[Package Signing] Fix idempotency (#267)

loic-sharma · web-flow · commit f50ef659d959 · 2017-11-30T13:37:46.000-08:00
Previously, the validate package signature job was designed such that it would fail validation requests for  packages that had already been validated unless the validation request was from a revalidation gesture. The idea was that this would make the job "resilient" to unintended state changes caused by message duplication. Essentially, this could happen:

1. Orchestrator sends a `Validate package X's signature` message. Validation passes.
2. Orchestrator resends the `Validate package X's signature` message. Validation fails (even though the signature is still valid).
3. Orchestrator sends a `Revalidate package X's signature` message. Validation passes.

This turned out to be a bad idea as the orchestrator may validate the same package multiple times if it was uploaded multiple times concurrently. With this PR, the new results would be:

1. Orchestrator sends a `Validate package X's signature` message. Validation passes.
2. Orchestrator resends the `Validate package X's signature` message. Validation passes.
3. Orchestrator sends a `Revalidate package X's signature` message. Validation passes.
diff --git a/src/Validation.PackageSigning.ExtractAndValidateSignature/Job.cs b/src/Validation.PackageSigning.ExtractAndValidateSignature/Job.cs
@@ -7,6 +7,7 @@
 using System.IO;
 using System.Net;
 using System.Net.Http;
+using System.Reflection;
 using System.Threading.Tasks;
 using Autofac;
 using Autofac.Extensions.DependencyInjection;
@@ -157,7 +158,9 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
 
             services.AddSingleton(p =>
             {
-                var assemblyName = typeof(SignatureValidationMessage).Assembly.GetName();
+                var assembly = Assembly.GetEntryAssembly();
+                var assemblyName = assembly.GetName().Name;
+                var assemblyVersion = assembly.GetCustomAttribute<AssemblyInformationalVersionAttribute>()?.InformationalVersion ?? "0.0.0";
 
                 var client = new HttpClient(new WebRequestHandler
                 {
@@ -166,7 +169,7 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
                 });
 
                 client.Timeout = configurationRoot.GetValue<TimeSpan>(PackageDownloadTimeoutName);
-                client.DefaultRequestHeaders.Add("user-agent", $"{assemblyName.Name}/{assemblyName.Version}");
+                client.DefaultRequestHeaders.Add("user-agent", $"{assemblyName}/{assemblyVersion}");
 
                 return client;
             });
diff --git a/src/Validation.PackageSigning.ExtractAndValidateSignature/SignatureValidationMessageHandler.cs b/src/Validation.PackageSigning.ExtractAndValidateSignature/SignatureValidationMessageHandler.cs
@@ -121,26 +121,11 @@ private async Task<bool> HandleUnsignedPackageAsync(ValidatorStatus validation,
                         message.ValidationId);
 
             // Update the package's state.
-            // TODO: Determine whether this is a revalidation request.
-            var result = await _packageSigningStateService.TrySetPackageSigningState(
-                            validation.PackageKey,
-                            message.PackageId,
-                            message.PackageVersion,
-                            isRevalidationRequest: false,
-                            status: PackageSigningStatus.Unsigned);
-
-            if (result == SavePackageSigningStateResult.StatusAlreadyExists)
-            {
-                _logger.LogWarning(
-                    "Updates to package signature's state are only allowed on explicit revalidations for package {PackageId} {PackageVersion} for {ValidationId}",
-                    message.PackageId,
-                    message.PackageVersion,
-                    message.ValidationId);
-
-                // The message's request is invalid and no amount of retrying will fix it.
-                // Consume the message.
-                return true;
-            }
+            await _packageSigningStateService.SetPackageSigningState(
+                validation.PackageKey,
+                message.PackageId,
+                message.PackageVersion,
+                status: PackageSigningStatus.Unsigned);
 
             validation.State = ValidationStatus.Succeeded;
 
