Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add role certificate validity check when loading manifest in core #734

Merged
merged 1 commit into from Oct 18, 2019
Merged

Add role certificate validity check when loading manifest in core #734

merged 1 commit into from Oct 18, 2019

Conversation

touilleMan
Copy link
Member

@touilleMan touilleMan commented Oct 14, 2019
edited

fix #727

@codecov
Copy link

codecov bot commented Oct 14, 2019
edited

Codecov Report

Merging #734 into master will decrease coverage by 0.32%.
The diff coverage is 95%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #734      +/-   ##
==========================================
- Coverage   86.51%   86.18%   -0.33%     
==========================================
  Files         159      159              
  Lines       11183    11641     +458     
==========================================
+ Hits         9675    10033     +358     
- Misses       1508     1608     +100
Impacted Files Coverage Δ
parsec/core/fs/workspacefs/workspacefs.py 96.92% <100%> (+0.76%) ⬆️
parsec/core/fs/remote_loader.py 73.57% <94.44%> (+1.64%) ⬆️
parsec/core/mountpoint/winfsp_operations.py 21.18% <0%> (-7.55%) ⬇️
parsec/backend/cli/run.py 59.61% <0%> (-3.88%) ⬇️
parsec/core/fs/utils.py 92.3% <0%> (-2.7%) ⬇️
parsec/core/sync_monitor.py 91.45% <0%> (-0.86%) ⬇️
parsec/core/mountpoint/fuse_runner.py 96.33% <0%> (-0.76%) ⬇️
parsec/core/fs/userfs/userfs.py 85.84% <0%> (-0.24%) ⬇️
parsec/core/fs/workspacefs/entry_transactions.py 96.4% <0%> (+0.5%) ⬆️
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5472def...c070128. Read the comment docs.

@touilleMan touilleMan force-pushed the check-workspace-role-remote-loader branch from b496320 to c070128 Compare October 15, 2019 13:37
vxgmichel
vxgmichel approved these changes Oct 15, 2019
View reviewed changes
tests/core/fs/test_fs_sync.py
@@ -79,7 +79,8 @@
@pytest.mark.trio
@pytest.mark.parametrize("type", ["file", "folder"])
async def test_new_empty_entry(type, running_backend, alice_user_fs, alice2_user_fs):
wid = await create_shared_workspace("w", alice_user_fs, alice2_user_fs)
with freeze_time("2000-01-01"):
wid = await create_shared_workspace("w", alice_user_fs, alice2_user_fs)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is that necessary?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because otherwise shared workspace is created with current time, but after that we do a workspace.sync() with time frozen at 2000-01-03.
So the timestamp consistency test failed given there is no role certificate available at the time we upload the data

parsec/core/fs/remote_loader.py
elif role_at_timestamp == RealmRole.READER:
raise FSError(
f"Manifest was created at {expected_timestamp} by `{expected_author}` "
"which had write right on the workspace at that time"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

which had no write right? which had no right to write in the workspace?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wrong wording or poor style ?

tests/core/fs/workspacefs/test_invalid_data.py
# Also test timestamped workspace
with pytest.raises(FSError) as exc:
await workspace.to_timestamped(options["backend_timestamp"])
str(exc.value) == exc_msg
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe parametrize the testbed fixture and let the test catch the FSError exception? e.g:

@pytest.mark.trio
async def test_empty_blob(testbed):
    with pytest.raises(FSError) as context:
        await testbed.run(blob=b"")
    assert context.value.message == "Cannot decrypt vlob: The nonce must be exactly 24 bytes long"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was exactly what I was doing before adding the timestamped part ^^

Before that we had only one call raising an exception so it was logical to let the caller test handle it
But with two errors being raised, I should have two methods (well 3 in fact: init, run_workspace, run_timestamped_workspace) that have to be called by the test with exception handling. This is much more cumbersome (especially considering the methods may not be easily idempotent) so I just KISS

@touilleMan touilleMan merged commit b73f561 into master Oct 18, 2019
@FirelightFlagboy FirelightFlagboy deleted the check-workspace-role-remote-loader branch July 27, 2023 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vxgmichel vxgmichel vxgmichel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Core should verify the chain of signatures to validate the role of the user (writer, owner etc.)
2 participants
@touilleMan @vxgmichel