Page MenuHomePhabricator
Differential D11695

[identity] remove OTKs in chronological order to make sure there are never more than 100 keys per olm account
ClosedPublic
Actions

Authored by varun on Apr 18 2024, 4:51 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 13, 7:56 PM
Unknown Object (File)
Tue, Nov 12, 4:55 PM
Unknown Object (File)
Tue, Nov 12, 3:50 PM
Unknown Object (File)
Tue, Nov 12, 3:45 PM
Unknown Object (File)
Oct 12 2024, 2:23 AM
Unknown Object (File)
Oct 12 2024, 2:23 AM
Unknown Object (File)
Oct 12 2024, 2:23 AM
Unknown Object (File)
Oct 12 2024, 2:22 AM
View All 38 Files
Subscribers
ashoat
tomek

Details

Reviewers
bartek
Commits
rCOMM6ed6865e5347: [identity] remove OTKs in chronological order to make sure there are never more…
Summary

this diff is pretty big. high level summary:

  1. reduce the number of olm keys per account per upload to 24. We might need to delete as many keys as we are uploading, so 24 keys * 2 accounts * 2 operations (put + delete) = 96. we also need to do one update call per upload to update the otk count for each olm account. that's 97 total operations, which is under the 100 operation limit per transaction.
  2. add a new helper to create the delete operations
  3. update helper responsible for creating update operation. now responsible for update and delete operations.
  4. integration tests to make sure that excess keys are removed correctly and that the upload size limit is also enforced
Test Plan

new integration tests, some manual testing

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

varun created this revision.Apr 18 2024, 4:51 PM
Herald added subscribers: tomek, ashoat. · View Herald TranscriptApr 18 2024, 4:51 PM
varun added inline comments.Apr 18 2024, 5:02 PM
services/identity/src/database/one_time_keys.rs
162 ↗(On Diff #39264)

might be worth adding a comment here explaining that DDB expects limit to be >=1, so we shouldn't call it with 0

249 ↗(On Diff #39264)

if num_content_keys_to_append + current_content_otk_count < MAX_ONE_TIME_KEYS, we shouldn't delete any keys

services/identity/src/ddb_utils.rs
123 ↗(On Diff #39264)

this should never overflow because we only call this function when adding new OTKs, and we should never delete more keys than we're adding.

Harbormaster completed remote builds in B28316: Diff 39264.Apr 18 2024, 5:07 PM
varun requested review of this revision.Apr 18 2024, 5:07 PM
bartek accepted this revision.Apr 19 2024, 3:58 AM

Nice!

services/commtest/tests/identity_one_time_key_tests.rs
86–87 ↗(On Diff #39264)

This is get(5) because later you upload 5 more keys, so keys 1..4 get dropped and these (5th) become the first keys to be retrieved in the second get_keyserver_keys call, right?

services/identity/src/ddb_utils.rs
162 ↗(On Diff #39264)

I'd see this as part of impl OTKRow

impl OTKRow {
  pub fn as_delete_request(&self) -> TransactWriteItem { ... }
  // or consuming self version
  pub fn into_delete_request(self) -> TransactWriteItem { ... }
}

The reasoning (besides syntax preferences 😜 ) is that we have many functions called into_something() and it's easy to get lost among them

This revision is now accepted and ready to land.Apr 19 2024, 3:58 AM
varun added inline comments.Apr 19 2024, 8:27 AM
services/commtest/tests/identity_one_time_key_tests.rs
86–87 ↗(On Diff #39264)

yeah that's right

Closed by commit rCOMM6ed6865e5347: [identity] remove OTKs in chronological order to make sure there are never more… (authored by varun). · Explain WhyApr 19 2024, 8:28 AM
This revision was automatically updated to reflect the committed changes.
varun added a commit: rCOMM6ed6865e5347: [identity] remove OTKs in chronological order to make sure there are never more….

Revision Contents
Changeset List

PathSize
services/
commtest/
tests/
151 lines
identity/
src/
3 lines
1 line
database/
176 lines
37 lines
2 lines

Diff 39279

View Options

services/commtest/tests/identity_one_time_key_tests.rs

Loading...
View Options

services/identity/src/constants.rs

Loading...
View Options

services/identity/src/database.rs

Loading...
View Options

services/identity/src/database/one_time_keys.rs

Loading...
View Options

services/identity/src/ddb_utils.rs

Loading...
View Options

services/identity/src/error.rs

Loading...