@@ -153,17 +138,26 @@ private async Task<bool> HandleUnsignedPackageAsync(ValidatorStatus validation,
                     // Consume the message.
                     return true;
                 }
+                else
+                {
+                    _logger.LogWarning(
+                        "Unable to save to save due to stale context, requeueing package {PackageId} {PackageVersion} for validation id: {ValidationId}.",
+                        message.PackageId,
+                        message.PackageVersion,
+                        message.ValidationId);
+                }
             }
             catch (DbUpdateException e) when (e.IsUniqueConstraintViolationException())
             {
+                _logger.LogWarning(
+                    0,
+                    e,
+                    "Unable to save to save due to unique contrainst violation, requeueing package {PackageId} {PackageVersion} for validation id: {ValidationId}.",
+                    message.PackageId,
+                    message.PackageVersion,
+                    message.ValidationId);
             }
 
-            _logger.LogWarning(
-                "Unable to save to save, requeueing package {PackageId} {PackageVersion} for validation id: {ValidationId}.",
-                message.PackageId,
-                message.PackageVersion,
-                message.ValidationId);
-
             // Message may be retried.
             return false;
         }
diff --git a/src/Validation.PackageSigning.ExtractAndValidateSignature/Storage/IPackageSigningStateService.cs b/src/Validation.PackageSigning.ExtractAndValidateSignature/Storage/IPackageSigningStateService.cs
@@ -8,11 +8,10 @@ namespace NuGet.Jobs.Validation.PackageSigning.Storage
 {
     public interface IPackageSigningStateService
     {
-        Task<SavePackageSigningStateResult> TrySetPackageSigningState(
+        Task SetPackageSigningState(
             int packageKey,
             string packageId,
             string packageVersion,
-            bool isRevalidationRequest,
             PackageSigningStatus status);
     }
 }
diff --git a/src/Validation.PackageSigning.ExtractAndValidateSignature/Storage/PackageSigningStateService.cs b/src/Validation.PackageSigning.ExtractAndValidateSignature/Storage/PackageSigningStateService.cs
@@ -10,8 +10,7 @@
 
 namespace NuGet.Jobs.Validation.PackageSigning.Storage
 {
-    public class PackageSigningStateService
-        : IPackageSigningStateService
+    public class PackageSigningStateService : IPackageSigningStateService
     {
         private readonly IValidationEntitiesContext _validationContext;
         private readonly ILogger<PackageSigningStateService> _logger;
@@ -24,11 +23,10 @@ public PackageSigningStateService(
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
-        public async Task<SavePackageSigningStateResult> TrySetPackageSigningState(
+        public async Task SetPackageSigningState(
             int packageKey,
             string packageId,
             string packageVersion,
-            bool isRevalidationRequest,
             PackageSigningStatus status)
         {
             if (string.IsNullOrEmpty(packageId))
@@ -45,11 +43,6 @@ public async Task<SavePackageSigningStateResult> TrySetPackageSigningState(
             // this invariant may be broken due to message duplication.
             var signatureState = await _validationContext.PackageSigningStates.FirstOrDefaultAsync(s => s.PackageKey == packageKey);
 
-            if (signatureState != null && !isRevalidationRequest)
-            {
-                return SavePackageSigningStateResult.StatusAlreadyExists;
-            }
-
             if (signatureState != null)
             {
                 signatureState.SigningStatus = status;
@@ -65,8 +58,6 @@ public async Task<SavePackageSigningStateResult> TrySetPackageSigningState(
                     SigningStatus = status
                 });
             }
-
-            return SavePackageSigningStateResult.Success;
         }
     }
 }
diff --git a/src/Validation.PackageSigning.ExtractAndValidateSignature/Storage/SavePackageSigningStateResult.cs b/src/Validation.PackageSigning.ExtractAndValidateSignature/Storage/SavePackageSigningStateResult.cs
diff --git a/src/Validation.PackageSigning.ExtractAndValidateSignature/Validation.PackageSigning.ExtractAndValidateSignature.csproj b/src/Validation.PackageSigning.ExtractAndValidateSignature/Validation.PackageSigning.ExtractAndValidateSignature.csproj
@@ -41,7 +41,6 @@
   </ItemGroup>
   <ItemGroup>
     <Compile Include="Storage\PackageSigningStateService.cs" />
-    <Compile Include="Storage\SavePackageSigningStateResult.cs" />
     <Compile Include="Storage\IPackageSigningStateService.cs" />
     <Compile Include="Job.cs" />
     <Compile Include="Program.cs" />
diff --git a/tests/Validation.PackageSigning.ExtractAndValidateSignature.Tests/PackageSigningStateServiceFacts.cs b/tests/Validation.PackageSigning.ExtractAndValidateSignature.Tests/PackageSigningStateServiceFacts.cs
@@ -25,46 +25,7 @@ public TheTrySetPackageSigningStateMethod(ITestOutputHelper testOutput)
             }
 
