synapse 2.172.0__py311-none-any.whl → 2.174.0__py311-none-any.whl

synapse/tests/test_lib_hiveauth.py

@@ -2,9 +2,10 @@ import pathlib
 
 import synapse.exc as s_exc
 import synapse.telepath as s_telepath
+import synapse.lib.hiveauth as s_hiveauth
 
 import synapse.tests.utils as s_test
-from synapse.tests.utils import alist
+
 
 class AuthTest(s_test.SynTest):
 
@@ -371,3 +372,140 @@ class AuthTest(s_test.SynTest):
                 await core.auth.allrole.setRules([(True, ('hehe', 'haha'), 'newp')])
             with self.raises(s_exc.SchemaViolation):
                 await core.auth.allrole.setRules([(True, )])
+
+    async def test_hive_auth_deepdeny(self):
+        async with self.getTestCore() as core:
+
+            # Create an authgate we can later test against
+            fork = await core.callStorm('return( $lib.view.get().fork().iden )')
+            await core.callStorm('auth.user.add lowuser')
+            await core.callStorm('auth.user.addrule lowuser "!hehe.haha.specific"')
+            await core.callStorm('auth.user.addrule lowuser "hehe.something.else"')
+            await core.callStorm('auth.user.addrule lowuser "hehe.haha"')
+            await core.callStorm('auth.user.addrule lowuser "some.perm"')
+            await core.callStorm('auth.role.add ninjas')
+            await core.callStorm('auth.role.add clowns')
+            await core.callStorm('auth.user.grant --index 0 lowuser ninjas')
+            await core.callStorm('auth.user.grant --index 1 lowuser clowns')
+            await core.callStorm('auth.role.addrule ninjas some.rule')
+            await core.callStorm('auth.role.addrule ninjas --gate $gate another.rule',
+                                 opts={'vars': {'gate': fork}})
+
+            user = await core.auth.getUserByName('lowuser')  # type: s_hiveauth.HiveUser
+            self.false(user.allowed(('hehe',)))
+            self.false(user.allowed(('hehe',), deepdeny=True))
+            self.true(user.allowed(('hehe', 'haha')))
+            self.false(user.allowed(('hehe', 'haha'), deepdeny=True))
+            self.true(user.allowed(('hehe', 'haha', 'wow')))
+            self.true(user.allowed(('hehe', 'haha', 'wow'), deepdeny=True))
+            self.true(user.allowed(('some', 'perm')))
+            self.true(user.allowed(('some', 'perm'), deepdeny=True))
+            self.true(user.allowed(('some', 'perm', 'here')))
+            self.true(user.allowed(('some', 'perm', 'here'), deepdeny=True))
+
+            await core.callStorm('auth.user.delrule lowuser hehe.haha')
+            await core.callStorm('auth.user.addrule lowuser hehe')
+            self.true(user.allowed(('hehe',)))
+            self.false(user.allowed(('hehe',), deepdeny=True))
+            self.true(user.allowed(('hehe', 'haha')))
+            self.false(user.allowed(('hehe', 'haha'), deepdeny=True))
+            self.true(user.allowed(('hehe', 'haha', 'wow')))
+            self.true(user.allowed(('hehe', 'haha', 'wow'), deepdeny=True))
+            self.false(user.allowed(('weee',)))
+            self.false(user.allowed(('weee',), deepdeny=True))
+            await core.callStorm('auth.user.delrule lowuser hehe')
+
+            await core.callStorm('auth.role.addrule all "!hehe.something.else.very.specific"')
+            self.false(user.allowed(('hehe',)))
+            self.false(user.allowed(('hehe',), deepdeny=True))
+
+            self.false(user.allowed(('hehe', 'something')))
+            self.true(user.allowed(('hehe', 'something', 'else')))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very')))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific')))
+
+            self.false(user.allowed(('hehe', 'something')))
+            self.false(user.allowed(('hehe', 'something', 'else'), deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else', 'very'), deepdeny=True))
+
+            # There is NOT a deeper permission here, even though there is a deny rule on the role.
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), deepdeny=True))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific', 'more')))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific', 'more'), deepdeny=True))
+            await core.callStorm('auth.role.delrule all "!hehe.something.else.very.specific"')
+
+            await core.callStorm('auth.role.addrule --gate $gate all "beep.boop"',
+                                 opts={'vars': {'gate': fork}})
+            await core.callStorm('auth.role.addrule --gate $gate all "!hehe.something.else.very.specific"',
+                                 opts={'vars': {'gate': fork}})
