Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PUP-11326) Make regsubst() sensitive-aware #8799

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

(PUP-11326) Make regsubst() sensitive-aware #8799

wants to merge 1 commit into from

Conversation

cocker-cc
Copy link
Contributor

@cocker-cc cocker-cc commented Oct 22, 2021
edited

PUP-11326

Possible Use-Case out of Real-Life:

      $_ssl_key = $::facts['os']['family'] ? {                           
        'windows' => regsubst($ssl_key, '\n', "\r\n", 'EMG'),            
        default   => $ssl_key,                                           
      }

@cocker-cc cocker-cc requested a review from a team October 22, 2021 11:42
@puppetlabs-jenkins
Copy link
Collaborator

Can one of the admins verify this patch?

@cocker-cc cocker-cc requested review from a team October 22, 2021 11:42
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from e3d1ea9 to ed4a58a Compare October 22, 2021 11:48
@cocker-cc cocker-cc mentioned this pull request Oct 22, 2021
Closed
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from ed4a58a to 520b873 Compare October 22, 2021 12:34
@cocker-cc cocker-cc changed the title Make regsubst() sensitive-aware (PUP-11326) Make regsubst() sensitive-aware Oct 22, 2021
ciprianbadescu
ciprianbadescu reviewed Jan 4, 2022
View reviewed changes
lib/puppet/functions/regsubst.rb
@@ -30,7 +30,7 @@
# $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3')
# ```
dispatch :regsubst_string do
param 'Variant[Array[String],String]', :target
param 'Variant[Array[Variant[String,Sensitive[String]]],Variant[String,Sensitive[String]]]', :target
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change allows you also to call the function with an array of mixed strings and sensitive data.
I think that the change from inner_regsubst implements only Variant[Array[String],Sensitive[String],String], which I think could be enough, if it matches your use case.

Copy link
Contributor Author

@cocker-cc cocker-cc Jan 17, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, this does not fit together. I refined the Function and amended the Commit. Also I added some basic Tests.

@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from 520b873 to 4ec8679 Compare January 17, 2022 12:47
@cocker-cc cocker-cc requested a review from a team as a code owner January 17, 2022 12:47
@CLAassistant
Copy link

CLAassistant commented Feb 7, 2022
edited

CLA assistant check
All committers have signed the CLA.

@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from 4ec8679 to bd61004 Compare February 7, 2022 19:02
@joshcooper
Copy link
Contributor

Thanks @cocker-cc you'll want to rebase this PR against #8879 after it's merged to resolve the rspec issue on Ruby 3

joshcooper
joshcooper reviewed Feb 23, 2022
View reviewed changes
lib/puppet/functions/regsubst.rb Outdated
@@ -95,7 +95,27 @@ def regsubst_regexp(target, pattern, replacement, flags = nil)
end

def inner_regsubst(target, re, replacement, op)
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
if target.respond_to?(:map)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not a big fan of checking if something is an Array/Sensitive by checking if it responds to map/unwrap. For example, all classes that include Enumerable will respond to map. I usually prefer checking if the object is an instance of the expected class or a subclass, e.g. item.is_a?(Array)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to argue opposite-wise: If I want the Duck to quack, then I have to test, if she is able to quack.
If you test for a particular Datatype, then you have to cover all possible Cases.
Not implemented.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with Josh here, use of "responds to" is too brittle and is a style that is not favored throughout the puppet code base. (yes, we have been bitten by that a number of times).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have changed it…

@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from 4a556d2 to b998ce7 Compare April 14, 2022 21:00
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch 3 times, most recently from 320fc93 to a7dc145 Compare July 29, 2022 15:18
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from a7dc145 to 10c8b22 Compare August 30, 2022 11:32
hlindberg
hlindberg reviewed Aug 30, 2022
View reviewed changes
lib/puppet/functions/regsubst.rb
Puppet::Pops::Types::PSensitiveType::Sensitive.new(target)
else
# this should be a String
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) }

@hlindberg
Copy link
Contributor

There is one more possible Sensitive permutation to support - that of Sensitive[Array] where the array may contain sensitives or strings. That case may be difficult to describe in the dispatch section since a Sensitive type does not present more than the base type of its content. Easiest is probably to have one dispatch for Sensitive[Array] that unwraps the Array and then recursively calls the function to get the type checking.
Not sure how valuable it is to also support that case.

@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from cff4ef6 to 6ebddd7 Compare October 17, 2022 11:57
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from 6ebddd7 to 425a6f3 Compare April 21, 2023 12:40
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from 425a6f3 to 6d30ad8 Compare June 19, 2023 12:17
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from 6d30ad8 to aac6132 Compare August 4, 2023 11:28
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch 2 times, most recently from 92b15f6 to 6b4a0ae Compare October 5, 2023 08:55
@cocker-cc @hlindberg
(PUP-11326) Make regsubst() sensitive-aware
a580772 
Co-authored-by: Henrik Lindberg <563066+hlindberg@users.noreply.github.com>:
map preferred over collect

Co-authored-by: Henrik Lindberg <563066+hlindberg@users.noreply.github.com>
@cocker-cc cocker-cc force-pushed the Make_regsubst_sensitive-aware branch from 6b4a0ae to a580772 Compare November 7, 2023 10:26
@joshcooper joshcooper added the enhancement New feature or request label Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hlindberg hlindberg hlindberg left review comments

@joshcooper joshcooper joshcooper left review comments

@ciprianbadescu ciprianbadescu ciprianbadescu left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@cocker-cc @puppetlabs-jenkins @CLAassistant @joshcooper @hlindberg @ciprianbadescu