             [Fact]
-            public async Task ReturnsStatusAlreadyExistsWhenSignatureStateNotNullAndNotRevalidating()
-            {
-                // Arrange
-                const int packageKey = 1;
-                const string packageId = "packageId";
-                const string packageVersion = "1.0.0";
-                var packageSigningState = new PackageSigningState
-                {
-                    PackageId = packageId,
-                    PackageKey = packageKey,
-                    SigningStatus = PackageSigningStatus.Valid,
-                    PackageNormalizedVersion = packageVersion
-                };
-
-                var logger = _loggerFactory.CreateLogger<PackageSigningStateService>();
-                var packageSigningStatesDbSetMock = DbSetMockFactory.Create(packageSigningState);
-                var validationContextMock = new Mock<IValidationEntitiesContext>(MockBehavior.Strict);
-                validationContextMock.Setup(m => m.PackageSigningStates).Returns(packageSigningStatesDbSetMock);
-
-                // Act
-                var packageSigningStateService = new PackageSigningStateService(validationContextMock.Object, logger);
-
-                // Assert
-                var result = await packageSigningStateService.TrySetPackageSigningState(
-                    packageKey,
-                    packageId,
-                    packageVersion,
-                    isRevalidationRequest: false,
-                    status: PackageSigningStatus.Valid);
-
-                // Assert
-                Assert.Equal(SavePackageSigningStateResult.StatusAlreadyExists, result);
-                validationContextMock.Verify(
-                    m => m.SaveChangesAsync(),
-                    Times.Never,
-                    "Saving the context here is unnecessary.");
-            }
-
-            [Fact]
-            public async Task ReturnsStatusSuccessAndUpdatedExistingStateWhenSignatureStateNotNullAndRevalidating()
+            public async Task UpdatesExistingStateWhenSignatureStateNotNullAndRevalidating()
             {
                 // Arrange
                 const int packageKey = 1;
@@ -88,15 +49,13 @@ public async Task ReturnsStatusSuccessAndUpdatedExistingStateWhenSignatureStateN
                 var packageSigningStateService = new PackageSigningStateService(validationContextMock.Object, logger);
 
                 // Assert
-                var result = await packageSigningStateService.TrySetPackageSigningState(
+                await packageSigningStateService.SetPackageSigningState(
                     packageKey,
                     packageId,
                     packageVersion,
-                    isRevalidationRequest: true,
                     status: newStatus);
 
                 // Assert
-                Assert.Equal(SavePackageSigningStateResult.Success, result);
                 Assert.Equal(newStatus, packageSigningState.SigningStatus);
                 validationContextMock.Verify(
                     m => m.SaveChangesAsync(),
@@ -105,7 +64,7 @@ public async Task ReturnsStatusSuccessAndUpdatedExistingStateWhenSignatureStateN
             }
 
             [Fact]
-            public async Task ReturnsStatusSuccessAndAddedNewStateWhenSignatureStateIsNull()
+            public async Task AddsNewStateWhenSignatureStateIsNull()
             {
                 // Arrange
                 const int packageKey = 1;
@@ -122,16 +81,13 @@ public async Task ReturnsStatusSuccessAndAddedNewStateWhenSignatureStateIsNull()
                 var packageSigningStateService = new PackageSigningStateService(validationContextMock.Object, logger);
 
                 // Assert
-                var result = await packageSigningStateService.TrySetPackageSigningState(
+                await packageSigningStateService.SetPackageSigningState(
                     packageKey,
                     packageId,
                     packageVersion,
-                    isRevalidationRequest: true,
                     status: newStatus);
 
