feat: P2P ACP #3317
feat: P2P ACP #3317
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #3317 +/- ##
===========================================
- Coverage 78.41% 78.22% -0.19%
===========================================
Files 392 392
Lines 35716 35905 +189
===========================================
+ Hits 28006 28086 +80
- Misses 6072 6150 +78
- Partials 1638 1669 +31
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 11 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
fredcarle
force-pushed
the
fredcarle/feat/3179-p2p-acp
branch
from
25d14f1 to
3de2aaf
Compare
fredcarle
force-pushed
the
fredcarle/feat/3179-p2p-acp
branch
3 times, most recently
from
d35d257 to
eae46e0
Compare
internal/db/db.go
Outdated
| @@ -339,13 +339,20 @@ func (db *db) DeleteDocActorRelationship( | |||
| return client.DeleteDocActorRelationshipResult{RecordFound: recordFound}, nil | |||
| } | |||
|
|
|||
| func (db *db) GetNodeIdentity(context.Context) (immutable.Option[identity.PublicRawIdentity], error) { | |||
| func (db *db) GetNodeIdentity(_ context.Context) (immutable.Option[identity.PublicRawIdentity], error) { | |||
There was a problem hiding this comment.
question: What is with the underscore _? Why was this added?
There was a problem hiding this comment.
Because just context.Context seems like a mistake. The underscore says that the function parameters are this way because we're following some interface pattern or something like that but we aren't using this parameter within the function.
There was a problem hiding this comment.
It is the same as the other areas we use _ to ignore a returned argument. https://go.dev/ref/spec#Blank_identifier
The only reason why just using context.Context worked is because it was the only parameter in the method. If there was more than one, it would be a syntax error.
Unused function parameters are allowed in Go and that's why we often have ctx context.Context as parameter with ctx never being used. I feel that's misleading. Doing _ context.Context at least tells the reader that this parameter needed to be there but we aren't using it.
internal/db/db.go
Outdated
| func (db *db) GetIdentityToken(_ context.Context, audience immutable.Option[string]) ([]byte, error) { | ||
| if db.nodeIdentity.HasValue() { | ||
| return db.nodeIdentity.Value().NewToken(time.Hour*24, audience, immutable.None[string]()) | ||
| } | ||
| return nil, nil | ||
| } |
There was a problem hiding this comment.
suggestion: Remove the context.Context arg? doesn't seem to be needed anywhere?
There was a problem hiding this comment.
It's a pattern we decided to keep after a discussion we had several months back about removing context. Happy to bring that up for discussion but for now leaving as is.
| // - Document is public (unregistered), whether signatured request or not doesn't matter. | ||
| func CheckDocAccessWithIdentityFunc( | ||
| ctx context.Context, | ||
| identityFunc func() immutable.Option[acpIdentity.Identity], |
There was a problem hiding this comment.
question: Why did we need to do this function thing? instead of just immutable.Option[acpIdentity.Identity]
There was a problem hiding this comment.
Because in some cases in doesn't make sense to do an extra network call for the identity before knowing if the document is even registered.
There was a problem hiding this comment.
Can you explain a bit more? Which document is registered check are we talking about? and which network call for identity?
There was a problem hiding this comment.
In the net package, when we want to check if a peer has access to a doc we have to request the identity from the node requesting. That's a network call. If we request it before checking that the document is registered, then we might have done that network call for nothing. So the order of priority should be checking that the doc is registered and then requesting the identity to check if it has access.
There was a problem hiding this comment.
Is the identity not included from the node requesting from the get go? Maybe I am missing something, why does it need to be requested again?
There was a problem hiding this comment.
I'd also like clarification here :)
fredcarle
force-pushed
the
fredcarle/feat/3179-p2p-acp
branch
from
eae46e0 to
137e97e
Compare
There was a problem hiding this comment.
LGTM, thanks for answering all the questions, just left some minor suggestions. Please do resolve the on going discussions before merge from others.
todo: Please make the PR title more descriptive right now it only says P2P ACP which is quite vague for example it can be confused with the initial P2P acp work that has been done for #2366
fredcarle
force-pushed
the
fredcarle/feat/3179-p2p-acp
branch
from
137e97e to
242ba5e
Compare
fredcarle
force-pushed
the
fredcarle/feat/3179-p2p-acp
branch
from
242ba5e to
196ce95
Compare
|
Bug bash result: No bugs found. |
Relevant issue(s)
Resolves #3179
Description
This PR brings ACP functionality to the P2P system. This ensures that permissioned collections do not share blocks of registered documents without ensuring the requesting node has access. This is bypassed on collection replication because the node sending the blocks is sending to peers explicitly.
Tasks
How has this been tested?
Some new and updated integration tests.
Specify the platform(s) on which this was tested: