MatrixAI / Polykey-CLI

Polykey CLI - Open Source Decentralized Secret Sharing System for Zero Trust Workflows
https://polykey.com
GNU General Public License v3.0
6 stars 3 forks source link

General bugs and sanity testing of secret unix commands #317

Open tegefaulkes opened 3 weeks ago

tegefaulkes commented 3 weeks ago

Specification

I've been going over the new secrets commands to see if they function as expected. I'll be outlining problems I find here. I'm not considering any localpath to vault crossover for now.

General questions

  1. How should we format the errors. I want to have fs style errors match the unix commands way of doing it. such as rm: cannot remove 'nodir': No such file or directory. However what if the error is a missing vault? Should we format that better than we are right now? Keep it more inline with the fs style error formatting?
  2. How do we want to handle ../ in paths that point outside of the root tree for the vault. Writing treats it as in the root directory. But ls will append the ../ paths to the file names. The ls behaviour needs to be changed but is the write behaviour allowed?

write

expectations

rm

edit

cat

ls

I'm not sure we added multiple path support to ls yet.

This still needs work to support multiple paths.

mkdir

Be sure to add onto the lists if you think of any checks to do.

Additional context

Tasks

  1. Run through the list and check the problems
  2. Group problems into child-issues. Use your best judgement here but per command is probably the best way to break it down unless the problem applies to multiple commands at once.
linear[bot] commented 3 weeks ago

ENG-451 General bugs and sanity testing of secret unix commands

aryanjassal commented 1 week ago

Specifying existing vaultname should... - How do we want to handle this? We want to treat it as the root directory so we have 3 options. Don't allow it at all with a isRootDir error or something, Allow it but special case to delete the vault if empty of recursive set. Or allow but special case to just delete all root contents.

The VaultOps.deleteSecret throws an error with code EINVAL for invalid operations, such as attempt to remove the vault root directory. For now, I am handling this error as if handling removal of a write-protected directory. It would throw something like this: rm: cannot remove '/': Permission denied.

This probably needs a review later on, but I think is a sufficient solution for the time being, and also perfectly aligns with how Unix commands work.