synapse 2.160.0__py311-none-any.whl → 2.162.0__py311-none-any.whl

synapse/cortex.py

@@ -1080,7 +1080,8 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
         mdef = s_msgpack.un(byts)
 
         if user is not None:
-            self._reqEasyPerm(mdef, user, s_cell.PERM_READ)
+            mesg = f'User requires read permission on macro: {name}.'
+            self._reqEasyPerm(mdef, user, s_cell.PERM_READ, mesg=mesg)
 
         return mdef
 
@@ -1091,7 +1092,8 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
             raise s_exc.NoSuchName(mesg=f'Macro name not found: {name}')
 
         if user is not None:
-            self._reqEasyPerm(mdef, user, s_cell.PERM_READ)
+            mesg = f'User requires read permission on macro: {name}.'
+            self._reqEasyPerm(mdef, user, s_cell.PERM_READ, mesg=mesg)
 
         return mdef
 
@@ -1645,7 +1647,8 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
             raise s_exc.AuthDeny(mesg=mesg, user=user.iden, username=user.name)
 
         if user is not None:
-            self._reqEasyPerm(gdef, user, level)
+            mesg = f'User requires {s_cell.permnames.get(level)} permission on graph: {iden}.'
+            self._reqEasyPerm(gdef, user, level, mesg=mesg)
 
         return gdef
 
@@ -5304,7 +5307,7 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
         if (nexsoffs := opts.get('nexsoffs')) is not None:
             if not await self.waitNexsOffs(nexsoffs, timeout=opts.get('nexstimeout')):
-                raise s_exc.TimeOut(f'Timeout waiting for nexus offset {nexsoffs}.')
+                raise s_exc.TimeOut(mesg=f'Timeout waiting for nexus offset {nexsoffs}.')
 
         view = self._viewFromOpts(opts)
 
@@ -5360,7 +5363,7 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
         if (nexsoffs := opts.get('nexsoffs')) is not None:
             if not await self.waitNexsOffs(nexsoffs, timeout=opts.get('nexstimeout')):
-                raise s_exc.TimeOut(f'Timeout waiting for nexus offset {nexsoffs}.')
+                raise s_exc.TimeOut(mesg=f'Timeout waiting for nexus offset {nexsoffs}.')
 
         view = self._viewFromOpts(opts)
         async for mesg in view.storm(text, opts=opts):
@@ -5387,7 +5390,7 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
         if (nexsoffs := opts.get('nexsoffs')) is not None:
             if not await self.waitNexsOffs(nexsoffs, timeout=opts.get('nexstimeout')):
-                raise s_exc.TimeOut(f'Timeout waiting for nexus offset {nexsoffs}.')
+                raise s_exc.TimeOut(mesg=f'Timeout waiting for nexus offset {nexsoffs}.')
 
         view = self._viewFromOpts(opts)
         return await view.callStorm(text, opts=opts)
@@ -5415,7 +5418,7 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
         if (nexsoffs := opts.get('nexsoffs')) is not None:
             if not await self.waitNexsOffs(nexsoffs, timeout=opts.get('nexstimeout')):
-                raise s_exc.TimeOut(f'Timeout waiting for nexus offset {nexsoffs}.')
+                raise s_exc.TimeOut(mesg=f'Timeout waiting for nexus offset {nexsoffs}.')
 
         user = self._userFromOpts(opts)
         view = self._viewFromOpts(opts)
@@ -5940,6 +5943,8 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
         if not cdef.get('iden'):
             cdef['iden'] = s_common.guid()
 
+        cdef['created'] = s_common.now()
+
         opts = {'user': cdef['creator'], 'view': cdef.get('view')}
 
         view = self._viewFromOpts(opts)

synapse/daemon.py

@@ -218,7 +218,7 @@ async def t2call(link, meth, args, kwargs):
 
 class Daemon(s_base.Base):
 
-    async def __anit__(self, certdir=None):
+    async def __anit__(self, certdir=None, ahainfo=None):
 
         await s_base.Base.__anit__(self)
 
@@ -227,6 +227,8 @@ class Daemon(s_base.Base):
         if certdir is None:
             certdir = s_certdir.getCertDir()
 
