synapse 2.134.0__py310-none-any.whl → 2.136.0__py310-none-any.whl

synapse/axon.py

@@ -1355,12 +1355,14 @@ class Axon(s_cell.Cell):
 
         link00, sock00 = await s_link.linksock(forceclose=True)
 
+        feedtask = None
+
         try:
             todo = s_common.todo(_spawn_readlines, sock00)
             async with await s_base.Base.anit() as scope:
 
                 scope.schedCoro(s_coro.spawn(todo, log_conf=await self._getSpawnLogConf()))
-                scope.schedCoro(self._sha256ToLink(sha256, link00))
+                feedtask = scope.schedCoro(self._sha256ToLink(sha256, link00))
 
                 while not self.isfini:
 
@@ -1377,6 +1379,8 @@ class Axon(s_cell.Cell):
         finally:
             sock00.close()
             await link00.fini()
+            if feedtask is not None:
+                await feedtask
 
     async def csvrows(self, sha256, dialect='excel', **fmtparams):
         await self._reqHas(sha256)
@@ -1385,12 +1389,14 @@ class Axon(s_cell.Cell):
 
         link00, sock00 = await s_link.linksock(forceclose=True)
 
+        feedtask = None
+
         try:
             todo = s_common.todo(_spawn_readrows, sock00, dialect, fmtparams)
             async with await s_base.Base.anit() as scope:
 
                 scope.schedCoro(s_coro.spawn(todo, log_conf=await self._getSpawnLogConf()))
-                scope.schedCoro(self._sha256ToLink(sha256, link00))
+                feedtask = scope.schedCoro(self._sha256ToLink(sha256, link00))
 
                 while not self.isfini:
 
@@ -1407,6 +1413,8 @@ class Axon(s_cell.Cell):
         finally:
             sock00.close()
             await link00.fini()
+            if feedtask is not None:
+                await feedtask
 
     async def jsonlines(self, sha256):
         async for line in self.readlines(sha256):

synapse/cortex.py

@@ -82,6 +82,7 @@ import synapse.lib.stormlib.project as s_stormlib_project  # NOQA
 import synapse.lib.stormlib.version as s_stormlib_version  # NOQA
 import synapse.lib.stormlib.ethereum as s_stormlib_ethereum  # NOQA
 import synapse.lib.stormlib.modelext as s_stormlib_modelext  # NOQA
+import synapse.lib.stormlib.compression as s_stormlib_compression  # NOQA
 import synapse.lib.stormlib.notifications as s_stormlib_notifications  # NOQA
 
 logger = logging.getLogger(__name__)
@@ -1176,6 +1177,9 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
         self.view = None  # The default/main view
 
+        self._cortex_permdefs = []
+        self._initCorePerms()
+
         # Reset the storm:log:level from the config value to an int for internal use.
         self.conf['storm:log:level'] = s_common.normLogLevel(self.conf.get('storm:log:level'))
         self.stormlog = self.conf.get('storm:log')
@@ -1475,65 +1479,72 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
         self.modsbyiface[name] = tuple(mods)
         return mods
 
-    async def _getPermDefs(self):
-
-        permdefs = list(await s_cell.Cell._getPermDefs(self))
-        permdefs.extend((
-            {'perm': ('view',), 'gate': 'view',
-                'desc': 'Used to control all view permissions.'},
+    def _initCorePerms(self):
+        self._cortex_permdefs.extend((
+            {'perm': ('view',), 'gate': 'cortex',
+             'desc': 'Controls all view permissions.'},
+            {'perm': ('view', 'add'), 'gate': 'cortex',
+             'desc': 'Controls access to add a new view including forks.'},
             {'perm': ('view', 'read'), 'gate': 'view',
-                'desc': 'Used to control read access to a view.'},
+             'desc': 'Used to control read access to a view.'},
 
             {'perm': ('node',), 'gate': 'layer',
-                'desc': 'Controls all node edits in a layer.'},
+             'desc': 'Controls all node edits in a layer.'},
             {'perm': ('node', 'add'), 'gate': 'layer',
-                'desc': 'Controls adding any form of node in a layer.'},
+             'desc': 'Controls adding any form of node in a layer.'},
             {'perm': ('node', 'del'), 'gate': 'layer',
-                'desc': 'Controls removing any form of node in a layer.'},
+             'desc': 'Controls removing any form of node in a layer.'},
 
