Add visibility delay option for signature and certificate Service Bus (#371)

Progress on NuGet/Engineering#1190

Author: joelverhagen

src/NuGet.Services.Validation.Orchestrator/Job.cs

@@ -199,6 +199,7 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
             services.AddTransient<IValidationSetProvider, ValidationSetProvider>();
             services.AddTransient<IValidationSetProcessor, ValidationSetProcessor>();
             services.AddTransient<IBrokeredMessageSerializer<SignatureValidationMessage>, SignatureValidationMessageSerializer>();
+            services.AddTransient<IBrokeredMessageSerializer<CertificateValidationMessage>, CertificateValidationMessageSerializer>();
             services.AddTransient<IValidatorStateService, ValidatorStateService>();
             services.AddTransient<PackageSigningValidator>();
             services.AddTransient<MailSenderConfiguration>(serviceProvider =>

src/NuGet.Services.Validation.Orchestrator/PackageCertificates/CertificateVerificationEnqueuer.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Options;
 using NuGet.Jobs.Validation.PackageSigning.Messages;
 using NuGet.Services.ServiceBus;
 
@@ -11,18 +12,27 @@ namespace NuGet.Services.Validation.PackageCertificates
     public class CertificateVerificationEnqueuer : ICertificateVerificationEnqueuer
     {
         private readonly ITopicClient _topicClient;
-        private static readonly IBrokeredMessageSerializer<CertificateValidationMessage> _serializer = new CertificateValidationMessageSerializer();
+        private readonly IOptionsSnapshot<PackageCertificatesConfiguration> _configuration;
+        private readonly IBrokeredMessageSerializer<CertificateValidationMessage> _serializer;
 
-        public CertificateVerificationEnqueuer(ITopicClient topicClient)
+        public CertificateVerificationEnqueuer(
+            ITopicClient topicClient,
+            IBrokeredMessageSerializer<CertificateValidationMessage> serializer,
+            IOptionsSnapshot<PackageCertificatesConfiguration> configuration)
         {
             _topicClient = topicClient ?? throw new ArgumentNullException(nameof(topicClient));
+            _serializer = serializer ?? throw new ArgumentNullException(nameof(serializer));
+            _configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
         }
 
         public async Task EnqueueVerificationAsync(IValidationRequest request, EndCertificate certificate)
         {
             var message = new CertificateValidationMessage(certificate.Key, request.ValidationId);
             var brokeredMessage = _serializer.Serialize(message);
 
+            var visibleAt = DateTimeOffset.UtcNow + (_configuration.Value.MessageDelay ?? TimeSpan.Zero);
+            brokeredMessage.ScheduledEnqueueTimeUtc = visibleAt;
+
             await _topicClient.SendAsync(brokeredMessage);
         }
     }

src/NuGet.Services.Validation.Orchestrator/PackageCertificates/PackageCertificatesConfiguration.cs

@@ -13,6 +13,11 @@ public class PackageCertificatesConfiguration
         /// </summary>
         public TimeSpan? CertificateRevalidationThreshold { get; set; }
 
+        /// <summary>
+        /// The visibility delay to apply to Service Bus messages requesting a new validation.
+        /// </summary>
+        public TimeSpan? MessageDelay { get; set; }
+
         /// <summary>
         /// The Service Bus configuration used to enqueue package certificate validations.
         /// </summary>

src/NuGet.Services.Validation.Orchestrator/PackageCertificates/PackageCertificatesValidator.cs

@@ -4,11 +4,13 @@
 using System;
 using System.Collections.Generic;
 using System.Data.Entity;
+using System.Diagnostics;
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
 using NuGet.Services.Validation.Orchestrator;
+using NuGet.Services.Validation.Orchestrator.Telemetry;
 
 namespace NuGet.Services.Validation.PackageCertificates
 {
@@ -19,6 +21,7 @@ public class PackageCertificatesValidator : BaseValidator, IValidator
         private readonly IValidationEntitiesContext _validationContext;
         private readonly IValidatorStateService _validatorStateService;
         private readonly ICertificateVerificationEnqueuer _certificateVerificationEnqueuer;
+        private readonly ITelemetryService _telemetryService;
         private readonly TimeSpan _certificateRevalidationThresholdTime;
         private readonly ILogger<PackageCertificatesValidator> _logger;
 