+        self.ahainfo = ahainfo
+
         self.certdir = certdir
         self.televers = s_telepath.televers
 
@@ -414,13 +416,16 @@ class Daemon(s_base.Base):
     async def _getSharedItem(self, name):
         return self.shared.get(name)
 
-    async def _onTeleSyn(self, link, mesg):
+    async def _onTeleSyn(self, link: s_link.Link, mesg):
 
         reply = ('tele:syn', {
             'vers': self.televers,
             'retn': (True, None),
         })
 
+        if self.ahainfo is not None:
+            reply[1]['ahainfo'] = self.ahainfo
+
         try:
 
             vers = mesg[1].get('vers')

synapse/lib/agenda.py

@@ -259,6 +259,7 @@ class _Appt:
     _synced_attrs = {
         'doc',
         'name',
+        'created',
         'enabled',
         'errcount',
         'nexttime',
@@ -270,7 +271,7 @@ class _Appt:
         'lastfinishtime',
     }
 
-    def __init__(self, stor, iden, recur, indx, query, creator, recs, nexttime=None, view=None):
+    def __init__(self, stor, iden, recur, indx, query, creator, recs, nexttime=None, view=None, created=None):
         self.doc = ''
         self.name = ''
         self.stor = stor
@@ -282,6 +283,7 @@ class _Appt:
         self.recs = recs  # List[ApptRec]  list of the individual entries to calculate next time from
         self._recidxnexttime = None  # index of rec who is up next
         self.view = view
+        self.created = created
 
         if self.recur and not self.recs:
             raise s_exc.BadTime(mesg='A recurrent appointment with no records')
@@ -310,6 +312,7 @@ class _Appt:
             'doc': self.doc,
             'name': self.name,
             'storm': self.query,
+            '.created': self.created,
         }
 
         pnorms = {}
@@ -343,6 +346,7 @@ class _Appt:
             'indx': self.indx,
             'query': self.query,
             'creator': self.creator,
+            'created': self.created,
             'recs': [d.pack() for d in self.recs],
             'nexttime': self.nexttime,
             'startcount': self.startcount,
@@ -362,6 +366,7 @@ class _Appt:
         appt = cls(stor, val['iden'], val['recur'], val['indx'], val['query'], val['creator'], recs, nexttime=val['nexttime'], view=val.get('view'))
         appt.doc = val.get('doc', '')
         appt.name = val.get('name', '')
+        appt.created = val.get('created', None)
         appt.laststarttime = val['laststarttime']
         appt.lastfinishtime = val['lastfinishtime']
         appt.lastresult = val['lastresult']
@@ -592,6 +597,7 @@ class Agenda(s_base.Base):
         query = cdef.get('storm')
         creator = cdef.get('creator')
         view = cdef.get('view')
+        created = cdef.get('created')
 
         recur = incunit is not None
         indx = self._next_indx
@@ -633,7 +639,7 @@ class Agenda(s_base.Base):
                 incvals = (incvals, )
             recs.extend(ApptRec(rd, incunit, v) for (rd, v) in itertools.product(reqdicts, incvals))
 
-        appt = _Appt(self, iden, recur, indx, query, creator, recs, nexttime=nexttime, view=view)
+        appt = _Appt(self, iden, recur, indx, query, creator, recs, nexttime=nexttime, view=view, created=created)
         self._addappt(iden, appt)
 
         appt.doc = cdef.get('doc', '')

synapse/lib/aha.py

@@ -192,7 +192,7 @@ class AhaApi(s_cell.CellApi):
                 logger.warning(mesg, await self.cell.getLogExtra(name=svcname, netw=svcnetw))
                 return
 
