Unable to SetPluginData with compare-and-swap semantics when data is not yet exist

[marshall-lee]

Description

What happened:

I started to use SetPluginData extensively and realized that it's impossible to call SetPluginData atomically in a "create-if-empty" manner.

The reason is that I cannot pass empty Expect parameter. When serializing, protobuf doesn't make a difference between empty map and nil map. Given that Teleport treats nil expectation as an ignore of compare-and-swap semantics, I don't get a desired result — compare-with-empty-and-swap.

What you expected to happen:

I expect this code not to be prone to race conditions:

// setNewPluginData sets plugin data but only if didn't exist before.
func (a *App) setNewPluginData(ctx context.Context, reqID string, data PluginData) error {
    expect := make(map[string]string)
    return a.apiClient.UpdatePluginData(ctx, types.PluginDataUpdateParams{
        Kind:     types.KindAccessRequest,
        Resource: reqID,
        Plugin:   pluginName,
        Set:      EncodePluginData(data),
        Expect:   expect,
    })
}

Wonder what a solution here would be. Maybe add some new parameter like IfEmpty: true or do some magic with serialization of Expect.

[marshall-lee]

It's worth to mention @fspmarshall

[fspmarshall]

While something like this could definitely be added, there is a fairly simple workaround that should achieve this behavior:

So long as there is at least one key that always exists when the data is set, you can "expect" that key as the empty string (which we treat as expecting the key to not exist). If there is not one key that always exists, then a sentinel key can be used for this purpose.