+            self.false(user.allowed(('hehe',), gateiden=fork))
+            self.false(user.allowed(('hehe', 'something'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), gateiden=fork))
+            self.false(user.allowed(('hehe',), gateiden=fork, deepdeny=True))
+            self.false(user.allowed(('hehe', 'something'), gateiden=fork, deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else'), gateiden=fork, deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else', 'very'), gateiden=fork, deepdeny=True))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), gateiden=fork, deepdeny=True))
+            await core.callStorm('auth.role.delrule --gate $gate all "!hehe.something.else.very.specific"',
+                                 opts={'vars': {'gate': fork}})
+            await core.callStorm('auth.role.delrule --gate $gate all "beep.boop"',
+                                 opts={'vars': {'gate': fork}})
+
+            await core.callStorm('auth.user.addrule --gate $gate lowuser "beep.boop"',
+                                 opts={'vars': {'gate': fork}})
+            await core.callStorm('auth.user.addrule --gate $gate lowuser "!hehe.something.else.very.specific"',
+                                 opts={'vars': {'gate': fork}})
+            self.false(user.allowed(('hehe',), gateiden=fork))
+            self.false(user.allowed(('hehe', 'something'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very'), gateiden=fork))
+            self.false(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), gateiden=fork))
+            self.false(user.allowed(('hehe',), gateiden=fork, deepdeny=True))
+            self.false(user.allowed(('hehe', 'something'), gateiden=fork, deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else'), gateiden=fork, deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else', 'very'), gateiden=fork, deepdeny=True))
+            # This differs from earlier check as the dd is false; but the user authgate deny is earlier in precedence
+            # than the user specific allow
+            self.false(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), gateiden=fork, deepdeny=True))
+
+            await core.callStorm('auth.user.delrule --gate $gate lowuser "!hehe.something.else.very.specific"',
+                                 opts={'vars': {'gate': fork}})
+            await core.callStorm('auth.user.delrule --gate $gate lowuser "beep.boop"',
+                                 opts={'vars': {'gate': fork}})
+
+            await core.callStorm('auth.user.mod --admin (true) lowuser --gate $gate', opts={'vars': {'gate': fork}})
+            self.true(user.allowed(('hehe',), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very'), gateiden=fork))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), gateiden=fork))
+
+            self.true(user.allowed(('hehe',), gateiden=fork, deepdeny=True))
+            self.true(user.allowed(('hehe', 'something'), gateiden=fork, deepdeny=True))
+            self.true(user.allowed(('hehe', 'something', 'else'), gateiden=fork, deepdeny=True))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very'), gateiden=fork, deepdeny=True))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), gateiden=fork, deepdeny=True))
+
+            await core.callStorm('auth.user.mod --admin (false) lowuser --gate $gate', opts={'vars': {'gate': fork}})
+
+            await core.callStorm('auth.user.mod --admin (true) lowuser')
+            self.true(user.allowed(('hehe',)))
+            self.true(user.allowed(('hehe', 'something')))
+            self.true(user.allowed(('hehe', 'something', 'else')))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very')))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific')))
+            self.true(user.allowed(('hehe',), deepdeny=True))
+            self.true(user.allowed(('hehe', 'something')))
+            self.true(user.allowed(('hehe', 'something', 'else'), deepdeny=True))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very'), deepdeny=True))
+            self.true(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), deepdeny=True))
+            await core.callStorm('auth.user.mod --admin (false) lowuser')
+
+            await core.callStorm('auth.user.mod --locked (true) lowuser')
+            self.false(user.allowed(('hehe',), deepdeny=True))
+            self.false(user.allowed(('hehe', 'something'), deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else'), deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else', 'very'), deepdeny=True))
+            self.false(user.allowed(('hehe', 'something', 'else', 'very', 'specific'), deepdeny=True))