-            logger.debug(f'AhaCellApi fini, tearing down [{name}]',
+            logger.info(f'AhaCellApi fini, setting service offline [{name}]',
                          extra=await self.cell.getLogExtra(name=svcname, netw=svcnetw))
             coro = self.cell.setAhaSvcDown(name, sess, network=network)
             self.cell.schedCoro(coro)  # this will eventually execute or get cancelled.
@@ -555,7 +555,7 @@ class AhaCell(s_cell.Cell):
             network = svc.get('svcnetw')
             linkiden = svc.get('svcinfo').get('online')
             if linkiden not in current_sessions:
-                logger.debug(f'AhaCell activecoro tearing down [{svcname}.{network}]',
+                logger.info(f'AhaCell activecoro setting service offline [{svcname}.{network}]',
                              extra=await self.getLogExtra(name=svcname, netw=network))
                 await self.setAhaSvcDown(svcname, linkiden, network=network)
 
@@ -611,7 +611,7 @@ class AhaCell(s_cell.Cell):
         path = ('aha', 'services', svcnetw, svcname)
 
         unfo = info.get('urlinfo')
-        logger.debug(f'Adding service [{svcfull}] from [{unfo.get("scheme")}://{unfo.get("host")}:{unfo.get("port")}]',
+        logger.info(f'Adding service [{svcfull}] from [{unfo.get("scheme")}://{unfo.get("host")}:{unfo.get("port")}]',
                      extra=await self.getLogExtra(name=svcname, netw=svcnetw))
 
         svcinfo = {
@@ -788,7 +788,7 @@ class AhaCell(s_cell.Cell):
 
         await self.fire('aha:svcdown', svcname=svcname, svcnetw=svcnetw)
 
-        logger.debug(f'Set [{svcfull}] offline.',
+        logger.info(f'Set [{svcfull}] offline.',
                         extra=await self.getLogExtra(name=svcname, netw=svcnetw))
 
     async def getAhaSvc(self, name, filters=None):

synapse/lib/ast.py

@@ -447,8 +447,8 @@ class SubGraph:
 
         for pivq in rules.get('pivots', ()):
             indx = 0
-            async for node, path in node.storm(runt, pivq):
-                yield (node, path, {'type': 'rules', 'scope': scope, 'index': indx})
+            async for n, p in node.storm(runt, pivq):
+                yield (n, p, {'type': 'rules', 'scope': scope, 'index': indx})
                 indx += 1
 
     async def _edgefallback(self, runt, results, node):
@@ -3776,7 +3776,7 @@ class EmbedQuery(Const):
     async def compute(self, runt, path):
 
         varz = {}
-        varz.update(runt.vars)
+        varz.update(runt.getScopeVars())
 
         if path is not None:
             varz.update(path.vars)

synapse/lib/cell.py

@@ -2640,6 +2640,16 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
         if sess is not None:
             sess.info[name] = valu
 
+    @s_nexus.Pusher.onPushAuto('http:sess:update')
+    async def updateHttpSessInfo(self, iden, vals: dict):
+        for name, valu in vals.items():
+            s_msgpack.isok(valu)
+        for name, valu in vals.items():
+            self.sessstor.set(iden, name, valu)
+        sess = self.sessions.get(iden)
+        if sess is not None:
+            sess.info.update(vals)
+
     @contextlib.contextmanager
     def getTempDir(self):
         tdir = s_common.gendir(self.dirn, 'tmp')
@@ -2830,7 +2840,11 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
 
     async def _initCellDmon(self):
 
-        self.dmon = await s_daemon.Daemon.anit()
+        ahainfo = {
+            'name': self.ahasvcname
+        }
+
+        self.dmon = await s_daemon.Daemon.anit(ahainfo=ahainfo)
         self.dmon.share('*', self)
 
         self.onfini(self.dmon.fini)
@@ -3948,6 +3962,11 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
                 'cellvers': dict(self.cellvers.items()),
                 'nexsindx': await self.getNexsIndx(),
                 'uplink': self.nexsroot.miruplink.is_set(),
+                'aha': {
+                    'name': self.conf.get('aha:name'),
+                    'leader': self.conf.get('aha:leader'),
+                    'network': self.conf.get('aha:network'),
+                }
             },
             'features': {
                 'tellready': True,

synapse/lib/hiveauth.py

@@ -1032,7 +1032,7 @@ class HiveUser(HiveRuler):
         for iden in self.info.get('roles', ()):
             role = self.auth.role(iden)
             if role is None:
-                logger.warning('user {self.iden} has non-existent role: {iden}')
+                logger.warning(f'user {self.iden} has non-existent role: {iden}')
                 continue
             yield role
 

synapse/lib/httpapi.py

@@ -42,6 +42,11 @@ class Sess(s_base.Base):
         await self.cell.setHttpSessInfo(self.iden, name, valu)
         self.info[name] = valu
 
