refactor: remove most getChalkScope (#395)

Previous preparation for the new con4m culminated in nearly every get and set occurring from the top level [1]. Refactor so that helper procs always get and set from the top level, so that we generally no longer write `getChalkScope()` when getting or setting. Before this commit, there was a lot of `getChalkScope()` noise: $ git grep --ignore-case 'getChalkScope' -- '*.nim' | wc -l 266 With this commit, there's much less: $ git grep --ignore-case 'getChalkScope' -- '*.nim' | wc -l 14 $ git grep --break --heading --ignore-case 'getChalkScope' -- '*.nim' src/chalk_common.nim 484: if getChalkScope() != nil and attrGet[bool]("chalk_debug"): src/confload.nim 109: if tb != "" and getChalkScope() == nil or attrGet[bool]("chalk_debug"): src/run_management.nim 20:proc getChalkScope*(): AttrScope = 24: getChalkScope().getObjectOpt(s).isSome() 27: get[T](getChalkScope(), fqn) 30: getOpt[T](getChalkScope(), fqn) 33: getObject(getChalkScope(), fqn) 55: doAssert attrSet(getChalkScope(), fqn, value, attrType).code == errOk 58: discard attrLookup(getChalkScope(), fqn.split('.'), ix = 0, op = vlSecDef) src/selfextract.nim 153: if getChalkScope() != nil and attrGet[bool]("chalk_debug"): src/sinks.nim 47: if (llStr in toLogLevelMap) and getChalkScope() != nil and 153: if getChalkScope() != nil and attrGet[bool]("chalk_debug"): 185: attrRoot = if attr != nil: attr else: getChalkScope() 273: discard setOverride(getChalkScope(), section & ".pinned_cert_file", some(pack(path))) This commit squashes the below refactors: - Replace top-level get with attrGet. - Replace top-level getOpt with attrGetOpt. - Replace top-level getObject with attrGetObject. - run_management: make getChalkSubsections use attrGetObject. - conffile: replace a top-level attrLookup with attrGetOpt. - Make sectionExists work from top level. And for now, inline the use of sectionExists in sinks.nim that wasn't necessarily from the top level. - Make con4mAttrSet work from top level. - config, run_management: add a con4mSectionCreate helper proc. Refs: #269 [1] 6ce7679
crashappsec · Aug 19, 2024 · 7e35a57 · 7e35a57
1 parent 5e97693
commit 7e35a57
Show file tree

Hide file tree

Showing 39 changed files with 283 additions and 284 deletions.
diff --git a/src/attestation/backup.nim b/src/attestation/backup.nim
@@ -117,11 +117,11 @@ proc restore(self: Backup,
 proc initCallback(this: AttestationKeyProvider) =
   let
     self         = Backup(this)
-    authName     = get[string](getChalkScope(), "attestation.attestation_key_backup.auth")
-    location     = get[string](getChalkScope(), "attestation.attestation_key_backup.location")
+    authName     = attrGet[string]("attestation.attestation_key_backup.auth")
+    location     = attrGet[string]("attestation.attestation_key_backup.location")
     authOpt      = getAuthConfigByName(authName)
-    url          = get[string](getChalkScope(), "attestation.attestation_key_backup.uri").removeSuffix("/")
-    timeout      = cast[int](get[Con4mDuration](getChalkScope(), "attestation.attestation_key_backup.timeout"))
+    url          = attrGet[string]("attestation.attestation_key_backup.uri").removeSuffix("/")
+    timeout      = cast[int](attrGet[Con4mDuration]("attestation.attestation_key_backup.timeout"))
 
   if authOpt.isNone():
     raise newException(ValueError,

diff --git a/src/attestation/embed.nim b/src/attestation/embed.nim
@@ -14,7 +14,7 @@ type Embed = ref object of AttestationKeyProvider
 proc initCallback(this: AttestationKeyProvider) =
   let
     self        = Embed(this)
-    location    = get[string](getChalkScope(), "attestation.attestation_key_embed.location")
+    location    = attrGet[string]("attestation.attestation_key_embed.location")
   self.location = location
 
