-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New SyncAuthorizedEntries RPC #49
Conversation
Signed-off-by: Andrew Harding <[email protected]>
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -46,6 +46,21 @@ service Entry { | |||
// The caller must present an active agent X509-SVID. See the Agent | |||
// AttestAgent/RenewAgent RPCs. | |||
rpc GetAuthorizedEntries(GetAuthorizedEntriesRequest) returns (GetAuthorizedEntriesResponse); | |||
|
|||
|
|||
// Syncs authorized entries down the caller. The caller controls which |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Syncs authorized entries down 'to' the caller.?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks :)
// entries the server sends down full details for. The flow is as follows: | ||
// 1. Caller opens up sync stream | ||
// 2. Server determines authorized entries for caller: | ||
// - If there are less entries than a server-determined page size, go to (5). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is going to 5? or 4?
this means that we get full if we return entries < pagesize?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To (5). If there aren't many entries, it's not worth trying to do the "diff". The server just sends the full non-sparse set to the agent.
The outcome is that there is no noticeable difference from a network standpoint for existing deployments whose authorized entry sets are smaller than the page size.
Signed-off-by: Andrew Harding <[email protected]>
Signed-off-by: Andrew Harding <[email protected]>
f9cf2ba
to
8717335
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good,
But I have a question, what happens when SyncAuthorizedEntriesRequest
gets an ID that the agent is not authorized to return? is it ignored?
Ids not in the authorized set are ignored. |
* New SyncAuthorizedEntries RPC Signed-off-by: Andrew Harding <[email protected]> * Fix up comments Signed-off-by: Andrew Harding <[email protected]> * more comments Signed-off-by: Andrew Harding <[email protected]> --------- Signed-off-by: Andrew Harding <[email protected]>
* New SyncAuthorizedEntries RPC Signed-off-by: Andrew Harding <[email protected]> * Fix up comments Signed-off-by: Andrew Harding <[email protected]> * more comments Signed-off-by: Andrew Harding <[email protected]> --------- Signed-off-by: Andrew Harding <[email protected]>
No description provided.