+    async def update(self, vals: dict):
+        await self.cell.updateHttpSessInfo(self.iden, vals)
+        for name, valu in vals.items():
+            self.info[name] = valu
+
     async def login(self, user):
         self.user = user
         await self.set('user', user.iden)

synapse/lib/layer.py

@@ -95,6 +95,7 @@ reqValidLdef = s_config.getJsValidator({
     'properties': {
         'iden': {'type': 'string', 'pattern': s_config.re_iden},
         'creator': {'type': 'string', 'pattern': s_config.re_iden},
+        'created': {'type': 'integer', 'minimum': 0},
         'lockmemory': {'type': 'boolean'},
         'lmdb:growsize': {'type': 'integer'},
         'logedits': {'type': 'boolean', 'default': True},
@@ -1528,12 +1529,14 @@ class Layer(s_nexus.Pusher):
 
         mirror = self.layrinfo.get('mirror')
         if mirror is not None:
+            s_common.deprecated('mirror layer configuration option', curv='2.162.0')
             conf = {'retrysleep': 2}
             self.leader = await s_telepath.Client.anit(mirror, conf=conf)
             self.leadtask = self.schedCoro(self._runMirrorLoop())
 
         uplayr = self.layrinfo.get('upstream')
         if uplayr is not None:
+            s_common.deprecated('upstream layer configuration option', curv='2.162.0')
             if isinstance(uplayr, (tuple, list)):
                 for layr in uplayr:
                     await self.initUpstreamSync(layr)
@@ -4381,9 +4384,14 @@ def getNodeEditPerms(nodeedits):
     '''
     Yields (offs, perm) tuples that can be used in user.allowed()
     '''
+    tags = []
+    tagadds = []
 
     for nodeoffs, (buid, form, edits) in enumerate(nodeedits):
 
+        tags.clear()
+        tagadds.clear()
+
         for editoffs, (edit, info, _) in enumerate(edits):
 
             permoffs = (nodeoffs, editoffs)
@@ -4405,7 +4413,11 @@ def getNodeEditPerms(nodeedits):
                 continue
 
             if edit == EDIT_TAG_SET:
-                yield (permoffs, ('node', 'tag', 'add', *info[0].split('.')))
+                if info[1] != (None, None):
+                    tagadds.append(info[0])
+                    yield (permoffs, ('node', 'tag', 'add', *info[0].split('.')))
+                else:
+                    tags.append((len(info[0]), editoffs, info[0]))
                 continue
 
             if edit == EDIT_TAG_DEL:
@@ -4435,3 +4447,11 @@ def getNodeEditPerms(nodeedits):
             if edit == EDIT_EDGE_DEL:
                 yield (permoffs, ('node', 'edge', 'del', info[0]))
                 continue
+
+        for _, editoffs, tag in sorted(tags, reverse=True):
+            look = tag + '.'
+            if any([tagadd.startswith(look) for tagadd in tagadds]):
+                continue
+
+            yield ((nodeoffs, editoffs), ('node', 'tag', 'add', *tag.split('.')))
+            tagadds.append(tag)

synapse/lib/nexus.py

@@ -87,6 +87,8 @@ class NexsRoot(s_base.Base):
         self.celliden = self.cell.iden
         self.readonly = False
         self.readonlyreason = None
+
+        self.applytask = None
         self.applylock = asyncio.Lock()
 
         self.ready = asyncio.Event()
@@ -312,7 +314,10 @@ class NexsRoot(s_base.Base):
         if meta is None:
             meta = {}
 
