Clean up asset_util interface #2099
Conversation
This PR cleans up the asset_util crate interface: * hide internals of `CertifiedAssets` * provide unified interface for both asset certification versions * provide support for canisters that do not certify the `sigs` subtree * add documentation to the public functions This PR is step **3** of 4: 1. move code from `assets.rs` to the crate 2. move certification header code from `http.rs` to the crate 3. refactor the crate a bit to make the public interface nicer 4. use the crate in the other canisters
| @@ -28,9 +28,17 @@ pub const IC_CERTIFICATE_EXPRESSION: &str = | |||
| /// certification to be valid. | |||
| #[derive(Debug, Default, Clone)] | |||
| pub struct CertifiedAssets { | |||
There was a problem hiding this comment.
nit: maybe rename to CertifiedAssetsStore or something similar, as otherwise it is slightly confusing that we have two structs CertifiedAssets and CertifiedAsset and the former is not a container of the latter (in the definition of the structs).
There was a problem hiding this comment.
Well semantically it does. The crate does not give visibility into the internals of CertifiedAssets (and a consumer shouldn't care). But you can retrieve a CertifiedAsset from CertifiedAssets using the certified_asset function. So all is as expected?
There was a problem hiding this comment.
Agreed that semantically it is perfectly fine, just reading both struct definitions without visible relationship feels strange. But it is nitpicking, so I'm also fine with keeping as-is.
| Some(2) => certified_asset | ||
| .headers | ||
| .extend(self.certificate_headers_v2(url_path, sigs_tree)), | ||
| // Certification v1 is also the fallback for unknown certificate versions |
There was a problem hiding this comment.
I wonder whether this fallback is the right thing to do: if at some point v3 is supported, this would silently return v1 even if v3 is requested, right? Maybe it would be better to be more strict about the versions?
Also, this defaults to v1 if caller does not specify any version -- maybe it would be better to default to the newest version supported?
There was a problem hiding this comment.
The problem is that originally clients did not specify a version at all. So in order to not break old clients, we have to assume that they only understand v1.
But I'll make the logic more robust, so that anything >=2 uses version 2 and nothing or 1 use version 1. 👍
There was a problem hiding this comment.
as discussed, let's rename certificate_version to max_certificate_version, and specify in a comment that it means something like "max. certificate version expected by the caller", and that the actually returned version can be lower.
| @@ -28,9 +28,17 @@ pub const IC_CERTIFICATE_EXPRESSION: &str = | |||
| /// certification to be valid. | |||
| #[derive(Debug, Default, Clone)] | |||
| pub struct CertifiedAssets { | |||
There was a problem hiding this comment.
Agreed that semantically it is perfectly fine, just reading both struct definitions without visible relationship feels strange. But it is nitpicking, so I'm also fine with keeping as-is.
| Some(2) => certified_asset | ||
| .headers | ||
| .extend(self.certificate_headers_v2(url_path, sigs_tree)), | ||
| // Certification v1 is also the fallback for unknown certificate versions |
There was a problem hiding this comment.
as discussed, let's rename certificate_version to max_certificate_version, and specify in a comment that it means something like "max. certificate version expected by the caller", and that the actually returned version can be lower.
* Clean up asset_util interface This PR cleans up the asset_util crate interface: * hide internals of `CertifiedAssets` * provide unified interface for both asset certification versions * provide support for canisters that do not certify the `sigs` subtree * add documentation to the public functions This PR is step **3** of 4: 1. move code from `assets.rs` to the crate 2. move certification header code from `http.rs` to the crate 3. refactor the crate a bit to make the public interface nicer 4. use the crate in the other canisters * Add link to certified data and canister signatures * Fall back to v2 for versions higher than 2 * Refactor public interface to only have one function (with options) * Improve certify_assets doc * Make certify_assets a constructor * Clarify the certificate_version parameter
This PR cleans up the asset_util crate interface:
CertifiedAssetssigssubtreeThis PR is step 3 of 4:
assets.rsto the cratehttp.rsto the crate🟡 Some screens were changed