Page MenuHomePhabricator

[keyserver] migration to publish prekeys to identity
ClosedPublic

Authored by kamil on Oct 9 2023, 7:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 23, 10:15 PM
Unknown Object (File)
Sun, Dec 22, 2:00 PM
Unknown Object (File)
Mon, Dec 16, 10:27 AM
Unknown Object (File)
Mon, Dec 16, 10:27 AM
Unknown Object (File)
Mon, Dec 16, 10:27 AM
Unknown Object (File)
Mon, Dec 16, 10:27 AM
Unknown Object (File)
Sat, Dec 14, 9:01 PM
Unknown Object (File)
Tue, Dec 10, 8:15 AM
Subscribers

Details

Summary

Issue: ENG-3944.

Currently, prekeys on the prod keyserver are for sure marked as published, but yet published to Identity. To fix that uploading those via migration.

Keys are already marked as published, so not marking those again to keep the old publishing date, only uploading to the Identity service.

Depends on D9423

Test Plan
  1. Run migration.
  2. Check for migration 46 succeeded.
  3. Check Identity logs.

Diff Detail

Repository
rCOMM Comm
Branch
publish-prekey-rotation
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kamil held this revision as a draft.
kamil published this revision for review.Oct 9 2023, 8:20 AM
keyserver/src/scripts/publish-prekeys.js
15

Even though it is meant to be a one time script can we avoid code duplication? It looks like this function is identical to publishNewPrekeys implemented earlier in the stack.

Rather than a script, it would make my life a little easier if we could put this is in keyserver/src/database/migration-config.js – that way it should automatically run when I deploy the keyserver next

keyserver/src/scripts/publish-prekeys.js
41–49

Let's make this silently fail, but not in production

This revision is now accepted and ready to land.Oct 10 2023, 7:59 AM
kamil requested review of this revision.Oct 11 2023, 6:06 AM
kamil retitled this revision from [keyserver] script to publish prekeys to identity to [keyserver] migration to publish prekeys to identity.
kamil edited the summary of this revision. (Show Details)
kamil edited the test plan for this revision. (Show Details)

Code changed significantly, I would like to get approval on this one

keyserver/src/database/migration-config.js
576 ↗(On Diff #31927)

@ashoat are you sure we don't want silent fails also on production?

keyserver/src/scripts/publish-prekeys.js
15

addressed

@kamil are you planning to introduce a differential where account keys are published to identity service on database creation?

This revision is now accepted and ready to land.Oct 12 2023, 2:27 AM

@kamil are you planning to introduce a differential where account keys are published to identity service on database creation?

There is no need to, after database creation keyserver will login/register to Identity and the keys are published, this diff is a fix only for the current prod keyserver.

kamil edited the test plan for this revision. (Show Details)

rebase

@ashoat are you sure we don't want silent fails also on production?

I'm worried that if the migration silently fails, we won't be aware of the issue. I'm also worried that we'll increment the migration version, and will have to introduce a "duplicate" migration.

keyserver/src/database/migration-config.js
575 ↗(On Diff #32031)

Are you sure this is the right check? I think you're using the Electron check instead of the Node.js check. I think this is supposed to be:

process.env.NODE_ENV === 'production'
keyserver/src/database/migration-config.js
575 ↗(On Diff #32031)

thanks for catching it!
D9505