             {'perm': ('node', 'add', '<form>'), 'gate': 'layer',
-                'ex': 'node.add.inet:ipv4',
-                'desc': 'Controls adding a specific form of node in a layer.'},
+             'ex': 'node.add.inet:ipv4',
+             'desc': 'Controls adding a specific form of node in a layer.'},
             {'perm': ('node', 'del', '<form>'), 'gate': 'layer',
-                'desc': 'Controls removing a specific form of node in a layer.'},
+             'desc': 'Controls removing a specific form of node in a layer.'},
 
             {'perm': ('node', 'tag'), 'gate': 'layer',
-                'desc': 'Controls editing any tag on any node in a layer.'},
+             'desc': 'Controls editing any tag on any node in a layer.'},
             {'perm': ('node', 'tag', 'add'), 'gate': 'layer',
-                'desc': 'Controls adding any tag on any node in a layer.'},
+             'desc': 'Controls adding any tag on any node in a layer.'},
             {'perm': ('node', 'tag', 'del'), 'gate': 'layer',
-                'desc': 'Controls removing any tag on any node in a layer.'},
+             'desc': 'Controls removing any tag on any node in a layer.'},
 
             {'perm': ('node', 'tag', 'add', '<tag...>'), 'gate': 'layer',
-                'ex': 'node.tag.add.cno.mal.redtree',
-                'desc': 'Controls adding a specific tag on any node in a layer.'},
+             'ex': 'node.tag.add.cno.mal.redtree',
+             'desc': 'Controls adding a specific tag on any node in a layer.'},
             {'perm': ('node', 'tag', 'del', '<tag...>'), 'gate': 'layer',
-                'ex': 'node.tag.del.cno.mal.redtree',
-                'desc': 'Controls removing a specific tag on any node in a layer.'},
+             'ex': 'node.tag.del.cno.mal.redtree',
+             'desc': 'Controls removing a specific tag on any node in a layer.'},
 
             {'perm': ('node', 'prop'), 'gate': 'layer',
-                'desc': 'Controls editing any prop on any node in the layer.'},
+             'desc': 'Controls editing any prop on any node in the layer.'},
 
             {'perm': ('node', 'prop', 'set'), 'gate': 'layer',
-                'desc': 'Controls setting any prop on any node in a layer.'},
+             'desc': 'Controls setting any prop on any node in a layer.'},
             {'perm': ('node', 'prop', 'set', '<prop>'), 'gate': 'layer',
-                'ex': 'node.prop.set.inet:ipv4:asn',
-                'desc': 'Controls setting a specific property on a node in a layer.'},
+             'ex': 'node.prop.set.inet:ipv4:asn',
+             'desc': 'Controls setting a specific property on a node in a layer.'},
 
             {'perm': ('node', 'prop', 'del'), 'gate': 'layer',
-                'desc': 'Controls removing any prop on any node in a layer.'},
+             'desc': 'Controls removing any prop on any node in a layer.'},
             {'perm': ('node', 'prop', 'del', '<prop>'), 'gate': 'layer',
-                'ex': 'node.prop.del.inet:ipv4:asn',
-                'desc': 'Controls removing a specific property from a node in a layer.'},
+             'ex': 'node.prop.del.inet:ipv4:asn',
+             'desc': 'Controls removing a specific property from a node in a layer.'},
         ))
+        for pdef in self._cortex_permdefs:
+            s_storm.reqValidPermDef(pdef)
 
-        # TODO declare perm defs in storm libraries and include them here...
+    async def _getPermDefs(self):
+
+        permdefs = list(await s_cell.Cell._getPermDefs(self))
+        permdefs.extend(self._cortex_permdefs)
 
         for spkg in await self.getStormPkgs():
             permdefs.extend(spkg.get('perms', ()))
 
         for (path, ctor) in self.stormlibs:
-            permdefs.extend(getattr(ctor, '_storm_lib_perms', ()))
+            permdefs.extend(ctor._storm_lib_perms)
+
+        permdefs.sort(key=lambda x: x['perm'])
 
         return tuple(permdefs)
 
@@ -3874,6 +3885,9 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
         '''
 
         for path, ctor in s_stormtypes.registry.iterLibs():
+            # Ensure each ctor's permdefs are valid
+            for pdef in ctor._storm_lib_perms:
+                s_storm.reqValidPermDef(pdef)
             # Skip libbase which is registered as a default ctor in the storm Runtime
             if path:
                 self.addStormLib(path, ctor)

synapse/lib/ast.py

@@ -1322,7 +1322,7 @@ class LiftTag(LiftOper):
 
     async def lift(self, runt, path):
 
