produces summary of active/pending/ready spawner counts
Avoids brittle bookkeeping of running counts,
computing the value upon request.
For 10k users this is still only a few milliseconds, which seems worth it
fail with informative error if version mismatches
Since we weren't always tagging before,
we have to handle no tag being present:
- database empty (use latest because we are about to create everything anew)
- if 'spawners' is present, assume 0.8.dev
- if 'services' is present, assume 0.7.x
- else: assume base revision when we started tracking this stuff
Allows authenticators to optionally enable this flag
and signal that auth_state will be used,
enabling early check and exit if encryption is not available.
Currently Spawners need to overwrite start, stop, poll. When this is not
done, it will fail at runtime.
This replicate this check at class definition time, meaning that
potential errors will be caught way earlier. It also have not runtime
cost as the check is a class definition time (ie often import time).
This takes only effect on Python 3.6+ which introduce __init_subclass__,
we could do it with metaclasses, but that's might be too complicated.
If one want to create a class the avoid these restriction they can
overwrite __init_subclass__ and not call the super() method.
only benefit of privy was KDF, but if users provide good 32B keys, this doesn't help.
Fernet already adds randomness, etc. to tokens, so is good enough on its own if keys are good.
privy is used for encryption
- db only has blob column, no knowledge of encryption
- add CryptKeeper for handling encryption
- use privy for encryption, so we have fewer choices to make
- storing/loading encrypted auth_state runs in a ThreadPool
- MultFernet allows key rotation via `AUTH_STATE_KEY=secret2;secret1;secret0`
- Failure to decrypt results in cleared state
- Attempting to set auth_state without encryption is a hard failure
- Absent encryption, auth_state will always be None
