Details

Reviewers

bartek
varun
• jon
michal

Commits

rCOMM178a0a7f14a2: [Tunnelbroker] Authenticate connecting devices

Summary

When a device starts a session with tunnelbroker, verify
the device before continuing the session.

https://linear.app/comm/issue/ENG-3977

Depends on D8916

Test Plan

Start identity service, tunnelbroker

cd services/commtest
cargo test --test identity_tunnelbroker_tests

Should see logs in tunnelbroker that the device was autheticated successfully

Diff Detail

Repository

rCOMM Comm

Branch

jonringer/keyserver-identity-only (branched from master)

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

• jon created this revision.Aug 22 2023, 10:46 AM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptAug 22 2023, 10:46 AM

Harbormaster returned this revision to the author for changes because remote builds failed.Aug 22 2023, 10:48 AM

Harbormaster failed remote builds in B22027: Diff 30240!

Fix comment

Harbormaster returned this revision to the author for changes because remote builds failed.Aug 22 2023, 10:53 AM

Harbormaster failed remote builds in B22029: Diff 30242!

Rebase on top of master

Harbormaster completed remote builds in B22112: Diff 30346.Aug 25 2023, 5:20 PM

• jon requested review of this revision.Aug 25 2023, 5:20 PM

LGTM, letting others review as well

kamil accepted this revision.Aug 28 2023, 12:23 AM

This revision is now accepted and ready to land.Aug 28 2023, 12:23 AM

• jon added inline comments.Aug 30 2023, 9:06 AM

services/tunnelbroker/src/identity/mod.rs
11–27 ↗	(On Diff #30240)	I'll likely refactor this later to be in `grpc_clients`, as this will be a common call from services... Done in https://phab.comm.dev/D9015

@kamil, would you mind commandeering this revision?

kamil commandeered this revision.Sep 8 2023, 10:35 AM

kamil edited reviewers, added: • jon; removed: kamil.

This revision now requires review to proceed.Sep 8 2023, 10:35 AM

bartek accepted this revision.Sep 9 2023, 12:55 PM

This revision is now accepted and ready to land.Sep 9 2023, 12:55 PM

kamil mentioned this in D7691: [Keyserver] Open websocket connection with tunnelbroker.Sep 11 2023, 3:50 AM

kamil added a parent revision: D9125: [keyserver] fix fetching identity info.Sep 11 2023, 6:55 AM

kamil mentioned this in D9182: [Tunnelbroker] update integration tests to handle auth device.Sep 13 2023, 9:07 AM

kamil added a parent revision: D9182: [Tunnelbroker] update integration tests to handle auth device.Sep 13 2023, 9:07 AM

kamil mentioned this in rCOMMd583b31f6863: [Tunnelbroker] update integration tests to handle auth device.Sep 14 2023, 2:04 AM

kamil added a child revision: D9200: [Tunnelbroker] add authentication tests.Sep 14 2023, 3:10 AM

rebase before landing

bartek added inline comments.Sep 14 2023, 3:24 AM

services/tunnelbroker/src/config.rs
26 ↗	(On Diff #31124)	You can do shorter form. The `default_value_t` expects that you already provided correct type (`String` in this case) while `default_value` tries to convert it (`&str -> String` in this case)
services/tunnelbroker/src/identity/mod.rs
11 ↗	(On Diff #31124)	I remember that Jon moved this function to `shared/grpc_clients/src/identity/unauthenticated/client.rs`. We might want to add this crate as dependency and use it instead. You can do it in a separate diff, though.
26 ↗	(On Diff #31124)	The same comment about `return` as below
services/tunnelbroker/src/websockets/session.rs
98 ↗	(On Diff #31124)	I don't think you need to do `return`. Rust functions automatically return last expression, unless it ends with semicolon. You can check for such warnings by running Clippy linter: `cargo clippy` (you might need to install it)

Harbormaster completed remote builds in B22627: Diff 31124.Sep 14 2023, 3:29 AM

address review

michal accepted this revision.Sep 14 2023, 3:40 AM

michal added a subscriber: michal.

michal added inline comments.

services/tunnelbroker/src/websockets/session.rs
79 ↗	(On Diff #31124)	This should probably be `error!` right?

use error!

thanks @michal and @bartek for feedback!

services/tunnelbroker/src/identity/mod.rs
11 ↗	(On Diff #31124)	ENG-4938
services/tunnelbroker/src/websockets/session.rs
79 ↗	(On Diff #31124)	yes
98 ↗	(On Diff #31124)	thanks for suggestion

Harbormaster completed remote builds in B22629: Diff 31126.Sep 14 2023, 3:59 AM

Harbormaster completed remote builds in B22628: Diff 31125.Sep 14 2023, 4:05 AM

Closed by commit rCOMM178a0a7f14a2: [Tunnelbroker] Authenticate connecting devices (authored by kamil). · Explain WhySep 14 2023, 5:23 AM

This revision was automatically updated to reflect the committed changes.

kamil added a commit: rCOMM178a0a7f14a2: [Tunnelbroker] Authenticate connecting devices.

[Tunnelbroker] Authenticate connecting devices
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 30242

services/tunnelbroker/Cargo.lock

services/tunnelbroker/Cargo.toml

services/tunnelbroker/src/config.rs

services/tunnelbroker/src/database/message.rs

services/tunnelbroker/src/error.rs

services/tunnelbroker/src/identity/mod.rs

services/tunnelbroker/src/main.rs

services/tunnelbroker/src/websockets/mod.rs

services/tunnelbroker/src/websockets/session.rs

[Tunnelbroker] Authenticate connecting devicesClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 30242

services/tunnelbroker/Cargo.lock

services/tunnelbroker/Cargo.toml

services/tunnelbroker/src/config.rs

services/tunnelbroker/src/database/message.rs

services/tunnelbroker/src/error.rs

services/tunnelbroker/src/identity/mod.rs

services/tunnelbroker/src/main.rs

services/tunnelbroker/src/websockets/mod.rs

services/tunnelbroker/src/websockets/session.rs

[Tunnelbroker] Authenticate connecting devices
ClosedPublic
Actions

Revision Contents
Changeset List