-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up asset_util interface #2099
Conversation
This PR cleans up the asset_util crate interface: * hide internals of `CertifiedAssets` * provide unified interface for both asset certification versions * provide support for canisters that do not certify the `sigs` subtree * add documentation to the public functions This PR is step **3** of 4: 1. move code from `assets.rs` to the crate 2. move certification header code from `http.rs` to the crate 3. refactor the crate a bit to make the public interface nicer 4. use the crate in the other canisters
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see some minor comments/suggestions below.
@@ -28,9 +28,17 @@ pub const IC_CERTIFICATE_EXPRESSION: &str = | |||
/// certification to be valid. | |||
#[derive(Debug, Default, Clone)] | |||
pub struct CertifiedAssets { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: maybe rename to CertifiedAssetsStore
or something similar, as otherwise it is slightly confusing that we have two structs CertifiedAssets
and CertifiedAsset
and the former is not a container of the latter (in the definition of the structs).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well semantically it does. The crate does not give visibility into the internals of CertifiedAssets
(and a consumer shouldn't care). But you can retrieve a CertifiedAsset
from CertifiedAssets
using the certified_asset
function. So all is as expected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed that semantically it is perfectly fine, just reading both struct definitions without visible relationship feels strange. But it is nitpicking, so I'm also fine with keeping as-is.
Some(2) => certified_asset | ||
.headers | ||
.extend(self.certificate_headers_v2(url_path, sigs_tree)), | ||
// Certification v1 is also the fallback for unknown certificate versions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder whether this fallback is the right thing to do: if at some point v3 is supported, this would silently return v1 even if v3 is requested, right? Maybe it would be better to be more strict about the versions?
Also, this defaults to v1 if caller does not specify any version -- maybe it would be better to default to the newest version supported?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem is that originally clients did not specify a version at all. So in order to not break old clients, we have to assume that they only understand v1.
But I'll make the logic more robust, so that anything >=2
uses version 2 and nothing or 1 use version 1. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as discussed, let's rename certificate_version
to max_certificate_version
, and specify in a comment that it means something like "max. certificate version expected by the caller", and that the actually returned version can be lower.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
@@ -28,9 +28,17 @@ pub const IC_CERTIFICATE_EXPRESSION: &str = | |||
/// certification to be valid. | |||
#[derive(Debug, Default, Clone)] | |||
pub struct CertifiedAssets { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed that semantically it is perfectly fine, just reading both struct definitions without visible relationship feels strange. But it is nitpicking, so I'm also fine with keeping as-is.
Some(2) => certified_asset | ||
.headers | ||
.extend(self.certificate_headers_v2(url_path, sigs_tree)), | ||
// Certification v1 is also the fallback for unknown certificate versions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as discussed, let's rename certificate_version
to max_certificate_version
, and specify in a comment that it means something like "max. certificate version expected by the caller", and that the actually returned version can be lower.
* Clean up asset_util interface This PR cleans up the asset_util crate interface: * hide internals of `CertifiedAssets` * provide unified interface for both asset certification versions * provide support for canisters that do not certify the `sigs` subtree * add documentation to the public functions This PR is step **3** of 4: 1. move code from `assets.rs` to the crate 2. move certification header code from `http.rs` to the crate 3. refactor the crate a bit to make the public interface nicer 4. use the crate in the other canisters * Add link to certified data and canister signatures * Fall back to v2 for versions higher than 2 * Refactor public interface to only have one function (with options) * Improve certify_assets doc * Make certify_assets a constructor * Clarify the certificate_version parameter
This PR cleans up the asset_util crate interface:
CertifiedAssets
sigs
subtreeThis PR is step 3 of 4:
assets.rs
to the cratehttp.rs
to the crate🟡 Some screens were changed