synapse/tests/test_lib_httpapi.py

@@ -916,6 +916,7 @@ class HttpApiTest(s_tests.SynTest):
                     await core.callStorm('$c = $lib.cron.get($cron) $c.set("doc", "some docs")', opts=opts)
                     await core.callStorm('cron.del $cron', opts=opts)
 
+                    await core.addStormPkg(spkg)
                     await core.addStormPkg(spkg)
                     await core.addStormSvc(ssvc)
 

synapse/tests/test_lib_layer.py

@@ -1920,6 +1920,19 @@ class LayerTest(s_t_utils.SynTest):
             async def __anit__(self, dirn=None, size=1, cell=None):
                 await super().__anit__(dirn=dirn, size=size, cell=cell)
 
+        seen = set()
+        def confirm(self, perm, default=None, gateiden=None):
+            seen.add(perm)
+            return True
+
+        def confirmPropSet(self, user, prop, layriden):
+            seen.add(prop.setperms[0])
+            seen.add(prop.setperms[1])
+
+        def confirmPropDel(self, user, prop, layriden):
+            seen.add(prop.delperms[0])
+            seen.add(prop.delperms[1])
+
         with mock.patch('synapse.lib.spooled.Dict', Dict):
             async with self.getTestCore() as core:
 
@@ -1952,19 +1965,7 @@ class LayerTest(s_t_utils.SynTest):
 
                 parent = core.view.layers[0]
 
-                seen = set()
-                def confirm(self, perm, default=None, gateiden=None):
-                    seen.add(perm)
-                    return True
-
-                def confirmPropSet(self, user, prop, layriden):
-                    seen.add(prop.setperms[0])
-                    seen.add(prop.setperms[1])
-
-                def confirmPropDel(self, user, prop, layriden):
-                    seen.add(prop.delperms[0])
-                    seen.add(prop.delperms[1])
-
+                seen.clear()
                 with mock.patch.object(s_hiveauth.HiveUser, 'confirm', confirm):
                     with mock.patch.object(s_cortex.Cortex, 'confirmPropSet', confirmPropSet):
                         with mock.patch.object(s_cortex.Cortex, 'confirmPropDel', confirmPropDel):
@@ -2075,6 +2076,59 @@ class LayerTest(s_t_utils.SynTest):
                     ('node', 'tag', 'del', 'foo', 'bar'),
                 })
 
+        async with self.getTestCore() as core:
+
+            user = await core.auth.addUser('blackout@vertex.link')
+            await user.addRule((False, ('node', 'edge', 'add', 'haha')))
+            await user.addRule((False, ('node', 'data', 'set', 'hehe')))
+            await user.addRule((True, ('node',)))
+
+            viewiden = await core.callStorm('''
+                $lyr = $lib.layer.add()
+                $view = $lib.view.add(($lyr.iden,))
+                return($view.iden)
+            ''')
+
+            layr = core.views[viewiden].layers[0]
+
+            opts = {'view': viewiden}
+
+            await core.nodes('[ test:str=bar +#foo.bar ]', opts=opts)
+
+            await core.nodes('''
+                [ test:str=foo
+                    :hehe=bar
+                    +#foo.bar.baz
+                    <(refs)+ { test:str=bar }
+                ]
+                $node.data.set(foo, bar)
+            ''', opts=opts)
+
+            parent = core.view.layers[0]
+
+            seen.clear()
+            with mock.patch.object(s_hiveauth.HiveUser, 'confirm', confirm):
+                with mock.patch.object(s_cortex.Cortex, 'confirmPropSet', confirmPropSet):
+                    with mock.patch.object(s_cortex.Cortex, 'confirmPropDel', confirmPropDel):
+                        await layr.confirmLayerEditPerms(user, parent.iden)
+
+            self.eq(seen, {
+                # node.edge.add.* and node.data.set.* because of the deny rules
+                ('node', 'edge', 'add', 'refs'),
+                ('node', 'data', 'set', 'foo'),
+            })
+
+            await user.delRule((False, ('node', 'edge', 'add', 'haha')))
+            await user.delRule((False, ('node', 'data', 'set', 'hehe')))
+
+            seen.clear()
+            with mock.patch.object(s_hiveauth.HiveUser, 'confirm', confirm):
+                with mock.patch.object(s_cortex.Cortex, 'confirmPropSet', confirmPropSet):
+                    with mock.patch.object(s_cortex.Cortex, 'confirmPropDel', confirmPropDel):
+                        await layr.confirmLayerEditPerms(user, parent.iden)
+
+            self.eq(seen, set())
+
     async def test_layer_v9(self):
         async with self.getRegrCore('2.101.1-hugenum-indxprec') as core:
 

synapse/tests/test_lib_lmdbslab.py

@@ -1,4 +1,5 @@
 import os
+import json
 import asyncio
 import pathlib
 import multiprocessing
@@ -350,7 +351,7 @@ class LmdbSlabTest(s_t_utils.SynTest):
         with self.getTestDir() as dirn, patch('synapse.lib.lmdbslab.Slab.WARN_COMMIT_TIME_MS', 1), \
                 patch('synapse.common.now', self.simplenow):
             path = os.path.join(dirn, 'test.lmdb')
-            with self.getAsyncLoggerStream('synapse.lib.lmdbslab', 'Commit with') as stream:
+            with self.getStructuredAsyncLoggerStream('synapse.lib.lmdbslab', 'Commit with') as stream:
                 async with await s_lmdbslab.Slab.anit(path, map_size=100000) as slab:
                     foo = slab.initdb('foo', dupsort=True)
                     byts = b'\x00' * 256
@@ -358,6 +359,20 @@ class LmdbSlabTest(s_t_utils.SynTest):
                         slab.put(b'\xff\xff\xff\xff' + s_common.guid(i).encode('utf8'), byts, db=foo)
                 self.true(await stream.wait(timeout=1))
 
