-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tightening up OpType/FlatOp logic #1910
Conversation
/// This operation stores the [`Entry`] for a CapGrant | ||
CreateCapGrant { | ||
/// The cap grant entry data. | ||
entry: CapGrantEntry, | ||
/// The [`Create`] action that creates this cap grant | ||
action: Create, | ||
}, | ||
/// This operation stores the [`Entry`] for a CapClaim | ||
CreateCapClaim { | ||
/// The cap claim entry data. | ||
entry: CapClaimEntry, | ||
/// The [`Create`] action that creates this cap claim | ||
action: Create, | ||
}, | ||
/// This operation updates the [`Entry`] for a CapGrant | ||
UpdateCapGrant { | ||
/// The hash of the [`Action`] that created the original [`crate::CapGrant`] | ||
original_action_hash: ActionHash, | ||
/// The hash of the original [`crate::CapGrant`] | ||
original_entry_hash: EntryHash, | ||
/// The [`Update`] action that updates the [`crate::CapGrant`] | ||
action: Update, | ||
/// The new entry to store | ||
entry: CapGrantEntry, | ||
}, | ||
/// This operation updates the [`Entry`] for a CapClaim | ||
UpdateCapClaim { | ||
/// The hash of the [`Action`] that created the original [`crate::CapClaim`] | ||
original_action_hash: ActionHash, | ||
/// The hash of the original [`crate::CapClaim`] | ||
original_entry_hash: EntryHash, | ||
/// The [`Update`] action that updates the [`crate::CapClaim`] | ||
action: Update, | ||
/// The new entry to store | ||
entry: CapClaimEntry, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is supposing we actually do want to validate the creation of (private) cap grants and claims
#[test_case(s_record(Action::Create(c(EntryType::AgentPubKey)), RecordEntry::Hidden) => matches WasmErrorInner::Guest(_))] | ||
#[test_case(s_record( | ||
Action::Create(c(EntryType::AgentPubKey)), | ||
RecordEntry::NotApplicable) => matches WasmErrorInner::Guest(_) ; "Store Record: Agent key with not applicable")] | ||
#[test_case(s_record(Action::Create(c(EntryType::AgentPubKey)), RecordEntry::NotStored) => matches WasmErrorInner::Host(_))] | ||
#[test_case(s_record(Action::Create(c(EntryType::CapClaim)), RecordEntry::Present(e(A{}))) => matches WasmErrorInner::Guest(_))] | ||
#[test_case(s_record(Action::Create(c(EntryType::CapClaim)), RecordEntry::NotApplicable) => matches WasmErrorInner::Guest(_))] | ||
#[test_case(s_record(Action::Create(c(EntryType::CapClaim)), RecordEntry::NotStored) => matches WasmErrorInner::Guest(_))] | ||
#[test_case(s_record(Action::Create(c(EntryType::CapGrant)), RecordEntry::Present(e(A{}))) => matches WasmErrorInner::Guest(_))] | ||
#[test_case(s_record(Action::Create(c(EntryType::CapGrant)), RecordEntry::NotApplicable) => matches WasmErrorInner::Guest(_))] | ||
#[test_case(s_record(Action::Create(c(EntryType::CapGrant)), RecordEntry::NotStored) => matches WasmErrorInner::Guest(_))] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These cases (and all others that I removed in this PR) should all be handled by sys validation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM as far as I understand the validation (I need another Q&A session with you soon!)
Co-authored-by: Jost Schulte <jost.schulte@protonmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't have a whole lot of context for reviewing this, but didn't see any red flags.
* OpType -> FlatOp * Reorg * Reorg * Move flat_op to hdi * Tightening up OpType/FlatOp logic (#1910) * Failing test * Fix test * WIP big refactor * Fix all compiler errors * Add FlatOps for storing cap entries * Fix private entry type logic * Test that sort of works * Test passes * Changelog * Removed needless test cases * Fix some warnings * More specific error * Relax test case * Remove dbg!s and backtraces * Apply suggestions from code review Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com>
@maackle should we backport this fix into 0.1.x? |
* OpType -> FlatOp * Reorg * Reorg * Move flat_op to hdi * Tightening up OpType/FlatOp logic (#1910) * Failing test * Fix test * WIP big refactor * Fix all compiler errors * Add FlatOps for storing cap entries * Fix private entry type logic * Test that sort of works * Test passes * Changelog * Removed needless test cases * Fix some warnings * More specific error * Relax test case * Remove dbg!s and backtraces * Apply suggestions from code review Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com>
* Fix clone cell idempotency for enable/disable (#2093) * Fix old tokio dep * Failing test and fixes of clone cell enable/disable idempotency * Changelog * Update comment * Differentate between CellMissing and CellDisabled, and other fixes (#2092) * Fix old tokio dep * Possible fix to intermittent disabled apps * Clear all ephemeral functions at once * Make cell_by_id differentiate between reasons for cell missing * Revert app status check and add detailed comment * Fix test * Clippy * Update comment for ListCellIds * Changelog * Take `name` out of DnaDefHash (#2099) * Take `name` out of DnaDefHash Fixes #2038 * Changelog * Update tests * Update crates/holochain_zome_types/CHANGELOG.md Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> * refactor(zome-call): optimize cap grant verification (#2097) (#2116) * refactor(zome-call): cap grant verification * refactor: simplify cap grant validation flow * update changelog * simplify assigned cap access arm * add PR reference to changelog * add comment to test * Apply suggestions from code review * refactor: use high level db query fn * replace hardcoded cap access variant by method --------- Co-authored-by: Michael Dougherty <maackle.d@gmail.com> * fix(conductor-api): reject duplicate clone cells (#1997) * add failing test for duplicate clone cell * reject duplicate dna hash * add duplicate dna hash error * specify error and test again after