feat: tenanted peers #3352
feat: tenanted peers #3352
Conversation
github-actions
bot
added
type: tests
oana-lolea
requested review from
koekiebox,
BlairCurrey,
mkurapov,
golobitch,
sanducb,
njlie and
cozminu
packages/backend/src/payment-method/ilp/auto-peering/service.ts
Outdated
Show resolved
Hide resolved
| args.assetId | ||
| ) | ||
| return peer ? peerToGraphql(peer) : null | ||
| } | ||
|
|
||
| export const createPeer: MutationResolvers<ApolloContext>['createPeer'] = | ||
| export const createPeer: MutationResolvers<ForTenantIdContext>['createPeer'] = |
There was a problem hiding this comment.
The ForTenantIdContext does not seem to be leveraged for this resolver. An assertion for ctx.forTenantId being defined should be used in resolvers using that context in order to proceed.
Perhaps the middleware that sets ctx.forTenantId could be modified to try to retrieve the input tenantId from the input asset, or there could be a more bespoke check that could be performed in this resolver instead.
There was a problem hiding this comment.
Yes, we can use TenantedApolloContext here, and then, pass ctx.isOperator ? undefined : ctx.tenant.id as the tenantId into the create.
This will ensure a non-operator tenant must own the asset its trying to create the peer with and at the same time, lets the operator create peers with any assetId (ie the operator can create peers for any tenant)
| @@ -747,6 +747,8 @@ type Peer implements Model { | |||
| liquidity: UInt64 | |||
| "The date and time when the peer was created." | |||
| createdAt: String! | |||
| "Unique identifier of the tenant associated with the peer." | |||
| tenantId: ID! | |||
There was a problem hiding this comment.
I think tenantId still needs to be added to the CreatePeerInput, so that the CreatePeer resolver can leverage the ForTenantId context.
edit: scratch that, I see that the tenant id of a created peer is determined by the tenant of the asset that is in the input.
| @@ -127,8 +127,7 @@ async function initiatePeeringRequest( | |||
| authToken: outgoingHttpToken, | |||
| endpoint: peeringDetailsOrError.ilpConnectorUrl | |||
| } | |||
| }, | |||
| tenantId: args.tenantId | |||
There was a problem hiding this comment.
We should keep this one here (since the Rafiki that is initiating the peering request can create the peer for a known tenant), and remove the tenantId on L109. Then, in the acceptPeeringRequest function (called for the Rafiki instance that's receiving the peering request), we can use deps.config.operatorTenantId when creating the peer.
| parent, | ||
| args, | ||
| ctx | ||
| ): Promise<ResolversTypes['PeersConnection']> => { | ||
| const peerService = await ctx.container.use('peerService') | ||
| const { sortOrder, ...pagination } = args | ||
| const tenantId = ctx.isOperator ? undefined : ctx.tenant.id |
There was a problem hiding this comment.
We can add tenantId to the peers query in the GraphQL schema, such that the operator can filter peers for a specific tenant. Then, we can do:
| const tenantId = ctx.isOperator ? undefined : ctx.tenant.id | |
| const tenantId = ctx.isOperator ? tenantId : ctx.tenant.id |
| @@ -10,6 +10,7 @@ interface PeeringRequestArgs { | |||
| httpToken: string | |||
| maxPacketAmount?: number | |||
| name?: string | |||
| tenantId: string | |||
There was a problem hiding this comment.
| tenantId: string |
since we won't be sending it over in the peering request (from this comment)
| @@ -134,6 +142,11 @@ async function createPeer( | |||
| return PeerError.InvalidHTTPEndpoint | |||
| } | |||
|
|
|||
| const asset = await deps.assetService.get(options.assetId) | |||
There was a problem hiding this comment.
| const asset = await deps.assetService.get(options.assetId) | |
| const asset = await deps.assetService.get(options.assetId, options.tenantId) |
so we know that the peer gets created for the correct tenant
| args.assetId | ||
| ) | ||
| return peer ? peerToGraphql(peer) : null | ||
| } | ||
|
|
||
| export const createPeer: MutationResolvers<ApolloContext>['createPeer'] = | ||
| export const createPeer: MutationResolvers<ForTenantIdContext>['createPeer'] = |
There was a problem hiding this comment.
Yes, we can use TenantedApolloContext here, and then, pass ctx.isOperator ? undefined : ctx.tenant.id as the tenantId into the create.
This will ensure a non-operator tenant must own the asset its trying to create the peer with and at the same time, lets the operator create peers with any assetId (ie the operator can create peers for any tenant)
| @@ -177,7 +178,7 @@ export const createPeerLiquidityWithdrawal: MutationResolvers<ApolloContext>['cr | |||
| }) | |||
| } | |||
| const peerService = await ctx.container.use('peerService') | |||
| const peer = await peerService.get(peerId) | |||
| const peer = await peerService.get(peerId, ctx.tenant.id) | |||
There was a problem hiding this comment.
| const peer = await peerService.get(peerId, ctx.tenant.id) | |
| const peer = await peerService.get(peerId, ctx.isOperator ? undefined : ctx.tenant.id) |
so the operator can create liquidity withdrawals for any peer
| @@ -100,7 +100,8 @@ export const depositPeerLiquidity: MutationResolvers<ApolloContext>['depositPeer | |||
| const peerOrError = await peerService.depositLiquidity({ | |||
| transferId: args.input.id, | |||
| peerId: args.input.peerId, | |||
| amount: args.input.amount | |||
| amount: args.input.amount, | |||
| tenantId: ctx.tenant.id | |||
There was a problem hiding this comment.
| tenantId: ctx.tenant.id | |
| tenantId: ctx.isOperator ? undefined : ctx.tenant.id |
so the operator can create liquidity deposits for any peer
… peer liquidity withdrawal
| ): Promise<Peer | undefined> { | ||
| const peer = await Peer.query(deps.knex).findById(id) | ||
| let query = Peer.query(deps.knex) |
There was a problem hiding this comment.
We should add a test for this: "cannot get peer with incorrect tenantId"
| const asset = await deps.assetService.get(options.assetId, options.tenantId) | ||
| if (!asset) { | ||
| return PeerError.UnknownAsset | ||
| } |
There was a problem hiding this comment.
We should add a test for this: "cannot create peer with incorrect tenantId"
Added tenantId to peers.
Changes proposed in this pull request
Context
Fixes #3129
Checklist
fixes #numberuser-docslabel (if necessary)