ci: fix

.github/scripts/cargo_build.sh

@@ -24,7 +24,9 @@ fi
 rustup target add "$TARGET"
 
 # shellcheck disable=SC2086
-cargo build --target $TARGET $RELEASE $FEATURES
+cargo build --target $TARGET $RELEASE
+
+export RUST_LOG="cosmian_findex_cli=trace,cosmian_findex_server=trace,test_findex_server=trace"
 
 # shellcheck disable=SC2086
 cargo test --target $TARGET $RELEASE --workspace -- --nocapture $SKIP_SERVICES_TESTS

.github/workflows/build_all.yml

@@ -39,7 +39,7 @@ jobs:
       archive-name: ${{ matrix.archive-name }}
       target: ${{ matrix.target }}
       debug_or_release: ${{ inputs.debug_or_release }}
-      skip_services_tests: --skip test_findex
+      skip_services_tests: --skip test_findex --skip test_all_authentications --skip test_server_auth_matrix
 
   generic-macos:
     strategy:
@@ -58,7 +58,7 @@ jobs:
       archive-name: ${{ matrix.archive-name }}
       target: ${{ matrix.target }}
       debug_or_release: ${{ inputs.debug_or_release }}
-      skip_services_tests: --skip test_findex
+      skip_services_tests: --skip test_findex --skip test_all_authentications --skip test_server_auth_matrix
 
   cleanup:
     needs:

Cargo.toml

@@ -59,3 +59,4 @@ tracing = "0.1"
 url = "2.5"
 x509-parser = "0.16"
 zeroize = { version = "1.8", default-features = false }
+uuid = { version = "1.10", features = ["v4"] }

crate/cli/Cargo.toml

@@ -33,8 +33,8 @@ clap = { workspace = true, features = [
   "cargo",
 ] }
 cloudproof_findex = { workspace = true, features = ["rest-interface"] }
-cosmian_rest_client = { path = "../client" }
 cosmian_logger = { path = "../logger" }
+cosmian_rest_client = { path = "../client" }
 csv = "1.3.0"
 der = { workspace = true, features = ["pem"] }
 hex = "0.4"
@@ -58,4 +58,5 @@ predicates = "3.1"
 regex = { version = "1.11", default-features = false }
 tempfile = "3.13"
 test_findex_server = { path = "../test_server" }
+uuid = { workspace = true, features = ["v4"] }
 x509-parser = { workspace = true, features = ["verify"] }

crate/cli/src/actions/findex/search.rs

@@ -26,8 +26,8 @@ impl SearchAction {
     ///
     /// # Arguments
     ///
-    /// * `rest_client` - The Findex server client instance used to
-    ///   communicate with the Findex server server.
+    /// * `rest_client` - The Findex server client instance used to communicate
+    ///   with the Findex server server.
     ///
     /// # Errors
     ///

crate/cli/src/actions/mod.rs

@@ -1,7 +1,7 @@
-pub mod access;
 pub mod console;
 pub mod findex;
 pub mod login;
 pub mod logout;
 pub mod markdown;
+pub mod permissions;
 pub mod version;

crate/cli/src/actions/access.rs → crate/cli/src/actions/permissions.rs

@@ -1,6 +1,5 @@
 use clap::Parser;
 use cosmian_rest_client::RestClient;
-use tracing::trace;
 
 use crate::{
     actions::console,
@@ -41,7 +40,7 @@ impl AccessAction {
 pub struct CreateAccess;
 
 impl CreateAccess {
-    /// Create a new Index with a default `admin` role.
+    /// Create a new Index with a default `admin` permission.
     ///
     /// Generates an unique index ID which is returned to the owner.
     /// This ID will be shared between several users that will be able to:
@@ -50,8 +49,8 @@ impl CreateAccess {
     ///
     /// # Arguments
     ///
-    /// * `rest_client` - A reference to the Findex client used to
-    ///   communicate with the Findex server.
+    /// * `rest_client` - A reference to the Findex client used to communicate
+    ///   with the Findex server.
     ///
     /// # Errors
     ///
@@ -61,8 +60,7 @@ impl CreateAccess {
             .create_access()
             .await
             .with_context(|| "Can't execute the create access query on the findex server")?;
-
-        trace!("cli: New access successfully created: {}", response.success);
+        // should replace the user configuration file
         console::Stdout::new(&response.success).write()?;
 
         Ok(response.success)
@@ -86,25 +84,25 @@ pub struct GrantAccess {
     #[clap(long, required = true)]
     pub index_id: String,
 