disabling clone * update changelog * add test for two agents cloning cells in same conductor * check for duplicate cell id in conductor state * OpType -> FlatOp + some reorg (#1909) * OpType -> FlatOp * Reorg * Reorg * Move flat_op to hdi * Tightening up OpType/FlatOp logic (#1910) * Failing test * Fix test * WIP big refactor * Fix all compiler errors * Add FlatOps for storing cap entries * Fix private entry type logic * Test that sort of works * Test passes * Changelog * Removed needless test cases * Fix some warnings * More specific error * Relax test case * Remove dbg!s and backtraces * Apply suggestions from code review Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> * fix typo * fix conductor tests * AppManifest `version` becomes `installed_hash` (#2157) * Make `version` take only a single optional hash * Rename AppManifest's `version` -> `installed_hash` * Changelog * Look up local DNAs before resolving via Location * Include AppManifest in AppInfo (#2156) * Return manifest with AppInfo and rewrite legacy app install * Clippy * update source 'nixpkgs' on branch 'develop' (#2158) [create-pull-request] automated change Co-authored-by: steveeJ <steveeJ@users.noreply.github.com> * update source 'rust-overlay' on branch 'develop' (#2159) [create-pull-request] automated change Co-authored-by: steveeJ <steveeJ@users.noreply.github.com> * fix(release-automation): consider dependency state of all matched crates (#2160) fix(release-automation): consider dependency state of all matched crates (#2149) * fix(release-automation): consider dependency state of all matched crates the change filter could lead to dependency changes not including the changed dependency in the release, if the selected crate itself didn't have any changed. the blocked filter was removed because it adds unnecessary obfuscation. * chore(release-automation): remove duplicate test * test(relase-automation): cover the fixed case * chore: add FIXME comment for a bug in the dependencies_in_workspace_filter function * test(release-automation): extend dependency bump test to cover the transitive case * refactor(release-automation/crate_selection): clarify transitive change detection * update source 'nixpkgs' on branch 'develop' (#2161) [create-pull-request] automated change Co-authored-by: steveeJ <steveeJ@users.noreply.github.com> * Test that manifest includes most recent modifiers * Investigating BadChecksum * Update from_raw_32 to only allow 32 * Use 32 byte hash for a test where it matters * Fix fixturator * Fix one more test --------- Co-authored-by: Holochain Release Automation <100725712+holochain-release-automation2@users.noreply.github.com> Co-authored-by: steveeJ <steveeJ@users.noreply.github.com> Co-authored-by: Stefan Junker <1181362+steveeJ@users.noreply.github.com> --------- Co-authored-by: Holochain Release Automation <100725712+holochain-release-automation2@users.noreply.github.com> Co-authored-by: steveeJ <steveeJ@users.noreply.github.com> Co-authored-by: Stefan Junker <1181362+steveeJ@users.noreply.github.com> * Add backward compat test and fix existing manifest serde test * Rename to `_version` * Fix visibility * Fix bad backport * Tests that network seed always affects dna hash (#2102) * Take `name` out of DnaDefHash Fixes #2038 * Changelog * Write passing test for reported bug #2039 * Add tests for paths -- still passes * Extremely comprehensive test of network seed and location: still passes! * Even more comprehensive test: still passes! * Small fries, wip * Added more cases; still passes * Better debug * Add regression test and fix the problem * Changelog * Update crates/holochain/src/conductor/tests/install_app_bundle.rs Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> * Fix test * Improve HoloHash::from_raw_32 and use it (#2162) * Update from_raw_32 to only allow 32 * Use 32 byte hash for a test where it matters * Fix fixturator * Fix one more test * Fix test --------- Co-authored-by: Jost Schulte <jost.schulte@protonmail.com> Co-authored-by: Holochain Release Automation <100725712+holochain-release-automation2@users.noreply.github.com> Co-authored-by: steveeJ <steveeJ@users.noreply.github.com> Co-authored-by: Stefan Junker <1181362+steveeJ@users.noreply.github.com>
Fixes #1861
Summary
We have decided that StoreEntry validators should always get the full entry, even if it's private. This of course means that StoreEntry authorities will not get other agents' private CRUD or capability-related ops, unless they are the author.
StoreRecord and AgentActivity validators should never have the entry data in their op if it is private, even the author (for the sake of determinism).
The current codebase has some discrepancies in these areas, this PR fixes them.
Detail
The main change done here is to replace
map_entry
with two new functions,get_app_entry_type_for_record_authority
andget_app_entry_type_for_entry_authority
.map_entry
was a one-size-fits all approach to making sense of Records with and without entry data, but really we need to distinguish between the StoreEntry case and other cases when it comes to private data.While doing this, I noticed that a lot of validation is being done in the "flattening" process, which should already be handled during sys validation. For instance, it already should be invalid for a Create AgentPubKey record to contain app entry data. We don't want to lean on
Op::flattened
to catch these cases, so in some cases I simplified the validation that happens at this stage, and removed test cases accordingly.There may be some other problems of this same nature in sys validation, which I am not handling here, namely that sys validation of private data is treated the same for StoreEntry ops and other ops, when those cases need to be handled differently.
TODO: