Skip to content

chore(core): Log names of registered trust.mgrs #2792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(core): Log names of registered trust.mgrs #2792

wants to merge 1 commit into from

Conversation

dmihalcik-virtru
Copy link
Member

Proposed Changes

  • This assists with debugging misspelled or forgotten mgrs

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@dmihalcik-virtru
chore(core): Log names of registered trust.mgrs
728032a 
This assists with debugging misspelled or forgotten mgrs
@dmihalcik-virtru dmihalcik-virtru requested review from a team as code owners October 8, 2025 13:54
@github-actions github-actions bot added comp:kas Key Access Server size/s labels Oct 8, 2025
@gemini-code-assist Gemini Code Assist
Copy link
Contributor

Summary of Changes

Hello @dmihalcik-virtru, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This PR enhances the KAS service's logging to provide better visibility into registered trust.KeyManagers. It adds an Info level log during service startup to list all registered managers and augments an existing debug log in the DelegatingKeyService to include available manager names when a requested manager is not found. This directly addresses the need for improved debugging of key manager configurations.

Highlights

  • Intent: This pull request aims to improve debugging capabilities by logging the names of registered trust.KeyManagers within the KAS service. This helps identify issues related to misspelled or forgotten key manager configurations.
  • Changes Summary: The changes introduce logging of registered key manager names in two key areas:
  1. KAS Service Registration (service/kas/kas.go): A new slice kmgrNames is introduced to collect the names of all key managers (from KeyManagerFactories, BasicManager, and inProcessService) as they are registered. Once registration is complete, an Info level log message is added to output the full list of registered trust.KeyManagers.
  2. Delegating Key Service (service/trust/delegating_key_service.go): The getKeyManager function now imports maps and slices packages. When a requested key manager factory is not found, an existing debug log message is enhanced to include a list of all currently known key manager names, providing more context for debugging.
  • Reviewer Activity Summary: No specific reviewer activity has been recorded yet for this pull request.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces logging of registered trust.KeyManagers to assist with debugging misspelled or forgotten managers. The changes involve modifying kas.go to collect the names of registered key managers and log them, and updating delegating_key_service.go to include key manager names in debug logs when a key manager factory is not found. I have identified some opportunities to improve the code and have provided suggestions.

service/trust/delegating_key_service.go
Comment on lines 200 to 204
factory, factoryExists := d.managerFactories[name]
// Read defaultMode under lock for comparison.
currentDefaultMode := d.defaultMode
allNames := slices.Collect(maps.Keys(d.managerFactories))
d.mutex.Unlock()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Moving allNames outside the lock scope can lead to a race condition if d.managerFactories is modified between the collection of names and its use in the debug log. To avoid this, collect the names while holding the lock.

Suggested change
factory, factoryExists := d.managerFactories[name]
// Read defaultMode under lock for comparison.
currentDefaultMode := d.defaultMode
allNames := slices.Collect(maps.Keys(d.managerFactories))
d.mutex.Unlock()
d.mutex.Unlock()
currentDefaultMode := d.defaultMode
// Collect key manager names while holding the lock.
allNames := slices.Collect(maps.Keys(d.managerFactories))

service/trust/delegating_key_service.go
factory, factoryExists := d.managerFactories[name]
// Read defaultMode under lock for comparison.
currentDefaultMode := d.defaultMode
allNames := slices.Collect(maps.Keys(d.managerFactories))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

It would be more efficient to collect the names of the key managers once, outside of the lock, and then use that collected list here. This avoids holding the lock while collecting the names, improving performance.

Suggested change
allNames := slices.Collect(maps.Keys(d.managerFactories))
d.mutex.Unlock()
allNames := slices.Collect(maps.Keys(d.managerFactories))

service/kas/kas.go
p.KeyDelegator.SetDefaultMode(inProcessService.Name())
kmgrNames = append(kmgrNames, inProcessService.Name())
}
srp.Logger.Info("kas registered trust.KeyManagers", slog.Any("key_managers", kmgrNames))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Consider using a more structured log message. Instead of just logging the names, include additional context or metadata that might be helpful for debugging. For example, you could include the number of key managers registered or the types of key managers.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 8, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 174.684899ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 102.532906ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 364.361246ms
Throughput 274.45 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.814237647s
Average Latency 405.69644ms
Throughput 122.51 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 28.671534145s
Average Latency 285.7678ms
Throughput 174.39 requests/second

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sujankota sujankota Awaiting requested review from sujankota

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

comp:kas Key Access Server size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dmihalcik-virtru