@@ -34,12 +37,14 @@ public PackageCertificatesValidator(
             IValidationEntitiesContext validationContext,
             IValidatorStateService validatorStateService,
             ICertificateVerificationEnqueuer certificateVerificationEnqueuer,
+            ITelemetryService telemetryService,
             ILogger<PackageCertificatesValidator> logger,
             TimeSpan? certificateRevalidationThreshold = null)
         {
             _validationContext = validationContext ?? throw new ArgumentNullException(nameof(validationContext));
             _validatorStateService = validatorStateService ?? throw new ArgumentNullException(nameof(validatorStateService));
             _certificateVerificationEnqueuer = certificateVerificationEnqueuer ?? throw new ArgumentNullException(nameof(certificateVerificationEnqueuer));
+            _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
 
             _certificateRevalidationThresholdTime = certificateRevalidationThreshold ?? DefaultCertificateRevalidationThresholdTime;
@@ -172,18 +177,18 @@ private async Task<ValidatorStatus> StartInternalAsync(IValidationRequest reques
 
             if (certificates.Any())
             {
+                var stopwatch = Stopwatch.StartNew();
+
                 await StartCertificateValidationsAsync(request, certificates);
 
-                return await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Incomplete);
+                var result = await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Incomplete);
+
+                _telemetryService.TrackDurationToStartPackageCertificatesValidator(stopwatch.Elapsed);
+
+                return result;
             }
             else
             {
-                _logger.LogInformation(
-                    "All certificates for package {PackageId} {PackageVersion} have already been validated, no additional validations necessary. " +
-                    "Promoting signature to status {SignatureStatus}",
-                    request.PackageId,
-                    request.PackageVersion);
-
                 PromoteSignature(request, signature);
 
                 return await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded);

src/NuGet.Services.Validation.Orchestrator/PackageSigning/PackageSignatureVerificationEnqueuer.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Threading.Tasks;
+using Microsoft.Extensions.Options;
 using NuGet.Jobs.Validation.PackageSigning.Messages;
 using NuGet.Services.ServiceBus;
 
@@ -14,14 +15,17 @@ namespace NuGet.Services.Validation.PackageSigning
     public class PackageSignatureVerificationEnqueuer : IPackageSignatureVerificationEnqueuer
     {
         private readonly ITopicClient _topicClient;
-        private readonly IBrokeredMessageSerializer<SignatureValidationMessage> _signatureValidationSerializer;
+        private readonly IBrokeredMessageSerializer<SignatureValidationMessage> _serializer;
+        private readonly IOptionsSnapshot<PackageSigningConfiguration> _configuration;
 
         public PackageSignatureVerificationEnqueuer(
             ITopicClient topicClient,
-            IBrokeredMessageSerializer<SignatureValidationMessage> signatureValidationSerializer)
+            IBrokeredMessageSerializer<SignatureValidationMessage> serializer,
+            IOptionsSnapshot<PackageSigningConfiguration> configuration)
         {
             _topicClient = topicClient ?? throw new ArgumentNullException(nameof(topicClient));
-            _signatureValidationSerializer = signatureValidationSerializer ?? throw new ArgumentNullException(nameof(signatureValidationSerializer));
+            _serializer = serializer ?? throw new ArgumentNullException(nameof(serializer));
+            _configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
         }
 
         /// <summary>
@@ -34,8 +38,15 @@ public PackageSignatureVerificationEnqueuer(
         /// <returns>A task that will complete when the verification process has been queued.</returns>
         public Task EnqueueVerificationAsync(IValidationRequest request)
         {
-            var brokeredMessage = _signatureValidationSerializer.Serialize(
-                new SignatureValidationMessage(request.PackageId, request.PackageVersion, new Uri(request.NupkgUrl), request.ValidationId));
+            var message = new SignatureValidationMessage(
+                request.PackageId,
+                request.PackageVersion,
+                new Uri(request.NupkgUrl),
+                request.ValidationId);
+            var brokeredMessage = _serializer.Serialize(message);
+
+            var visibleAt = DateTimeOffset.UtcNow + (_configuration.Value.MessageDelay ?? TimeSpan.Zero);
+            brokeredMessage.ScheduledEnqueueTimeUtc = visibleAt;
 
             return _topicClient.SendAsync(brokeredMessage);
         }

src/NuGet.Services.Validation.Orchestrator/PackageSigning/PackageSigningConfiguration.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using NuGet.Jobs.Configuration;
 
 namespace NuGet.Services.Validation.PackageSigning
@@ -14,5 +15,10 @@ public class PackageSigningConfiguration
         /// The Service Bus configuration used to enqueue package signing validations.
         /// </summary>
         public ServiceBusConfiguration ServiceBus { get; set; }
+
+        /// <summary>
+        /// The visibility delay to apply to Service Bus messages requesting a new validation.
+        /// </summary>
+        public TimeSpan? MessageDelay { get; set; }
     }
 }

src/NuGet.Services.Validation.Orchestrator/PackageSigning/PackageSigningValidator.cs

