feat: Add multiple cert handlers for APNs

[jrconlin]

This patch updates APNs handlers to accept platform based cert
configurations. See configs/autopush_shared.ini.sample. In addition,
this patch clarifies some argument references for routers (e.g. less
than useful result is now slightly more descriptive uaid_data)

Custom item names have been normalized to match gcm/fcm.
Document errors cleaned up a bit as well.

BREAKING CHANGE: the APNS configuration options have been altered, see
configs/autopush_shared.ini.sample for new APNS configuration
settings.

Closes #655

@bbangert @pjenvey r?
@kitcambridge (optional r?)

[codecov-io]

Current coverage is 100% (diff: 100%)

Merging #660 into master will not change coverage

@@           master   #660   diff @@
====================================
  Files          45     45          
  Lines        9171   9222    +51   
  Methods         0      0          
  Messages        0      0          
  Branches        0      0          
====================================
+ Hits         9171   9222    +51   
  Misses          0      0          
  Partials        0      0          

Powered by Codecov. Last update b1a7e2d...7eed1ff

[ghost]

Thanks, @jrconlin! This looks really good, but I think _route has some concurrency issues.

[ghost]

What do you think about calling this app_id to match the docs, and throwing instead of having a default?

[jrconlin]

changed router_token to app_id for registration, added app_id as a default arg for register

[ghost]

ISTM there's only one instance of APNSRouter per app, so this will clobber self._channel for concurrent requests (if one request comes in, then another one comes in while we're still processing the first one).

[jrconlin]

moved rel_channel to messages hash.

[ghost]

Same here, self.messages and register_response_listener don't seem safe for concurrent use if APNSRouter is a singleton. time.time() is in seconds, so we might also clobber the previous entry if we handle two requests close together.

[bbangert]

I believe this one is intentional to track sent messages.

[bbangert]

Does the gateway_server need to have the self._error continually registered? The response listeners for each channel can't be regg'd at setup?

[bbangert]

Kit pointed out some issues that need changes, and I noticed on this read-through existing issues in how outbound messages are tracked and updated.

[bbangert]

What are APNS channels?

[jrconlin]

the iOS team have certs assigned to the firefox channel release, so these would map to "firefox", "beta", "gecko" and whatever other channel definition they want to use (e.g. "nightly?")

[bbangert]

Could that be better expressed by a better variable name or more documentation around this code?

[jrconlin]

changing to rel_channel as an abbreviation for "release channel".

[bbangert]

More tokens? This one is weird because you immediately say that 'router_token' is actually a 'channel_identifier'.

[jrconlin]

Yep, resolving that. There will still be one "router_token" because that's what APNs calls it.

[bbangert]

This results only in second granularity, if multiple requests occur at the same second (pretty easy), then their now value will all be the same.

[jrconlin]

since I'm collapsing key indexes with the expry, made this nanosecond based.

[bbangert]

I believe this one is intentional to track sent messages.

[bbangert]

Does the gateway_server need to have the self._error continually registered? The response listeners for each channel can't be regg'd at setup?

[bbangert]

It's possible that multiple threads could be iterating on this at once, which means that one of the del calls will throw a KeyError. Would probably be better to toss the message cleanup function back into the event loop so it could clean-up without worry about locking the object.

[bbangert]

Is this a router_token, a channel_identifier, or a token? It's not great that its name keeps changing as it moves around to be more and more obscure in meaning.

[jrconlin]

router_token is now unique and locally defined as the router_data["token"] from above. I'm fine making it more explicit but router_data_token = router_data["token"] feels verbose.

[bbangert]

The connection node needs this? Or is there some other reason its now in shared.ini?

[jrconlin]

Consistency, mostly. The GCM/FCM definitions are located in shared. In addition, the router args are currently pulled in by main via add_shared_args().

[bbangert]

Rather than cleaning up after every single message, maybe have the router creation spawn a recurring task that runs every 5 seconds that does this?

[ghost]

Is rel_channel the same as app_id, or is it the instance_id from {“token”:{instance_id}}? And is router_token also the instance_id?

[ghost]

I think you meant to pass the ID here, too, instead of now?

[ghost]

Nit: self.messages.pop(err['identifier'], None) might be better; del will throw a KeyError if the entry was already removed from the dict.

[bbangert]

That shouldn't happen now that cleanup is run off the event loop.

[ghost]

Is this still needed, now that the config is a dict?

[jrconlin]

I'd like to keep the connection in a function, even if it adds some slight overhead. There's a bit of messy history about that with the apns lib.

[ghost]

I meant you're calling self._connect() for each entry in router_conf, and then you're calling self._connect(router_conf). ISTM that won't work? If it does, I'd like to understand why. 😄

[jrconlin]

ah, quite right. context is a good thing for me to have when I reply. I should try it more.

[jrconlin]

ah-HA! turns out this was a merge artifact, since it just happened again after a conflict from master. ._.

[ghost]

I guess not. 😄

[jrconlin]

so, yeah, remember my cryptic comment about calling self._connect() before? ...

[ghost]

Ugh. Unclean reactor errors make me sad. 😭

[jrconlin]

same here, thus why I added this to just not call the reactor when we're running tests.

[ghost]

Great! r+ with nits fixed.

[bbangert]

del the function vs. del the keyword?

[bbangert]

self._max_messages = self._config.pop('max_messages', 100)

[bbangert]

Default behavior on iteration of a dict is to iterate through its keys. Usually keys() is only needed if you might mutate the dict during iteration such that you need a list first.

[bbangert]

So, first router_conf is assigned to self._config, then we iterate through keys in self._config (which is now router_conf minux the max_messages key) calling self._connect. But then we also call self._connect with the whole thing again? What's going on here?

[jrconlin]

git blend merge failure.

[bbangert]

There's a task looping call used in main.py for functions that should be called regularly.

[bbangert]

:returns: ?

[pjenvey]

self._max_messages = self._config.pop('max_messages', 100)

[pjenvey]

FYI send_notification appears to never fail w/ enhanced=True (assuming the input is valid for a payload), which if I'm right makes the new separate metrics unnecessary

[pjenvey]

(since I know you're touching this again) could you please restore: return deferToThread..

[pjenvey]

r+ pending coverage

[bbangert]

We don't need to get it, a key check should be fine. "if 'apns' in ...."

[bbangert]

Sure hope we never, ever, change valid release channel names.

[jrconlin]

If we do, thumbscrews. Fortunately ops has the ability to generate more certs. They'll just have to change the app_id they're sending in to use the new cert pair.