-        return await self._eat((nexsiden, event, args, kwargs, meta))
+        async with self.applylock:
+            # Keep a reference to the shielded task to ensure it isn't GC'd
+            self.applytask = asyncio.create_task(self._eat((nexsiden, event, args, kwargs, meta)))
+            return await asyncio.shield(self.applytask)
 
     async def index(self):
         if self.donexslog:
@@ -365,11 +370,10 @@ class NexsRoot(s_base.Base):
         nexus = self._nexskids[nexsiden]
         func, passitem = nexus._nexshands[event]
 
-        async with self.applylock:
-            if passitem:
-                return await func(nexus, *args, nexsitem=(indx, mesg), **kwargs)
+        if passitem:
+            return await func(nexus, *args, nexsitem=(indx, mesg), **kwargs)
 
-            return await func(nexus, *args, **kwargs)
+        return await func(nexus, *args, **kwargs)
 
     async def iter(self, offs: int, tellready=False) -> AsyncIterator[Any]:
         '''

synapse/lib/node.py

@@ -331,8 +331,7 @@ class Node:
         if not edits:
             return False
 
-        await self.snap.applyNodeEdit((self.buid, self.form.name, edits))
-        self.props.pop(name, None)
+        await self.snap.applyNodeEdit((self.buid, self.form.name, edits), nodecache={self.buid: self})
         return True
 
     def repr(self, name=None, defv=None):
@@ -524,7 +523,7 @@ class Node:
         edits = await self._getTagDelEdits(tag, init=init)
         if edits:
             nodeedit = (self.buid, self.form.name, edits)
-            await self.snap.applyNodeEdit(nodeedit)
+            await self.snap.applyNodeEdit(nodeedit, nodecache={self.buid: self})
 
     def _getTagPropDel(self, tag):
 
@@ -585,7 +584,7 @@ class Node:
             (s_layer.EDIT_TAGPROP_DEL, (tag, name, None, prop.type.stortype), ()),
         )
 
-        await self.snap.applyNodeEdit((self.buid, self.form.name, edits))
+        await self.snap.applyNodeEdit((self.buid, self.form.name, edits), nodecache={self.buid: self})
 
     async def delete(self, force=False):
         '''

synapse/lib/rstorm.py

@@ -29,6 +29,7 @@ re_directive = regex.compile(r'^\.\.\s(storm.*|[^:])::(?:\s(.*)$|$)')
 
 logger = logging.getLogger(__name__)
 
+ONLOAD_TIMEOUT = int(os.getenv('SYNDEV_PKG_LOAD_TIMEOUT', 30))  # seconds
 
 class OutPutRst(s_output.OutPutStr):
     '''
@@ -413,8 +414,17 @@ class StormRst(s_base.Base):
         core = self._reqCore()
 
         pkg = s_genpkg.loadPkgProto(text)
+
+        if pkg.get('onload') is not None:
+            waiter = core.waiter(1, 'core:pkg:onload:complete')
+        else:
+            waiter = None
+
         await core.addStormPkg(pkg)
 
+        if waiter is not None and not await waiter.wait(timeout=ONLOAD_TIMEOUT):
+            raise s_exc.SynErr(mesg=f'Package onload failed to run for {pkg.get("name")}')
+
     async def _handleStormPre(self, text):
         '''
         Run a Storm query to prepare the Cortex without output.
@@ -453,6 +463,9 @@ class StormRst(s_base.Base):
 
         svc = await self._getCell(ctor, conf=svcconf)
 
+        onloadcnt = len([p for p in svc.cellapi._storm_svc_pkgs if p.get('onload') is not None])
+        waiter = core.waiter(onloadcnt, 'core:pkg:onload:complete') if onloadcnt else None
+
         svc.dmon.share('svc', svc)
         root = await svc.auth.getUserByName('root')
         await root.setPasswd('root')
@@ -463,6 +476,9 @@ class StormRst(s_base.Base):
         await core.nodes(f'service.add {svcname} {surl}')
         await core.nodes(f'$lib.service.wait({svcname})')
 