-        tag = await tostr(await self.kids[0].compute(runt, path))
+        tag = await self.kids[0].compute(runt, path)
 
         if len(self.kids) == 3:
 
@@ -1403,7 +1403,7 @@ class LiftTagTag(LiftOper):
 
     async def lift(self, runt, path):
 
-        tagname = await tostr(await self.kids[0].compute(runt, path))
+        tagname = await self.kids[0].compute(runt, path)
 
         node = await runt.snap.getNodeByNdef(('syn:tag', tagname))
         if node is None:
@@ -1448,7 +1448,7 @@ class LiftFormTag(LiftOper):
         if not runt.model.form(form):
             raise self.kids[0].addExcInfo(s_exc.NoSuchForm.init(form))
 
-        tag = await tostr(await self.kids[1].compute(runt, path))
+        tag = await self.kids[1].compute(runt, path)
 
         if len(self.kids) == 4:
 
@@ -2507,7 +2507,18 @@ class HasTagPropCond(Cond):
     async def getCondEval(self, runt):
 
         async def cond(node, path):
-            tag, name = await self.kids[0].compute(runt, path)
+            tag = await self.kids[0].compute(runt, path)
+            name = await self.kids[1].compute(runt, path)
+
+            if tag == '*':
+                return any(name in props for props in node.tagprops.values())
+
+            if '*' in tag:
+                reobj = s_cache.getTagGlobRegx(tag)
+                for tagname, props in node.tagprops.items():
+                    if reobj.fullmatch(tagname) and name in props:
+                        return True
+
             return node.hasTagProp(tag, name)
 
         return cond
@@ -2707,11 +2718,12 @@ class TagPropCond(Cond):
 
     async def getCondEval(self, runt):
 
-        cmpr = await self.kids[1].compute(runt, None)
+        cmpr = await self.kids[2].compute(runt, None)
 
         async def cond(node, path):
 
-            tag, name = await self.kids[0].compute(runt, path)
+            tag = await self.kids[0].compute(runt, path)
+            name = await self.kids[1].compute(runt, path)
 
             prop = runt.model.getTagProp(name)
             if prop is None:
@@ -2719,7 +2731,7 @@ class TagPropCond(Cond):
                 raise self.kids[0].addExcInfo(s_exc.NoSuchTagProp(name=name, mesg=mesg))
 
             # TODO cache on (cmpr, valu) for perf?
-            valu = await self.kids[2].compute(runt, path)
+            valu = await self.kids[3].compute(runt, path)
 
             ctor = prop.type.getCmprCtor(cmpr)
             if ctor is None:
@@ -3086,16 +3098,71 @@ class TagName(Value):
         if self.isconst:
             return self.constval
 
+        if not isinstance(self.kids[0], Const):
+            valu = await self.kids[0].compute(runt, path)
+            valu = await s_stormtypes.toprim(valu)
+
+            if not isinstance(valu, str):
+                mesg = 'Invalid value type for tag name, tag names must be strings.'
+                raise s_exc.BadTypeValu(mesg=mesg)
+
+            normtupl = await runt.snap.getTagNorm(valu)
+            return normtupl[0]
+
         vals = []
         for kid in self.kids:
             part = await kid.compute(runt, path)
             if part is None:
                 mesg = f'Null value from var ${kid.name} is not allowed in tag names.'
                 raise kid.addExcInfo(s_exc.BadTypeValu(mesg=mesg))
-            vals.append(await tostr(part))
+
+            part = await tostr(part)
+            partnorm = await runt.snap.getTagNorm(part)
+            vals.append(partnorm[0])
 
         return '.'.join(vals)
 
