Integrate the zone signer with the new zone storage#500
Open
bal-e wants to merge 8 commits intosigner-flowfrom
Open
Integrate the zone signer with the new zone storage#500bal-e wants to merge 8 commits intosigner-flowfrom
bal-e wants to merge 8 commits intosigner-flowfrom
Conversation
- Take '&Arc<Zone>' instead of the zone name. - Use 'domain::new::base::Serial' where possible. - Remove a duplicate retrieval of zone policy.
This simplifies the control flow in 'sign_zone()' so that it can become a fully synchronous function. I will restore parallelization after the switch to the new zone storage.
'join_sign_zone_queue()' waits for permission to sign the zone, and the performs the actual signing. The waiting part needs to be 'async' (at least, until it is replaced with a synchronous stateful queue), but the signing part should be done on a blocking Tokio task. By splitting the function into the waiting and the signing, it becomes easier to make the signing synchronous (esp. wrt. argument passing and 'static lifetimes).
Now that all 'static lifetime restrictions are gone from within 'sign_zone()', it is possible to use the new zone storage's 'SignedZoneReplacer' for accumulating records.
As signing finishes, it can result in 'on_idle()' and 'SignerZoneHandle::start_pending()' being called. This tripped up an assertion. To prevent races, 'SignerState::ongoing' has been updated to use 'BackgroundTasks'.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Building on top of #499, this PR makes the core
sign_zone()function use the new zone storage. It adjusts the rest of Cascade to call into the new signer flow functions (from #499) since they are now properly implemented.For reviewers: please check the signing flow, e.g. that the signer correctly launches signed review when it finishes.
NOTE: While developing this PR, I noticed a subtle logic error in our parallelized zone signing code: it arbitrarily splits the unsigned records into segments to pass to
sign_sorted_zone_records(), but that function assumes it has received the full zone in order to locate zone cuts. I have retained this bug in the new code; we need to copy overdomain's signing code and explicitly parallelize it. This effort would be greatly simplified with better zone data structures, so perhaps that should be addressed first.