Paths

Table of Contentst

Differential D8748

[Identity] Issue refresh_key_request to tunnelbroker
ClosedPublic
Actions

Authored by • jon on Aug 7 2023, 2:51 PM.

Tags

None

Referenced Files

None

Subscribers

Details

Reviewers

varun
bartek

Commits

rCOMM3727b2debecb: [Identity] Issue refresh_key_request to tunnelbroker

Summary

Have identity service issue a request to users when refresh keys
when the key count goes below the threshold.

https://linear.app/comm/issue/ENG-4446

Depends on D8723

Test Plan

Integration tests are in next diff

Diff Detail

Repository

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

• jon created this revision.Aug 7 2023, 2:51 PM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptAug 7 2023, 2:51 PM

• jon added a child revision: D8749: [Identity/Tunnelbroker] Add integration tests.Aug 7 2023, 2:54 PM

Harbormaster completed remote builds in B21563: Diff 29584.Aug 7 2023, 3:09 PM

• jon requested review of this revision.Aug 7 2023, 3:09 PM

bartek added inline comments.Aug 7 2023, 3:41 PM

services/identity/src/database.rs
388–389 ↗	(On Diff #29584)	Do we have to wait for these? Can it be done concurrently, without blocking the single onetime key acquisition?

• jon added inline comments.Aug 7 2023, 4:21 PM

services/identity/src/database.rs
388–389 ↗	(On Diff #29584)	It needs to be awaited (futures that aren't awaited never get executed). But could probably do something like `tokio::spawn` to move it to a different thread. It my plan originally, but I just wanted something easier to reason about while implementing this. The other item I thought of, and is probably a better solution, would be to introduce a mpsc channel to a dedicated tunnelbroker channel. It would also avoid the overhead of a connection for every request.
390 ↗	(On Diff #29584)	This is just to avoid the "Result not inspected" warning. It will emit the error in logs.

• jon added a child revision: D8752: [Keyserver] Upload new onetime keys to identity service when requested.Aug 8 2023, 3:56 PM

bartek added inline comments.Aug 16 2023, 12:17 PM

services/identity/src/database.rs
387–390 ↗	(On Diff #29584)	Yep, let's try tokio::spawn and see if it works The other item I thought of, and is probably a better solution, would be to introduce a mpsc channel to a dedicated tunnelbroker channel. It would also avoid the overhead of a connection for every request. Good idea. This can be done as a follow-up I think.

some nits/comments inline. adding @bartek as blocking so the tokio::spawn change gets added

services/identity/src/constants.rs
131–133 ↗	(On Diff #29584)	how did we decide on these values?
131–133 ↗	(On Diff #29584)	`ONE_TIME_KEY_...`
services/identity/src/database.rs
379–385 ↗	(On Diff #29584)

Apply suggestions

services/identity/src/constants.rs
131–133 ↗	(On Diff #29584)	how did we decide on these values? It was pretty informal, I think a one-on-one or some crypto sync. Don't think it was ever documented. I just need something though to start with. We can discuss this as part of a crypto sync if you do have concerns. I don't think I'm informed enough to know what the correct numbers would be. ONE_TIME_KEY_... This is address treewide in D8817
services/identity/src/database.rs
379–385 ↗	(On Diff #29584)	After realizing that my `let-else` issues were related to not running `rustup update` since February, I decided to use @bartek suggestion.

bartek accepted this revision.Aug 17 2023, 5:12 PM

This revision is now accepted and ready to land.Aug 17 2023, 5:12 PM

Harbormaster completed remote builds in B21850: Diff 30024.Aug 17 2023, 5:23 PM

Rebase on master

Harbormaster completed remote builds in B21857: Diff 30031.Aug 17 2023, 5:44 PM

varun accepted this revision.Aug 17 2023, 7:04 PM

Closed by commit rCOMM3727b2debecb: [Identity] Issue refresh_key_request to tunnelbroker. · Explain WhyAug 21 2023, 6:49 AM

This revision was automatically updated to reflect the committed changes.

• jon added a commit: rCOMM3727b2debecb: [Identity] Issue refresh_key_request to tunnelbroker.

Revision Contents
Changeset List

Path

Size

services/

identity/

1 line

7 lines

src/

7 lines

20 lines

14 lines

1 line

tunnelbroker.rs

48 lines

Diff 30024

services/identity/Cargo.lock

Loading...

services/identity/Cargo.toml

Loading...

services/identity/build.rs

Loading...

services/identity/src/constants.rs

Loading...

services/identity/src/database.rs

Loading...

services/identity/src/error.rs

Loading...

services/identity/src/main.rs

Loading...

services/identity/src/tunnelbroker.rs

Loading...