feat: Start ADR 0025 dynamic auth plugins implementation#911
Merged
Conversation
254f1f9 to
e7b4939
Compare
|
🦢 Load Test Results Goose Attack ReportPlan Overview
Request Metrics
Response Time Metrics
Status Code Metrics
Transaction Metrics
Scenario Metrics
|
|
| Branch | claude/adr-0025-implementation-plan-adh5ii |
| Testbed | ubuntu-latest |
Click to view all benchmark results
| Benchmark | Latency | Benchmark Result nanoseconds (ns) (Result Δ%) | Upper Boundary nanoseconds (ns) (Limit %) |
|---|---|---|---|
| Command_Serde/apply/remove | 📈 view plot 🚷 view threshold | 132,410.00 ns(-56.11%)Baseline: 301,687.91 ns | 1,713,866.93 ns (7.73%) |
| Command_Serde/apply/set | 📈 view plot 🚷 view threshold | 143,340.00 ns(-43.57%)Baseline: 254,012.20 ns | 1,029,661.59 ns (13.92%) |
| Command_Serde/pack/delete | 📈 view plot 🚷 view threshold | 123.51 ns(+1.61%)Baseline: 121.55 ns | 146.29 ns (84.43%) |
| Command_Serde/pack/delete_index | 📈 view plot 🚷 view threshold | 113.04 ns(+2.80%)Baseline: 109.96 ns | 131.52 ns (85.95%) |
| Command_Serde/pack/set | 📈 view plot 🚷 view threshold | 200.87 ns(+2.75%)Baseline: 195.50 ns | 239.34 ns (83.93%) |
| Command_Serde/pack/set_index | 📈 view plot 🚷 view threshold | 112.26 ns(+2.21%)Baseline: 109.84 ns | 131.09 ns (85.64%) |
| Command_Serde/unpack/delete | 📈 view plot 🚷 view threshold | 193.04 ns(+0.31%)Baseline: 192.44 ns | 234.58 ns (82.29%) |
| Command_Serde/unpack/delete_index | 📈 view plot 🚷 view threshold | 160.23 ns(+0.37%)Baseline: 159.65 ns | 197.78 ns (81.01%) |
| Command_Serde/unpack/set | 📈 view plot 🚷 view threshold | 279.73 ns(+4.49%)Baseline: 267.71 ns | 333.04 ns (83.99%) |
| Command_Serde/unpack/set_index | 📈 view plot 🚷 view threshold | 156.97 ns(-1.41%)Baseline: 159.21 ns | 196.36 ns (79.94%) |
| Payload_encryption/pack/remove_cmd | 📈 view plot 🚷 view threshold | 133.80 ns(+15.68%)Baseline: 115.67 ns | 139.92 ns (95.62%) |
| Payload_encryption/pack/set_cmd | 📈 view plot 🚷 view threshold | 208.06 ns(+2.57%)Baseline: 202.84 ns | 267.56 ns (77.76%) |
| Payload_encryption/unpack/remove_cmd | 📈 view plot 🚷 view threshold | 211.19 ns(+3.15%)Baseline: 204.75 ns | 253.48 ns (83.32%) |
| Payload_encryption/unpack/set_cmd | 📈 view plot 🚷 view threshold | 296.02 ns(+5.47%)Baseline: 280.67 ns | 352.24 ns (84.04%) |
| Raft_1Node_Latency/prefix/1node | 📈 view plot 🚷 view threshold | 2,670,200.00 ns(-1.85%)Baseline: 2,720,507.66 ns | 6,216,923.89 ns (42.95%) |
| Raft_1Node_Latency/read/1node | 📈 view plot 🚷 view threshold | 42,429.00 ns(+122.12%)Baseline: 19,101.52 ns | 67,454.06 ns (62.90%) |
| Raft_1Node_Latency/remove/1node | 📈 view plot 🚷 view threshold | 401,520.00 ns(-30.28%)Baseline: 575,929.22 ns | 2,322,082.30 ns (17.29%) |
| Raft_1Node_Latency/write/1node | 📈 view plot 🚷 view threshold | 422,520.00 ns(-29.22%)Baseline: 596,936.41 ns | 2,150,781.11 ns (19.64%) |
| build_snapshot/default | 📈 view plot 🚷 view threshold | 116,530.00 ns(+5.61%)Baseline: 110,339.53 ns | 162,487.45 ns (71.72%) |
| fernet token/project | 📈 view plot 🚷 view threshold | 1,426.90 ns(+3.34%)Baseline: 1,380.77 ns | 1,636.39 ns (87.20%) |
| get_data_keyspace | 📈 view plot 🚷 view threshold | 0.31 ns(+0.47%)Baseline: 0.31 ns | 0.36 ns (86.39%) |
| get_db | 📈 view plot 🚷 view threshold | 0.31 ns(-0.34%)Baseline: 0.31 ns | 0.36 ns (85.80%) |
