ChangeNotesParser: Hoist server id check to ChangeNotes
In some contextes (e.g. analytics plugin) allow ChangeNotesParser to
return ChangeNotesStates objects containing the account instances from
foreign servers.
It would be bad if these objects escaped the analytics plugin and got
used elsewhere in other Gerrit APIs. Any solution that allows to parse
arbitrary serverIds from analytics plugin should also include some
safety provisions so it doesn't cause unintended consequences
elsewhere in Gerrit core/Gerrit plugin API.
Here is the plan:
* Add a serverId field to ChangeNotesState
* Modify ChangeNotesParser/NoteDbUtil to allow any serverId during the
parsing phase
* In ChangeNotes, reject any ChangeNotesState that has a serverId not
matching the serverId of the running server
* If serverId is not present, the cached entry was populated with an
earlier version and thus serverId has been already checked
* Since analytics plugin won't be using ChangeNotes, it doesn't need to
run the check that the serverId in the ChangeNotesState matches the
current server
* Outside of the NoteDb code, all or almost all Gerrit APIs use
ChangeNotes, not ChangeNotesState
* So with the above approach, it should be mostly impossible to ever
see notes in non-analytics contextes with a mismatched serverId.
Inspired-By: Dave Borowitz <dborowitz@google.com>
Feature: Issue 10174
Change-Id: I9b43f8479206b6373edad857251cecdfde917269
diff --git a/proto/cache.proto b/proto/cache.proto
index 77b6908..7e6abcc 100644
--- a/proto/cache.proto
+++ b/proto/cache.proto
@@ -186,6 +186,9 @@
// Number of updates to the change's meta ref.
int32 update_count = 19;
+
+ string server_id = 20;
+ bool has_server_id = 21;
}
