`updateSiteConfig` mutation does not check `lastID`

[michaellzc]

Context

The updateSiteConfiguration mutation is expecting a lastID to prevent race condition, but the site config id returns from query { site { configuration { id } }} is always 0 instead of the actual id of the latest entry in the critical_and_site_config table.

https://sourcegraph.com/github.com/sourcegraph/sourcegraph@52625b180109d12847f8f635ca04deae5c563bb5/-/blob/cmd/frontend/graphqlbackend/site.go?L183-186
The implementation to validate lastID was never finished

The problem

It's been fine for the past years and worst-case scenario people just redo the changes.

However, @sourcegraph/cloud-devops has been working on automation lately that are programmatically changing the site config, such as, https://github.com/sourcegraph/deploy-sourcegraph-managed/blob/main/util/cmd/mg_mute_alert.go#L45-L90

Moreover, when cloud v2 comes, I expect most changes to the current site config will be done through machines instead of humans (we would like to minimize the surface are to users since right now changing the site-config could potentially break the deployment). It is reasonable to add validation to lastID to avoid concurrent edit.

original thread: https://sourcegraph.slack.com/archives/C07KZF47K/p1652374598098269

[unknwon]

I thought would be an easy fix but after dig a little bit it seems it requires us to understand how config loading is all wired up...

[RafLeszczynski]

Hey team! Please add your planning poker estimate with ZenHub @kopancek @miveronese @pjlast @unknwon

[RafLeszczynski]

Please add your planning poker estimate with ZenHub @pietrorosa77

[sourcegraph-bot-2]

Heads up @sourcegraph/iam - the "team/iam" label was applied to this issue.