Add jitter to validity period of attestations

This helps ensure that the renewals of attestations are spread out more
evenly.
pull/2596/head
Erik Johnston 2017-10-27 11:57:27 +01:00
parent f009df23ec
commit ca571b0ec3
1 changed files with 12 additions and 1 deletions

View File

@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import random
from twisted.internet import defer from twisted.internet import defer
from synapse.api.errors import SynapseError from synapse.api.errors import SynapseError
@ -25,6 +27,11 @@ from signedjson.sign import sign_json
# Default validity duration for new attestations we create # Default validity duration for new attestations we create
DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000 DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000
# We add some jitter to the validity duration of attestations so that if we
# add lots of users at once we don't need to renew them all at once.
# The jitter is a multiplier picked randomly between the first and second number
DEFAULT_ATTESTATION_JITTER = (0.9, 1.3)
# Start trying to update our attestations when they come this close to expiring # Start trying to update our attestations when they come this close to expiring
UPDATE_ATTESTATION_TIME_MS = 1 * 24 * 60 * 60 * 1000 UPDATE_ATTESTATION_TIME_MS = 1 * 24 * 60 * 60 * 1000
@ -73,10 +80,14 @@ class GroupAttestationSigning(object):
"""Create an attestation for the group_id and user_id with default """Create an attestation for the group_id and user_id with default
validity length. validity length.
""" """
validity_period = DEFAULT_ATTESTATION_LENGTH_MS
validity_period *= random.uniform(*DEFAULT_ATTESTATION_JITTER)
valid_until_ms = int(self.clock.time_msec() + validity_period)
return sign_json({ return sign_json({
"group_id": group_id, "group_id": group_id,
"user_id": user_id, "user_id": user_id,
"valid_until_ms": self.clock.time_msec() + DEFAULT_ATTESTATION_LENGTH_MS, "valid_until_ms": valid_until_ms,
}, self.server_name, self.signing_key) }, self.server_name, self.signing_key)