feat: Add ACP to pubsub KMS

[islamaliev]

Relevant issue(s)

Resolves #2893

This change adds ACP to pubsub KMS.

A new event MergeComplete was introduced in order to make it correspond to MergeCompleteName. This is necessary to notify listeners that the merge was executed on decrypted blocks.

Upon granting access to a document via AddDocActorRelationship we publish not Update event so that the actors that being given access to can now request a document anew.

In testing framework WaitForSync is extended to allow specifying documents that should be received in decrypted state.

[codecov]

Codecov Report

Attention: Patch coverage is 67.42857% with 57 lines in your changes missing coverage. Please review.

Project coverage is 77.46%. Comparing base (6d6c9f2) to head (fd326a2).
Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
internal/db/collection_retriever.go	47.50%	14 Missing and 7 partials ⚠️
internal/db/db.go	64.00%	6 Missing and 3 partials ⚠️
internal/db/iterator.go	78.57%	6 Missing and 3 partials ⚠️
internal/kms/pubsub.go	75.00%	6 Missing and 3 partials ⚠️
internal/db/errors.go	0.00%	4 Missing ⚠️
node/node.go	57.14%	2 Missing and 1 partial ⚠️
errors/errors.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3206      +/-   ##
===========================================
+ Coverage    77.44%   77.46%   +0.01%     
===========================================
  Files          376      378       +2     
  Lines        34791    34941     +150     
===========================================
+ Hits         26943    27064     +121     
- Misses        6238     6257      +19     
- Partials      1610     1620      +10     

Flag	Coverage Δ
all-tests	77.46% <67.43%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
event/event.go	100.00% <ø> (ø)
internal/db/merge.go	78.47% <100.00%> (-2.14%)	⬇️
internal/db/p2p_replicator.go	61.59% <100.00%> (+1.35%)	⬆️
internal/db/permission/check.go	83.33% <ø> (ø)
errors/errors.go	95.00% <0.00%> (-5.00%)	⬇️
node/node.go	57.36% <57.14%> (-0.01%)	⬇️
internal/db/errors.go	60.42% <0.00%> (-0.74%)	⬇️
internal/db/db.go	66.53% <64.00%> (-0.30%)	⬇️
internal/db/iterator.go	78.57% <78.57%> (ø)
internal/kms/pubsub.go	67.71% <75.00%> (+5.54%)	⬆️
... and 1 more

... and 12 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6d6c9f2...fd326a2. Read the comment docs.

[shahzadlone]

@islamaliev should I wait for you to fix the failing tests, or is it okay to review?

[AndrewSisley]

I think we have modelled something incorrectly, and the discussion around that needs to be resolved before people spend time reviewing this IMO (ideally before you'd have spent your time coding this too, but such things happen, sorry).

[AndrewSisley]

todo: There appears to be no reason to fully scan all the head cids in the constructor, only to return an iterator from it that then iterates through the results. It seems to defeat the point a little bit and makes the code look odd, and more scary than it needs to be.

This is worse given that in the normal/happy use-case (RetrieveCollectionFromDocID, not retry), *DocHeadBlocksIterator.Next is only called once, and so only one of the potentially many fetched cids are actually used.

Please rework this (maybe make HeadSet an iterator) to avoid the extra fetching.

Note: Please see my note RE a bug in the model before spending time on this.

[islamaliev]

Next is only called once

It uses all produced value in db::db.publishDocUpdateEvent and db::db.retryDoc.
Only in db::CollectionRetriever.RetrieveCollectionFromDocID it uses just the first produces value.

[AndrewSisley]

Ah, I missed publishDocUpdateEvent thanks - that is still half of the happy-path paths though. And doesn't change the unusualness of doing extra/discarded work in the constructor of a type that is already an iterator.

I'm not sure we'll convince each other either way here though, and it's only immediate impact on users is (probably minor) performance, so if you don't want to do the suggestion please leave this thread unresolved in case anyone else feels like joining the conversation :)

[AndrewSisley]

Ignoring long term concerns regarding the model you are building against - it looks good, and was nice and easy/simple to read - just a couple of small todos from me.

Thanks Islam :)

[shahzadlone]

Did a quick pass, mostly looks good. Wondering why we aren't doing the same thing for when the relation is deleted. And another optimization request to only publish when the relationship adding request is not a no-op.

[AndrewSisley]

todo: This function is scoped to a large and important type, does very similar things to a couple of existing places, and ignores the context txn. It looks very easy to erroneously call this, and in an area where testing is relatively weak (transactions).

Please document this function to highlight that it ignores the transaction, and does a whole load of work to find the heads (something the two existing locations do not need to do).

Please do not refactor the existing locations as I have changed them in another open PR, with this 3rd addition we can look at refactoring the 3 after this (and maybe the other PR, depending on timing) has merged.

[AndrewSisley]

Looks good to me, the code is very easy to read - thanks Islam :)

Just one documentation request from me (I think) before I'm happy with merging :)

[shahzadlone]

LGTM Thanks very much for this change and explaining why that line was being hit.

Just one suggestion remaining incase you missed.

suggestion: Add a test where after sharing a document, it is revoked and then shared again. i.e. using DeleteDocActorRelationship

[islamaliev]

suggestion: Add a test where after sharing a document, it is revoked and then shared again. i.e. using DeleteDocActorRelationship

I don't think it makes much sense, as this would mostly test acp functionality which we already have plenty tests for. Revoking of encryption keys is planned for later anyway. This is where we will add a bunch of tests.