Pre-release v 0.4. #90
Conversation
* fix: make it compile * fix: update cli commit * fix: clippy * fix: cli * fix: cli last fixes * fix: last fixes * fix: last fixes2 * fix: last fixes3 * fix: update submodule commit * fix: use crypto core (#74) * fix: finish using crypto core * fix: add fixes3 * fix: add fixes4 * fix: add fixes 5 * fix: add fixes 5
fix: fix the test
* chore: bump Findex to 7.1.0 * fix: use last published crates from KMS * fix: align toolchain version with KMS and CLI repos * fix: make clippy happy
* feat: init trait feat: table creation OK findex trait OK feat: improve db error management feat: permissions done feat: finish permission and dataset code, adapt codebase, no tests refactor: table names + all tests pass except last one fix: a lot of fixes idk fix: delegation refactor: huge db refactoring feat: add specialised db errors refactor: huge macros refactoring chore: a LOT of linting chore: most of linting finished feat: updta ecargo tolm style: last linting fix: an update fix: put back connections feat: update cli commit revert: cli commit fix: point to latest develop cli feat: implement instantiation function fix: fix instantiation trait fix: lint the code fix: run cargo update ? fix: revert lock fix: review fixes fix: some fixes chore: update cli fix: update name revert fix: update name import fix: rebase fixes fix: dependency 157413e fix: rebase fixes fix: update cli feat: some updates * fix: critical bugfix for dataset SQL script * feat: add variant counting for tests only refactor: refactor toml tests fix:update cli commit fix: clippy fix: upd cli fix: upd cargo lock revert: cli build all feat: warmup connexions for the slow mac on the ci feat: isolate the test again feat: push db warmup to the maximim feat: push higher warmup feat: update powershell script to skip redis and run the rest feat: isolate more feat: isolate even more feat: isolate change stuff feat: put bac ccr test cli feat: end rocky linux bloody hell feat: rock clli fix: last rocky fixes fix: try an in_memory approach fixes fix: rocky final fix: put ccr tests malone fix: lint fix: lint2 fix: indefinite busy handler fix: add backoff + windows more test windows? fixed the mac for good fixed the mac for good2 feat: use a barrier feat: use a barrier2 fix: some fixes feat: use a barrier3 fix: post cleanup fixes fix: cargo fmt fix: quickfix * fix: more windows? * fix: more windows part 2 * fix: try build all modif * fix: put db elsewhere * fix: another windows friendly bugfix * fix: windows PLEASE$ * fix:upda cli comm * fix: bye redis * fix: sequentialise sqlite permission tests * fix: restaure non debug code * test(windows): add logs * test(windows): skip kms tests * chore: update cli submodule --------- Co-authored-by: Emmanuel Coste <[email protected]>
* chore: move findex clap actions in this repo * ci: take develop branch for reusable workflows --------- Co-authored-by: phochard <[email protected]>
* test: simplify RestClient instantiation * test: reenable concurrent test on Findex encryption layer * test: try fix on test_findex_concurrent_read_write * test: exclude test on windows * test: set GW concurrent number of threads to 20
* fix: invert fips feature * feat: remove crypto_core and cover_crypt where it is possible * fix: windows build * fix: PR review, remove useless error forwarding * fix: use develop branch for github workflow * chore: bump KMS crate version to develop
There was a problem hiding this comment.
Pull Request Overview
This PR prepares for the v0.4 pre-release by adding test fixtures, certificate generation scripts, updating toolchain/config, and extending the testing harness and data structures.
- Add plain text fixtures, CSV dataset, and client/server certificates for integration tests
- Provide
generate_certs.shscripts undertest_dataandtest_data/certificates - Introduce the
test_findex_servercrate to launch Findex servers in tests (with TLS & auth) - Polyfill a
Valuetype incrate/structsfor compatibility with Findex v7
Reviewed Changes
Copilot reviewed 142 out of 155 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| test_data/client_server/generate_certs.sh | Script to generate CA and TLS certs for client/server tests |
| deny.toml | Updated license allowlist for v0.4 release (duplicate entry) |
| crate/test_findex_server/src/test_server.rs | Added helpers to start Findex test server with TLS/auth |
| crate/structs/src/findex/value.rs | Introduced Value struct polyfill for v7 compatibility |
Comments suppressed due to low confidence (4)
test_data/certificates/client_server/README.md:5
- The placeholder
<[email protected]>does not match the actual CN*.acme.comused by the scripts; update the example to avoid confusion.
