Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal end-point for ejpd request processing. #1484

Merged
merged 7 commits into from
May 6, 2021
Merged

Internal end-point for ejpd request processing. #1484

merged 7 commits into from
May 6, 2021

Conversation

fisx
Copy link
Contributor

@fisx fisx commented May 4, 2021
edited
Loading

Attempt at streamlining the internal process at wire.com described here.

We are legally required to sometimes provide user information to law enforcement. This change introduces an internal end-point to compile the minimum required information into a json blob.

Security: to access the internal end-point, you need the same access privileges that also give you direct access to the database. So the information we provide here does not get any more accessible. On the other hand, direct database access is error prone and make result in revealing information on the wrong user due to cut&paste errors. This end-point mitigates this risk to a large extent.

@fisx fisx requested a review from smatting May 4, 2021 15:40
@fisx
Copy link
Contributor Author

fisx commented May 4, 2021 


POD LOGS: test-kwtrsypknule-wire-server-brig-integration

Parse failed: AesonException "Error in $: parsing Main.Config(Config) failed, key \"gundeck\" not found"

Falling back to environment variables

brig-integration: user error (failed to parse integration.yaml file)


Error: unable to get pod logs for test-kwtrsypknule-wire-server-cargohold-integration: pods "test-kwtrsypknule-wire-server-cargohold-integration" not found

make: *** [Makefile:262: kube-integration-test] Error 1

@fisx
Copy link
Contributor Author

fisx commented May 5, 2021

thanks @smatting: 3b8dfeb

smatting
smatting requested changes May 5, 2021
View reviewed changes
services/brig/src/Brig/Data/Connection.hs Outdated Show resolved Hide resolved
libs/wire-api/src/Wire/API/Team/Member.hs Show resolved Hide resolved
@fisx
Copy link
Contributor Author

fisx commented May 5, 2021 

    ejpd requests:                                                              FAIL
      Exception: ConnectionError (HttpExceptionRequest Request {
        host                 = "0.0.0.0"
        port                 = 8080
        secure               = False
        requestHeaders       = [("Accept","application/json;charset=utf-8,application/json"),("Content-Type","application/json;charset=utf-8")]
        path                 = "/i/ejpd-request"
        queryString          = ""
        method               = "POST"
        proxy                = Nothing
        rawBody              = False
        redirectCount        = 10
        responseTimeout      = ResponseTimeoutDefault
        requestVersion       = HTTP/1.1
      }
       (ConnectionFailure Network.Socket.connect: <socket: 46>: does not exist (Connection refused)))

Do we have to apply the change in 3b8dfeb manually? But then why did the error change?

@fisx
Copy link
Contributor Author

fisx commented May 5, 2021

The host looks suspicious, I'm pretty sure 0.0.0.0 is not gundeck's true IP :). Do I have to update something in the DNS that the brig-integration pod can see?

@fisx fisx changed the title Internal end-point for ejpd request processing. Internal end-point for ejpd request processing. [skip-ci] May 5, 2021
fisx added 6 commits May 6, 2021 14:34
@fisx
Internal end-point for ejpd request processing.
86c0278
@fisx
Fix integration tests on concourse.
424556d
@fisx
Catch all connections (not just accepted ones).
e45b314
@fisx
Add missing roundtrip test.
b94b1ba 
In my (poor) defense, it was tested, but via a containing type in
another package.
@fisx
Extend swagger.
06f065e
@fisx
Fix integration test.
ef69c83 
we have to config files in brig integration tests: one for integration
tests, and one for the brig service itself.  locally, we use
brig.integration.yaml for both and make sure that it contains the
fields for both parsers.  this caused the brig-integration executable
to find brig locally.

further, there is an end-point for brig in the brig service config in
our helm charts.  this caused the brig-integration executable to look
for brig under localhost in the CI, which failed.

looking for the brig end-point in the integration config, not the
service config, should fix things.
@fisx
Copy link
Contributor Author

fisx commented May 6, 2021

thanks @akshaymankar ! ef69c83

@fisx fisx requested a review from smatting May 6, 2021 15:15
@fisx fisx changed the title Internal end-point for ejpd request processing. [skip-ci] Internal end-point for ejpd request processing. May 6, 2021
@fisx fisx merged commit 6fdfd37 into develop May 6, 2021
@fisx fisx deleted the ejpd branch May 6, 2021 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smatting smatting smatting approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fisx @smatting