Pass Backend

[MagicRB]

Signed-off-by: Magic_RB [email protected]

Description

Add a pass backend calling the pass CLI program directly. As discussed in #55

Related issue(s)

Directly discusses #55.

✅ Checklist for your Pull Request

Related changes (conditional)

• Tests
  • If I added new functionality, I added tests covering it.
  • If I fixed a bug, I added a regression test to prevent the bug from
    silently reappearing again.

• Documentation
  • I checked whether I should update the docs and did so if necessary:
    • README
    • Haddock

• Public contracts
  • Any modifications of public contracts comply with the Evolution
    of Public Contracts policy.
  • I added an entry to the changelog if my changes are visible to the users
    and
  • provided a migration guide for breaking changes if possible

Stylistic guide (mandatory)

• My commits comply with the policy used in Serokell.
• My code complies with the style guide.

[MagicRB]

Ok, think that's. So this is a weird one, or rather weird 3. It's actually 3 PRs in one. I'll split them up before merge, but we can review them now together, since they all developed together, triplets so to speak. Anyway. PR list:

1. the actual backend, Backend/Pass.hs and Entry/Pass.hs
2. the supporting debug backend, very useful thing, Backend/Debug.hs
3. and finally an experiment. I needed a nice FS api and i wanted to try something more type bound, it's not as special as i wanted but it works and we can use it instead of IO, Effect/Fs.hs

Ok, so that's all. The last part I'm not happy with is Entry/Pass.hs, it's a parsing spaghetti hell as is common with marshalling code, but that in particular is hellish. I'm not really certain what to do with it, the format itself is a little thrown together since we're trying to fit into pass' standards. But, actually, it's similar to Vault, so maybe we could unify those formats. The main issue with the code right now, is the "modern art" of chaining functions and making little "pipelines". That would be solved by breaking the pipeline up into parts and giving those parts meaningful names. That's all.

[MagicRB]

Oh and I have no idea why it doesn't build. None at all, it builds on my machine:tm:

[DK318]

You have explicit Text import, so you don't need to write T.Text.

[MagicRB]

Thought i got them, Ill grep for any T.Text and BS.Bytestring stragglers

[MagicRB]

should be all of them, i think

[DK318]

Please, use do-notation + forM

[MagicRB]

resolved

[DK318]

Due to BlockArguments you can write smth like this

_listDirectoryRec dirPath = do
  list <- _listDirectory dirPath
  forM list \case
    Left f -> pure $ NodeRec $ Left f
    Right d ->
      _listDirectoryRec d <&> NodeRec . Right . Directory

[DK318]

See eitherToMaybe

[MagicRB]

resolved

[DK318]

We're losing information about errors here (and in some other places).

[MagicRB]

We can't really get errors out, since prisms don't support errors and all. That's my fault, it needs a refactor.

[DK318]

I think these functions could be in where block

[MagicRB]

I've gone through most, thanks for the input. I've noticed that mostly you see more combinators that could be used to make the code simpler. I guess that comes with experience.

[DK318]

Please, don't squash your commits after review. It's really hard to rereview without seeing diff after the first review

[DK318]

Please, remember to rollback this config when you are done

[DK318]

According to styleguide we must add one blank line between top-level definitions.

[DK318]

Same here

[dcastro]

Oh and I have no idea why it doesn't build. None at all, it builds on my machine

@MagicRB It's because you edited the coffer.cabal file directly.

We've since added support for hpack + stack, so now we should edit the package.yaml file instead. And then use ./scripts/generate-cabal-files.sh to update coffer.cabal, cabal.project, cabal.project.freeze, etc.

We have a CI step to validate that the stack and cabal files are in sync (see here), but the check seems to be faulty... the step succeeded in this PR's pipeline and it shouldn't 🤔 I'll look into this.

[dcastro]

We have a CI step to validate that the stack and cabal files are in sync (see here), but the check seems to be faulty... the step succeeded in this PR's pipeline and it shouldn't 🤔 I'll look into this.

Ok, found the issue, fixed it here: #77

[dcastro]

Good idea, that's a good check! 👏

[dcastro]

Keep the indentation to a minimum.

From the styleguide:

Indent the where keyword with 2 spaces and the definitions within the
where clause with 2 more spaces

  where
    tToFPath = Just . T.unpack
    fPathToT :: Maybe String -> Maybe Text
    fPathToT a = a <&> T.pack

Please look for other similar cases (e.g. in debugCodec, pbListSecrets, etc)

[MagicRB]

think i got them all, ill regex it, yup got them all

[dcastro]

Instead of using Toml.text and then mapping to/contramapping from String, we can just use Toml.string.

[MagicRB]

resolved

[dcastro]

Please use descriptive variable names instead of v/a/etc.

From the code style:

You should not use short names like n, sk, f, unless their meaning is
clear from the context (function name, types, other variables, etc.).

[dcastro]

Looks like the UnicodeException in the Left should also be included in FEInvalidPath

[MagicRB]

resolved

[dcastro]

Why not use the FilePath alias from the prelude?

I get that technically a unix filepath can be any byte sequence, it doesn't have to be unicode. And the prelude's type FilePath = String assumes the path only contains unicode characters.

So type Path = ByteString is more correct. However, we're internally converting those bytestrings to strings anyway (with pathToString), so we might as well just use FilePath from the prelude.

[dcastro]

Like we talked on Slack, prisms shouldn't really be used for parsing because it's impossible to know why parsing failed.

[MagicRB]

See comment below.

[dcastro]

Why are these intermediate data structures needed?