 proc generateKeyCallback(this: AttestationKeyProvider): AttestationKey =

diff --git a/src/attestation/get.nim b/src/attestation/get.nim
@@ -49,10 +49,10 @@ proc request(self: Get, query = ""): JsonNode =
 proc initCallback(this: AttestationKeyProvider) =
   let
     self      = Get(this)
-    authName  = get[string](getChalkScope(), "attestation.attestation_key_get.auth")
+    authName  = attrGet[string]("attestation.attestation_key_get.auth")
     authOpt   = getAuthConfigByName(authName)
-    url       = get[string](getChalkScope(), "attestation.attestation_key_get.uri").removeSuffix("/")
-    timeout   = cast[int](get[Con4mDuration](getChalkScope(), "attestation.attestation_key_get.timeout"))
+    url       = attrGet[string]("attestation.attestation_key_get.uri").removeSuffix("/")
+    timeout   = cast[int](attrGet[Con4mDuration]("attestation.attestation_key_get.timeout"))
 
   if authOpt.isNone():
     raise newException(ValueError,

diff --git a/src/attestation_api.nim b/src/attestation_api.nim
@@ -26,7 +26,7 @@ proc getCosignKey(chalk: ChalkObj): AttestationKey =
   return AttestationKey(publicKey: pubKey)
 
 proc getProvider(): AttestationKeyProvider =
-  let name = get[string](getChalkScope(), "attestation.key_provider")
+  let name = attrGet[string]("attestation.key_provider")
   if name notin keyProviders:
     raise newException(KeyError, "Unsupported attestation key provider: " & name)
   return keyProviders[name]
@@ -165,7 +165,7 @@ proc willSign(): bool =
   if not cosignKey.canAttest():
     return false
   # We sign artifacts if either condition is true.
-  if isSubscribedKey("SIGNATURE") or get[bool](getChalkScope(), "always_try_to_sign"):
+  if isSubscribedKey("SIGNATURE") or attrGet[bool]("always_try_to_sign"):
     return true
   trace("Artifact signing not configured.")
   return false
@@ -182,7 +182,7 @@ proc willSignBySigStore*(chalk: ChalkObj): bool =
 proc verifyBySigStore(chalk: ChalkObj, key: AttestationKey, image: DockerImage): (ValidateResult, ChalkDict) =
   let
     spec   = image.withDigest(chalk.imageDigest).asRepoDigest()
-    log    = get[bool](getChalkScope(), "use_transparency_log")
+    log    = attrGet[bool]("use_transparency_log")
     cosign = getCosignLocation()
   var
     dict   = ChalkDict()
@@ -255,7 +255,7 @@ proc signBySigStore*(chalk: ChalkObj): ChalkDict =
         name    = image.repo
         spec    = image.withDigest(chalk.imageDigest).asRepoDigest()
         mark    = chalk.getChalkMarkAsStr()
-        log     = get[bool](getChalkScope(), "use_transparency_log")
+        log     = attrGet[bool]("use_transparency_log")
         cosign  = getCosignLocation()
         args    = @["attest",
                     "--tlog-upload=" & $log,
@@ -316,7 +316,7 @@ proc signByHash*(chalk: ChalkObj, mdHash : string): ChalkDict =
       "No hash available for this artifact at time of signing."
     )
   let
-    log  = get[bool](getChalkScope(), "use_transparency_log")
+    log  = attrGet[bool]("use_transparency_log")
     args = @["sign-blob",
              "--tlog-upload=" & $log,
              "--yes",
@@ -366,7 +366,7 @@ proc verifyByHash*(chalk: ChalkObj, mdHash: string): ValidateResult =
 
   let
     sig    = unpack[string](chalk.extract["SIGNATURE"])
-    noTlog = not get[bool](getChalkScope(), "use_transparency_log")
+    noTlog = not attrGet[bool]("use_transparency_log")
     args   = @["verify-blob",
                "--insecure-ignore-tlog=" & $noTlog,
                "--key=chalk.pub",

diff --git a/src/chalk.nim b/src/chalk.nim
@@ -27,12 +27,12 @@ when isMainModule:
   setupDefaultLogConfigs() # src/sinks.nim
   loadAttestation()        # attestation.nim
   case getCommandName()    # config.nim
-  of "extract":            runCmdExtract(get[seq[string]](getChalkScope(), "artifact_search_path"))
+  of "extract":            runCmdExtract(attrGet[seq[string]]("artifact_search_path"))
   of "extract.containers": runCmdExtractContainers()
   of "extract.images":     runCmdExtractImages()
-  of "extract.all":        runCmdExtractAll(get[seq[string]](getChalkScope(), "artifact_search_path"))
-  of "insert":             runCmdInsert(get[seq[string]](getChalkScope(), "artifact_search_path"))
-  of "delete":             runCmdDelete(get[seq[string]](getChalkScope(), "artifact_search_path"))
+  of "extract.all":        runCmdExtractAll(attrGet[seq[string]]("artifact_search_path"))
+  of "insert":             runCmdInsert(attrGet[seq[string]]("artifact_search_path"))
+  of "delete":             runCmdDelete(attrGet[seq[string]]("artifact_search_path"))
   of "env":                runCmdEnv()
   of "dump":               runCmdConfDump()
   of "dump.params":        runCmdConfDumpParams()

