fix(cli): Enables concurrent rewrap in cli (#391)

- Adds `--concurrencyLimit` parameter - Defaults to 100 - Also, if not explicitly set to `1`, triggers an access token lookup to try to get the race condition we were seeing internally
opentdf · Nov 18, 2024 · ab40664 · ab40664
1 parent 94993bc
commit ab40664
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/cli/bin/opentdf.bats b/cli/bin/opentdf.bats
@@ -13,7 +13,7 @@
 }
 
 @test "fails with missing file arguments" {
-  run $BATS_TEST_DIRNAME/opentdf.mjs --kasEndpoint "https://example.com" --oidcEndpoint "http://invalid" --auth "b:c" encrypt
+  run $BATS_TEST_DIRNAME/opentdf.mjs --kasEndpoint "https://example.com" --oidcEndpoint "http://invalid" --concurrencyLimit 1 --auth "b:c" encrypt
   [ "$status" -eq 1 ]
   echo "$output"
   [[ $output == *"Must specify file or pipe"* ]]

diff --git a/cli/src/cli.ts b/cli/src/cli.ts
@@ -27,6 +27,7 @@ type AuthToProcess = {
   auth?: string;
   clientId?: string;
   clientSecret?: string;
+  concurrencyLimit?: number;
   oidcEndpoint: string;
   userId?: string;
 };
@@ -51,6 +52,7 @@ async function processAuth({
   auth,
   clientId,
   clientSecret,
+  concurrencyLimit,
   oidcEndpoint,
   userId,
 }: AuthToProcess): Promise<LoggedAuthProvider> {
@@ -75,6 +77,9 @@ async function processAuth({
     exchange: 'client',
     clientSecret,
   });
+  if (concurrencyLimit !== 1) {
+    await actual.oidcAuth.get();
+  }
   const requestLog: AuthProviders.HttpRequest[] = [];
   return {
     requestLog,
@@ -120,6 +125,11 @@ async function tdf3DecryptParamsFor(argv: Partial<mainArgs>): Promise<DecryptPar
   if (argv.noVerifyAssertions) {
     c.withNoVerifyAssertions(true);
   }
+  if (argv.concurrencyLimit) {
+    c.withConcurrencyLimit(argv.concurrencyLimit);
+  } else {
+    c.withConcurrencyLimit(100);
+  }
   c.setFileSource(await openAsBlob(argv.file as string));
   return c.build();
 }
@@ -235,10 +245,16 @@ export const handleArgs = (args: string[]) => {
       })
       .option('noVerifyAssertions', {
         alias: 'no-verify-assertions',
-        group: 'Security',
+        group: 'Decrypt',
         desc: 'Do not verify assertions',
         type: 'boolean',
       })
+      .option('concurrencyLimit', {
+        alias: 'concurrency-limit',
+        group: 'Decrypt',
+        desc: 'Enable concurrent key split and share lookups',
+        type: 'number',
+      })
       .option('auth', {
         group: 'OAuth and OIDC:',
         type: 'string',