+    async def computeTagArray(self, runt, path, excignore=()):
+
+        if self.isconst:
+            return (self.constval,)
+
+        if not isinstance(self.kids[0], Const):
+            tags = []
+            vals = await self.kids[0].compute(runt, path)
+            vals = await s_stormtypes.toprim(vals)
+
+            if not isinstance(vals, (tuple, list, set)):
+                vals = (vals,)
+
+            for valu in vals:
+                try:
+                    if not isinstance(valu, str):
+                        mesg = 'Invalid value type for tag name, tag names must be strings.'
+                        raise s_exc.BadTypeValu(mesg=mesg)
+
+                    normtupl = await runt.snap.getTagNorm(valu)
+                    if normtupl is None:
+                        continue
+
+                    tags.append(normtupl[0])
+                except excignore:
+                    pass
+            return tags
+
+        vals = []
+        for kid in self.kids:
+            part = await kid.compute(runt, path)
+            if part is None:
+                mesg = f'Null value from var ${kid.name} is not allowed in tag names.'
+                raise kid.addExcInfo(s_exc.BadTypeValu(mesg=mesg))
+
+            part = await tostr(part)
+            partnorm = await runt.snap.getTagNorm(part)
+            vals.append(partnorm[0])
+
+        return ('.'.join(vals),)
+
 class TagMatch(TagName):
     '''
     Like TagName, but can have asterisks
@@ -3105,6 +3172,32 @@ class TagMatch(TagName):
         # TODO support vars with asterisks?
         return any('*' in kid.valu for kid in self.kids if isinstance(kid, Const))
 
+    async def compute(self, runt, path):
+
+        if self.isconst:
+            return self.constval
+
+        if not isinstance(self.kids[0], Const):
+            valu = await self.kids[0].compute(runt, path)
+            valu = await s_stormtypes.toprim(valu)
+
+            if not isinstance(valu, str):
+                mesg = 'Invalid value type for tag name, tag names must be strings.'
+                raise s_exc.BadTypeValu(mesg=mesg)
+
+            return valu
+
+        vals = []
+        for kid in self.kids:
+            part = await kid.compute(runt, path)
+            if part is None:
+                mesg = f'Null value from var ${kid.name} is not allowed in tag names.'
+                raise s_exc.BadTypeValu(mesg=mesg)
+
+            vals.append(await tostr(part))
+
+        return '.'.join(vals)
+
 class Const(Value):
 
     def __init__(self, astinfo, valu, kids=()):
@@ -3756,27 +3849,15 @@ class EditTagAdd(Edit):
         async for node, path in genr:
 
             try:
-                names = await self.kids[oper_offset].compute(runt, path)
-                names = await s_stormtypes.toprim(names)
+                names = await self.kids[oper_offset].computeTagArray(runt, path, excignore=excignore)
             except excignore:
                 yield node, path
                 await asyncio.sleep(0)
                 continue
 
-            if not isinstance(names, tuple):
-                names = (names,)
-
             for name in names:
 
                 try:
-                    if name is None:
-                        raise self.addExcInfo(s_exc.BadTypeValu(mesg='Null tag names are not allowed.'))
-
-                    normtupl = await runt.snap.getTagNorm(name)
-                    if normtupl is None:
-                        continue
-
-                    name, info = normtupl
                     parts = name.split('.')
 
                     runt.layerConfirm(('node', 'tag', 'add', *parts))
@@ -3802,26 +3883,15 @@ class EditTagDel(Edit):
 
         async for node, path in genr:
 
-            names = await self.kids[0].compute(runt, path)
-            names = await s_stormtypes.toprim(names)
-
-            if not isinstance(names, tuple):
-                names = (names,)
+            names = await self.kids[0].computeTagArray(runt, path, excignore=(s_exc.BadTypeValu,))
 
             for name in names:
 
-                # special case for backward compatibility
-                if name:
-                    normtupl = await runt.snap.getTagNorm(name)
-                    if normtupl is None:
-                        continue
-
-                    name, info = normtupl
-                    parts = name.split('.')
+                parts = name.split('.')
 
-                    runt.layerConfirm(('node', 'tag', 'del', *parts))
+                runt.layerConfirm(('node', 'tag', 'del', *parts))
 
-                    await node.delTag(name)
+                await node.delTag(name)
 
             yield node, path
 
@@ -3847,11 +3917,6 @@ class EditTagPropSet(Edit):
             valu = await self.kids[2].compute(runt, path)
             valu = await s_stormtypes.tostor(valu)
 
-            normtupl = await runt.snap.getTagNorm(tag)
-            if normtupl is None:
-                continue
-
-            tag, info = normtupl
             tagparts = tag.split('.')
 
             # for now, use the tag add perms
@@ -3881,13 +3946,6 @@ class EditTagPropDel(Edit):
         async for node, path in genr:
 
             tag, prop = await self.kids[0].compute(runt, path)
-
-            normtupl = await runt.snap.getTagNorm(tag)
-            if normtupl is None:
-                continue
-
-            tag, info = normtupl
-
             tagparts = tag.split('.')
 