diff --git a/src/chalk_common.nim b/src/chalk_common.nim
@@ -481,7 +481,7 @@ var
 template dumpExOnDebug*() =
   when not defined(release):
     let stack = getCurrentException().getStackTrace()
-    if getChalkScope() != nil and get[bool](getChalkScope(), "chalk_debug"):
+    if getChalkScope() != nil and attrGet[bool]("chalk_debug"):
       let
         msg = "" # "Handling exception (msg = " & getCurrentExceptionMsg() & ")\n"
         tb  = "Traceback (most recent call last)\n" & stack

diff --git a/src/chalkjson.nim b/src/chalkjson.nim
@@ -445,9 +445,9 @@ proc orderKeys*(dict: ChalkDict,
                 tplate: string): seq[string] =
   var tmp: seq[(int, string)] = @[]
   for k, _ in dict:
-    var order = get[int](getChalkScope(), "keyspec." & k & ".normalized_order")
-    if tplate != "" and sectionExists(getChalkScope(), tplate & ".key." & k):
-      let orderOpt = getOpt[int](getChalkScope(), tplate & ".key." & k & ".order")
+    var order = attrGet[int]("keyspec." & k & ".normalized_order")
+    if tplate != "" and sectionExists(tplate & ".key." & k):
+      let orderOpt = attrGetOpt[int](tplate & ".key." & k & ".order")
       if orderOpt.isSome():
         order = orderOpt.get()
     tmp.add((order, k))
@@ -492,7 +492,7 @@ proc forcePrivateKeys() =
   forceChalkKeys(toForce)
 
 proc getChalkMark*(obj: ChalkObj): ChalkDict =
-  trace("Creating mark using template: " & get[string](getChalkScope(), getOutputConfig() & ".mark_template"))
+  trace("Creating mark using template: " & attrGet[string](getOutputConfig() & ".mark_template"))
 
   forcePrivateKeys()
 
@@ -512,7 +512,7 @@ proc getChalkMarkAsStr*(obj: ChalkObj): string =
     trace("Chalk cachemark " & $obj.cachedMark)
     return obj.cachedMark
   trace("Converting Mark to JSON. Mark template is: " &
-    get[string](getChalkScope(), getOutputConfig() & ".mark_template"))
+    attrGet[string](getOutputConfig() & ".mark_template"))
 
   if obj.cachedMark != "":
     return obj.cachedMark

diff --git a/src/collect.nim b/src/collect.nim
@@ -16,9 +16,9 @@ proc hasSubscribedKey(p: Plugin, keys: seq[string], dict: ChalkDict): bool =
   # Decides whether to run a given plugin... does it export any key we
   # are subscribed to, that hasn't already been provided?
   for k in keys:
-    if k in get[seq[string]](getChalkScope(), "plugin." & p.name & ".ignore"): continue
+    if k in attrGet[seq[string]]("plugin." & p.name & ".ignore"): continue
     if k notin subscribedKeys and k != "*": continue
-    if k in get[seq[string]](getChalkScope(), "plugin." & p.name & ".overrides"): return true
+    if k in attrGet[seq[string]]("plugin." & p.name & ".overrides"): return true
     if k notin dict:                return true
 
   return false
@@ -28,12 +28,12 @@ proc canWrite(plugin: Plugin, key: string, decls: seq[string]): bool =
   # except that we do allow "*" fields for plugins, so we need the runtime
   # check to filter out inappropriate items.
   let section = "keyspec." & key
-  doAssert sectionExists(getChalkScope(), section)
+  doAssert sectionExists(section)
 
-  if key in get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".ignore"): return false
+  if key in attrGet[seq[string]]("plugin." & plugin.name & ".ignore"): return false
 
-  if get[bool](getChalkScope(), section & ".codec"):
-    if get[bool](getChalkScope(), "plugin." & plugin.name & ".codec"):
+  if attrGet[bool](section & ".codec"):
+    if attrGet[bool]("plugin." & plugin.name & ".codec"):
       return true
     else:
       error("Plugin '" & plugin.name & "' can't write codec key: '" & key & "'")
@@ -42,14 +42,14 @@ proc canWrite(plugin: Plugin, key: string, decls: seq[string]): bool =
   if key notin decls and "*" notin decls:
     error("Plugin '" & plugin.name & "' produced undeclared key: '" & key & "'")
     return false
-  if not get[bool](getChalkScope(), section & ".system"):
+  if not attrGet[bool](section & ".system"):
     return true
 
   case plugin.name
   of "system", "metsys":
     return true
   of "conffile":
-    if get[bool](getChalkScope(), section & ".conf_as_system"):
+    if attrGet[bool](section & ".conf_as_system"):
       return true
   else: discard
 
