-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Complete shareVault
/unshareVault
implementation
#259
Comments
This should also include the checking of permissions when pulling and cloning. Because there was no way to set or unset permissions, I didn't include any checks for if a node has the correct permissions to clone/pull. This will require the get git info or pack method to also accept a node Id to check the permissions of but will be relatively straightforward apart from that. Also it would need to send over whether it was pulling or cloning. I'm adding this into the tasks for this issue. |
While doing the permissions for vaults, I looked into the handling of errors over grpc and isomorphic git. Throwing a permissions error to the stream could be picked up on the client side using an event listener. However, the problem comes when we try and throw the error at the client side. Because the code to handle the error is only used within isomophic git, the thrown error will first be handled by iso git. However I have found that errors thrown here have always resulted in them being generalise to this Another note is, where is the scan vaults function being implemented? Previously before this big vaults refactoring it was going to be implemented on node manager which still makes sense to me as it doesn't require any vaults stuff. I can implement it on #266 but I think it would be better off in its own PR. (E: It does exist on nodeManager but will need to be changed) Also should there be a command to get the permissions of a vault on vault Manager? My thoughts are no. If anything this would be in gestalts or ACL so I am removing it from the client service. |
For the error handling in isomoprhic git the solution is to have an error flag within the context of |
Because this code is a bit tricky, I believe you should have inline
comments for when you are doing this so you are telling the dev what
those variables are for.
…On 10/26/21 7:14 PM, Scott wrote:
For the error handling in isomoprhic git the solution is to have an
error flag within the context of |cloneVault| function (having it as a
property of the vault manager would cause concurrency issues). Inside
the request object we then catch any errors from the GRPC stream
(permissions, vault undefined, etc.) and set the error flag to
something which identifies the error that we caught. Then we throw the
error inside the request object and let isomorphic git catch it and do
any clean up that it needs to do. Here we shouldn't need to destroy
the stream manually as we are using the promisified stream call and
this should handle any errors and subsequent shutdown automatically.
Then eventually we catch the error at the |git.clone| call and check
that it is a |SmartHttpError|. If it is then we can check our error
flag for the descriptive error and then throw the error that we expect.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#259 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE4OHNXWNZV6F47UWQZWPTUIZPNJANCNFSM5GNCN6UA>.
|
I agree with this. If it's just performing a GRPC request to another agent, then it should follow the same structure of the other commands from
I agree with this. If you're finding that you're continually having to retrieve the permissions for some vault, then it could be worthwhile to wrap this as a helper function in |
Converting this to an epic to place it on the roadmap. Setting start date as Oct 26th (according to first PR comments), and will set end date as Thursday 2nd December. @scottmmorris has said this should be done by end of Tuesday, so that gives time for reviewing on Wednesday 1st. |
|
Right now #266 has removed |
Spec has been updated. |
As part of the changes here we expect to convert the GRPC methods
await this.gestaltGraph.setGestaltActionByNode(nodeId, 'scan');
await this.acl.setVaultAction(vaultId, nodeId, 'pull');
await this.acl.setVaultAction(vaultId, nodeId, 'clone');
await this.notificationsManager.sendNotification(nodeId, {
type: 'VaultShare',
vaultId: vaultsUtils.encodeVaultId(vaultId),
vaultName: vaultMeta.vaultName,
actions: {
clone: null,
pull: null,
},
}); It seems we can do the same thing within For await this.gestaltGraph.unsetGestaltActionByNode(nodeId, 'scan');
await this.acl.unsetVaultAction(vaultId, nodeId, 'pull');
await this.acl.unsetVaultAction(vaultId, nodeId, 'clone'); This seems broken. We can have multiple shared vaults so we don't want to remove the scan permission if we unshare one of them. maybe gestaltActionUnset should be a separate plumbing command? If not then we should only remove the scan permission of not more shared vaults are left. Is it valid to not have scan permission but shared vaults? Like do we want to disallow someone from scaning while retaining the vault permissions for later? Also the locking here is a little jank. This seems like a good place to use the await withF([this.getWriteLock(vaultId)], async () => {
await this.gestaltGraph._transaction(async () => {
await this.acl._transaction(async () => {
//...
});
});
}); |
Based on a previous discussion the logic of the handlers of the plumbing functions and not inside a |
…ltsPermissionGet` and `vaultsPermissionUnset`.
Saving old spec here for reference SpecificationSharing and unsharing involves setting and unsetting vault permissions. A vault permission is based on const vaultActions = ['clone', 'pull'] as const; A permission is: type Permission = {
gestalt: GestaltActions;
vaults: Record<VaultId, VaultActions>;
}; These The Multiple
Note that vault permissions is identified by the
It should be changed to:
This is because This means each vault may have their own set of permissions. We represent each set of permissions as type VaultActions = Partial<Record<VaultAction, null>>; This enables us to set and unset just by setting the key in the POJO. Note that the On the GRPC service, we need to have client service handlers that allow the setting of vault permissions. These handlers should be created:
These handlers should accept:
On the CLI level, we abstract these into porcelain commands:
When you share a vault, it does not mean you are "pushing" the vault to the other user. It just means you are allowing the other user to "pull" your vault. When you unshare, you are just cancelling this allowance. One issue that was recently discovered was that there's no way to set permissions on identities. Even though gestalts can be formed by a single identity. This is because of the The CLI may also expose plumbing commands in case we want to really control the permissions:
However this has not been specified, so we'll leave that to a separate issue. So This means we need these files to be created:
Which will need to translate to calling
These handlers may end up calling
If So in terms of abstraction hierarchy:
If the meat of the logic is in the Alternatively composition can occur in the service handlers, and that could mean that Make sure that tests ensure sharing/unsharing applies to the whole gestalt and see the comment: #266 (comment) |
After the changes here, the |
Don't you need it to set permissions for sharing vaults? |
Yes, But that is part of the ACL. The logic is not needed inside the |
Since Polykey needs to be useable as a library we need to keep the share/unshare/get functions inside the |
…ltsPermissionGet` and `vaultsPermissionUnset`.
Specification
The commands
Vault share
vault unshare
andvault permissions
needs to act as porcelan commands while using GRPC methods as the plumbing. The Bin command themselves are largely unchanged. To this end we need to create GRPC methods called;Set and unset will take a permissions message that provides
(NodeId, VaultIdOrName, VaultActions[])
. Get will use the same message as a stream but it will be unnecessary to provide theVaultId
in that case.The Permission type needs to be updated to work with the ID changes.
Additional context
Relevant threads from
vaultsrefactoring
:shareVault
: https://gitlab.com/MatrixAI/Engineering/Polykey/js-polykey/-/merge_requests/205#note_708467722Tasks
VaultIdString
as key.commandShare
andcommandUnshare
with plumbing methodscommandPermissionSet
,commandPermissionUnset
andcommandPermissionGet
.vaultsPermissionsSet
test in client/service.vaultsPermissionsUnset
test in client/service.vaultsPermissionsGet
test in client/service.The text was updated successfully, but these errors were encountered: