Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(secrets): Use core-foundation-rs instead of security-framework for macOS logic #1811

Merged
merged 17 commits into from
Sep 28, 2023
Merged

feat(secrets): Use core-foundation-rs instead of security-framework for macOS logic #1811

merged 17 commits into from
Sep 28, 2023

Conversation

traeok
Copy link
Member

@traeok traeok commented Sep 25, 2023
edited
Loading

What It Does

  • Updated macOS logic to use the core-foundation-rs crate and FFI calls instead of the security-framework crate, as security-framework has been archived.
  • Updates Zowe CLI to use 7.18.6 of the Secrets SDK that contains the above changes.
  • Fixes a bug with the Linux implementation: removed unnecessary libsecret::secret_value_unref call when interacting with items (causes segfault in scenarios where only one match is found)

Note: Once the required # of reviews is met, I'm going to publish Secrets SDK 7.18.6 before merging.

How to Test

Try to build, install, and use Zowe CLI using this PR on macOS. The CLI should work as expected using secure credentials.

If you want to test the Linux fix for edge-cases with the findCredentials function, install the Secrets SDK as a global package, then save the following script as a .js file and execute it with Node (node test.js):

const { keyring } = require("@zowe/secrets-for-zowe-sdk");
await keyring.setPassword("TestService", "TestOneCred", "pass");
await keyring.findCredentials("TestService");
console.log("this line should be printed!");
await keyring.deletePassword("TestService", "TestOneCred");

The script should run without any errors or segmentation faults printed to stdout.

Review Checklist
I certify that I have:

traeok added 10 commits September 18, 2023 15:31
@traeok
wip(secrets/mac): use core-foundation instead of security-framework
f491a16 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
feat(secrets): core-foundation progress (set, get, delete, findPassword)
13b92ae 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
chore(secrets): separate ffi logic in macOS code
ecdc0be 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
fix(secrets): macOS errors during build
7801b01 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
feat(secrets): implement KeychainSearch for findCredentials
b50095d 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
test: adjust SecCertificateGetTypeID fn name to resolve ci errors
1db47b0 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
fix(secrets): link macOS FFI functions to Security.framework
c7c4107 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
chore(secrets/mac): Add doc comments, clean up Rust logic
588321e 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
chore(secrets): Bump Secrets SDK to 7.18.6
803b04e 
Signed-off-by: Trae Yelovich <[email protected]>
@traeok
chore: Update CLI and Secrets SDK changelogs
b36ad06 
Signed-off-by: Trae Yelovich <[email protected]>
@codecov
Copy link

codecov bot commented Sep 25, 2023
edited
Loading

Codecov Report

All modified lines are covered by tests ✅

📢 Thoughts on this report? Let us know!.

@traeok traeok marked this pull request as ready for review September 25, 2023 17:12
@traeok traeok marked this pull request as draft September 25, 2023 17:12
@traeok traeok force-pushed the feat/secrets/core-foundation branch from 9b89ba3 to e4967e1 Compare September 25, 2023 18:15
@traeok traeok force-pushed the feat/secrets/core-foundation branch from e4967e1 to 2d1bb59 Compare September 25, 2023 18:19
@traeok traeok linked an issue Sep 25, 2023 that may be closed by this pull request
Switch from security-framework crate to core-foundation-rs for Secrets SDK #1802
Closed
@traeok traeok marked this pull request as ready for review September 25, 2023 20:21
@traeok
Copy link
Member Author

traeok commented Sep 26, 2023

SonarCloud security hotspot is a false positive as it is a credential used for unit tests.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 26, 2023
edited
Loading

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
15.4% 15.4% Duplication

t1m0thyj
t1m0thyj approved these changes Sep 28, 2023
View reviewed changes
Copy link
Member

@t1m0thyj t1m0thyj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @traeok!

@traeok traeok merged commit d637e90 into master Sep 28, 2023
48 checks passed
@traeok traeok deleted the feat/secrets/core-foundation branch September 28, 2023 16:50
@traeok traeok added the release-patch Indicates a patch to existing code has been applied label Sep 28, 2023
@github-actions
Copy link

Release succeeded for the master branch. 🎉

The following packages have been published:

Powered by Octorelease 🚀

@adam-wolfe adam-wolfe mentioned this pull request Oct 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevinLoesch1 KevinLoesch1 KevinLoesch1 approved these changes

@gejohnston gejohnston gejohnston approved these changes

@t1m0thyj t1m0thyj t1m0thyj approved these changes

@zFernand0 zFernand0 Awaiting requested review from zFernand0

@awharn awharn Awaiting requested review from awharn

@ATorrise ATorrise Awaiting requested review from ATorrise

Assignees
No one assigned
Labels
release-patch Indicates a patch to existing code has been applied released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Switch from security-framework crate to core-foundation-rs for Secrets SDK
4 participants
@traeok @t1m0thyj @gejohnston @KevinLoesch1