                 // Assert
-                Assert.Equal(SavePackageSigningStateResult.Success, result);
-
                 var newState = validationContextMock.Object.PackageSigningStates.FirstOrDefault();
                 Assert.NotNull(newState);
                 Assert.Equal(packageKey, newState.PackageKey);
diff --git a/tests/Validation.PackageSigning.ExtractAndValidateSignature.Tests/Validation.PackageSigning.ExtractAndValidateSignature.Tests.csproj b/tests/Validation.PackageSigning.ExtractAndValidateSignature.Tests/Validation.PackageSigning.ExtractAndValidateSignature.Tests.csproj
@@ -61,5 +61,8 @@
       <Name>Validation.PackageSigning.ExtractAndValidateSignature</Name>
     </ProjectReference>
   </ItemGroup>
+  <ItemGroup>
+    <Service Include="{82A7F48D-3B50-4B1E-B82E-3ADA8210C358}" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
 </Project>

Original file line number	Diff line number	Diff line change
`@@ -8,11 +8,10 @@ namespace NuGet.Jobs.Validation.PackageSigning.Storage`
`8`	`8`	`{`
`9`	`9`	`public interface IPackageSigningStateService`
`10`	`10`	`{`
`11`		`- Task<SavePackageSigningStateResult> TrySetPackageSigningState(`
	`11`	`+ Task SetPackageSigningState(`
`12`	`12`	`int packageKey,`
`13`	`13`	`string packageId,`
`14`	`14`	`string packageVersion,`
`15`		`- bool isRevalidationRequest,`
`16`	`15`	`PackageSigningStatus status);`
`17`	`16`	`}`
`18`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,8 +10,7 @@`
`10`	`10`
`11`	`11`	`namespace NuGet.Jobs.Validation.PackageSigning.Storage`
`12`	`12`	`{`
`13`		`- public class PackageSigningStateService`
`14`		`- : IPackageSigningStateService`
	`13`	`+ public class PackageSigningStateService : IPackageSigningStateService`
`15`	`14`	`{`
`16`	`15`	`private readonly IValidationEntitiesContext _validationContext;`
`17`	`16`	`private readonly ILogger<PackageSigningStateService> _logger;`
`@@ -24,11 +23,10 @@ public PackageSigningStateService(`
`24`	`23`	`_logger = logger ?? throw new ArgumentNullException(nameof(logger));`
`25`	`24`	`}`
`26`	`25`
`27`		`- public async Task<SavePackageSigningStateResult> TrySetPackageSigningState(`
	`26`	`+ public async Task SetPackageSigningState(`
`28`	`27`	`int packageKey,`
`29`	`28`	`string packageId,`
`30`	`29`	`string packageVersion,`
`31`		`- bool isRevalidationRequest,`
`32`	`30`	`PackageSigningStatus status)`
`33`	`31`	`{`
`34`	`32`	`if (string.IsNullOrEmpty(packageId))`
`@@ -45,11 +43,6 @@ public async Task<SavePackageSigningStateResult> TrySetPackageSigningState(`
`45`	`43`	`// this invariant may be broken due to message duplication.`
`46`	`44`	`var signatureState = await _validationContext.PackageSigningStates.FirstOrDefaultAsync(s => s.PackageKey == packageKey);`
`47`	`45`
`48`		`- if (signatureState != null && !isRevalidationRequest)`
`49`		`- {`
`50`		`- return SavePackageSigningStateResult.StatusAlreadyExists;`
`51`		`- }`
`52`		`-`
`53`	`46`	`if (signatureState != null)`
`54`	`47`	`{`
`55`	`48`	`signatureState.SigningStatus = status;`
`@@ -65,8 +58,6 @@ public async Task<SavePackageSigningStateResult> TrySetPackageSigningState(`
`65`	`58`	`SigningStatus = status`
`66`	`59`	`});`
`67`	`60`	`}`
`68`		`-`
`69`		`- return SavePackageSigningStateResult.Success;`
`70`	`61`	`}`
`71`	`62`	`}`
`72`	`63`	`}`