             # for now, use the tag add perms

synapse/lib/cell.py

@@ -570,8 +570,8 @@ class CellApi(s_base.Base):
         return await self.cell.setUserEmail(useriden, email)
 
     @adminapi(log=True)
-    async def addUserRole(self, useriden, roleiden):
-        return await self.cell.addUserRole(useriden, roleiden)
+    async def addUserRole(self, useriden, roleiden, indx=None):
+        return await self.cell.addUserRole(useriden, roleiden, indx=indx)
 
     @adminapi(log=True)
     async def setUserRoles(self, useriden, roleidens):
@@ -884,6 +884,11 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
             'type': 'object',
             'hidecmdl': True,
         },
+        'https:parse:proxy:remoteip': {
+            'description': 'Enable the HTTPS server to parse X-Forwarded-For and X-Real-IP headers to determine requester IP addresses.',
+            'type': 'boolean',
+            'default': False,
+        },
         'backup:dir': {
             'description': 'A directory outside the service directory where backups will be saved. Defaults to ./backups in the service storage directory.',
             'type': 'string',
@@ -2286,10 +2291,10 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
                     extra=await self.getLogExtra(target_user=user.iden, target_username=user.name,
                                                  gateiden=gateiden))
 
-    async def addUserRole(self, useriden, roleiden):
+    async def addUserRole(self, useriden, roleiden, indx=None):
         user = await self.auth.reqUser(useriden)
         role = await self.auth.reqRole(roleiden)
-        await user.grant(roleiden)
+        await user.grant(roleiden, indx=indx)
         logger.info(f'Granted role {role.name} to user {user.name}',
                     extra=await self.getLogExtra(target_user=user.iden, target_username=user.name,
                                                  target_role=role.iden, target_rolename=role.name))
@@ -2584,7 +2589,10 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
 
             sslctx = self.initSslCtx(certpath, pkeypath)
 
-        serv = self.wapp.listen(port, address=addr, ssl_options=sslctx)
+        kwargs = {
+            'xheaders': self.conf.reqConfValu('https:parse:proxy:remoteip')
+        }
+        serv = self.wapp.listen(port, address=addr, ssl_options=sslctx, **kwargs)
         self.httpds.append(serv)
         return list(serv._sockets.values())[0].getsockname()
 

synapse/lib/layer.py

@@ -2483,7 +2483,10 @@ class Layer(s_nexus.Pusher):
             self.logedits = valu
 
         # TODO when we can set more props, we may need to parse values.
-        await self.layrinfo.set(name, valu)
+        if valu is None:
+            await self.layrinfo.pop(name)
+        else:
+            await self.layrinfo.set(name, valu)
 
         await self.core.feedBeholder('layer:set', {'iden': self.iden, 'name': name, 'valu': valu}, gates=[self.iden])
         return valu
@@ -3247,6 +3250,15 @@ class Layer(s_nexus.Pusher):
             oldv, oldt = tp_dict.get(prop, (None, None))
             if oldv is not None:
 
+                if stortype == STOR_TYPE_IVAL:
+                    valu = (min(*oldv, *valu), max(*oldv, *valu))
+
+                elif stortype == STOR_TYPE_MINTIME:
+                    valu = min(valu, oldv)
+
+                elif stortype == STOR_TYPE_MAXTIME:
+                    valu = max(valu, oldv)
+
                 if valu == oldv and stortype == oldt:
                     return ()
 