In order to write an Entry to pass, we're converting Entry -> PassEntry -> PassKv -> Text

[MagicRB]

I plan to remedy that globally, in the Prism rework. I want to merge Vault's format and pass' format. They're both KV, just pass uses a flat structure, vault a nested one. Names are different but that can be generalized too.

[dcastro]

I plan to remedy that globally, in the Prism rework

Can you please create an issue for that? Please detail what will be done.

I want to merge Vault's format and pass' format. They're both KV, just pass uses a flat structure, vault a nested one. Names are different but that can be generalized too.

Can you expand a bit on this?
If I'm understanding correctly, that would justify the need for PassKv, but I still don't see the need for the PassEntry intermediate data structure (I haven't looked at this part of the code in detail yet, so I might just be missing something).

[MagicRB]

If I'm understanding correctly, that would justify the need for PassKv, but I still don't see the need for the PassEntry intermediate data structure (I haven't looked at this part of the code in detail yet, so I might just be missing something).

PassEntry exists, because the code is ugly and confusing and I thought that if I was trying to convert from a to Text and stuff into HashMap Text Text the code would be completely uncomprehensible.

Can you please create an issue for that? Please detail what will be done.

sure

[MagicRB]

#62 (comment) idk why but i cant seem to reply to this, so doing it here. stringToPath is fine, we're not doing pathToString anywhere, which would be an issue.

[dcastro]

_getNode doesn't seem to be a "primitive operation", it's more like a "helper" wrapper over _nodeExists. So I don't think we need to have it here, as a constructor of FsEffect. We can define it simply as:

getNode :: Member FsEffect r => Path -> Sem r (Maybe (Node' Path))
getNode path = do
  mNode <- nodeExists path
  pure
    $ mNode <&> bimap
        (const (File path))
        (const (Directory path))

Same thing for _listDirectoryRec, it's just a higher-level helper that builds on top of _listDirectory

[dcastro]

Actually, getNode and listDirectoryRec aren't used anywhere, so we should delete them.

[MagicRB]

getNode returning Path is actually an error on my part, i just fit the types together. I meant for it to return a ByteString or a [Path] depending on whether it's a dir or file, but I'll yeet it. The idea keeping these in was to build up a small library that I planned to factor out in my own free time.

[dcastro]

Shouldn't ListDirectory return a Maybe, and Nothing when the given path doesn't exist?

[dcastro]

Shouldn't we be using listDirectory from the FsEffect here?

[dcastro]

Here, if decoding fails, we're returning Nothing.

But that's wrong - Nothing, in this context, means that the entry doesn't exist.

If it does exist but, for some reason, parsing failed, then we should throw an error.

[dcastro]

_e

We shouldn't swallow the exit code, we should report that as well.

Same thing in pbWriteSecret and pbReadSecret

[dcastro]

I'm not sure I agree with this approach...

It's essentially a very limited type of logging that can only log the input/output of BackendEffect operations. It cannot log what's happening inside the BackendEffect implementation, it can't log what's happening in the high-level Commands module, etc.

IMO, we should have a --verbose/-v switch that turns on logging throughout the entire codebase, wherever it may be useful. Plus, this wouldn't require the user to change their config file.

We could have a LogEffect and two interpreters: one that logs to stdout and another that does nothing. In main, depending on whether the -v switch was used, we choose which interpreter to use.

[MagicRB]

This can be enabled easily by any other method, i wrote the debug backend because i was going nuts over not understanding what happening. We can reuse the impl later for a proper -v mode

[dcastro]

We shouldn't prefix function names with _, it has a special meaning to GHC.

Prefixing with _ disables GHC's "unused definition" warnings/errors.

[dcastro]

We have a battery of integration/golden tests in tests/golden.
We should run those tests against the pass backend as well.

Those tests are run by make bats, which in turn calls the scripts/run-bats-tests.sh script.
At the moment, that script:

1. spins up 2 vault instances
2. runs the bats tests
   • the tests are hardcoded to use tests/golden/default-config.toml, which contains the config for those 2 vault instances
3. kills the 2 vault instances

We should modify the script such that:

1. sets up 2 pass instances
2. exports COFFER_CONFIG="pass-config.toml"
3. runs the tests
4. cleans up the 2 pass instances
5. spins up 2 vault instances
6. exports COFFER_CONFIG="vault-config.toml"
7. runs the tests again
8. kills the 2 vault instances

[dcastro]

I've found 2 bugs so far:

---

Creating an entry with a multiline field content succeeds (as in, it creates a file /tmp/pass-store/dir/entry4 on disk), but then coffer view says it doesn't exist.

$ coffer create /dir/entry4 --field "user=$(echo -e "first\nsecond")"
[SUCCESS] Entry created at '/dir/entry4'.

$ coffer view /dir                                                   
[ERROR] Entry or directory not found at '/dir'.

Haven't looked too much into it, but I suspect the parsing is failing. And the parser failure is being masked by the other bug I mentioned in another comment; we're returning Nothing in pbReadSecret when decoding fails.

---

This may or may not be a bug, maybe I'm doing something wrong? I don't know. But setting up a new pass instance and then running coffer / fails for me. Running coffer view with any path other than / works though:

$ export PASSWORD_STORE_DIR='/tmp/pass-store'

$ pass init [email protected]
mkdir: created directory '/tmp/pass-store/'
Password store initialized for [email protected]

$ coffer /
ListSecrets: Path {unPath = []}
out: Just [".gp"]
OtherError "Internal error:\nBackend returned a secret that is not a valid entry or directory name.\nGot: '.gp'.\n"

---