Paths

Table of Contentst

Differential D8748

[Identity] Issue refresh_key_request to tunnelbroker
ClosedPublic
Actions

Authored by • jon on Aug 7 2023, 7:51 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, Apr 16, 10:41 PM

	Unknown Object (File)
	Tue, Apr 16, 7:39 AM

	Unknown Object (File)
	Tue, Apr 16, 2:05 AM

	Unknown Object (File)
	Mon, Apr 15, 6:22 AM

	Unknown Object (File)
	Mon, Apr 15, 3:17 AM

	Unknown Object (File)
	Mon, Apr 15, 12:26 AM

	Unknown Object (File)
	Sun, Apr 14, 11:44 PM

	Unknown Object (File)
	Sun, Apr 14, 7:58 AM

View All 91 Files

Subscribers

Details

Reviewers

varun
bartek

Commits

rCOMM3727b2debecb: [Identity] Issue refresh_key_request to tunnelbroker

Summary

Have identity service issue a request to users when refresh keys
when the key count goes below the threshold.

https://linear.app/comm/issue/ENG-4446

Depends on D8723

Test Plan

Integration tests are in next diff

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

• jon created this revision.Aug 7 2023, 7:51 AM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptAug 7 2023, 7:51 AM

• jon added a child revision: D8749: [Identity/Tunnelbroker] Add integration tests.Aug 7 2023, 7:54 AM

Harbormaster completed remote builds in B21563: Diff 29584.Aug 7 2023, 8:09 AM

• jon requested review of this revision.Aug 7 2023, 8:09 AM

bartek added inline comments.Aug 7 2023, 8:41 AM

services/identity/src/database.rs
388–389 ↗	(On Diff #29584)	Do we have to wait for these? Can it be done concurrently, without blocking the single onetime key acquisition?

• jon added inline comments.Aug 7 2023, 9:21 AM

services/identity/src/database.rs
388–389 ↗	(On Diff #29584)	It needs to be awaited (futures that aren't awaited never get executed). But could probably do something like `tokio::spawn` to move it to a different thread. It my plan originally, but I just wanted something easier to reason about while implementing this. The other item I thought of, and is probably a better solution, would be to introduce a mpsc channel to a dedicated tunnelbroker channel. It would also avoid the overhead of a connection for every request.
390 ↗	(On Diff #29584)	This is just to avoid the "Result not inspected" warning. It will emit the error in logs.

• jon added a child revision: D8752: [Keyserver] Upload new onetime keys to identity service when requested.Aug 8 2023, 8:56 AM

bartek added inline comments.Aug 16 2023, 5:17 AM

services/identity/src/database.rs
387–390 ↗	(On Diff #29584)	Yep, let's try tokio::spawn and see if it works The other item I thought of, and is probably a better solution, would be to introduce a mpsc channel to a dedicated tunnelbroker channel. It would also avoid the overhead of a connection for every request. Good idea. This can be done as a follow-up I think.

some nits/comments inline. adding @bartek as blocking so the tokio::spawn change gets added

services/identity/src/constants.rs
131–133 ↗	(On Diff #29584)	how did we decide on these values?
131–133 ↗	(On Diff #29584)	`ONE_TIME_KEY_...`
services/identity/src/database.rs
379–385 ↗	(On Diff #29584)

Apply suggestions

services/identity/src/constants.rs
131–133 ↗	(On Diff #29584)	how did we decide on these values? It was pretty informal, I think a one-on-one or some crypto sync. Don't think it was ever documented. I just need something though to start with. We can discuss this as part of a crypto sync if you do have concerns. I don't think I'm informed enough to know what the correct numbers would be. ONE_TIME_KEY_... This is address treewide in D8817
services/identity/src/database.rs
379–385 ↗	(On Diff #29584)	After realizing that my `let-else` issues were related to not running `rustup update` since February, I decided to use @bartek suggestion.

bartek accepted this revision.Aug 17 2023, 10:12 AM

This revision is now accepted and ready to land.Aug 17 2023, 10:12 AM

Harbormaster completed remote builds in B21850: Diff 30024.Aug 17 2023, 10:23 AM

Rebase on master

Harbormaster completed remote builds in B21857: Diff 30031.Aug 17 2023, 10:44 AM

varun accepted this revision.Aug 17 2023, 12:04 PM

Closed by commit rCOMM3727b2debecb: [Identity] Issue refresh_key_request to tunnelbroker (authored by • jon). · Explain WhyAug 20 2023, 11:49 PM

This revision was automatically updated to reflect the committed changes.

• jon added a commit: rCOMM3727b2debecb: [Identity] Issue refresh_key_request to tunnelbroker.

Revision Contents
Changeset List

Path

Size

services/

identity/

1 line

7 lines

src/

7 lines

20 lines

14 lines

1 line

tunnelbroker.rs

48 lines

Diff 30122

services/identity/Cargo.lock

Loading...

services/identity/Cargo.toml

Loading...

services/identity/build.rs

Loading...

services/identity/src/constants.rs

Loading...

services/identity/src/database.rs

Loading...

services/identity/src/error.rs

Loading...

services/identity/src/main.rs

Loading...

services/identity/src/tunnelbroker.rs

Loading...