the user removed it. I think the only thing we can do it save all configuration entities again. Which then makes me think we should batch this :(
Comment #62
alexpottUsing a batch and re-saving everything.
Comment #63
dawehnerUrgs, it feels just bad to execute code before the update. Do we really need that and can't just manipulate the objects in the DB directly?
Maybe some docs about why we want to scan optional config as well would be nice
Comment #64
YesCT CreditAttribution: YesCT commentedI didnt think we wrote comments talking about what used to happen. I know this is in an update though...
and I dont think we reference the issue that is changing code. that is what blame is for eh?
Comment #66
alexpottWe can remove
system_post_update_fix_enforced_dependencies()
because all config entities are going to be re-saved anyway.Batches and the post update thing don't exactly work as expected atm - it records the same post update multiple times.
Fixed the issues raised by @YesCT
Comment #68
alexpottJust realised we could also remove the entire core/modules/field/field.post_update.php... as these are updates that just resave config entities...
Comment #69
alexpottCreated #2581459: UpdatePostUpdateTest is extremely fragile to change and does not test batches in post updates to make UpdatePostUpdateTest a bit less annoying.
Comment #70
cosmicdreams CreditAttribution: cosmicdreams as a volunteer commentedWell for what it's worth the patch looks good to me. The only quibble I could find was that EntityReferenceFieldTest and UpdatePostUpdateTest didn't have any @covers directives. But then I noticed they weren't unit tests so I guess that's alright.
RTBC++ from me.
Comment #71
cosmicdreams CreditAttribution: cosmicdreams as a volunteer commentedI will be bold.
Comment #72
effulgentsia CreditAttribution: effulgentsia at Acquia commentedThis looks great to me as well. I'm about to commit it. Ticking credit boxes for everyone who participated.
Comment #73
effulgentsia CreditAttribution: effulgentsia at Acquia commentedAnd pushed!
Comment #75
effulgentsia CreditAttribution: effulgentsia at Acquia commentedFYI: One of the ways I manually tested this was installing 2 Standard Profile sites: one from beta-16 and then updating to HEAD post commit of this patch, and another by installing straight to HEAD post commit of this patch. Then I exported the full configuration of each site and diffed them, and all dependencies were the same.
Comment #76
dawehner@effulgentsia
You would not have had to do that. The
\Drupal\system\Tests\Installer\StandardInstallerTest
is doing exactly that, and did, see some of the failures earlier.