From 930ecabcb51976e7d86922ea5bb0033ee1ba0c39 Mon Sep 17 00:00:00 2001
From: Emma Forman Ling <emmaling27@gmail.com>
Date: Tue, 3 Sep 2024 15:18:33 -0700
Subject: [PATCH] Use real identity for finish_push (#29479)

This fixes a bug where deployment audit log events for pushes with components don't include the member.

GitOrigin-RevId: fb37b284376a2a19910e24b8f38563a33dc1c0ca
---
 crates/application/src/deploy_config.rs    | 4 ++--
 crates/application/src/test_helpers.rs     | 3 ++-
 crates/local_backend/src/deploy_config2.rs | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/crates/application/src/deploy_config.rs b/crates/application/src/deploy_config.rs
index 42856088..2c08e437 100644
--- a/crates/application/src/deploy_config.rs
+++ b/crates/application/src/deploy_config.rs
@@ -476,6 +476,7 @@ impl<RT: Runtime> Application<RT> {
     #[minitrace::trace]
     pub async fn finish_push(
         &self,
+        identity: Identity,
         start_push: StartPushResponse,
         dry_run: bool,
     ) -> anyhow::Result<FinishPushDiff> {
@@ -492,8 +493,7 @@ impl<RT: Runtime> Application<RT> {
             downloaded_source_packages.insert(definition_path.clone(), package);
         }
 
-        // TODO: We require system identity for creating system tables.
-        let mut tx = self.begin(Identity::system()).await?;
+        let mut tx = self.begin(identity.clone()).await?;
 
         // Validate that environment variables haven't changed since `start_push`.
         let environment_variables = EnvironmentVariablesModel::new(&mut tx).get_all().await?;
diff --git a/crates/application/src/test_helpers.rs b/crates/application/src/test_helpers.rs
index 4f8d0711..b18e323e 100644
--- a/crates/application/src/test_helpers.rs
+++ b/crates/application/src/test_helpers.rs
@@ -338,7 +338,8 @@ impl<RT: Runtime> ApplicationTestExt<RT> for Application<RT> {
                 _ => anyhow::bail!("Unexpected schema status: {schema_status:?}"),
             }
         }
-        self.finish_push(start_push, false).await?;
+        self.finish_push(Identity::system(), start_push, false)
+            .await?;
         Ok(())
     }
 
diff --git a/crates/local_backend/src/deploy_config2.rs b/crates/local_backend/src/deploy_config2.rs
index 23cff8ee..81201fd6 100644
--- a/crates/local_backend/src/deploy_config2.rs
+++ b/crates/local_backend/src/deploy_config2.rs
@@ -236,7 +236,7 @@ pub async fn finish_push(
     State(st): State<LocalAppState>,
     Json(req): Json<FinishPushRequest>,
 ) -> Result<impl IntoResponse, HttpResponseError> {
-    let _identity = must_be_admin_from_key_with_write_access(
+    let identity = must_be_admin_from_key_with_write_access(
         st.application.app_auth(),
         st.instance_name.clone(),
         req.admin_key.clone(),
@@ -246,7 +246,7 @@ pub async fn finish_push(
     let start_push = StartPushResponse::try_from(req.start_push)?;
     let resp = st
         .application
-        .finish_push(start_push, dry_run)
+        .finish_push(identity, start_push, dry_run)
         .await
         .map_err(|e| e.wrap_error_message(|msg| format!("Hit an error while pushing:\n{msg}")))?;
     Ok(Json(SerializedFinishPushDiff::try_from(resp)?))