@@ -58,10 +58,10 @@ proc canWrite(plugin: Plugin, key: string, decls: seq[string]): bool =
 
 proc registerKeys(templ: string) =
   let section = templ & ".key"
-  if sectionExists(getChalkScope(), section):
+  if sectionExists(section):
     for name in getChalkSubsections(section):
       let content = section & "." & name
-      let useOpt = getOpt[bool](getChalkScope(), content & ".use")
+      let useOpt = attrGetOpt[bool](content & ".use")
       if useOpt.isSome() and useOpt.get():
         subscribedKeys[name] = true
 
@@ -77,11 +77,11 @@ proc registerOutconfKeys() =
 
   let outconf = getOutputConfig()
 
-  let markTemplate = get[string](getChalkScope(), outconf & ".mark_template")
+  let markTemplate = attrGet[string](outconf & ".mark_template")
   if markTemplate != "":
     registerKeys("mark_template." & markTemplate)
 
-  let reportTemplate = get[string](getChalkScope(), outconf & ".report_template")
+  let reportTemplate = attrGet[string](outconf & ".report_template")
   if reportTemplate != "":
     registerKeys("report_template." & reportTemplate)
 
@@ -91,7 +91,7 @@ proc collectChalkTimeHostInfo*() =
 
   trace("Collecting chalk time artifact info")
   for plugin in getAllPlugins():
-    let subscribed = get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".pre_run_keys")
+    let subscribed = attrGet[seq[string]]("plugin." & plugin.name & ".pre_run_keys")
     if chalkCollectionSuspendedFor(plugin.name):          continue
     if not plugin.hasSubscribedKey(subscribed, hostInfo): continue
     try:
@@ -101,10 +101,10 @@ proc collectChalkTimeHostInfo*() =
         continue
 
       for k, v in dict:
-        if not plugin.canWrite(k, get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".pre_run_keys")):
+        if not plugin.canWrite(k, attrGet[seq[string]]("plugin." & plugin.name & ".pre_run_keys")):
           continue
         if k notin hostInfo or
-            k in get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".overrides") or
+            k in attrGet[seq[string]]("plugin." & plugin.name & ".overrides") or
             plugin.isSystem():
           hostInfo[k] = v
     except:
@@ -128,13 +128,13 @@ proc initCollection*() =
   # Next, register for any custom reports.
   for name in getChalkSubsections("custom_report"):
     let report = "custom_report." & name
-    let useWhenOpt = getOpt[seq[string]](getChalkScope(), report & ".use_when")
+    let useWhenOpt = attrGetOpt[seq[string]](report & ".use_when")
     if useWhenOpt.isSome():
       let useWhen = useWhenOpt.get()
       if (getBaseCommandName() notin useWhen and "*" notin useWhen):
         continue
 
-    let templNameOpt = getOpt[string](getChalkScope(), report & ".report_template")
+    let templNameOpt = attrGetOpt[string](report & ".report_template")
     if templNameOpt.isSome():
       let templName = templNameOpt.get()
       if templName != "":
@@ -148,20 +148,20 @@ proc collectRunTimeArtifactInfo*(artifact: ChalkObj) =
   for plugin in getAllPlugins():
     let
       data       = artifact.collectedData
-      subscribed = get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".post_chalk_keys")
+      subscribed = attrGet[seq[string]]("plugin." & plugin.name & ".post_chalk_keys")
 
     if chalkCollectionSuspendedFor(plugin.name):               continue
     if not plugin.hasSubscribedKey(subscribed, data):          continue
-    if get[bool](getChalkScope(), "plugin." & plugin.name & ".codec") and plugin != artifact.myCodec: continue
+    if attrGet[bool]("plugin." & plugin.name & ".codec") and plugin != artifact.myCodec: continue
 