-    /// The role to grant (`reader`, `writer`, `admin`)
+    /// The permission to grant (`reader`, `writer`, `admin`)
     #[clap(long, required = true)]
-    pub role: String,
+    pub permission: String,
 }
 
 impl GrantAccess {
     /// Runs the `GrantAccess` action.
     ///
     /// # Arguments
     ///
-    /// * `rest_client` - A reference to the Findex client used to
-    ///   communicate with the Findex server.
+    /// * `rest_client` - A reference to the Findex client used to communicate
+    ///   with the Findex server.
     ///
     /// # Errors
     ///
     /// Returns an error if the query execution on the Findex server fails.
     pub async fn run(&self, rest_client: RestClient) -> CliResult<String> {
         let response = rest_client
-            .grant_access(&self.user, &self.role, &self.index_id)
+            .grant_access(&self.user, &self.permission, &self.index_id)
             .await
             .with_context(|| "Can't execute the grant access query on the findex server")?;
 
@@ -133,8 +131,8 @@ impl RevokeAccess {
     ///
     /// # Arguments
     ///
-    /// * `rest_client` - A reference to the Findex client used to
-    ///   communicate with the Findex server.
+    /// * `rest_client` - A reference to the Findex client used to communicate
+    ///   with the Findex server.
     ///
     /// # Errors
     ///

crate/cli/src/actions/version.rs

@@ -14,8 +14,8 @@ impl ServerVersionAction {
     ///
     /// # Arguments
     ///
-    /// * `rest_client` - The Findex server client instance used to
-    ///   communicate with the Findex server server.
+    /// * `rest_client` - The Findex server client instance used to communicate
+    ///   with the Findex server server.
     ///
     /// # Errors
     ///

crate/cli/src/error/mod.rs

@@ -45,7 +45,7 @@ pub enum CliError {
     Unauthorized(String),
 
     // A cryptographic error
-    #[error("Cryptographic error: {0}")]
+    #[error("CLI Cryptographic error: {0}")]
     Cryptographic(String),
 
     // Conversion errors

crate/cli/src/main.rs

@@ -3,11 +3,11 @@ use std::{path::PathBuf, process};
 use clap::{CommandFactory, Parser, Subcommand};
 use cosmian_findex_cli::{
     actions::{
-        access::AccessAction,
         findex::{add_or_delete::AddOrDeleteAction, search::SearchAction},
         login::LoginAction,
         logout::LogoutAction,
         markdown::MarkdownAction,
+        permissions::AccessAction,
         version::ServerVersionAction,
     },
     error::result::CliResult,

crate/cli/src/tests/auth_tests.rs

@@ -14,7 +14,7 @@ use tracing::{info, trace};
 use crate::{error::result::CliResult, tests::PROG_NAME};
 
 // let us not make other test cases fail
-const PORT: u16 = 9999;
+const PORT: u16 = 6666;
 
 #[tokio::test]
 #[allow(clippy::needless_return)]

crate/cli/src/tests/findex/mod.rs

@@ -5,14 +5,15 @@ use test_findex_server::{
     start_default_test_findex_server, start_default_test_findex_server_with_cert_auth,
 };
 use tracing::trace;
+use uuid::Uuid;
 
 use crate::{
     actions::{
-        access::{GrantAccess, RevokeAccess},
         findex::{add_or_delete::AddOrDeleteAction, search::SearchAction, FindexParameters},
+        permissions::{GrantAccess, RevokeAccess},
     },
     error::result::CliResult,
-    tests::access::{create_access_cmd, grant_access_cmd, revoke_access_cmd},
+    tests::permissions::{create_access_cmd, grant_access_cmd, revoke_access_cmd},
 };
 
 pub(crate) mod add_or_delete;
@@ -65,16 +66,17 @@ fn search(cli_conf_path: &str, index_id: &str) -> CliResult<String> {
 }
 
 #[allow(clippy::panic_in_result_fn)]
-fn findex(cli_conf_path: &str, index_id: &str) -> CliResult<()> {
-    // todo(manu): rename index_id to zone (or something else)
+fn add_search_delete(cli_conf_path: &str, index_id: &str) -> CliResult<()> {
     add(cli_conf_path, index_id)?;
 
+    // make sure searching returns the expected results
     let search_results = search(cli_conf_path, index_id)?;
     assert!(search_results.contains("States9686")); // for Southborough
     assert!(search_results.contains("States14061")); // for Northbridge
 
     delete(cli_conf_path, index_id)?;
 
+    // make sure no results are returned after deletion
     let search_results = search(cli_conf_path, index_id)?;
     assert!(!search_results.contains("States9686")); // for Southborough
     assert!(!search_results.contains("States14061")); // for Northbridge
@@ -86,7 +88,10 @@ fn findex(cli_conf_path: &str, index_id: &str) -> CliResult<()> {
 pub(crate) async fn test_findex_no_auth() -> CliResult<()> {
     log_init(None);
     let ctx = start_default_test_findex_server().await;
-    findex(&ctx.owner_client_conf_path, "my_owned_index")?;
+    add_search_delete(
+        &ctx.owner_client_conf_path,
+        Uuid::new_v4().to_string().as_str(),
+    )?;
     Ok(())
 }
 