+        if waiter is not None and not await waiter.wait(timeout=ONLOAD_TIMEOUT):
+            raise s_exc.SynErr(mesg=f'Package onload failed to run for service {svcname}')
+
     async def _handleStormFail(self, text):
         valu = json.loads(text)
         assert valu in (True, False), f'storm-fail must be a boolean: {text}'

synapse/lib/schemas.py

@@ -118,7 +118,7 @@ _CronJobSchema = {
     },
     'additionalProperties': False,
     'required': ['creator', 'storm'],
-    'dependencices': {
+    'dependencies': {
         'incvals': ['incunit'],
         'incunit': ['incvals'],
     },
@@ -169,6 +169,7 @@ reqValidView = s_config.getJsValidator({
         'name': {'type': 'string'},
         'parent': {'type': ['string', 'null'], 'pattern': s_config.re_iden},
         'creator': {'type': 'string', 'pattern': s_config.re_iden},
+        'created': {'type': 'integer', 'minimum': 0},
         'nomerge': {'type': 'boolean'},
         'merging': {'type': 'boolean'},
         'layers': {

synapse/lib/snap.py

@@ -1085,7 +1085,8 @@ class Snap(s_base.Base):
 
         nodeedits = editor.getNodeEdits()
         if nodeedits:
-            await self.applyNodeEdits(nodeedits)
+            nodecache = {proto.buid: proto.node for proto in editor.protonodes.values()}
+            await self.applyNodeEdits(nodeedits, nodecache=nodecache)
 
     @contextlib.asynccontextmanager
     async def getEditor(self):
@@ -1096,18 +1097,20 @@ class Snap(s_base.Base):
 
         nodeedits = editor.getNodeEdits()
         if nodeedits:
-            await self.applyNodeEdits(nodeedits)
+            nodecache = {proto.buid: proto.node for proto in editor.protonodes.values()}
+            await self.applyNodeEdits(nodeedits, nodecache=nodecache)
 
-    async def applyNodeEdit(self, edit):
-        nodes = await self.applyNodeEdits((edit,))
-        return nodes[0]
+    async def applyNodeEdit(self, edit, nodecache=None):
+        nodes = await self.applyNodeEdits((edit,), nodecache=nodecache)
+        if nodes:
+            return nodes[0]
 
-    async def applyNodeEdits(self, edits):
+    async def applyNodeEdits(self, edits, nodecache=None):
         '''
         Sends edits to the write layer and evaluates the consequences (triggers, node object updates)
         '''
         meta = await self.getSnapMeta()
-        saveoff, changes, nodes = await self._applyNodeEdits(edits, meta)
+        saveoff, changes, nodes = await self._applyNodeEdits(edits, meta, nodecache=nodecache)
         return nodes
 
     async def saveNodeEdits(self, edits, meta):
@@ -1124,7 +1127,7 @@ class Snap(s_base.Base):
 
         return saveoff, changes
 
-    async def _applyNodeEdits(self, edits, meta):
+    async def _applyNodeEdits(self, edits, meta, nodecache=None):
 
         if self.readonly:
             mesg = 'The snapshot is in read-only mode.'
@@ -1145,11 +1148,17 @@ class Snap(s_base.Base):
 
             cache = {wlyr.iden: sode}
 
-            node = await self._joinStorNode(buid, cache)
+            node = None
+            if nodecache is not None:
+                node = nodecache.get(buid)
 
             if node is None:
-                # We got part of a node but no ndef
-                continue
+                node = await self._joinStorNode(buid, cache)
+                if node is None:
+                    # We got part of a node but no ndef
+                    continue
+            else:
+                await asyncio.sleep(0)
 
             nodes.append(node)
 

synapse/lib/storm.py

@@ -181,7 +181,7 @@ wgetdescr = '''Retrieve bytes from a URL and store them in the axon. Yields inet
 Examples:
 
     # Specify custom headers and parameters
-    inet:url=https://vertex.link/foo.bar.txt | wget --headers $lib.dict("User-Agent"="Foo/Bar") --params $lib.dict("clientid"="42")
+    inet:url=https://vertex.link/foo.bar.txt | wget --headers ({"User-Agent": "Foo/Bar"}) --params ({"clientid": "42"})
 
     # Download multiple URL targets without inbound nodes
     wget https://vertex.link https://vtx.lk
@@ -2207,9 +2207,9 @@ class Runtime(s_base.Base):
 
         self.user.raisePermDeny(prop.delperms[-1], gateiden=layriden)
 
