Merge URI_With_Query into URI, extend API of URI
#8591
Conversation
radeusgd
added
the
CI: No changelog needed
radeusgd
force-pushed
the
wip/radeusgd/url-encode
branch
from
734b5e2 to
eef7793
Compare
radeusgd
requested review from
4e6,
JaroslavTulach,
hubertp,
Akirathan and
mwu-tow
as code owners
radeusgd
force-pushed
the
wip/radeusgd/8544-merge-uri-with-query
branch
from
b690744 to
68afb4a
Compare
| @@ -87,6 +89,12 @@ type Enso_Secret | |||
| exists name:Text parent:(Enso_File | Nothing)=Nothing = | |||
| Enso_Secret.list parent . any s-> s.name == name | |||
|
|
|||
| ## PRIVATE | |||
| to_java_value : Text | Enso_Secret | Nothing -> HideableValue | |||
There was a problem hiding this comment.
Things related to security should really be private not just documented ## PRIVATE, in my opinion. E.g. move the method into own private module, make it an extension method.
There was a problem hiding this comment.
I don't think I can do this, because Enso_Secret.to_java_value is used within Standard.Database, outside of Standard.Base.
I can move it to a separate file but I cannot make it inaccessible from other modules.
Note that this does not expose any 'sensitive' data - it just creates a Java representation of the Enso_Secret value, using its payload. It's just a transformation of existing data into an internal format.
There was a problem hiding this comment.
I have moved this method to Enso_Cloud/Utils and renamed it to as_hideable_value
| @@ -99,43 +81,3 @@ URI_With_Query.fetch self (method:HTTP_Method=HTTP_Method.Get) headers=[] try_au | |||
| URI.post : Request_Body -> HTTP_Method -> Vector (Header | Pair Text Text) -> Boolean -> Any | |||
| URI.post self (body:Request_Body=Request_Body.Empty) (method:HTTP_Method=HTTP_Method.Post) (headers:(Vector (Header | Pair Text Text))=[]) (try_auto_parse_response:Boolean=True) = | |||
| Data.post self body method headers try_auto_parse_response | |||
|
|
|||
There was a problem hiding this comment.
Looks like a simplification.
| } | ||
| } | ||
|
|
||
| String render(); |
There was a problem hiding this comment.
This is usually called toString() in Java.
There was a problem hiding this comment.
Fair, I wanted to make sure we call it explicitly to distinguish the usages where we convert secrets to __SECRET__ vs usages where we disallow secrets vs usages where we read actual secret values.
I can change to toString if you think that does not clash with the above.
| } | ||
| } | ||
|
|
||
| record PlainValue(String value) implements HideableValue { |
There was a problem hiding this comment.
Secure computing suggests to store values in byte[] - because (unlike String) byte[] can be programaticaly destroyed. That gives the user of the HideableValue control of the life-span a value is valid.
There was a problem hiding this comment.
The PlainValue is nothing that has to be destroyed.
This PR is not changing any of the 'secure' secret logic from #8006, it just refactors it a bit and changes the API.
Also note that for the actual secrets (not something the HideableValue is), we have to hold them as String at some point because we need to pass it to places like JDBC properties.
I think the comment suggests that HideableValue is a misleading name. I really didn't have better ideas how to call this type. Any suggestions?
HideableValue is a type that can either be plain non-sensitive text value OR a secret id that will be resolved into a proper sensitive value much later (the ID itself is nothing that has to be secure).
| * <p>The query parameters and user info are stored separately, because they may contain secrets and | ||
| * will only be resolved to plain values within {@link org.enso.base.enso_cloud.EnsoSecretHelper}. | ||
| */ | ||
| public record URIWithSecrets( |
There was a problem hiding this comment.
How is this different to URISchematic? Why isn't schematic working with HideableValue to beging with?
There was a problem hiding this comment.
The URISchematic is just a helper method that I need because I could no longer use the Apache URIBuilder. It is encapsulating parts of the logic of building an URI while overriding some parts of it. I did not want to couple this with the Secrets logic as its completely independent concept.
The URIWithSecrets may be converted into URISchematic in 2 ways - either resolving the secret ids to actual secret values (done only in EnsoSecretHelper) OR resolving secrets to just say __SECRET__ (the 'public' appearance). Then URISchematic takes either of these and builds a proper URI.
radeusgd
force-pushed
the
wip/radeusgd/8544-merge-uri-with-query
branch
2 times, most recently
from
7d864ed to
bf0043e
Compare
| / : Text -> URI | ||
| / self segment:Text = |
There was a problem hiding this comment.
not saying it should, but we could add pre the query string part
There was a problem hiding this comment.
I don't think I understand what you mean, could you please clarify?
There was a problem hiding this comment.
Isn't what you mean the thing that is checked in this test?
Test.specify "should keep existing query arguments intact when extending the path" <|
uri0 = URI.parse "https://example.com/path?a=b&c=d"
uri1 = uri0 / "x" / "y"
uri2 = uri1 . add_query_argument "e" "f"
uri3 = uri2 / "z"
uri3.path . should_equal "/path/x/y/z"
uri3.query . should_equal "a=b&c=d&e=f"
uri3.to_text . should_equal "https://example.com/path/x/y/z?a=b&c=d&e=f"
or is that sth else?
radeusgd
force-pushed
the
wip/radeusgd/8544-merge-uri-with-query
branch
from
bf0043e to
d853c14
Compare
I have added this in #8591, but I have realised it may not be a good idea to have it, so I am removing that particular change.
Pull Request Description
URIwithURI_With_Query#8544reset_query_argumentsand/operators allowing to transform a URI.Important Notes
Checklist
Please ensure that the following checklist has been satisfied before submitting the PR:
Scala,
Java,
and
Rust
style guides. In case you are using a language not listed above, follow the Rust style guide.
./run ide build.