Identity Provider #1133
Identity Provider #1133
Conversation
|
bors try |
tryBuild failed: |
cmd/scaffold.go
Outdated
| @@ -203,8 +198,7 @@ func (fnb *FlowNodeBuilder) EnqueueNetworkInit(ctx context.Context) { | |||
|
|
|||
| fnb.Network = net | |||
|
|
|||
| idRefresher := p2p.NewNodeIDRefresher(fnb.Logger, fnb.State, net.SetIDs) | |||
| idEvents := gadgets.NewIdentityDeltas(idRefresher.OnIdentityTableChanged) | |||
| idEvents := gadgets.NewIdentityDeltas(fnb.Middleware.UpdateAllowList) | |||
There was a problem hiding this comment.
so originally, the gadget used to update the network with the new ids and the network would then update middleware.
Why are we directly updating middleware here, wouldn't the overlay be out of sync at that point with the change.
Instead, if the IdentifierProvider provided a way to update its list, then both middleware and network could use it.
|
@huitseeker Documenting our offline conversation: TODO: Not only do staked AN's need to use the HierarchicalIDTranslator, but unstaked nodes also do. Otherwise, they will not be able to translate the peer ID's of staked AN's or other staked nodes into flow ID's since the networking key format is different. |
huitseeker
force-pushed
the
smnzhu/identity-provider
branch
from
bdec2f2
to
8c999e2
Compare
network/p2p/libp2pNode.go
Outdated
| // timeout for FindPeer queries to the DHT | ||
| // TODO: is this a sensible value? | ||
| findPeerQueryTimeout = 15 * time.Second |
network/p2p/libp2pNode.go
Outdated
| // TODO: why were we doing this? Is it okay to remove? | ||
| // remove the peer from the peer store if present | ||
| n.host.Peerstore().ClearAddrs(peerID) | ||
| // n.host.Peerstore().ClearAddrs(peerID) |
There was a problem hiding this comment.
this was done to avoid libp2p doing any exponential backoffs for a connection it tried earlier and failed but still has an entry for it in the peer store.
I can check if it is still needed or not.
There was a problem hiding this comment.
Ahh I see... Okay let me know.
| // We probably don't need to fail the entire function here, since the other | ||
| // translations may still succeed | ||
| m.log.Err(err).Str("flowID", fid.String()).Msg("failed to translate to peer ID") | ||
| continue |
There was a problem hiding this comment.
Just wanted to raise awareness here, I'm open to the argument that we actually should fail here.
There was a problem hiding this comment.
In particular, because the new behavior will likely differ a bit from the old behavior: https://github.com/onflow/flow-go/pull/1133/files#r691579930
I feel that the new behavior is actually better, but I'm not super confident on this.
There was a problem hiding this comment.
In general, my thinking was that returning a partial list of peer IDs is at least better than completely failing because a single flow ID couldn't be translated.
There was a problem hiding this comment.
yeah, dont need to fail - I had to change the return earlier on v0.20 and master
| p.logger.Err(err).Str("peerID", pid.Pretty()).Msg("failed to translate to Flow ID") | ||
| continue |
| p.logger.Err(err).Interface("identity", identity).Msg("failed to extract peer ID from network key") | ||
| continue |
|
|
||
| // if some ids didn't translate to peer.AddrInfo, return error | ||
| if len(invalidIDs) != 0 { | ||
| return NewUnconvertableIdentitiesError(invalidIDs) |
|
I realized the origin ID checks need to use the ID translator instead of This would not work for staked AN or unstaked nodes, because the validation would fail for everyone else. |
Codecov Report
@@ Coverage Diff @@
## master #1133 +/- ##
==========================================
+ Coverage 56.06% 56.23% +0.16%
==========================================
Files 487 495 +8
Lines 29951 30124 +173
==========================================
+ Hits 16793 16940 +147
- Misses 10870 10885 +15
- Partials 2288 2299 +11
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
Re-generate mocks
…fication-seal-approvals and required-construction-seal-approvals to 1 in the unstaked integration test
Unstaked ANs issue unicast messages on syncrequests and correspondingly need one.
Update unstaked_node_test.go Update core.go
huitseeker
force-pushed
the
smnzhu/identity-provider
branch
from
9d8423a
to
4ce2800
Compare
| builder.bootstrapIdentites = ids | ||
| dhtOptions = append(dhtOptions, bootstrapPeersOpt) | ||
|
|
||
| connManager := p2p.NewConnManager(builder.Logger, builder.Metrics.Network, p2p.TrackUnstakedConnections(builder.IdentityProvider)) |
There was a problem hiding this comment.
@vishalchangrani we may want to open a follow-up issue to do what you had in mind, i.e. making Stream establishment non-dependent on Protect calls for nodes that don't have connection gating
| // timeout for FindPeer queries to the DHT | ||
| // TODO: is this a sensible value? | ||
| findPeerQueryTimeout = 10 * time.Second |
| @@ -0,0 +1,129 @@ | |||
| package p2p | |||
There was a problem hiding this comment.
I think our friends working on epochs would <3 a heads up (off-PR) on the overlap between this and the epoch_transition_test @smnzhu
closes https://github.com/dapperlabs/flow-go/issues/5735
closes https://github.com/dapperlabs/flow-go/issues/5739
TODO:
Write tests for:
UpdateNodeAddressesUpdatableIDProvideris test-only, or test itFor a follow-up PR (?):
- create a default for repeated instances of(made obsolete by theid.NewFilteredIdentifierProvider(...SyncEngineIdentifierProviderin #1186