Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Clarify client traversal of role delegation graph
See original GitHub issueSpec v1.0.19 Section 5.6.7 describes how the client should traverse the delegation graph to update the targets role. The wording on cycle avoidance could use some clarification.
The spec says:
If this role has been visited before, then skip this role (so that cycles in the delegation graph are avoided)
A “role” in this context could either refer to 1) a delegated role (a node in the delegation graph) or 2) a role entry in the roles array of the DELEGATIONS object, which represents not a role, but a delegation from one role to another (a directed edge in the delegation graph).
As a result, there are two ways the traversal could be interpreted:
- As we’re traversing the delegation graph, skip nodes (roles) that have already been visited. This avoids visiting any one role twice, and produces the most intuitive pre-order traversals for graphs where some nodes have multiple parents (i.e. when the graph is not a tree). However, it’s not true cycle detection and we may actually want to consider every edge, since different edges leading to the same role may represent different conditions of delegation (e.g. different keys, different paths, etc.).
- As we’re traversing the delegation graph, skip edges (delegations) that have already been visited. This follows the typical definition of cycle detection. However, it produces counter-intuitive “pre-order” traversals for graphs that aren’t trees, and this interpretation is not obvious from the wording in section 5.6.7.
Below are two concrete examples.
Example A:
| Interpretation | Traversal |
|---|---|
| 1: skip visited nodes | A, B, D, C |
| 2: skip visited edges | A, B, D, C, D |
Example B:
(assume B’s outgoing edges/delegations are ordered as [A, D]
| Interpretation | Traversal |
|---|---|
| 1: skip visited nodes | A, B, D, C |
| 2: skip visited edges | A, B, A, C, D |
Issue Analytics
- State:
- Created 2 years ago
- Reactions:4
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
On the new ngclient _preorder_depth_first_walk keeps a set of edges: (node, parent_node) any skips visited edges. Do you know why it was implemented differently?
Thank you for the detailed issue @raphaelgavache!
Apologies all for the noise of the drive-by comment earlier, I wanted to some implementation examples and submitted before the comment was complete.
I believe a new set of contributors drew different conclusions from the specification, further indicating the need to clarify this part of the detailed client workflow.
I’d certainly defer to @trishankatdatadog and @mnm678 here, but I my current understanding is in agreement with the ngclient authors conclusion (and yours, I believe, @raphaelgavache) that we should skip visited delegations/edges not visited roles/nodes.