-    def confirmEasyPerm(self, item, perm):
+    def confirmEasyPerm(self, item, perm, mesg=None):
         if not self.asroot:
-            self.snap.core._reqEasyPerm(item, self.user, perm)
+            self.snap.core._reqEasyPerm(item, self.user, perm, mesg=mesg)
 
     def allowedEasyPerm(self, item, perm):
         if self.asroot:
@@ -3787,7 +3787,23 @@ class MergeCmd(Cmd):
             runt.confirmPropDel(prop, layriden=layr0)
             runt.confirmPropSet(prop, layriden=layr1)
 
+        tags = []
+        tagadds = []
         for tag, valu in sode.get('tags', {}).items():
+            if valu != (None, None):
+                tagadds.append(tag)
+                tagperm = tuple(tag.split('.'))
+                runt.confirm(('node', 'tag', 'del') + tagperm, gateiden=layr0)
+                runt.confirm(('node', 'tag', 'add') + tagperm, gateiden=layr1)
+            else:
+                tags.append((len(tag), tag))
+
+        for _, tag in sorted(tags, reverse=True):
+            look = tag + '.'
+            if any([tagadd.startswith(look) for tagadd in tagadds]):
+                continue
+
+            tagadds.append(tag)
             tagperm = tuple(tag.split('.'))
             runt.confirm(('node', 'tag', 'del') + tagperm, gateiden=layr0)
             runt.confirm(('node', 'tag', 'add') + tagperm, gateiden=layr1)

synapse/lib/stormhttp.py

@@ -328,11 +328,23 @@ class LibHttp(s_stormtypes.Lib):
             connector = aiohttp_socks.ProxyConnector.from_url(proxy)
 
         timeout = aiohttp.ClientTimeout(total=timeout)
+        kwargs = {'timeout': timeout}
+        if params:
+            kwargs['params'] = params
+
+        cadir = self.runt.snap.core.conf.get('tls:ca:dir')
+
+        if ssl_verify is False:
+            kwargs['ssl'] = False
+        elif cadir:
+            kwargs['ssl'] = s_common.getSslCtx(cadir)
+        else:
+            # default aiohttp behavior
+            kwargs['ssl'] = None
 
         try:
             sess = await sock.enter_context(aiohttp.ClientSession(connector=connector, timeout=timeout))
-            sock.resp = await sock.enter_context(sess.ws_connect(url, headers=headers, ssl=ssl_verify, timeout=timeout,
-                                                                 params=params, ))
+            sock.resp = await sock.enter_context(sess.ws_connect(url, headers=headers, **kwargs))
 
             sock._syn_refs = 0
             self.runt.onfini(sock)

synapse/lib/stormlib/easyperm.py

@@ -47,6 +47,8 @@ class LibEasyPerm(s_stormtypes.Lib):
                   'args': (
                       {'name': 'edef', 'type': 'dict', 'desc': 'The easy perm dictionary to check.'},
                       {'name': 'level', 'type': 'str', 'desc': 'The required permission level number.'},
+                      {'name': 'mesg', 'type': 'str', 'default': None,
+                       'desc': 'Optional error message to present if user does not have required permission level.'},
                   ),
                   'returns': {'type': 'null'}}},
     )
@@ -102,11 +104,12 @@ class LibEasyPerm(s_stormtypes.Lib):
 
         return self.runt.snap.core._hasEasyPerm(edef, self.runt.user, level)
 
-    async def _confirmEasyPerm(self, edef, level):
+    async def _confirmEasyPerm(self, edef, level, mesg=None):
         edef = await s_stormtypes.toprim(edef)
         level = await s_stormtypes.toint(level)
+        mesg = await s_stormtypes.tostr(mesg, noneok=True)
 
         if not isinstance(edef, dict):
             raise s_exc.BadArg(mesg='Object to check easy perms on must be a dictionary.')
 
-        self.runt.snap.core._reqEasyPerm(edef, self.runt.user, level)
+        self.runt.snap.core._reqEasyPerm(edef, self.runt.user, level, mesg=mesg)