Policy server part 1: Actually call the policy server #18387
Conversation
|
I'm not overly familiar with Synapse's codebase yet, and struggling to find good places to copy/paste some code to set up some tests. I think ideally we have tests on Thoughts (or code - please just push to the branch 😇) are appreciated on this. (equally, I'm personally okay to just land this without tests, but I suspect team policy might override that opinion) |
There was a problem hiding this comment.
I'm just not sure how to make a test that can spin up a second homeserver to "join" the room to appease the is_in_room check within RoomPolicyHandler
https://github.com/element-hq/synapse/blob/develop/tests/handlers/test_federation_event.py#L48 is probably your best bet to copypasta I think? You can see it injecting a remote member https://github.com/element-hq/synapse/blob/develop/tests/handlers/test_federation_event.py#L114
| return recommendation | ||
| except Exception as e: | ||
| logger.warning( | ||
| "get_pdu_policy_recommendation: server %s responded with error, assuming OK recommendation: %s", |
There was a problem hiding this comment.
Nit: I'd rather use f-strings personally, they are waaaay more ergonomic. E.g
logger.warning(f"get_pdu_policy_recommendation: server {destination} responded with error, assuming OK recommendation: {e}")
There was a problem hiding this comment.
We don't use f-strings in loggers, while they are more ergonomic it means that you are passing in the formatted string, rather than allowing the loggers to do so. The main consequence is that if the logger is disabled you don't necessarily want to pay the cost of string interpolation.
Otherwise, yeah f-strings are awesome.
There was a problem hiding this comment.
with my limited python exposure, +1 to fstrings, but definitely don't want to make things harder for the logger
| return True # no policy server == default allow | ||
|
|
||
| if policy_server == self._hs.hostname: | ||
| return True # Synapse itself can't be a policy server (currently) |
There was a problem hiding this comment.
And it can't be run on the same domain with a .well-known lookup or something? I'd rather we didn't hard code this given if/when Synapse can be a PS we need to remember to remove this specific conditional instead of just intuitively pointing the via at the HS.
There was a problem hiding this comment.
I'm not entirely sure that Synapse will be happy with trying to contact itself over federation because that's a pretty weird thing to do in Matrix. Any Synapse support for being a policy server (either natively or via modules) would involve a performant hook anyway, and would be inserted here to short-circuit the federation call.
Removing the check would also obviously slow down message sending in rooms we know are misconfigured (not pointing to a real policy server). With the current highly experimental architecture we also do not expect that pre-existing servers will be policy servers, and operators will need to pick a dedicated domain name without human users on that server. This will probably change down the line.
I'll add some text to the docstring to reduce the chances of forgetting in the meantime. Hopefully when someone writes a test for "can Synapse be a policy server", they'll worst case find the if statement by stepping through the call path.
There was a problem hiding this comment.
I also ended up adding a test for this, so the failure should be even more clear if we do add such functionality
This reverts commit 70987fa.
Co-authored-by: Devon Hudson <[email protected]>
|
I don't know what I did to make the sytests angry aside from merging in develop |
Seems to have just been flakey tests sadly |
Roughly reviewable commit-by-commit.
This is the first part of adding policy server support to Synapse. Other parts (unordered), which may or may not be bundled into fewer PRs, include:
fallback_*options of https://github.com/element-hq/policyserv_spam_checker )Pull Request Checklist
EventStoretoEventWorkerStore.".code blocks.(run the linters)