| get_fernet_token_timestamp/project | 📈 view plot 🚷 view threshold | 141.72 ns(-1.23%)Baseline: 143.49 ns | 181.02 ns (78.29%) |
| get_keyspace | 📈 view plot 🚷 view threshold | 4.40 ns(-8.79%)Baseline: 4.83 ns | 9.76 ns (45.13%) |
2fe1fb6 to
9535fe9
Compare
Sequences the WASM plugin work into independently-mergeable phases (runtime foundation, full_auth mode, mapping mode, route mode, admin APIs), pinning implementation choices the ADR left open: a dedicated dynamic-plugin-runtime crate, a Rust reference test plugin, and mode-by-mode phasing with admin APIs deferred to the final phase. Complete ADR 0025 Phase 0: reference plugin and resource-limit enforcement - crates/config: new [dynamic_plugins]/[dynamic_plugin.*] sections (openstack_keystone_config::dynamic_plugins) covering every field from ADR 0025 §5, plus config-load-time validation of the fail-loud invariants from §4/§5 (reserved auth-method names, mode-vs-capability restrictions, hard-denylisted headers, route_targets constraints, well-formed sha256). Wired into Config::load_all alongside the existing validator-derive pass. - crates/dynamic-plugin-runtime: new crate hosting the Extism/wasmtime dependency in isolation from crates/core. WasmPluginRegistry loads each configured plugin, verifies its SHA-256 against the pinned config value, and compiles it with WASI disabled. A checksum mismatch or missing file disables only that plugin (logged, not fatal) - every other plugin and builtin auth method still load, per ADR 0025 §5. - add a minimal Rust reference dynamic auth plugin (Extism PDK, wasm32-unknown-unknown, standalone workspace so its guest dependency graph never touches the shipped binary) under crates/dynamic-plugin-runtime/tests/fixtures/reference-plugin. It exposes authenticate/mapping/route stand-in entry points plus two resource-limit fixtures (spin, allocate_memory) for PR 0.4's tests. The integration test suite builds it on the fly rather than via a separate xtask/CI step, so it can never run against a stale artifact. - wire fuel_limit, timeout_ms, and memory_limit_mb into the Extism manifest/PluginBuilder at compile time, and add LoadedPlugin::invoke() which instantiates a fresh extism::Plugin (and so a fresh wasmtime::Store) per call, matching the ADR's "isolation between requests" requirement. A new InvokeError type distinguishes fuel exhaustion, timeout, and other traps (e.g. an over-budget guest allocation). Five new integration tests exercise the real compiled reference plugin: successful authenticate round-trip, each of the three resource bounds independently tripping with the right error variant, and proof that an exhausted invocation doesn't affect the next call against the same loaded plugin. Assisted-By: Claude Sonnet 5 <noreply@anthropic.com> Signed-off-by: Artem Goncharov <artem.goncharov@gmail.com>
9535fe9 to
7224419
Compare
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sequences the WASM plugin work into independently-mergeable phases
(runtime foundation, full_auth mode, mapping mode, route mode, admin
APIs), pinning implementation choices the ADR left open: a dedicated
dynamic-plugin-runtime crate, a Rust reference test plugin, and
mode-by-mode phasing with admin APIs deferred to the final phase.
Complete ADR 0025 Phase 0: reference plugin and resource-limit
enforcement