commit 7556642f00f92b07770dae7b0ef565dc786f5256
author Patrick Meiring <meiring@google.com> Thu Mar 07 22:44:05 2024
committer LUCI CQ <infra-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Mar 07 22:44:05 2024
tree 2d750829489b0b58a88b5473597a413b6491f77f
parent 332331b66f93e690fd5082a5137436ed1dd79efb

[ResultDB] Move to using one transaction in ResultDB RPCs.

This is a preparatory CL to updating ResultDB to allow the
realm of invocations to change. After we implement that feature,
we need to be more careful about reading the realm in the same
Spanner transaction as the rest of the data used by a RPC,
as not doing so introduces theoretical weaknesses, such as
Time of Check, Time of Use vulnerabilities.

It simplifies reasoning about RPCs in any case, as it means
they will operate on a consistent snapshot of the system state.

Reading realm in the same transaction as other data does not
need to occur if we have already validated the invocation
has finalized before we read that other data. So this rule
does not apply to the finalizer task body, metadata
ingestion task queue, bigquery exports, etc.

Invocation creation RPCs have also been excluded from this
requirement as it is satisfactory to demonstrate that it was
possible to include the nominated invocations at one point in
time. That the realm of those invocations may change after the
fact is known and the appropriateness of this will be checked
by the UpdateInvocation RPC when the realm is updated.

BUG=b:318397115
TEST=Integration tests

Change-Id: Ibdbf22ce0f03f4f5082d2f79c1c3ca72eebfcb4a
Reviewed-on: https://chromium-review.googlesource.com/c/infra/luci/luci-go/+/5347404
Reviewed-by: Matthew Warton <mwarton@google.com>
Commit-Queue: Patrick Meiring <meiring@google.com>