- a client certificate to authenticate to the server with CN being <[email protected]>
crate/structs/src/findex/value.rs:1
- The new
Valuetype lacks unit tests; consider adding serialization and conversion tests to ensure correct behavior.
//! This module is a polyfill for the Value struct that was deleted from findex v7.0.0.
test_data/client_server/user/user.client.acme.com.key:1
- Committing private keys exposes sensitive data and risks misuse; consider excluding these keys from source control or generating them at test runtime.
-----BEGIN PRIVATE KEY-----
deny.toml:107
- The
CDLA-Permissive-2.0entry appears twice inallow; remove the duplicate to keep the list concise.
"CDLA-Permissive-2.0",
| [dev-dependencies] | ||
| rand = "0.9.0" | ||
| tempfile = { workspace = true } | ||
| variant_count = "1.1" |
There was a problem hiding this comment.
What is this dependency used for?
There was a problem hiding this comment.
This file : crate/server/src/tests/mod.rs
And then this test :
Test will be eliminated if we take off that dev dep ( but it's a dev dep, so no problem ig )
| ] } | ||
| thiserror = { workspace = true } | ||
| tokio = { workspace = true, features = ["full"] } | ||
| toml = "0.8" |
There was a problem hiding this comment.
It seems we have two different dependencies to manage configuration. Maybe just pick one.
There was a problem hiding this comment.
IMO both are needed and server different configurations :
- toml configs are for human users, actual users on linux computers
- env configs are typically for machines and automated CI flows (while those can use TOML, it's technically time consuming with no gain on doing it)
correct me if I'm wrong @Manuthor
| // This creates the database if it does not exist, and tries to open it if it does | ||
| fn ensure_sqlite_db(database_url: &str, alternate_env_variable: &str) -> FResult<PathBuf> { | ||
| let path = &retrieve_database_location(database_url, alternate_env_variable)?; | ||
| drop( |
There was a problem hiding this comment.
Why is this explicit call to drop required?
There was a problem hiding this comment.
to say in a clear verbose manner that we do not want that connection to exist, as per the comment, the goal is ensuring we can open the DB
There was a problem hiding this comment.
Well this connection is dropped since it goes out of scope. Do you really need to be that verbose ?
There was a problem hiding this comment.
I tried to change but I remembered the compiler prefers the call to drop, too :
| where | ||
| Self: Sized; | ||
| } | ||
| #[allow(dead_code)] // false positive, used in crate/server/src/database/redis/mod.rs |
There was a problem hiding this comment.
If there really is a false-positive, then this is a clippy bug: report it and link the issue instead. From what I see this is not a false positive, but the current state of the repo is so messy that it's hard to tell it's not used (I tried to remove plus some other things it and it builds).
There was a problem hiding this comment.
I can't build without this trait, and deleting that "allow dead code" raises multiple warnings
it's quite probably a clippy issue as you said, but the repo is big and I think putting this line of code is more effective than submitting issues to the clippy te that will need them a fork our codebase in order to debug (we're hopefully open source)
There was a problem hiding this comment.
thank you for this deep analysis ! two major points from my end :
- I opened a new pr with my fixes : #91 . If you have new comments, please add them on the 91 ! not this PR, in order to maintain the classic git flow and avoid savage commits on the develop branc
- I co authored those edits with @Manuthor , hence, about half the reviewed code wasn't mine. I tried to fix the "obvious" comments + the technical ones related to my own code. For those of Manu, I marked them with the eyes emoji ( 👀 ) so @Manuthor please address those comments ( no rush :) ! ) and when you finish **please commit on the new PR #91 **
| alcoholic_jwt = "4091" | ||
| async-trait = "0.1.86" | ||
| async-trait = "0.1.88" | ||
| async-sqlite = { workspace = true } |
There was a problem hiding this comment.