@@ -2,26 +2,31 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
 using NuGet.Services.Validation.Orchestrator;
+using NuGet.Services.Validation.Orchestrator.Telemetry;
 
 namespace NuGet.Services.Validation.PackageSigning
 {
     public class PackageSigningValidator : BaseValidator, IValidator
     {
         private readonly IValidatorStateService _validatorStateService;
         private readonly IPackageSignatureVerificationEnqueuer _signatureVerificationEnqueuer;
+        private readonly ITelemetryService _telemetryService;
         private readonly ILogger<PackageSigningValidator> _logger;
 
         public PackageSigningValidator(
             IValidatorStateService validatorStateService,
             IPackageSignatureVerificationEnqueuer signatureVerificationEnqueuer,
+            ITelemetryService telemetryService,
             ILogger<PackageSigningValidator> logger)
         {
             _validatorStateService = validatorStateService ?? throw new ArgumentNullException(nameof(validatorStateService));
             _signatureVerificationEnqueuer = signatureVerificationEnqueuer ?? throw new ArgumentNullException(nameof(signatureVerificationEnqueuer));
+            _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
@@ -57,9 +62,15 @@ private async Task<ValidatorStatus> StartInternalAsync(IValidationRequest reques
 
             // Kick off the verification process. Note that the jobs will not verify the package until the
             // state of this validator has been persisted to the database.
+            var stopwatch = Stopwatch.StartNew();
+
             await _signatureVerificationEnqueuer.EnqueueVerificationAsync(request);
 
-            return await _validatorStateService.TryAddValidatorStatusAsync(request, validatorStatus, ValidationStatus.Incomplete);
+            var result = await _validatorStateService.TryAddValidatorStatusAsync(request, validatorStatus, ValidationStatus.Incomplete);
+
+            _telemetryService.TrackDurationToStartPackageSigningValidator(stopwatch.Elapsed);
+
+            return result;
         }
     }
 }

src/NuGet.Services.Validation.Orchestrator/Telemetry/ITelemetryService.cs

@@ -65,6 +65,19 @@ public interface ITelemetryService
         /// <param name="validatorType">The validator type (name).</param>
         void TrackValidatorStarted(string validatorType);
 
+        /// <summary>
+        /// The duration to start the package signing validator. This includes both the enqueue and DB commit time.
+        /// </summary>
+        /// <param name="duration">The duration.</param>
+        void TrackDurationToStartPackageSigningValidator(TimeSpan duration);
+
+        /// <summary>
+        /// The duration to star the package certificates validator. This includes all enqueue times and the DB commit
+        /// time.
+        /// </summary>
+        /// <param name="duration">The duration.</param>
+        void TrackDurationToStartPackageCertificatesValidator(TimeSpan duration);
+
         /// <summary>
         /// A counter metric emmitted when a validator reaches a terminal state and potentially persists validation
         /// issues. A count of zero is emitted if the validator does not produce any issues. This metric is not emitted

