Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[uss_qualifier/netrid] fix #244; rename server_id to participant_id; some refactorings and fixes #247

Merged
merged 10 commits into from
Oct 20, 2023

Conversation

Shastick
Copy link
Contributor

This should address Issue #244.

It also updates the markdown doc for this check, which was erroneously referencing NET0500 instead of NET0210

@@ -167,7 +167,7 @@ def _evaluate_and_test_authentication(
no flights were yet returned by the authenticated queries.
"""

with self.check("Missing credentials") as check:
with self.check("Missing credentials", [self._dss.participant_id]) as check:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we query all_flights below, that operation first queries the DSS to identify which Service Providers need to be queried, and then it queries all the Service Providers. The unauthenticated session is then used to repeat the uss_flight_queries (the queries to all the Service Providers). If one of the Service Providers incorrectly allows an unauthenticated request, the provider of the DSS (self._dss.participant_id) isn't the participant that failed the requirement. Likewise, if the unauthenticated queries to each Service Provider are all correctly rejected, we haven't shown the DSS provider's compliance to the requirement. The participants identified in a check should correspond to the participants we are verifying comply (or rather, don't fail to comply) with a requirement. In this case, we're checking whether each Service Provider complies with the requirement to only allow authenticated requests.

The with syntax for the check is just an abbreviation for "if I didn't record_failed in this block, then record_passed when I exit the block". So, when the block exits, we will currently record that the DSS provider passed this check if no USSs failed the check. If any USSs failed the check, we will not record that the DSS provided passed this check. I don't think that's what we want.

I think we want to keep the with check blocks as small as practical in general -- ideally just a single if statement. It's not necessarily bad to perform a lot of actions in the check block, but I think it does make it more challenging to reason about what will be indicated in the report under various circumstances.

Copy link
Contributor Author

@Shastick Shastick Oct 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, I went over this a bit too quickly.

I updated the PR so the check is now within the for-loop. The check is now also attached to the server_id with which the request was tagged.

I was considering adding a separate check stating "DSS can successfully be queried", but the misbheavior.py test is actually about testing SP's so I figured I'd rather not add a check mentioning the DSS?

edit: though I just noticed that the query is not properly tagged anyway, and that there's a bit more work required to map queries back to the relevant USS

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was considering adding a separate check stating "DSS can successfully be queried", but the misbheavior.py test is actually about testing SP's so I figured I'd rather not add a check mentioning the DSS?

Whenever someone might fail to meet a requirement, especially one that would affect the behavior of the test, it's probably worth making a check for that. In this case, the DSS provider is important to the test and we probably want fail something if we can't get information from the DSS. So, I think it's worth having an explicit check that applies to the DSS provider which fails if we can't get the information (and therefore can't proceed with the test), even though the DSS provider is not the primary focus of this test.

@Shastick Shastick force-pushed the fix-#244 branch 2 times, most recently from 8f53270 to cbe7e08 Compare October 13, 2023 09:23
@Shastick Shastick marked this pull request as draft October 13, 2023 09:30
@Shastick
Copy link
Contributor Author

Taking this back to draft until I can properly define which participant a query belongs to.

@Shastick Shastick force-pushed the fix-#244 branch 4 times, most recently from f721f83 to 9e27793 Compare October 13, 2023 12:59
@Shastick
Copy link
Contributor Author

@BenjaminPelletier this is ready for another pass of review.

This PR grew a little bit: I found out that quite a few queries were getting attributed to the wrong participants in rid.all_flights.

The suggested change is to solve this with some additional configuration information.

The test suite might fail because there are some unattributed queries that are detected in the aggregated checks, and I still need to check if these can be ignored or not (they involve example.com and the v22 endpoints when the v19 checks were run)

@@ -1163,7 +1164,7 @@ def all_flights(
session: UTMClientSession,
dss_base_url: str = "",
enhanced_details: bool = False,
server_id: Optional[str] = None,
dss_server_id: Optional[str] = None,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: did a few renames here and there to make certain things clearer.

@@ -41,25 +41,27 @@ class NetRIDServiceProvidersSpecification(ImplicitDict):

class NetRIDServiceProvider(object):
participant_id: str
base_url: str
client: infrastructure.UTMClientSession
injection_base_url: str
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here the rename is to indicate that this is the URL used to inject flights, nothing more.

(Any place I found where this is set, this was the case, but please correct me if I got the intent wrong).

The rename should reduce the chances that anyone gets tempted by using this to match queries to SP's :)

base_url: str
client: infrastructure.UTMClientSession
injection_base_url: str
flights_injection_client: infrastructure.UTMClientSession
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for the client/session: I guess it might work to query other endpoints on an SP but it does not seem to be its purpose.

@mickmis
Copy link
Contributor

mickmis commented Oct 20, 2023

I made a pass on this PR to in order to finalize it. I ended up doing a bit more though:

  • create unauthenticated session through overriding correct audience
  • rename all the server_id to participant_id for the sake of consistency; I took the opportunity of doing that in this PR, that's been bothering me for a while (sorry, it does add noise to the PR)
  • factor away telemetry match + tolerance constants in monitorlib.geo package
  • factor away part of telemetry polling from both scenarios in the virtual observer
  • refactor/cleanup parts of the scenarios (notably use the fetch functions even for unauthenticated queries)
  • factor away/cleanup inject_flights + injected_flights_errors in injection.py
  • clarify some things related to setting participant IDs in display_data_evaluator
  • fix attribution of query type in uss_flights

(note: at the time of writing this the PR is still not ready for review and need some fixes)

There is actually more I wanted to do because I find that display_data_evaluator.py became a bit confusing over the time IMO, but that's enough for now I believe.

@mickmis mickmis marked this pull request as ready for review October 20, 2023 12:19
@mickmis mickmis changed the title [uss_qualifier] attach participant id to net0210 check, fix Issue #244 [uss_qualifier/netrid] fix #244; rename server_id to participant_id; some refactorings and fixes Oct 20, 2023
@mickmis mickmis linked an issue Oct 20, 2023 that may be closed by this pull request
injected_flights, observed_flights
)

# TODO: a better approach here would be to separately map flights URL to participant IDs based on all TelemetryMapping encountered, and set retroactively the participant ID on all queries
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@BenjaminPelletier BenjaminPelletier merged commit 9753ad1 into interuss:main Oct 20, 2023
9 checks passed
github-actions bot added a commit that referenced this pull request Oct 20, 2023
…some refactorings and fixes (#247)

* [uss_qualifier] attach participant id to net0210 check, fix Issue #244

* rename server_id -> participant_id

* factor out polling; refactor some parts of scenarios

* add aud override in NoAuth

* fix participant_id setter

* fix several issues

* fix small issues

* add TODO

---------

Co-authored-by: Mickaël Misbach <[email protected]>
Co-authored-by: Mickaël Misbach <[email protected]> 9753ad1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Test participant(s) not indicated for NET0210
3 participants