     trace("Running plugin: " & plugin.name)
     try:
       let dict = plugin.callGetRunTimeArtifactInfo(artifact, isChalkingOp())
       if dict == nil or len(dict) == 0: continue
       for k, v in dict:
-        if not plugin.canWrite(k, get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".post_chalk_keys")): continue
+        if not plugin.canWrite(k, attrGet[seq[string]]("plugin." & plugin.name & ".post_chalk_keys")): continue
         if k notin artifact.collectedData or
-            k in get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".overrides") or
+            k in attrGet[seq[string]]("plugin." & plugin.name & ".overrides") or
             plugin.isSystem():
           artifact.collectedData[k] = v
       trace(plugin.name & ": Plugin called.")
@@ -198,9 +198,9 @@ proc collectChalkTimeArtifactInfo*(obj: ChalkObj, override = false) =
       if obj.fsRef != "":
         data["PATH_WHEN_CHALKED"] = pack(resolvePath(obj.fsRef))
 
-    if get[bool](getChalkScope(), "plugin." & plugin.name & ".codec") and plugin != obj.myCodec: continue
+    if attrGet[bool]("plugin." & plugin.name & ".codec") and plugin != obj.myCodec: continue
 
-    let subscribed = get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".pre_chalk_keys")
+    let subscribed = attrGet[seq[string]]("plugin." & plugin.name & ".pre_chalk_keys")
     if not plugin.hasSubscribedKey(subscribed, data) and not plugin.isSystem():
       trace(plugin.name & ": Skipping plugin; its metadata wouldn't be used.")
       continue
@@ -216,9 +216,9 @@ proc collectChalkTimeArtifactInfo*(obj: ChalkObj, override = false) =
         continue
 
       for k, v in dict:
-        if not plugin.canWrite(k, get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".pre_chalk_keys")): continue
+        if not plugin.canWrite(k, attrGet[seq[string]]("plugin." & plugin.name & ".pre_chalk_keys")): continue
         if k notin obj.collectedData or
-            k in get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".overrides") or
+            k in attrGet[seq[string]]("plugin." & plugin.name & ".overrides") or
             plugin.isSystem() or
             override:
           obj.collectedData[k] = v
@@ -235,7 +235,7 @@ proc collectRunTimeHostInfo*() =
   ## artifact loop below.
   trace("Collecting run time host info")
   for plugin in getAllPlugins():
-    let subscribed = get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".post_run_keys")
+    let subscribed = attrGet[seq[string]]("plugin." & plugin.name & ".post_run_keys")
     if chalkCollectionSuspendedFor(plugin.name):          continue
     if not plugin.hasSubscribedKey(subscribed, hostInfo): continue
 
@@ -245,9 +245,9 @@ proc collectRunTimeHostInfo*() =
       if dict == nil or len(dict) == 0: continue
 
       for k, v in dict:
-        if not plugin.canWrite(k, get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".post_run_keys")): continue
+        if not plugin.canWrite(k, attrGet[seq[string]]("plugin." & plugin.name & ".post_run_keys")): continue
         if k notin hostInfo or
-            k in get[seq[string]](getChalkScope(), "plugin." & plugin.name & ".overrides") or
+            k in attrGet[seq[string]]("plugin." & plugin.name & ".overrides") or
             plugin.isSystem():
           hostInfo[k] = v
     except:
@@ -271,7 +271,7 @@ proc ignoreArtifact(path: string, regexps: seq[Regex]): bool {.inline.} =
   for i, item in regexps:
     if path.match(item):
       trace(path & ": returned artifact ignored due to matching: " &
-        get[seq[string]](getChalkScope(), "ignore_patterns")[i])
+        attrGet[seq[string]]("ignore_patterns")[i])
       trace("Developers: codecs should not be returning ignored artifacts.")
       return true
 
@@ -283,7 +283,7 @@ proc artSetupForExtract(argv: seq[string]): ArtifactIterationInfo =
   let selfPath = resolvePath(getMyAppPath())
 
   result.fileExclusions = @[selfPath]
-  result.recurse        = get[bool](getChalkScope(), "recursive")
+  result.recurse        = attrGet[bool]("recursive")
 
   for item in argv:
     let maybe = resolvePath(item)
@@ -300,10 +300,10 @@ proc artSetupForInsertAndDelete(argv: seq[string]): ArtifactIterationInfo =
 
   let
     selfPath = resolvePath(getMyAppPath())
-    skipList = get[seq[string]](getChalkScope(), "ignore_patterns")
+    skipList = attrGet[seq[string]]("ignore_patterns")
 
   result.fileExclusions = @[selfPath]
-  result.recurse        = get[bool](getChalkScope(), "recursive")
+  result.recurse        = attrGet[bool]("recursive")
 
   for item in skipList:
     result.skips.add(re(item))