Page MenuHomePhabricator

[identity] load OPAQUE server setup from environment variable
ClosedPublic

Authored by varun on Jul 26 2023, 2:14 PM.
Tags
None
Referenced Files
F3582092: D8641.id29153.diff
Sun, Dec 29, 10:47 AM
F3582059: D8641.id29132.diff
Sun, Dec 29, 10:06 AM
F3574774: D8641.diff
Sat, Dec 28, 5:55 PM
Unknown Object (File)
Thu, Dec 26, 8:07 PM
Unknown Object (File)
Sun, Dec 15, 6:21 AM
Unknown Object (File)
Sun, Dec 15, 6:21 AM
Unknown Object (File)
Sun, Dec 15, 6:21 AM
Unknown Object (File)
Sun, Dec 15, 6:21 AM
Subscribers

Details

Summary

The Identity service now expects the OPAQUE_SERVER_SETUP environment variable to be set at runtime.

When the keygen command is run, the serialized server setup bytes are now base64 encoded before they're written to the file system. This base64 encoded string must then be made available with the above environment variable when the server is run.

Test Plan

ran the keygen program, retrieved the base64 encoded string, ran the server program with OPAQUE_SERVER_SETUP=<encoded-string> and the program succeeded.

Also tried supplying an invalid string via env var and the server program crashed, as expected.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

services/identity/src/main.rs
7 ↗(On Diff #29078)

threw in this small deletion, unrelated to the rest of the diff

varun requested review of this revision.Jul 26 2023, 2:34 PM

LGTM. Can you push a docker image that contains this change with some custom tag, so I can deploy it tomorrow?

This revision is now accepted and ready to land.Jul 26 2023, 2:55 PM
jon requested changes to this revision.Jul 26 2023, 5:00 PM
jon added inline comments.
services/identity/src/config.rs
69–76 ↗(On Diff #29078)

since we are still writing the contents to a file, we should fall back to it.

Also allows for the existing workflow to continue to work:

cargo run -- keygen
cargo run -- server
This revision now requires changes to proceed.Jul 26 2023, 5:00 PM
services/identity/src/config.rs
71 ↗(On Diff #29078)

Also might be nice to have some insight what is going on:

services/identity/src/config.rs
71 ↗(On Diff #29078)

ErrorKind::NotFound was what I meant to put there

services/identity/src/config.rs
69–76 ↗(On Diff #29078)

Yeah, good idea, this makes sense

services/identity/src/config.rs
69–76 ↗(On Diff #29078)

But rather do .or_else(|_| fs::read_to_string(path))?

This revision was not accepted when it landed; it landed in state Needs Revision.Jul 27 2023, 6:28 AM
This revision was automatically updated to reflect the committed changes.
services/identity/src/config.rs
76 ↗(On Diff #29144)

Removed the generic because PathBuf doesn't implement Display and it's more important IMO that we are able to log the path

87 ↗(On Diff #29144)

Should actually be this. Will fix before landing

This revision is now accepted and ready to land.Jul 27 2023, 1:32 PM