Introducing vault sharing and the restrictions of pulling and cloning with vault permissions #266
Conversation
|
This will require squashing before rebase on master. |
scottmmorris
force-pushed
the
vaultspermissions
branch
from
f63d1c6
to
354cc77
Compare
|
I'm going to remove the |
|
I'm also going to handle the scan vaults function here. To see more info on this see: #259 (comment) |
|
vault scan has been reintroduced and some testing has been done but there still needs to be fixes for the CLI and then the testing of the CLI commands. After discussing with Roger we now have a solution to handle the errors coming through isomorphic git. More details can be found in #259. So I've updated the task list with the relevant tasks. After those are done this PR should be ready for review. Probably wont finish it this week because ILL only be doing a half day Friday but should be ready by end of Monday next week. |
|
I'm getting a connection warning when testing the scan vaults function on node manager: I haven't been able to trace it yet but it doesn't seem to be affecting the output from the grpc stream as the tests are still passing. I believe the first error message shouldn't have the '127.0.0.1' address, it should be the default '0.0.0.0' so maybe this is contributing to the issue. |
|
I'm struggling a little with the error handling. At the moment this is what I'm doing. On the server side I am generating and throwing the error and returning. Then on the client side inside the request object I catch the error from the stream (there is a bit of a hack I'm using to get the what the error is because its coming out weird), set the error flag and then throw the error again. Then I catch the error in the git clone command and do some checks to verify and then throw the correct error. However, the issue is that its not executing the try catch wrapper for the git clone method until after my test is finished. It appears that the test shuts down after the stream error is caught and rethrown. So instead of failing with the exception in the try catch its failing within the request object and I assume it isn't being caught there? EDIT: The alternative I have found is that if I don't throw an error to isomorphic git then it will continue until it realises its not being sent any data from the stream and then will throw and error which is correctly caught and handled. I'm not too sure why there is a difference between these two approaches? By my reckoning they should both cause the process to exit gracefully. |
|
Are you meant to await on the throw?
This usually means somewhere an await is missing.
|
|
Yep, good point. Although I've changed it and i'm still encountering the async error. I tried |
|
I'm now running a try and catch wrapper like this: and it is working fine as opposed to using the |
|
The only thing is, that isomorphic git is logging out an error here: https://github.com/isomorphic-git/isomorphic-git/blob/89c0da78d5ebf3c9f2754b3c8d557155dd70c8d7/src/models/GitPktLine.js#L89 Which is this error I think this is because when we throw an error the buffers collected from the generator are undefined |
|
That's the correct way to handle errors when using the promise/generator utilities. The only place we are using |
Maybe this is because they use a stream reader, and this error occurs essentially when initialising the stream reader because there are no buffers sent by the generator. So then it doesn't have a length and gives this error. So isomorphic git isn't actually reacting to the error we are throwing in the request object. I tried sending some buffers before throwing but the error still occurs. I then moved onto this structure: so that isomorhic git knows ahead of time that there is an error. This fixes the logging of the type error. I'm not sure if there is a convention I should be using for the status code and message here. E: actually this doesn't fix it, for some reason it doesn't actually receive the return object in the finally statement |
|
I think you're translating GRPC exceptions/errors straight into HTTP errors there. This is definitely doable. HTTP has both error status codes as as well as status messages. https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_client_errors The question is what does isogit do with this error information? Does it even throw it or it's just dropped. I think the snippet you showed before just dropped the error. In which case these codes aren't even really read. Note that our exceptions do have a |
|
