moves and renames the meshAuthority to authority.Authority
takes the permanent ca.CA instance away from the gRPC servers
The idea is that the methods called by the gRPC servers on the CA instance are always coupled to the current active manifest, thus getting the manifest from meshAuthority and the certificates from CA is inherently racy (think of concurrent calls to SetManifest and NewMeshCert, for example). This is a first step towards tighter coupling of the two, by handing out CA objects when required and removing the permanent members.
In the meshAPI server, I'm moving all certificate operations to the ValidateCallback, and all certificate operations happen on the same CA instance. This does not make a practical difference now, but allows to swap out the permanent CA object with one per manifest generation.
In the userAPI server, I'm adding the CA as a return to the manifest retrieval operation, also in preparation to swap it out in the future.
The API of the Authority should be considered transitory while we're working on the persistence. I could imagine it returning a struct with manifest and CA combined.
The race conditions are still present (see associated TODOs), but it should be easier to mitigate them going forward.
At a high-level, this PR
meshAuthority
toauthority.Authority
ca.CA
instance away from the gRPC serversThe idea is that the methods called by the gRPC servers on the CA instance are always coupled to the current active manifest, thus getting the manifest from
meshAuthority
and the certificates fromCA
is inherently racy (think of concurrent calls toSetManifest
andNewMeshCert
, for example). This is a first step towards tighter coupling of the two, by handing out CA objects when required and removing the permanent members.In the meshAPI server, I'm moving all certificate operations to the
ValidateCallback
, and all certificate operations happen on the same CA instance. This does not make a practical difference now, but allows to swap out the permanent CA object with one per manifest generation.In the userAPI server, I'm adding the CA as a return to the manifest retrieval operation, also in preparation to swap it out in the future.
The API of the
Authority
should be considered transitory while we're working on the persistence. I could imagine it returning a struct with manifest and CA combined.The race conditions are still present (see associated TODOs), but it should be easier to mitigate them going forward.