synapse/lib/parser.py

@@ -56,6 +56,7 @@ terminalEnglishMap = {
     'EXPRNEG': '-',
     'EXPRPLUS': '+',
     'EXPRPOW': '**',
+    'EXPRTAGSEGNOVAR': 'non-variable tag segment',
     'EXPRTIMES': '*',
     'FOR': 'for',
     'FORMATSTRING': 'backtick-quoted format string',
@@ -84,8 +85,8 @@ terminalEnglishMap = {
     'SETTAGOPER': '?',
     'SINGLEQUOTEDSTRING': 'single-quoted string',
     'SWITCH': 'switch',
+    'TAGSEGNOVAR': 'non-variable tag segment',
     'TRY': 'try',
-    'TAGMATCH': 'tag name potentially with asterisks',
     'TRIPLEQUOTEDSTRING': 'triple-quoted string',
     'TRYSET': '?=',
     'TRYSETPLUS': '?+=',
@@ -98,6 +99,7 @@ terminalEnglishMap = {
     'WHILE': 'while',
     'WHITETOKN': 'An unquoted string terminated by whitespace',
     'WILDCARD': '*',
+    'WILDTAGSEGNOVAR': 'tag segment potentially with asterisks',
     'YIELD': 'yield',
     '_ARRAYCONDSTART': '*[',
     '_COLONDOLLAR': ':$',
@@ -111,21 +113,21 @@ terminalEnglishMap = {
     '_EDGEN2FINI': ')-',
     '_ELSE': 'else',
     '_EMBEDQUERYSTART': '${',
+    '_EXPRCOLONNOSPACE': ':',
     '_EMIT': 'emit',
     '_FINI': 'fini',
     '_HASH': '#',
-    '_EXPRHASH': '#',
     '_HASHSPACE': '#',
-    '_EXPRHASHSPACE': '#',
     '_INIT': 'init',
     '_LEFTJOIN': '<+-',
     '_LEFTPIVOT': '<-',
     '_LPARNOSPACE': '(',
+    '_MATCHHASH': '#',
+    '_MATCHHASHSPACE': '#',
     '_RETURN': 'return',
     '_RIGHTJOIN': '-+>',
     '_RIGHTPIVOT': '->',
     '_STOP': 'stop',
-    '_TAGSEGNOVAR': 'tag segment potentially with asterisks',
     '_WALKNPIVON1': '-->',
     '_WALKNPIVON2': '<--',
     '$END': 'end of input',
@@ -404,25 +406,6 @@ class AstConverter(lark.Transformer):
 
         return argv
 
-    @classmethod
-    def _tagsplit(cls, astinfo, tag):
-
-        if '$' not in tag:
-            return [s_ast.Const(astinfo, tag)]
-
-        kids = []
-        segs = tag.split('.')
-
-        for seg in segs:
-
-            if seg[0] == '$':
-                kids.append(s_ast.VarValue(astinfo, kids=[s_ast.Const(astinfo, seg[1:])]))
-                continue
-
-            kids.append(s_ast.Const(astinfo, seg))
-
-        return kids
-
     @lark.v_args(meta=True)
     def varderef(self, meta, kids):
         assert kids and len(kids) in (3, 4)
@@ -435,22 +418,6 @@ class AstConverter(lark.Transformer):
             newkid = self._convert_child(kids[2])
         return s_ast.VarDeref(astinfo, kids=(kids[0], newkid))
 
-    @lark.v_args(meta=True)
-    def tagname(self, meta, kids):
-        assert kids and len(kids) == 1
-        astinfo = self.metaToAstInfo(meta)
-        kid = kids[0]
-        if not isinstance(kid, lark.lexer.Token):
-            return self._convert_child(kid)
-
-        valu = kid.value
-        if '*' in valu:
-            mesg = f"Invalid wildcard usage in tag {valu}"
-            self.raiseBadSyntax(mesg, astinfo)
-
-        kids = self._tagsplit(astinfo, valu)
-        return s_ast.TagName(astinfo, kids=kids)
-
     @lark.v_args(meta=True)
     def switchcase(self, meta, kids):
 
@@ -639,7 +606,6 @@ terminalClassMap = {
     'HEXNUMBER': lambda astinfo, x: s_ast.Const(astinfo, s_ast.parseNumber(x)),
     'BOOL': lambda astinfo, x: s_ast.Bool(astinfo, x == 'true'),
     'SINGLEQUOTEDSTRING': lambda astinfo, x: s_ast.Const(astinfo, x[1:-1]),  # drop quotes
-    'TAGMATCH': lambda astinfo, x: s_ast.TagMatch(astinfo, kids=AstConverter._tagsplit(astinfo, x)),
     'NONQUOTEWORD': massage_vartokn,
     'VARTOKN': massage_vartokn,
     'EXPRVARTOKN': massage_vartokn,
@@ -734,6 +700,8 @@ ruleClassMap = {
     'stormcmd': lambda astinfo, kids: s_ast.CmdOper(astinfo, kids=kids if len(kids) == 2 else (kids[0], s_ast.Const(astinfo, tuple()))),
     'stormfunc': s_ast.Function,
     'tagcond': s_ast.TagCond,
+    'tagname': s_ast.TagName,
+    'tagmatch': s_ast.TagMatch,
     'tagprop': s_ast.TagProp,
     'tagvalu': s_ast.TagValue,
     'tagpropvalu': s_ast.TagPropValue,