search

MatrixAI / Polykey

Polykey Core Library
https://polykey.com
GNU General Public License v3.0
30 stars 4 forks source link

Updating `TLSconfig` for `WebSocketServer` #511

Closed tegefaulkes closed 1 year ago

tegefaulkes commented 1 year ago

Specification

When the root key pair changes we need to update anything that depends on this. This change event is propagated through the events system. One of the changes is updating the TLS config the RPC servers are using. Previously this could be done dynamically but now with the WebSocketServer this can only be set when starting it.

This means that the WebSocketServer needs to be restarted when this event happens. This means any active connections are potentially interrupted.

To support this we need to make the following changes.

  1. When the root keypair is updated we need to restart the WebSocketServer.
  2. When restarting the WebSocketServer we need to gracefully end any active connections.
  3. We need to propagate an abort signal to the stream handler to signal ending.
  4. expand the force stop options to allow for forcing connections to end, Signalling connections to end gracefully or just wait for all active connections to end.
  5. Add a feature to block all new connections so when waiting for connections to end new ones can't start.

Additional context

Tasks

  1. When the root keypair is updated we need to restart the WebSocketServer.
  2. When restarting the WebSocketServer we need to gracefully end any active connections.
  3. We need to propagate an abort signal to the stream handler to signal ending.
  4. expand the force stop options to allow for forcing connections to end, Signalling connections to end gracefully or just wait for all active connections to end.
  5. Add a feature to block all new connections so when waiting for connections to end new ones can't star
tegefaulkes commented 1 year ago

This requires adding 3 new features to the RPC system. As for timing, this is low priority since it doesn't fix anything that is strictly broken. It only allows us to update the TLS while running the PolykeyAgent. A work around for now is to just restart the agent completely after changing the keys.

This can be addressed at any time.

CMCDragonkai commented 1 year ago

I think this should be part of phase 2 too @tegefaulkes.

tegefaulkes commented 1 year ago

We don't want to kitchen-sink PRs, it can be done after the stage 2 agent migration.

tegefaulkes commented 1 year ago

As part of #540 it was simple to enable this feature.

Should be fixed by #535

CMCDragonkai commented 1 year ago

So while removing UWS gives us the ability to switch the TLS configuration per connection. What about the actual reactive propagation of changes of the root key pair?

Until #444 is done, we have to rely on the current event bus to propagate changes. So this issue needs to address the reactive key pairs using just the event bus as per the tasks you written in OP.

tegefaulkes commented 1 year ago

This is done, I re-enabled updating the TLS for the webSocketServer when it's triggered via the event bus.