Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go/worker/storage: Add StorageRPC role and change access policy #3696

Merged
merged 1 commit into from
Feb 18, 2021
Merged

go/worker/storage: Add StorageRPC role and change access policy #3696

merged 1 commit into from
Feb 18, 2021

Conversation

jberci
Copy link
Contributor

@jberci jberci commented Feb 11, 2021

Getting checkpoints and diffs is now allowed for any connecting node,
which eliminates a race condition and initialization difficulty in the
storage committee node startup.

State access is made gated but optionally public as before, depending on
command line parameters.

Closes #3562

kostko
kostko reviewed Feb 11, 2021
View reviewed changes
go/worker/storage/committee/node.go Outdated Show resolved Hide resolved
go/worker/storage/committee/node.go Outdated Show resolved Hide resolved
go/worker/storage/committee/policy.go Show resolved Hide resolved
go/worker/storage/init.go Outdated Show resolved Hide resolved
@jberci jberci force-pushed the jberci/feature/storage-policy branch 9 times, most recently from b721fc9 to 6a42295 Compare February 16, 2021 14:01
@codecov
Copy link

codecov bot commented Feb 16, 2021
edited

Codecov Report

Merging #3696 (267b902) into master (2a5aa8d) will decrease coverage by 0.05%.
The diff coverage is 79.48%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3696      +/-   ##
==========================================
- Coverage   66.50%   66.45%   -0.06%     
==========================================
  Files         400      399       -1     
  Lines       39654    39582      -72     
==========================================
- Hits        26372    26303      -69     
+ Misses       9516     9497      -19     
- Partials     3766     3782      +16
Impacted Files Coverage Δ
go/storage/api/grpc.go 66.98% <60.00%> (-2.19%) ⬇️
go/worker/storage/worker.go 85.85% <66.66%> (-1.24%) ⬇️
go/worker/storage/committee/node.go 76.39% <79.41%> (-1.42%) ⬇️
go/storage/client/init.go 75.00% <88.88%> (+1.31%) ⬆️
go/common/accessctl/accessctl.go 81.81% <100.00%> (+2.87%) ⬆️
go/common/grpc/service.go 62.50% <100.00%> (+0.96%) ⬆️
go/common/node/node.go 66.14% <100.00%> (+0.81%) ⬆️
go/registry/tests/tester.go 91.48% <100.00%> (+<0.01%) ⬆️
go/runtime/registry/registry.go 69.76% <100.00%> (-1.17%) ⬇️
go/storage/client/tests/tests.go 89.83% <100.00%> (ø)
... and 48 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2a5aa8d...267b902. Read the comment docs.

@jberci jberci force-pushed the jberci/feature/storage-policy branch from 6a42295 to 5412fbc Compare February 16, 2021 15:14
@jberci jberci marked this pull request as ready for review February 16, 2021 15:16
kostko
kostko reviewed Feb 17, 2021
View reviewed changes
go/common/accessctl/accessctl.go Show resolved Hide resolved
go/common/accessctl/accessctl.go Show resolved Hide resolved
go/worker/storage/committee/node.go
}

// If not configured otherwise, state access should be restricted to storage committee members.
default:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this part not covered? Are we not testing with any storage nodes that don't expose public RPC? We should test those as well (e.g., configure a storage node without public RPC exposed). Maybe in cases where we have two storage nodes, set one to expose public RPC and the other to not expose it?

go/worker/storage/committee/node.go Outdated Show resolved Hide resolved
ptrus
ptrus reviewed Feb 17, 2021
View reviewed changes
go/oasis-test-runner/scenario/e2e/runtime/sentry.go Outdated Show resolved Hide resolved
go/oasis-test-runner/scenario/e2e/runtime/sentry.go Outdated Show resolved Hide resolved
go/storage/api/grpc.go Outdated Show resolved Hide resolved
go/storage/client/init.go Show resolved Hide resolved
@jberci jberci force-pushed the jberci/feature/storage-policy branch 2 times, most recently from a914a7d to 4f4e0a5 Compare February 17, 2021 16:25
@jberci
go/worker/storage: Add StorageRPC role and change access policy
267b902 
Getting checkpoints and diffs is now allowed for any connecting node,
which eliminates a race condition and initialization difficulty in the
storage committee node startup.

State access is made gated but optionally public as before, depending on
command line parameters.
@jberci jberci force-pushed the jberci/feature/storage-policy branch from 4f4e0a5 to 267b902 Compare February 18, 2021 14:46
@jberci jberci merged commit fca4256 into master Feb 18, 2021
@jberci jberci deleted the jberci/feature/storage-policy branch February 18, 2021 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kostko kostko kostko approved these changes

@ptrus ptrus ptrus approved these changes

@peterjgilbert peterjgilbert Awaiting requested review from peterjgilbert peterjgilbert is a code owner

@pro-wh pro-wh Awaiting requested review from pro-wh pro-wh is a code owner

@Yawning Yawning Awaiting requested review from Yawning

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change storage node access policy
3 participants
@jberci @kostko @ptrus