@@ -96,9 +101,9 @@ pub(crate) async fn test_findex_cert_auth() -> CliResult<()> {
     let ctx = start_default_test_findex_server_with_cert_auth().await;
 
     let index_id = create_access_cmd(&ctx.owner_client_conf_path)?;
-    trace!("zone: {index_id}");
+    trace!("index_id: {index_id}");
 
-    findex(&ctx.owner_client_conf_path, &index_id)?;
+    add_search_delete(&ctx.owner_client_conf_path, &index_id)?;
     Ok(())
 }
 
@@ -119,7 +124,8 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> {
         GrantAccess {
             user: "[email protected]".to_owned(),
             index_id: index_id.clone(),
-            role: "reader".to_owned(),
+            permission: "reader".to_owned(), /* todo(manu): use a mutual struct between server and
+                                              * client */
         },
     )?;
 
@@ -137,7 +143,7 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> {
         GrantAccess {
             user: "[email protected]".to_owned(),
             index_id: index_id.clone(),
-            role: "writer".to_owned(),
+            permission: "writer".to_owned(),
         },
     )?;
 
@@ -155,7 +161,7 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> {
         GrantAccess {
             user: "[email protected]".to_owned(),
             index_id: index_id.clone(),
-            role: "admin".to_owned(),
+            permission: "admin".to_owned(),
         },
     )
     .unwrap_err();
@@ -179,9 +185,6 @@ pub(crate) async fn test_findex_no_access() -> CliResult<()> {
     log_init(None);
     let ctx = start_default_test_findex_server_with_cert_auth().await;
 
-    assert!(findex(&ctx.user_client_conf_path, "whatever").is_err());
+    assert!(add_search_delete(&ctx.user_client_conf_path, "whatever").is_err());
     Ok(())
 }
-
-// todo(manu):
-//  - grant_access twice

crate/cli/src/tests/mod.rs

@@ -1,6 +1,6 @@
-mod access;
 mod auth_tests;
 mod findex;
+mod permissions;
 mod utils;
 
 const PROG_NAME: &str = "cosmian_findex_cli";

crate/cli/src/tests/access.rs → crate/cli/src/tests/permissions.rs

@@ -6,15 +6,15 @@ use regex::{Regex, RegexBuilder};
 use tracing::{debug, trace};
 
 use crate::{
-    actions::access::{GrantAccess, RevokeAccess},
+    actions::permissions::{GrantAccess, RevokeAccess},
     error::{result::CliResult, CliError},
     tests::{utils::recover_cmd_logs, PROG_NAME},
 };
 
 /// Extract the `key_uid` (prefixed by a pattern) from a text
 #[allow(clippy::unwrap_used)]
 pub(crate) fn extract_uid<'a>(text: &'a str, pattern: &'a str) -> Option<&'a str> {
-    let formatted = format!(r"^\s*{pattern}: (?P<uid>.+?)[\s\.]*?$");
+    let formatted = format!(r"\[\S+\] {pattern}: (?P<uid>[0-9a-fA-F-]+)");
     let uid_regex: Regex = RegexBuilder::new(formatted.as_str())
         .multi_line(true)
         .build()
@@ -35,17 +35,19 @@ pub(crate) fn create_access_cmd(cli_conf_path: &str) -> CliResult<String> {
     if output.status.success() {
         let findex_output = std::str::from_utf8(&output.stdout)?;
         trace!("findex_output: {}", findex_output);
-        let unique_identifier = extract_uid(findex_output, "New access successfully created")
-            .ok_or_else(|| {
-                CliError::Default("failed extracting the unique identifier".to_owned())
-            })?;
+        let unique_identifier = extract_uid(
+            findex_output,
+            "New admin access successfully created on index",
+        )
+        .ok_or_else(|| CliError::Default("failed extracting the unique identifier".to_owned()))?;
         return Ok(unique_identifier.to_owned());
     }
     Err(CliError::Default(
         std::str::from_utf8(&output.stderr)?.to_owned(),
     ))
 }
 
+#[allow(dead_code)]
 pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliResult<String> {
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     let args = vec![
@@ -54,8 +56,8 @@ pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliR
         action.user.clone(),
         "--index-id".to_owned(),
         action.index_id,
-        "--role".to_owned(),
-        action.role,
+        "--permission".to_owned(),
+        action.permission,
     ];
     cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path);
 
@@ -71,6 +73,7 @@ pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliR
     ))
 }
 
+#[allow(dead_code)]
 pub(crate) fn revoke_access_cmd(cli_conf_path: &str, action: RevokeAccess) -> CliResult<String> {
     let mut cmd = Command::cargo_bin(PROG_NAME)?;
     let args = vec![