src/NuGet.Services.Validation.Orchestrator/Telemetry/TelemetryService.cs

@@ -10,22 +10,28 @@ namespace NuGet.Services.Validation.Orchestrator.Telemetry
 {
     public class TelemetryService : ITelemetryService
     {
-        private const string Prefix = "Orchestrator.";
-
-        private const string DurationToValidationSetCreationSeconds = Prefix + "DurationToValidationSetCreationSeconds";
-        private const string PackageStatusChange = Prefix + "PackageStatusChange";
-        private const string TotalValidationDurationSeconds = Prefix + "TotalValidationDurationSeconds";
-        private const string SentValidationTakingTooLongMessage = Prefix + "SentValidationTakingTooLongMessage";
-        private const string ValidationSetTimeout = Prefix + "TotalValidationDurationSeconds";
-        private const string ValidationIssue = Prefix + "ValidationIssue";
-        private const string ValidationIssueCount = Prefix + "ValidationIssueCount";
-        private const string ValidatorTimeout = Prefix + "ValidatorTimeout";
-        private const string ValidatorDurationSeconds = Prefix + "ValidatorDurationSeconds";
-        private const string ValidatorStarted = Prefix + "ValidatorStarted";
-        private const string ClientValidationIssue = Prefix + "ClientValidationIssue";
-        private const string MissingPackageForValidationMessage = Prefix + "MissingPackageForValidationMessage";
-        private const string MissingNupkgForAvailablePackage = Prefix + "MissingNupkgForAvailablePackage";
-        private const string DurationToHashPackageSeconds = Prefix + "DurationToHashPackageSeconds";
+        private const string OrchestratorPrefix = "Orchestrator.";
+        private const string PackageSigningPrefix = "PackageSigning.";
+        private const string PackageCertificatesPrefix = "PackageCertificates.";
+
+        private const string DurationToValidationSetCreationSeconds = OrchestratorPrefix + "DurationToValidationSetCreationSeconds";
+        private const string PackageStatusChange = OrchestratorPrefix + "PackageStatusChange";
+        private const string TotalValidationDurationSeconds = OrchestratorPrefix + "TotalValidationDurationSeconds";
+        private const string SentValidationTakingTooLongMessage = OrchestratorPrefix + "SentValidationTakingTooLongMessage";
+        private const string ValidationSetTimeout = OrchestratorPrefix + "TotalValidationDurationSeconds";
+        private const string ValidationIssue = OrchestratorPrefix + "ValidationIssue";
+        private const string ValidationIssueCount = OrchestratorPrefix + "ValidationIssueCount";
+        private const string ValidatorTimeout = OrchestratorPrefix + "ValidatorTimeout";
+        private const string ValidatorDurationSeconds = OrchestratorPrefix + "ValidatorDurationSeconds";
+        private const string ValidatorStarted = OrchestratorPrefix + "ValidatorStarted";
+        private const string ClientValidationIssue = OrchestratorPrefix + "ClientValidationIssue";
+        private const string MissingPackageForValidationMessage = OrchestratorPrefix + "MissingPackageForValidationMessage";
+        private const string MissingNupkgForAvailablePackage = OrchestratorPrefix + "MissingNupkgForAvailablePackage";
+        private const string DurationToHashPackageSeconds = OrchestratorPrefix + "DurationToHashPackageSeconds";
+
+        private const string DurationToStartPackageSigningValidatorSeconds = PackageSigningPrefix + "DurationToStartSeconds";
+
+        private const string DurationToStartPackageCertificatesValidatorSeconds = PackageCertificatesPrefix + "DurationToStartSeconds";
 
         private const string FromStatus = "FromStatus";
         private const string ToStatus = "ToStatus";
@@ -205,5 +211,19 @@ public void TrackMissingNupkgForAvailablePackage(string packageId, string normal
                         { NormalizedVersion, normalizedVersion },
                         { ValidationTrackingId, validationTrackingId },
                     });
+
+        public void TrackDurationToStartPackageSigningValidator(TimeSpan duration)
+        {
+            _telemetryClient.TrackMetric(
+                DurationToStartPackageSigningValidatorSeconds,
+                duration.TotalSeconds);
+        }
+
+        public void TrackDurationToStartPackageCertificatesValidator(TimeSpan duration)
+        {
+            _telemetryClient.TrackMetric(
+                DurationToStartPackageCertificatesValidatorSeconds,
+                duration.TotalSeconds);
+        }
     }
 }

src/NuGet.Services.Validation.Orchestrator/ValidationSetProcessor.cs

@@ -94,13 +94,31 @@ private async Task<bool> ProcessIncompleteValidations(PackageValidationSet valid
                     var validator = _validatorProvider.GetValidator(packageValidation.Type);
                     var validationRequest = await CreateValidationRequest(packageValidation.PackageValidationSet, packageValidation, package, validationConfiguration);
                     var validationResult = await validator.GetResultAsync(validationRequest);
-                    _logger.LogInformation("New status for validation {ValidationType} for {PackageId} {PackageVersion} is {ValidationStatus}, validation set {ValidationSetId}, {ValidationId}",
-                        packageValidation.Type,
-                        package.PackageRegistration.Id,
-                        package.NormalizedVersion,
-                        validationResult.Status,
-                        validationSet.ValidationTrackingId,
-                        packageValidation.Key);
+
+                    if (validationResult.Status != ValidationStatus.Incomplete)
+                    {
+                        _logger.LogInformation(
+                            "New status for validation {ValidationType} for {PackageId} {PackageVersion} is " +
+                            "{ValidationStatus}, validation set {ValidationSetId}, {ValidationId}",
+                           packageValidation.Type,
+                           package.PackageRegistration.Id,
+                           package.NormalizedVersion,
+                           validationResult.Status,
+                           validationSet.ValidationTrackingId,
+                           packageValidation.Key);
+                    }
+                    else
+                    {
+                        _logger.LogDebug(
+                            "Validation {ValidationType} for {PackageId} {PackageVersion} is still " +
+                            "{ValidationStatus}, validation set {ValidationSetId}, {ValidationId}",
+                            packageValidation.Type,
+                            package.PackageRegistration.Id,
+                            package.NormalizedVersion,
+                            validationResult.Status,
+                            validationSet.ValidationTrackingId,
+                            packageValidation.Key);
+                    }
 
                     switch (validationResult.Status)
                     {