feat: implement partial client updates

[mattbonnell]

Related issue

#2385

Proposed changes

• Adds a PATCH handler to the client admin API.
• Patch implemented as JSON Patch as per Decide RESTful PATCH strategy meta#2 using https://github.com/evanphx/json-patch

Checklist

• I have read the contributing guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further comments

[mattbonnell]

wow, git made such a strange diff :) probably easiest to just look at the client/handler.go file directly

[mattbonnell]

getting the following error when I try to regenerate the sdk:

❯ make sdk
GOBIN=/Users/mattbonnell/dev/go/github.com/ory/hydra/.bin/ go install  github.com/ory/cli
# github.com/ory/jsonschema/v3/httploader
../../../../../go/pkg/mod/github.com/ory/jsonschema/v3@v3.0.1/httploader/httploader.go:27:15: undefined: httpx.NewResilientClientLatencyToleranceMedium
# github.com/ory/cli/cmd/dev/newsletter
../../../../../go/pkg/mod/github.com/ory/cli@v0.0.35/cmd/dev/newsletter/pkg.go:86:12: undefined: httpx.NewResilientClientLatencyToleranceMedium
make: *** [.bin/cli] Error 2

[aeneasr]

This looks pretty much like what I imagined! We obviously need a few tests and so on :) But I think this is almost good as is

[aeneasr]

Is this the best library for the job? What alternatives do we have?

[mattbonnell]

The JSON Patch site gives two options for Go implementations, this and another library, https://github.com/mattbaird/jsonpatch. Between the two, this one has more stars (551 vs 89) and more contributors (41 vs 8). This one was also updated more recently (January vs last August). Additionally, this library also supports Merge Patch, which was indicated as a potential alternative in ory/meta#2.

For these reasons, I felt this was the better choice between the two.

[aeneasr]

Perfect, thank you!

[aeneasr]

I think we could wrap this, including DecodePatch, in a helper function in x and add a few test there? Alternatively we could also add this to ory/x/decoderx

[mattbonnell]

I think that would be a good idea! Will investigate this.

[aeneasr]

Awesome, thank you :)

[mattbonnell]

done! defined a helper in x/json.go

[aeneasr]

getting the following error when I try to regenerate the sdk:

You can bum ory/cli to a newer version which should fix that!

[mattbonnell]

getting the following error when I try to regenerate the sdk:

You can bum ory/cli to a newer version which should fix that!

Hey, can you help me understand the make sdk rule? The first command is:
swagger generate spec -m -o ./spec/api.json -x internal/httpclient -x gopkg.in/square/go-jose.v2

Isn't internal/httpclient the swagger-generated client code? I think I'm missing something here, this seems circular. How can we go about adding definitions to the swagger spec in this case? Additionally, it seems the sdk rule doesn't consider changes made in the client package.

I had added the PatchRequest and PatchDocument definitions to api.json, but this would overwrite them and then I get some other errors. If I remove this first line, then the rule runs as expected and I end up getting the new generated code in internal/httpclient (check the files which this PR adds to internal/httpclient).

The PR is failing in CI currently at this sdk generation step.

[aeneasr]

I'll look into this now

[aeneasr]

make sdk works fine for me but fails with:

The swagger spec at "./spec/api.json" is invalid against swagger specification 2.0.
See errors below:
- "updateOAuth2Client" is defined 2 times

because

// swagger:route PATCH /clients/{id} admin updateOAuth2Client

and

// swagger:route PUT /clients/{id} admin updateOAuth2Client

share the operation id. So one should be update and the other maybe patchOAuth2Client?

[mattbonnell]

@aeneasr following up from your last comment:

that's the thing though, it is patchOAuth2Client as I've defined it, but it seems when that swagger generate command is run, it replaces spec/api.json and in the replaced version it has two updateOAuth2Clients defined for some reason. If you eliminate that first generate command, everything works as expected.

[mattbonnell]

ohhh, i see. i think i was doing things wrong. hang on.

[mattbonnell]

ok. think i've fixed it now.

[mattbonnell]

Hm, generate step failing in pipeline with

#!/bin/bash -eo pipefail
swagger generate spec -m -o spec/api.json $(printf -- " -x %s" internal/httpclient -x gopkg.in/square/go-jose.v2)
expected argument for flag `-x, --exclude', but got option `-x'

[aeneasr]

LMK when good for another 👀

[mattbonnell]

LMK when good for another 👀

hey, yes ready, looks like all checks are passing

edit: pulled in latest changes from master and there seems to be a vulnerability in the version of protobuf being used, causing ci/circleci:test to fail

[zepatrik]

I opened #2434 to fix the nancy warning

[aeneasr]

It shouldn't be allowed to update the ID of the client as that is immutable iirc!

[mattbonnell]

Good catch, will fix

[mattbonnell]

fixed.

[aeneasr]

Awesome! This looks pretty much good to go, but I think we need another test for the handler which also includes the ID behavior test! Another option would be to add a „deny list“ to the JSON PATCH helper which returns an error if a specific path is updated (e.g. ID). This would make it more general purpose and easier to test :)

[mattbonnell]

Awesome! This looks pretty much good to go, but I think we need another test for the handler which also includes the ID behavior test! Another option would be to add a „deny list“ to the JSON PATCH helper which returns an error if a specific path is updated (e.g. ID). This would make it more general purpose and easier to test :)

done!

[aeneasr]

Thank you! Appreciate your contributions as always :)