-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow parsing just the vault name without requiring the secret path #305
base: staging
Are you sure you want to change the base?
Conversation
I think I prefer null in those scenarios? Undefined is usually meant to mean void.
|
37a9a58
to
aac9445
Compare
Undefined usually means it wasn't provided. Null would mean it was intentionally not provided. We always use undefined if it's optional. |
I mean in TS, |
It depends, you need to review other places in the code where this has occurred. |
Look at the other parsers. |
91a4f12
to
616df30
Compare
While working on this PR, I actually discovered a bug in https://github.com/MatrixAI/Polykey-CLI/issues/311 There could have been other issues like this which might have slipped past testing and reviewing. I will go through all the currently implemented commands and ensure that the tests properly test everything so similar bugs can't catch us by surprise. |
// Make sure we don't accidentally return garbage data | ||
return vaultName.match(vaultNameRegex)![0]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You shouldn't modify the vaultname here. For this parser we're just checking if its correct. It needs to remain as a string and unmodified.
// E.g. If 'vault1:a/b/c', ['vault1', 'a/b/c'] is returned | ||
// If 'vault1', ['vault1, undefined] is returned | ||
// If 'vault1:', an error is thrown | ||
// If 'a/b/c', an error is thrown |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This commentary needs to be updated.
if (splitSecretPath != null && !secretPathRegex.test(splitSecretPath)) { | ||
throw new commander.InvalidArgumentError( | ||
`${secretPath} is not of the format <vaultName>:<directoryPath>[=<value>]`, | ||
`${secretPath} is not of the format <vaultName>[:<secretPath>][=<value>]`, | ||
); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When it comes to if statements that check a few boolean conditions at once, you always want to add a comment explaining in clear terms what you are checking for. It makes it easier to follow the code. If there was a bug in the logic which is very easy to do with boolean logic then it would be much easier to fix if the intention was known.
? secretPathPart | ||
: secretPathPart.substring(0, equalIndex); | ||
const value = | ||
equalIndex === -1 ? undefined : secretPathPart.substring(equalIndex + 1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
General formatting of ternary operators is that the main thing comes first then the fallback or secondary value comes second.
This isn't a hard rule. Just how I usually structure it.
I just realised a potential issue that would crop up in the future. Lets say that I have a vault called This same issue applies to basically all secrets commands which are expected to operate on the user's local file system. This needs to be addressed before we go about merging this PR. |
I have observed an interesting behaviour with [aryanj@matrix-34xx:~]$ pk secrets write vault:test
some content
more content
i will press ctrl d on the next line
this line will not be shown
[aryanj@matrix-34xx:~]$ pk secrets cat vault:test
some content
more content
i will press ctrl d on the next line
[aryanj@matrix-34xx:~]$ pk secrets cat vault:test > tempfile
[aryanj@matrix-34xx:~]$ cat tempfile
some content
more content
i will press ctrl d on the next line
this line will not be shown% Terminal emulators add a This is not supported by Node's As a workaround, currently we are manually writing a This still needs to be changed to be more intelligent, and detect if the last character was a newline, and do this only if it wasn't. Another interesting discovery was made in regards to We should also consider writing a message to stderr informing the user that the message will now be written to the file, as writing to the file takes about a second, and the users won't be sure if the program needs another |
I think firstly there are only some commands that operate on both local and vault namespaces. That's the So in the case of The solutions:
Do note that you don't currently have PCC nor OCC with vault operations via RPC, until you've developed the stream-lifecycle representing an RPC conversation where the stream lifetime means 1 PCC lock. OCC requires MVCC and that's not possible without snapshots of the vault state which we cannot do at the moment. Please ensure that: pk secrets cp test test # this is an error
pk secrets cp -r testA testB # this means copying testA into testB, so `testA:/testB`
pk secrets mv test ./test # means local path
pk secrets mv test test/test # means moving test into test/test Note that There's actually alot of constraints here. @tegefaulkes you should be working with @aryanjassal to ensure that all scenarios are being fast checked here and clearly in one big list. I want to have a clear list here in the spec. |
The |
This is a bad idea. |
I've never seen this with other unix commands, you should check how you're taking in STDIN here. |
This is definitely a bug and not something terminal emulators fail at doing. The reason for this is due to line buffering. You just need to flush the buffer explicitly at the end when the |
In fact you SHOULD ALWAYS be flushing the buffer explicitly at the end of every CLI command. |
This a key constraint. You need to fast check this well. The point is But Let's get some variants: Here’s the updated table based on the clarified rules that vault paths must follow the
Key Rules Recap:
This table and rule set should now provide a clear, unambiguous interpretation of paths in the context of vault and local operations. |
This would mean that vault names cannot have a Also, what about Should we allow vault names to start with |
Yes Under the rules then it will need to be Well we have to make some rules on a vault name - it would be more constrained than any path. At least 2 symbols are not allowed here: We may also want to disallow non-printable characters and control characters but utf-8 symbols are ok. Use a regex rule - ask chatgpt to help generate and use fastcheck and regex101 to check. |
Description
When specifying a secret path, currently the format needs to be
<vaultName>:<secretPath>
, otherwise a parser error is thrown. This should not be the case, and instead paths like<vaultName>
should also be allowed, which would point to the root of the directory.To do this, a parser for
vaultName
will also be implemented, ensuring consistency in vault's allowed characters. This is important as currently, there are no parsers for vault name, but there is a regex validation for vault names when they are being used in the secret commands. This means that inadvertently vaults can be created which cannot be actually used in any commands likematrix.ai
.Issues Fixed
Tasks
'/'
if the secret path is undefinednot sure if it is even needed[ ]
7. Split tests forvaults/scanNode.test.ts
cat
create
dir
edit
env
list
mkdir
remove
rename
stat
write
Final checklist