They do check in some places, e.g. here https://github.com/isomorphic-git/isomorphic-git/blob/89c0da78d5ebf3c9f2754b3c8d557155dd70c8d7/src/managers/GitRemoteHTTP.js#L131 However, when I log out the response on the isomorphic git side, it always comes out with the status 200. Anyway, going back to the original issue which was the iso git error being logged out, the reason its logging out is because the thrown error resulted in no buffers being collected as I mentioned in the previous post. And I think the pk error is only thrown when the buffers are read in from the generator. So in the finally statement I just sent an empty buffer which meant that the E: The return statement in the finally block overwrites the error thrown to iso-git but instead iso-git throws another error ( |
scottmmorris
force-pushed
the
vaultspermissions
branch
from
7f46a63
to
65bdeee
Compare
|
Update here: The rebase has caused quite a few test failures. The ones that I'm still struggling with are the agent ones. This is probably due to the fact that |
|
The API change mostly affected So it shouldn't be causing new test failures. I did run most of the tests prior to merging including the |
|
I think its because of the change to the vault key being stored inside vault manager now (So not the rebase changes). I was doing it so that if fresh was specified in the vault manager it would create the key but otherwise it should read the key. But in the keys domain when it was setup it would check if the key exists and then if it didnt it would create it, regardless of whether fresh was specified or not (hence why there were no issues before). Now that Ive correctly updated it everywhere it should be working. Also there wasn't an option to start the polykey agent from scratch (fresh)? I'm not sure if this is intentional and if then I should just do the vault key the way it was done before. i.e. not rely on the fresh option and instead just check if the key exists and if not create it. I feel like this would run into a lot of problems though. |
|
@scottmmorris after you finish testing this. Can you go to MatrixAI/Polykey-Docs#3 and update the vault architecture diagrams and the sharing/unsharing sequence diagrams in relation the work done here. Just make a comment there regarding updates to the diagrams, and then coordinate with @joshuakarp in terms of fixing up the wiki. |
scottmmorris
force-pushed
the
vaultspermissions
branch
2 times, most recently
from
8872ffd
to
6d9c3cc
Compare
- NodeId fixes for vaults tests - Replaced makeVaultIdPretty` with `encodeVaultId`
tegefaulkes
force-pushed
the
vaultspermissions
branch
from
17adca0
to
0f03127
Compare
|
I have re-based on master. I discovered the interactive re-base feature so I cleaned up the commit history into single commits for each issue as well. |
|
@tegefaulkes great rebasing however please write descriptive commit messages. You also don't need to reference the issue if it's part of a MR/PR that is committed together. |
|
I'll add better descriptions but I'm going to keep the issue numbers in the commits. This is just so I can track what each change relates to better and when it comes to the last stage rebase-merge step I can squash each issue together nicely. anything labelled |
|
MatrixAI/Polykey-CLI#80 will likely be moved outside of the PR into it's own PR. The changes are not required here and don't fix anything. So to keep things neat it will be seperate. |
|
On review the remaining issues It looks like the rest of the implementation should take 2-3 days. fixing and updating tests should be 2-3 days aswell. Review will possibly add a day or two on top. I'm expecting about to be done halfway through next week, Possibly the end of next week. |
|
All tests are passing now. all that is left is a small review of #336 and an overall review of the code before squashing and merging. |
|
Only one test failing in pipeline. It's working in my tests so i'll take a closer look. |
…ltsPermissionGet` and `vaultsPermissionUnset`.
tegefaulkes
force-pushed
the
vaultspermissions
branch
from
23f2b27
to
08f6c00
Compare
|
A few things I found that seems to be missing from this PR:
@tegefaulkes can you make sure that 1 - 3 have issues tracking them? @emmacasolin can deal with the test splitting soon. |
|
Note that for 3, that some of the tests require different As for 4, can you elaborate on the scope and end goal of the issue? |
|
|
I think MatrixAI/Polykey-CLI#32 can be expanded/elaborated to incorporate point 4. similar to MatrixAI/Polykey-CLI#6. |
Description
This pull request aims to allow vaults to be shared and unshared with other Node Ids. Specification and discussion can be found inside the Tasklist issues.
Secret Commands
There are some changes to secrets commands here. These should be extracted out of this PR and moved to another PR as they have different specification requirements.
Issues Fixed
shareVault/unshareVaultimplementation #259cloneVault#253VaultInternal#305GenericIdTypes.ts#299remotefield for vault metadata optimisation #309ConnectionInfofrom connecting client node #342Tasks
Reference for residual TODOs is here #266 (comment) .
ConnectionInfofrom connecting client node #342VaultInternal#305shareVault/unshareVaultimplementation #259Final checklist