Closed Bug 1619994 Opened 4 years ago Closed 4 years ago

Add addons-mlbf collection to blocklists bucket

Categories

(Cloud Services :: Operations: Kinto, task)

Product:
Cloud Services
Component:
Operations: Kinto
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: eviljeff, Assigned: wezhou)

References

Details

Supports https://github.com/mozilla/addons-server/issues/13616 and the v3 blocklist project. (If the collection name is non-standard I'm okay with it being normalized). We need this on stage and production kinto.

The collection is intended to contain bloom filters as attachments - AMO will generate these a few times each day.

The collection should be writeable by the user added in https://bugzilla.mozilla.org/show_bug.cgi?id=1615337

I'm OK with the name if it makes sense to everyone. There's no really necessity to keep it short. addons-bloomfilters or whatever ml stands for would also be fine.

  • Should the attachments be mandatory?
  • Is there any JSON schema for the record fields?
  • What record fields should be shown in the UI?
  • Do you need JEXL filters (clients targeting)?

addons-bloomfilters wfm me instead. (ml is multi level - they're bloom filters within bloom filters to guarantee no false positives/negatives)

  • attachments should be mandatory
  • The JSON schema isn't finalised yet - we're still working to see what Firefox will need. Can we update later?
  • the UI doesn't concern me that much. All the "data" is in the attachment.
  • I don't know about JEXL filters so I'm going to say no. The blocklist will be application agnostic.

The plan is to push these bloom filters on a schedule (up to 4 times a day) via cron job, pre-signed by autograph, so we would want the submissions direct to a publicly available collection. Ideally "buckets/blocklist/collections/addons-bloomfilters" (i.e. not to "buckets/staging/..." where dual signoff would be required via kinto admin). While we await final agreement from security can you just make the change to kinto stage (don't make any change to kinto production). We will file a follow-up bug for production.

Flags: needinfo?(mathieu)

Technically speaking you'll still upload the records to staging. But instead of switching status to to-review you'd switch it to to-sign and records will be published to blocklists immediately

Flags: needinfo?(mathieu)

Ah! Good to know (and less of a change needed on the AMO side too)

Assignee: nobody → wezhou

I believe this can be closed. Feel free to reopen if not.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Depends on: 1623984
You need to log in before you can comment on or make changes to this bug.