If I understood the comment correctly, yes and to find the code you need to search the library is called using and underscore _ not the hyphen -
If this wasn't the question, then yes (for example, check windows CI )
| async-trait = "0.1.88" | ||
| async-sqlite = { workspace = true } | ||
| chrono = "0.4" | ||
| clap = { workspace = true, features = [ |
There was a problem hiding this comment.
hoping I say no mistake, to my understanding, some of the server parameters ( see crate/server/src/config/command_line/db.rs or also crate/server/src/config/command_line/http_config.rs ) are also CLI parameters at the same time, hence the import
| ] } | ||
| thiserror = { workspace = true } | ||
| tokio = { workspace = true, features = ["full"] } | ||
| toml = "0.8" |
There was a problem hiding this comment.
IMO both are needed and server different configurations :
- toml configs are for human users, actual users on linux computers
- env configs are typically for machines and automated CI flows (while those can use TOML, it's technically time consuming with no gain on doing it)
correct me if I'm wrong @Manuthor
| where | ||
| Self: Sized; | ||
| } | ||
| #[allow(dead_code)] // false positive, used in crate/server/src/database/redis/mod.rs |
There was a problem hiding this comment.
I can't build without this trait, and deleting that "allow dead code" raises multiple warnings
it's quite probably a clippy issue as you said, but the repo is big and I think putting this line of code is more effective than submitting issues to the clippy te that will need them a fork our codebase in order to debug (we're hopefully open source)
There was a problem hiding this comment.
Use define_byte_type! instead. And what is a polyfill?
Edit: Okay, so you actually cannot use this macro since your type is not constant-size. Which means this is different from the values defined in Findex. I therefore don't understand this doc at all. Please remove or amend it.
There was a problem hiding this comment.
polyfill is a web dev term and maybe has no place here - best definition I found was " workaround software implementing backward compatibility of functionality added to a programming interface in earlier versions of that interface "
anyway
When we use findex-server to search for a Hashset<stuff> , we call those values a "Value" like defined in value.rs
It was the terminology with findex v7.0 and when migrating I have deleted the non necessary "capabilities" of the values and left the bare minimum. I will update the doc, but it felt weird to say that a Value is "a searched value" - i will try to better articulate it
| /// A [`Keyword`] is a byte vector used to index other values. | ||
| #[derive(Clone, Debug, Hash, PartialEq, Eq)] |
There was a problem hiding this comment.
Maybe we ought to have a macro to generate this kind of implementations.
There was a problem hiding this comment.
after a quick search I didn't find code duplication of this part that would motivate the usage of macros
| let mut server_address = Address::<{ SERVER_ADDRESS_LENGTH }>::default(); | ||
| let mut server_address = Address::<{ SERVER_ADDRESS_LENGTH }>::from([0; SERVER_ADDRESS_LENGTH]); |
There was a problem hiding this comment.
Prepending your index ID statically reveals a lot of information. If this is required or decide to proceed with it anyway, you may as well instantiate one Redis per tenant. This would enforce isolation without allocating, reduce the storage cost and allow for a trivial implementation of per-tenant back-up.
| unsafe { | ||
| std::env::set_var( | ||
| "RUST_LOG", | ||
| "info,cosmian=info,cosmian_findex_server=info,actix_web=info,sqlx::query=error,\ | ||
| mysql=info", | ||
| "info,cosmian=info,cosmian_findex_server=info,actix_web=info", | ||
| ); | ||
| } |
There was a problem hiding this comment.
Unsafe code really is not welcome in a security-focused implementation: is there really no way to do without it?
Ok thanks for this. I've created issues and answered to some comments. For the time being, I won't go any further since created issues are not blocking the next release. |
|
I finished double checking the comments, we can safely close this PR I guess |
3 participants
Please do not merge this.
Current release workflow does not imply to review whole
developtomain. It should be done before - for each PR to avoid massive PR review (like this).However thanks for the review but requested changes must be handled in separated PRs or postponed in other issues.