Page MenuHomePhabricator
Differential D12927

[keyserver] Do not verify identity logged for webapp and landing
ClosedPublic
Actions

Authored by will on Jul 29 2024, 8:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 9:39 PM
Unknown Object (File)
Wed, Nov 20, 9:39 PM
Unknown Object (File)
Wed, Nov 20, 9:39 PM
Unknown Object (File)
Sun, Nov 10, 11:17 PM
Unknown Object (File)
Sun, Nov 10, 1:25 PM
Unknown Object (File)
Oct 19 2024, 8:24 AM
Unknown Object (File)
Oct 18 2024, 9:44 PM
Unknown Object (File)
Oct 18 2024, 9:44 PM
View All 86 Files
Subscribers
tomek

Details

Reviewers
varun
bartek
ashoat
Commits
rCOMM6adc85c83906: [keyserver] Do not verify identity logged for webapp and landing
Summary

To avoid having to provide user credentials in remote terraform services for webapp and landing, we should only run identity login for non-landing and non-webapp nodes which is specified by running this on
only primary nodes (when unspecified, nodes are also primary) and secondary nodes.

Test Plan

terraform apply. On running landing and webapp nodes, I no longer receive errors about missing user credentials

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

will created this revision.Jul 29 2024, 8:39 PM
Herald added a subscriber: tomek. · View Herald TranscriptJul 29 2024, 8:39 PM
will updated this revision to Diff 42919.Jul 29 2024, 8:40 PM

make secondary false by default

will added a child revision: D12928: [keyserver] Run webapp through comm services cluster.Jul 29 2024, 8:44 PM
Harbormaster completed remote builds in B30775: Diff 42918.Jul 29 2024, 8:56 PM
Harbormaster completed remote builds in B30776: Diff 42919.Jul 29 2024, 9:01 PM
will requested review of this revision.Jul 29 2024, 9:01 PM
will mentioned this in D12930: [terraform] deploy landing on comm services cluster.Jul 29 2024, 9:16 PM
will edited the summary of this revision. (Show Details)Jul 29 2024, 10:19 PM
ashoat accepted this revision.Jul 30 2024, 10:55 PM
ashoat added inline comments.
keyserver/src/keyserver.js
137–157 ↗(On Diff #42919)

This is getting really deeply nested. What do you think of this instead?

await (async () => {
  // Should not be run by Landing or WebApp nodes
  if (!isPrimaryNode && !isSecondaryNode) {
    return;
  }

  // We await here to ensure that the keyserver has been provisioned a
  // commServicesAccessToken. In the future, this will be necessary for
  // many keyserver operations.
  const identityInfo = await verifyUserLoggedIn();

  if (!isPrimaryNode) {
    return;
  }

  // We don't await here, as Tunnelbroker communication is not needed
  // for normal keyserver behavior yet. In addition, this doesn't
  // return information useful for other keyserver functions.
  ignorePromiseRejections(
    createAndMaintainTunnelbrokerWebsocket(null),
  );

  if (process.env.NODE_ENV !== 'development') {
    return;
  }

  await createAuthoritativeKeyserverConfigFiles(
    identityInfo.userId,
  );
})();
This revision is now accepted and ready to land.Jul 30 2024, 10:55 PM
will added inline comments.Jul 31 2024, 7:32 AM
keyserver/src/keyserver.js
137–157 ↗(On Diff #42919)

Yeah. I like this way better. It's much cleaner

Will include in next rebase

will updated this revision to Diff 43155.Aug 5 2024, 11:52 AM

review feedback

will edited the summary of this revision. (Show Details)Aug 5 2024, 11:54 AM
will removed a parent revision: D12906: [terraform] Create module for webapp/landing and convert webapp to module.
will removed a child revision: D12928: [keyserver] Run webapp through comm services cluster.
will added a child revision: D12906: [terraform] Create module for webapp/landing and convert webapp to module.Aug 5 2024, 11:56 AM
will mentioned this in D12928: [keyserver] Run webapp through comm services cluster.
Harbormaster failed remote builds in B30940: Diff 43155!Aug 5 2024, 12:17 PM
will updated this revision to Diff 43191.Aug 6 2024, 10:30 AM

rebase before land

Harbormaster completed remote builds in B30964: Diff 43191.Aug 6 2024, 10:51 AM
Closed by commit rCOMM6adc85c83906: [keyserver] Do not verify identity logged for webapp and landing (authored by will). · Explain WhyAug 6 2024, 10:53 AM
This revision was automatically updated to reflect the committed changes.
will added a commit: rCOMM6adc85c83906: [keyserver] Do not verify identity logged for webapp and landing.
will mentioned this in rCOMM42499907ef11: [keyserver] Run webapp through comm services cluster.Aug 6 2024, 7:43 PM
will mentioned this in rCOMMb68f08961379: [terraform] deploy landing on comm services cluster.

Revision Contents
Changeset List

PathSize
keyserver/
src/
33 lines
utils/
4 lines

Diff 43155

View Options

keyserver/src/keyserver.js

Loading...
View Options

keyserver/src/utils/primary-secondary-utils.js

Loading...