Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Synchronise access policies with TrustOracle #1561

Merged
merged 15 commits into from Jan 29, 2020
Merged

Synchronise access policies with TrustOracle #1561

merged 15 commits into from Jan 29, 2020

Conversation

Waldz
Copy link
Member

@Waldz Waldz commented Jan 22, 2020

Validates policy name by fetching it's rules from TrustOracle before starting service and subscribes for improvements of rules

@Waldz Waldz requested a review from tadovas as a code owner January 22, 2020 09:39
soffokl
soffokl requested changes Jan 22, 2020
View reviewed changes
core/policy/policy_repository.go Outdated Show resolved Hide resolved
anjmao
anjmao suggested changes Jan 22, 2020
View reviewed changes
core/policy/policy_repository.go Outdated Show resolved Hide resolved
cmd/di_desktop.go Outdated Show resolved Hide resolved
@tadaskay
Copy link
Member

Do we really need to poll and cache access policies in node? This could be simply an on-demand call, could it not? @Waldz

anjmao
anjmao suggested changes Jan 22, 2020
View reviewed changes
core/policy/policy_repository.go Outdated Show resolved Hide resolved
cmd/di_desktop.go Outdated Show resolved Hide resolved
core/policy/policy_repository.go Outdated Show resolved Hide resolved
core/policy/policy_repository.go Outdated Show resolved Hide resolved
@Waldz Waldz force-pushed the feature/sync-policy-rules branch 4 times, most recently from 47727e5 to 1ffe2ec Compare January 23, 2020 01:18
@codecov-io
Copy link

codecov-io commented Jan 23, 2020
edited

Codecov Report

Merging #1561 into master will increase coverage by 0.05%.
The diff coverage is 53.78%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1561      +/-   ##
==========================================
+ Coverage   47.37%   47.43%   +0.05%     
==========================================
  Files         285      286       +1     
  Lines       11007    11091      +84     
==========================================
+ Hits         5215     5261      +46     
- Misses       5416     5454      +38     
  Partials      376      376
Impacted Files Coverage Δ
market/service_proposal.go 70% <ø> (ø) ⬆️
config/flags_network.go 0% <ø> (ø) ⬆️
config/flags_service_shared.go 0% <0%> (ø) ⬆️
communication/nats/receiver.go 39.08% <0%> (-2.39%) ⬇️
core/policy/identity_validator.go 0% <0%> (ø)
core/service/stub_service.go 76.47% <100%> (ø) ⬆️
tequilapi/endpoints/service.go 92.62% <100%> (-0.62%) ⬇️
core/service/manager.go 65.21% <55.55%> (-1.95%) ⬇️
core/policy/policy_repository.go 65.16% <65.16%> (ø)
core/discovery/discovery.go 65.54% <0%> (-0.85%) ⬇️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f816406...2d91355. Read the comment docs.

vkuznecovas
vkuznecovas suggested changes Jan 23, 2020
View reviewed changes
cmd/di_desktop.go Outdated Show resolved Hide resolved
core/policy/policy_repository.go Outdated Show resolved Hide resolved
core/policy/policy_repository.go Outdated Show resolved Hide resolved
@Waldz
Copy link
Member Author

Waldz commented Jan 23, 2020

All improvements addressed

vkuznecovas
vkuznecovas suggested changes Jan 24, 2020
View reviewed changes
core/policy/policy_repository.go Outdated Show resolved Hide resolved
soffokl
soffokl approved these changes Jan 27, 2020
View reviewed changes
core/policy/policy_repository.go Outdated Show resolved Hide resolved
core/policy/policy_repository.go Outdated
// Policy converts given value to valid policy rule
func (pr *PolicyRepository) Policy(policyID string) market.AccessPolicy {
policyURL := pr.policyURL
if !strings.HasSuffix(policyURL, "/") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why should it ends by the /?
This looks like you are trying to fit existing service.
As a user I'd like to have an option to set any standard URL I want.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can be 3rd party service, just follows this contract:

  1. While starting service, provide Policy Oracle via:
    --access-policy.address=https://testnet-trust.mysterium.network/api/v1/access-policies/
    --access-policy.address:https://testnet-trust.mysterium.network/api/v1/access-policies
  2. Provider policy IDs via:
    --access-policy.list= ipinfo,wikipedia

So yes, provided custom URL still have to match certain contract

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But you don't need to add / at the end of the user URL.
If you need it for URL https://testnet-trust.mysterium.network/api/v1/access-policies/ you passing it through the command argument.

If I need to pass the URL https://myown-trust.com/policies.json, it should not become https://myown-trust.com/policies.json/.

tadaskay
tadaskay requested changes Jan 27, 2020
View reviewed changes
Copy link
Member

@tadaskay tadaskay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a failing test case

core/policy/policy_repository.go Outdated Show resolved Hide resolved
core/policy/policy_repository.go Outdated
}

// RulesForPolicy gives rules of given policy
func (pr *PolicyRepository) RulesForPolicy(policy market.AccessPolicy) (market.AccessPolicyRuleSet, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears there are no differences between RulesForPolicy and RulesForPolicies. Perhaps merge into one RulesForPolicies(policies ...market.AccessPolicy)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually there is difference in return type, multiple retrieve returns list of asked rulesets

@Waldz Waldz requested a review from anjmao January 27, 2020 13:28
anjmao
anjmao reviewed Jan 28, 2020
View reviewed changes
core/policy/repository.go Outdated Show resolved Hide resolved
core/policy/repository.go Show resolved Hide resolved
Waldz and others added 14 commits January 28, 2020 14:52
@Waldz
Synchronise access policies with TrustOracle
283e6e9
@Waldz
Exception for service who don't set policies
0bc7f29
@Waldz
Structure of domains rules
f96881b
@Waldz
Improve subscription clearing logs
feece79
@Waldz
Improve stop channel
6b34f17
@Waldz
Stop policy rules syncing then node stops
472203e
@Waldz
Make policy fetch interval configurable
0ac3e55
@Waldz
Drop map locking from policy repository
281df49
@Waldz
Cache policy rule responses with etag
b306a10
@Waldz
Improve policy rules locking during update
7036622
@tadaskay @Waldz
Add test case to demonstrate race condition in addPolicies
1b8d8a3 
go test -run Test_PolicyRepository_AddPolicies_Race github.com/mysteriumnetwork/node/core/policy
@Waldz
Handle simultaneous call to PolicyRepository.AddPolicies()
671aa4d
@Waldz
Rename policy.PolicyRepository -> policy.Repository
952a4eb
@Waldz
Solve race condition between AddPolicies() ans background sync
02b6b7f
@Waldz Waldz merged commit 0c45ddb into master Jan 29, 2020
@Waldz Waldz deleted the feature/sync-policy-rules branch January 29, 2020 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@soffokl soffokl soffokl approved these changes

@anjmao anjmao anjmao approved these changes

@vkuznecovas vkuznecovas vkuznecovas approved these changes

@chompomonim chompomonim Awaiting requested review from chompomonim

@zolia zolia Awaiting requested review from zolia

@tadovas tadovas Awaiting requested review from tadovas

@tadaskay tadaskay Awaiting requested review from tadaskay tadaskay is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@Waldz @tadaskay @codecov-io @anjmao @soffokl @vkuznecovas