Skip to content

feat: add wsproxy implementation for key fetching #14917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Oct 14, 2024
Merged

feat: add wsproxy implementation for key fetching #14917

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
38574ff
feat: add wsproxy implementation for key fetching
sreya Oct 1, 2024
ea5ec77
Refactor CryptoKey usage to use codersdk package
sreya Oct 1, 2024
e6612bd
Refactor wsproxy to use cryptokeys interface
sreya Oct 1, 2024
558ad30
Refactor keycache to improve error handling
sreya Oct 1, 2024
9061a1c
prevent cache slowdown during fetches
sreya Oct 2, 2024
0fef6b0
fix tests
sreya Oct 2, 2024
a801d0c
craft test for race condition
sreya Oct 2, 2024
2ce4876
remove gotestleak...too many unrelated errors
sreya Oct 2, 2024
5eedbf8
optimize Close
sreya Oct 2, 2024
6c2be2c
Refactor CryptoKeyCache to improve concurrency
sreya Oct 4, 2024
a1d4b46
Refactor key refresh to minimize lock duration
sreya Oct 4, 2024
f6cc1cd
Merge branch 'main' into jon/wspkeys
sreya Oct 4, 2024
b33616e
Remove unused interface implementation check
sreya Oct 4, 2024
ee77d8e
Remove redundant CryptoKey cache field
sreya Oct 4, 2024
42eda0b
Merge branch 'main' into jon/wspkeys
sreya Oct 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Refactor keycache to improve error handling 
- Use `cryptokeys.ErrKeyNotFound` for missing keys
- Use `cryptokeys.ErrKeyInvalid` for invalid keys
- Replace `xerrors` for streamlined error codes
  • Loading branch information
@sreya
sreya committed Oct 2, 2024
commit 558ad30e8ec5ff3f1565dad03ca2985235503e66
14 changes: 7 additions & 7 deletions enterprise/wsproxy/keycache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func (k *CryptoKeyCache) Signing(ctx context.Context) (codersdk.CryptoKey, error
latest := k.latest
k.keysMu.RUnlock()

now := k.Clock.Now().UTC()
now := k.Clock.Now()
if latest.CanSign(now) {
return latest, nil
}
Expand All @@ -87,14 +87,14 @@ func (k *CryptoKeyCache) Signing(ctx context.Context) (codersdk.CryptoKey, error
}

if !k.latest.CanSign(now) {
return codersdk.CryptoKey{}, xerrors.Errorf("no active keys found")
return codersdk.CryptoKey{}, cryptokeys.ErrKeyNotFound
}

return k.latest, nil
}

func (k *CryptoKeyCache) Verifying(ctx context.Context, sequence int32) (codersdk.CryptoKey, error) {
now := k.Clock.Now().UTC()
now := k.Clock.Now()
k.keysMu.RLock()
if k.closed {
k.keysMu.RUnlock()
Expand Down Expand Up @@ -127,7 +127,7 @@ func (k *CryptoKeyCache) Verifying(ctx context.Context, sequence int32) (codersd

key, ok = k.keys[sequence]
if !ok {
return codersdk.CryptoKey{}, xerrors.Errorf("key %d not found", sequence)
return codersdk.CryptoKey{}, cryptokeys.ErrKeyNotFound
}

return validKey(key, now)
Expand Down Expand Up @@ -155,7 +155,7 @@ func (k *CryptoKeyCache) fetch(ctx context.Context) (map[int32]codersdk.CryptoKe
return nil, codersdk.CryptoKey{}, xerrors.Errorf("get security keys: %w", err)
}

kmap, latest := toKeyMap(keys.CryptoKeys, k.Clock.Now().UTC())
kmap, latest := toKeyMap(keys.CryptoKeys, k.Clock.Now())
return kmap, latest, nil
}

Expand All @@ -172,8 +172,8 @@ func toKeyMap(keys []codersdk.CryptoKey, now time.Time) (map[int32]codersdk.Cryp
}

func validKey(key codersdk.CryptoKey, now time.Time) (codersdk.CryptoKey, error) {
if !key.CanSign(now) {
return codersdk.CryptoKey{}, xerrors.Errorf("key %d is invalid", key.Sequence)
if !key.CanVerify(now) {
return codersdk.CryptoKey{}, cryptokeys.ErrKeyInvalid
}

return key, nil
Expand Down
53 changes: 44 additions & 9 deletions enterprise/wsproxy/keycache_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (
func TestCryptoKeyCache(t *testing.T) {
t.Parallel()

t.Run("Latest", func(t *testing.T) {
t.Run("Signing", func(t *testing.T) {
t.Parallel()

t.Run("HitsCache", func(t *testing.T) {
Expand Down Expand Up @@ -138,9 +138,27 @@ func TestCryptoKeyCache(t *testing.T) {
require.Equal(t, expected, got)
require.Equal(t, 1, fc.called)
})

t.Run("KeyNotFound", func(t *testing.T) {
t.Parallel()

var (
ctx = testutil.Context(t, testutil.WaitShort)
logger = slogtest.Make(t, nil)
clock = quartz.NewMock(t)
)

fc := newFakeCoderd(t, []codersdk.CryptoKey{})

cache, err := wsproxy.NewCryptoKeyCache(ctx, logger, wsproxysdk.New(fc.url), withClock(clock))
require.NoError(t, err)

_, err = cache.Verifying(ctx, 1)
require.ErrorIs(t, err, cryptokeys.ErrKeyNotFound)
})
})

t.Run("Version", func(t *testing.T) {
t.Run("Verifying", func(t *testing.T) {
t.Parallel()

t.Run("HitsCache", func(t *testing.T) {
Expand Down Expand Up @@ -241,7 +259,7 @@ func TestCryptoKeyCache(t *testing.T) {
require.Equal(t, 1, fc.called)
})

t.Run("NoInvalid", func(t *testing.T) {
t.Run("KeyInvalid", func(t *testing.T) {
t.Parallel()

var (
Expand All @@ -267,9 +285,27 @@ func TestCryptoKeyCache(t *testing.T) {
require.NoError(t, err)

_, err = cache.Verifying(ctx, expected.Sequence)
require.Error(t, err)
require.ErrorIs(t, err, cryptokeys.ErrKeyInvalid)
require.Equal(t, 1, fc.called)
})

t.Run("KeyNotFound", func(t *testing.T) {
t.Parallel()

var (
ctx = testutil.Context(t, testutil.WaitShort)
logger = slogtest.Make(t, nil)
clock = quartz.NewMock(t)
)

fc := newFakeCoderd(t, []codersdk.CryptoKey{})

cache, err := wsproxy.NewCryptoKeyCache(ctx, logger, wsproxysdk.New(fc.url), withClock(clock))
require.NoError(t, err)

_, err = cache.Verifying(ctx, 1)
require.ErrorIs(t, err, cryptokeys.ErrKeyNotFound)
})
})

t.Run("CacheRefreshes", func(t *testing.T) {
Expand Down Expand Up @@ -342,11 +378,10 @@ func TestCryptoKeyCache(t *testing.T) {

now := clock.Now()
expected := codersdk.CryptoKey{
Feature: codersdk.CryptoKeyFeatureWorkspaceApp,
Secret: "key1",
Sequence: 12,
StartsAt: now,
DeletesAt: now.Add(time.Minute * 10),
Feature: codersdk.CryptoKeyFeatureWorkspaceApp,
Secret: "key1",
Sequence: 12,
StartsAt: now,
}
fc := newFakeCoderd(t, []codersdk.CryptoKey{
expected,
Expand Down