Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Server v3] Define, implement and test causality conditions systematically #7120

Open
vxgmichel opened this issue Apr 19, 2024 · 0 comments
Open

[Server v3] Define, implement and test causality conditions systematically #7120

vxgmichel opened this issue Apr 19, 2024 · 0 comments
Assignees
@touilleMan
Labels
A-Server Area: Server application I-Postgresql Impact: Postgresql issue
Milestone
v3.1

Comments

@vxgmichel
Copy link
Contributor

The v2 parsec server used to explicitly list and implement causality conditions that have to be met in order to accept a write requests.

Example with api_realm_update_roles:

parsec-cloud/parsec/backend/realm.py

Lines 351 to 376 in d397c03

async def api_realm_update_roles(
self, client_ctx: AuthenticatedClientContext, req: RealmUpdateRolesReq
) -> RealmUpdateRolesRep:
"""
This API call, when successful, performs the writing of a new role certificate to the database.
Before adding new entries, extra care should be taken in order to guarantee the consistency in
the ordering of the different timestamps stored in the database.
In particular, the backend server performs the following checks:
- The certificate must have a timestamp strictly greater than the last certificate for
the same user in the same realm.
- If the certificate corresponds to a role without write rights, its timestamp should
be strictly greater than the timestamp of the last vlob update performed by the
corresponding user in the corresponding realm.
- If the certificate corresponds to a role without management rights, its timestamp should
be strictly greater than the timestamp of the last role certificate uploaded by the
corresponding user in the corresponding realm.
- If the certificate revokes some owner rights, its timestamp should be strictly greater than
the timestamp of the last archiving certificate uploaded by the corresponding user in the
corresponding realm.
If one of those constraints is not satisfied, an error is returned with the status
`require_greater_timestamp` indicating to the client that it should craft a new certificate
with a timestamp strictly greater than the timestamp provided with the error.
The `api_vlob_create` and `api_vlob_update` calls also perform similar checks.

The v3 server changed those conditions but they are not implemented and tested systematically.

They should be documented, and implemented the same way between the memory and PostgreSQL implementation.
They should also be tested systematically.

For instance, here's a difference between the memory and postgre implementation:

parsec-cloud/server/tests/api_v4/authenticated/test_realm_create.py

Lines 165 to 172 in f1ccaa5

# The rotation of a realm has nothing to do with the creation of a new realm
# The postgre implementation does not perform this check
if with_postgresql:
assert rep == authenticated_cmds.v4.realm_create.RepOk()
else:
assert rep == authenticated_cmds.v4.realm_create.RepRequireGreaterTimestamp(
strictly_greater_than=last_certificate_timestamp
)

@vxgmichel vxgmichel changed the title [Server v3] Define, list, implement and test causality conditions systematically [Server v3] Define, implement and test causality conditions systematically Apr 19, 2024
@vxgmichel vxgmichel mentioned this issue Apr 19, 2024
Closed
@mmmarcos mmmarcos added I-Postgresql Impact: Postgresql issue A-Server Area: Server application labels Apr 22, 2024
@mmmarcos mmmarcos added this to the v3.0 milestone Apr 22, 2024
@vxgmichel vxgmichel mentioned this issue May 13, 2024
Open
@vxgmichel vxgmichel removed their assignment May 29, 2024
@mmmarcos mmmarcos modified the milestones: v3.0, v3.1 May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@touilleMan touilleMan

Labels
A-Server Area: Server application I-Postgresql Impact: Postgresql issue
Projects
None yet
Milestone
v3.1
Development

No branches or pull requests
3 participants
@mmmarcos @touilleMan @vxgmichel