Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds support for hidden private keys in server tenants #23379

Merged
merged 35 commits into from
Dec 26, 2024

Conversation

dhr-verma
Copy link
Contributor

@dhr-verma dhr-verma commented Dec 19, 2024

Description

This PR adds support for storing private keys in the tenants DB collection. These private keys will be used to sign tokens that are acquired for keyless access. These are never shared with the client and will be rotated based on their rotation schedule. It also adds a new claim in the fluid access token - fluidRelayKeylessAccess. This claim will be used to determine how to validate the access token - with the shared keys or the private keys. This allows to keep access tokens to be backward compatible while also supporting keyless access. It does introduce some new APIs and modifies existing APIs:

  1. /tenants/:id/keys: Adds a new query parameter - getPrivateKeys. When set to true, it returns the privateKeys for the tenant. By default, this flag is set to false.
  2. /tenants/:id/privateKeyAccess: Toggles the enablePrivateKeyAccess flag for a tenant.
  3. /tenants/:id/key: Refreshes the requested tenant key. When refreshPrivateKey is true it will refresh the private keys but does not return the refreshed keys. This is because key refreshes of the private keys will not be exposed to clients.
  4. /tenants/:id?: Creates a fluid tenant. This request accepts a new parameter in the body - enablePrivateKeyAccess. When this is set to true, a tenant with support for private keys will be created. By default, this is false.

To support these, the following changes are done:

  1. Updated the ITenantConfig interface to have two new mandatory props - enablePrivateKeyAccess and enableSharedKeyAccess. These are computed at runtime by the tenantManager. Since these are not stored in the DB these can safely be made mandatory without breaking backward compatability.
  2. Updated Riddler APIs to support a new interface ITenantPrivateKeys. The workflows essentially are the same as before but they include some new flags which helps riddler determine what keys to get/refresh/use for validation. The changes also include creating different caching keys for shared and private keys.
  3. Added a new claim fluidRelayKeylessAccess which will be set to true when generating a keyless access token.
  4. To test and ensure backward compatibility, I also created a test suite for tenantManager.ts. This ensures the existing APIs work as before. It also tests the new functionality. To further test these changes, I ran the server locally using Docker.

Breaking Changes

This adds a bunch of functionalities to support private hidden keys. However, these should not break existing changes.

Reviewer Guidance

  1. General design of reusing the existing design of getTenantKeys rather than creating new interfaces.
  2. Unit test clarity.

TODO: Add changesets

@Copilot Copilot bot review requested due to automatic review settings December 19, 2024 19:58
@github-actions github-actions bot added area: server Server related issues (routerlicious) base: main PRs targeted against main branch labels Dec 19, 2024
@dhr-verma dhr-verma requested a review from znewton December 19, 2024 21:30
@dhr-verma dhr-verma requested a review from a team as a code owner December 26, 2024 15:54
Copy link
Contributor

@alexvy86 alexvy86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of docs suggestions and one in code. Docs look good overall though.

server/routerlicious/.changeset/six-candles-sneeze.md Outdated Show resolved Hide resolved
server/routerlicious/.changeset/six-candles-sneeze.md Outdated Show resolved Hide resolved
server/routerlicious/.changeset/weak-radios-camp.md Outdated Show resolved Hide resolved
dhr-verma and others added 5 commits December 26, 2024 11:26
Co-authored-by: Alex Villarreal <716334+alexvy86@users.noreply.github.com>
Co-authored-by: Alex Villarreal <716334+alexvy86@users.noreply.github.com>
Co-authored-by: Alex Villarreal <716334+alexvy86@users.noreply.github.com>
@dhr-verma dhr-verma enabled auto-merge (squash) December 26, 2024 16:31
@dhr-verma dhr-verma merged commit 87c92ca into microsoft:main Dec 26, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: server Server related issues (routerlicious) base: main PRs targeted against main branch changeset-present
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants