8000 feat: add wsproxy implementation for key fetching by sreya · Pull Request #14917 · coder/coder · GitHub
[go: up one dir, main page]
Skip to content

feat: add wsproxy implementation for key fetching #14917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Oct 14, 2024
Merged

feat: add wsproxy implementation for key fetching #14917

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
38574ff
feat: add wsproxy implementation for key fetching
sreya Oct 1, 2024
ea5ec77
Refactor CryptoKey usage to use codersdk package
sreya Oct 1, 2024
e6612bd
Refactor wsproxy to use cryptokeys interface
sreya Oct 1, 2024
558ad30
Refactor keycache to improve error handling
sreya Oct 1, 2024
9061a1c
prevent cache slowdown during fetches
sreya Oct 2, 2024
0fef6b0
fix tests
sreya Oct 2, 2024
a801d0c
craft test for race condition
sreya Oct 2, 2024
2ce4876
remove gotestleak...too many unrelated errors
sreya Oct 2, 2024
5eedbf8
optimize Close
sreya Oct 2, 2024
6c2be2c
Refactor CryptoKeyCache to improve concurrency
sreya Oct 4, 2024
a1d4b46
Refactor key refresh to minimize lock duration
sreya Oct 4, 2024
f6cc1cd
Merge branch 'main' into jon/wspkeys
sreya Oct 4, 2024
b33616e
Remove unused interface implementation check
sreya Oct 4, 2024
ee77d8e
Remove redundant CryptoKey cache field
sreya Oct 4, 2024
42eda0b
Merge branch 'main' into jon/wspkeys
sreya Oct 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
feat: add wsproxy implementation for key fetching
  • Loading branch information
@sreya
sreya committed Oct 2, 2024
commit 38574ff22f3cf62a367a748a17ca2419772818fd
152 changes: 152 additions & 0 deletions enterprise/wsproxy/keycache.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
package wsproxy

import (
"context"
"sync"
"time"

"golang.org/x/xerrors"

"cdr.dev/slog"

"github.com/coder/coder/v2/enterprise/wsproxy/wsproxysdk"
"github.com/coder/quartz"
)

type CryptoKeyCache struct {
client *wsproxysdk.Client
logger slog.Logger
Clock quartz.Clock

keysMu sync.RWMutex
keys map[int32]wsproxysdk.CryptoKey
latest wsproxysdk.CryptoKey
}

func NewCryptoKeyCache(ctx context.Context, log slog.Logger, client *wsproxysdk.Client, opts ...func(*CryptoKeyCache)) (*CryptoKeyCache, error) {
cache := &CryptoKeyCache{
client: client,
logger: log,
Clock: quartz.NewReal(),
}

for _, opt := range opts {
opt(cache)
}

m, latest, err := cache.fetch(ctx)
if err != nil {
return nil, xerrors.Errorf("initial fetch: %w", err)
}
cache.keys, cache.latest = m, latest

go cache.refresh(ctx)

return cache, nil
}

func (k *CryptoKeyCache) Latest(ctx context.Context) (wsproxysdk.CryptoKey, error) {
k.keysMu.RLock()
latest := k.latest
k.keysMu.RUnlock()

now := k.Clock.Now().UTC()
if latest.Active(now) {
return latest, nil
}

k.keysMu.Lock()
defer k.keysMu.Unlock()

if k.latest.Active(now) {
return k.latest, nil
}

var err error
k.keys, k.latest, err = k.fetch(ctx)
if err != nil {
return wsproxysdk.CryptoKey{}, xerrors.Errorf("fetch: %w", err)
}

if !k.latest.Active(now) {
return wsproxysdk.CryptoKey{}, xerrors.Errorf("no active keys found")
}

return k.latest, nil
}

func (k *CryptoKeyCache) Version(ctx context.Context, sequence int32) (wsproxysdk.CryptoKey, error) {
now := k.Clock.Now().UTC()
k.keysMu.RLock()
key, ok := k.keys[sequence]
k.keysMu.RUnlock()
if ok {
return validKey(key, now)
}

k.keysMu.Lock()
defer k.keysMu.Unlock()
key, ok = k.keys[sequence]
if ok {
return validKey(key, now)
}

var err error
k.keys, k.latest, err = k.fetch(ctx)
if err != nil {
return wsproxysdk.CryptoKey{}, xerrors.Errorf("fetch: %w", err)
}

key, ok = k.keys[sequence]
if !ok {
return wsproxysdk.CryptoKey{}, xerrors.Errorf("key %d not found", sequence)
}

return validKey(key, now)
}

func (k *CryptoKeyCache) refresh(ctx context.Context) {
k.Clock.TickerFunc(ctx, time.Minute*10, func() error {
kmap, latest, err := k.fetch(ctx)
if err != nil {
k.logger.Error(ctx, "failed to fetch crypto keys", slog.Error(err))
return nil
}

k.keysMu.Lock()
defer k.keysMu.Unlock()
k.keys = kmap
k.latest = latest
return nil
})
}

func (k *CryptoKeyCache) fetch(ctx context.Context) (map[int32]wsproxysdk.CryptoKey, wsproxysdk.CryptoKey, error) {
keys, err := k.client.CryptoKeys(ctx)
if err != nil {
return nil, wsproxysdk.CryptoKey{}, xerrors.Errorf("get security keys: %w", err)
}

kmap, latest := toKeyMap(keys.CryptoKeys, k.Clock.Now().UTC())
return kmap, latest, nil
}

func toKeyMap(keys []wsproxysdk.CryptoKey, now time.Time) (map[int32]wsproxysdk.CryptoKey, wsproxysdk.CryptoKey) {
m := make(map[int32]wsproxysdk.CryptoKey)
var latest wsproxysdk.CryptoKey
for _, key := range keys {
m[key.Sequence] = key
if key.Sequence > latest.Sequence && key.Active(now) {
latest = key
}
}
return m, latest
}

func validKey(key wsproxysdk.CryptoKey, now time.Time) (wsproxysdk.CryptoKey, error) {
if key.Invalid(now) {
return wsproxysdk.CryptoKey{}, xerrors.Errorf("key %d is invalid", key.Sequence)
}

return key, nil
}
Loading
0