New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Identity Provider #1133
Identity Provider #1133
Conversation
bors try |
tryBuild failed: |
cmd/scaffold.go
Outdated
@@ -203,8 +198,7 @@ func (fnb *FlowNodeBuilder) EnqueueNetworkInit(ctx context.Context) { | |||
|
|||
fnb.Network = net | |||
|
|||
idRefresher := p2p.NewNodeIDRefresher(fnb.Logger, fnb.State, net.SetIDs) | |||
idEvents := gadgets.NewIdentityDeltas(idRefresher.OnIdentityTableChanged) | |||
idEvents := gadgets.NewIdentityDeltas(fnb.Middleware.UpdateAllowList) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so originally, the gadget used to update the network
with the new ids and the network
would then update middleware
.
Why are we directly updating middleware
here, wouldn't the overlay
be out of sync at that point with the change.
Instead, if the IdentifierProvider
provided a way to update
its list, then both middleware and network could use it.
@huitseeker Documenting our offline conversation: TODO: Not only do staked AN's need to use the HierarchicalIDTranslator, but unstaked nodes also do. Otherwise, they will not be able to translate the peer ID's of staked AN's or other staked nodes into flow ID's since the networking key format is different. |
bdec2f2
to
8c999e2
Compare
network/p2p/libp2pNode.go
Outdated
// timeout for FindPeer queries to the DHT | ||
// TODO: is this a sensible value? | ||
findPeerQueryTimeout = 15 * time.Second |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤷♂️
network/p2p/libp2pNode.go
Outdated
// TODO: why were we doing this? Is it okay to remove? | ||
// remove the peer from the peer store if present | ||
n.host.Peerstore().ClearAddrs(peerID) | ||
// n.host.Peerstore().ClearAddrs(peerID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this was done to avoid libp2p doing any exponential backoffs for a connection it tried earlier and failed but still has an entry for it in the peer store.
I can check if it is still needed or not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahh I see... Okay let me know.
// We probably don't need to fail the entire function here, since the other | ||
// translations may still succeed | ||
m.log.Err(err).Str("flowID", fid.String()).Msg("failed to translate to peer ID") | ||
continue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just wanted to raise awareness here, I'm open to the argument that we actually should fail here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In particular, because the new behavior will likely differ a bit from the old behavior: https://github.com/onflow/flow-go/pull/1133/files#r691579930
I feel that the new behavior is actually better, but I'm not super confident on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, my thinking was that returning a partial list of peer IDs is at least better than completely failing because a single flow ID couldn't be translated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, dont need to fail - I had to change the return earlier on v0.20 and master
p.logger.Err(err).Str("peerID", pid.Pretty()).Msg("failed to translate to Flow ID") | ||
continue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
p.logger.Err(err).Interface("identity", identity).Msg("failed to extract peer ID from network key") | ||
continue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here
|
||
// if some ids didn't translate to peer.AddrInfo, return error | ||
if len(invalidIDs) != 0 { | ||
return NewUnconvertableIdentitiesError(invalidIDs) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here.
I realized the origin ID checks need to use the ID translator instead of This would not work for staked AN or unstaked nodes, because the validation would fail for everyone else. |
Codecov Report
@@ Coverage Diff @@
## master #1133 +/- ##
==========================================
+ Coverage 56.06% 56.23% +0.16%
==========================================
Files 487 495 +8
Lines 29951 30124 +173
==========================================
+ Hits 16793 16940 +147
- Misses 10870 10885 +15
- Partials 2288 2299 +11
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
Re-generate mocks
…fication-seal-approvals and required-construction-seal-approvals to 1 in the unstaked integration test
Unstaked ANs issue unicast messages on syncrequests and correspondingly need one.
Update unstaked_node_test.go Update core.go
9d8423a
to
4ce2800
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's a bunch of followups, but this otherwise LGTM!
🚀
builder.bootstrapIdentites = ids | ||
dhtOptions = append(dhtOptions, bootstrapPeersOpt) | ||
|
||
connManager := p2p.NewConnManager(builder.Logger, builder.Metrics.Network, p2p.TrackUnstakedConnections(builder.IdentityProvider)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vishalchangrani we may want to open a follow-up issue to do what you had in mind, i.e. making Stream establishment non-dependent on Protect
calls for nodes that don't have connection gating
// timeout for FindPeer queries to the DHT | ||
// TODO: is this a sensible value? | ||
findPeerQueryTimeout = 10 * time.Second |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -0,0 +1,129 @@ | |||
package p2p |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think our friends working on epochs would <3 a heads up (off-PR) on the overlap between this and the epoch_transition_test @smnzhu
closes https://github.com/dapperlabs/flow-go/issues/5735
closes https://github.com/dapperlabs/flow-go/issues/5739
TODO:
Write tests for:
UpdateNodeAddresses
UpdatableIDProvider
is test-only, or test itFor a follow-up PR (?):
- create a default for repeated instances of(made obsolete by theid.NewFilteredIdentifierProvider(...
SyncEngineIdentifierProvider
in #1186