+            data = stream.getvalue()
+            msgs = [json.loads(m) for m in data.split('\\n') if m]
+            self.gt(len(msgs), 0)
+            self.nn(msgs[0].get('delta'))
+            self.nn(msgs[0].get('path'))
+            self.nn(msgs[0].get('xactopslen'))
+            self.sorteq([
+                'vm.swappiness',
+                'vm.dirty_expire_centisecs',
+                'vm.dirty_writeback_centisecs',
+                'vm.dirty_background_ratio',
+                'vm.dirty_ratio',
+            ], msgs[0].get('sysctls', {}).keys())
+
     async def test_lmdbslab_max_replay(self):
         with self.getTestDir() as dirn:
             path = os.path.join(dirn, 'test.lmdb')

synapse/tests/test_lib_modelrev.py

@@ -473,3 +473,60 @@ class ModelRevTest(s_tests.SynTest):
             nodes = await core.nodes('it:mitre:attack:technique=T0100')
             self.len(1, nodes)
             self.eq('lockpicking', nodes[0].get('name'))
+
+    async def test_modelrev_0_2_25(self):
+        async with self.getRegrCore('model-0.2.25') as core:
+
+            self.len(1, await core.nodes('econ:currency=usd'))
+
+            nodes = await core.nodes('ou:conference')
+            self.len(3, nodes)
+            names = [n.get('name') for n in nodes]
+            self.sorteq(names, (
+                'sleuthcon',
+                'defcon',
+                'recon',
+            ))
+
+            namess = [n.get('names') for n in nodes]
+            self.sorteq(namess, (
+                ('defcon 2024',),
+                ('recon 2024 conference',),
+                ('sleuthcon 2024',),
+            ))
+
+            connames = (
+                'sleuthcon', 'sleuthcon 2024',
+                'defcon', 'defcon 2024',
+                'recon', 'recon 2024 conference',
+            )
+
+            nodes = await core.nodes('entity:name')
+            self.len(6, nodes)
+            names = [n.ndef[1] for n in nodes]
+            self.sorteq(names, connames)
+
+            nodes = await core.nodes('ou:conference -> entity:name')
+            self.len(6, nodes)
+            names = [n.ndef[1] for n in nodes]
+            self.sorteq(names, connames)
+
+            positions = (
+                'president of the united states',
+                'vice president of the united states',
+            )
+
+            nodes = await core.nodes('ou:position')
+            self.len(2, nodes)
+            titles = [n.get('title') for n in nodes]
+            self.sorteq(titles, positions)
+
+            nodes = await core.nodes('ou:jobtitle')
+            self.len(2, nodes)
+            titles = [n.ndef[1] for n in nodes]
+            self.sorteq(titles, positions)
+
+            nodes = await core.nodes('ou:position -> ou:jobtitle')
+            self.len(2, nodes)
+            titles = [n.ndef[1] for n in nodes]
+            self.sorteq(titles, positions)

synapse/tests/test_lib_msgpack.py

@@ -17,6 +17,50 @@ class MsgPackTest(s_t_utils.SynTest):
         byts = s_msgpack._fallback_en(('hehe', 10))
         self.eq(byts, b'\x92\xa4hehe\n')
 
+    def test_msgpack_ext(self):
+        valu = 0xffffffffffffffffffffffffffffffff
+        item = ('woot', valu)
+        byts = s_msgpack.en(item)
+        self.eq(item, s_msgpack.un(byts))
+        self.eq(byts, s_msgpack._fallback_en(item))
+
+        unpk = s_msgpack.Unpk()
+        self.eq(((24, item),), unpk.feed(byts))
+        with self.raises(s_exc.SynErr):
+            s_msgpack._ext_un(99, b'red baloons')
+
+        # Negative number support as well.
+        negvalu = -1 * valu
+        negitem = ('woot', negvalu)
+        negbytes = s_msgpack.en(negitem)
+        self.eq(negitem, s_msgpack.un(negbytes))
+        self.eq(negbytes, s_msgpack._fallback_en(negitem))
+
+        # Check across item.bit_length() boundaries
+        v = 0xffffffffffffffff
+        for i in (1, 0xffffffffffffffff + 1, 0xffffffffffffffff + 2):
+            nv = v + i
+            buf = s_msgpack.en(nv)
+            self.eq(nv, s_msgpack.un(buf))
+        v = -0x8000000000000000
+        for i in (1, 0x7fffffffffffffff, 0x7fffffffffffffff + 1):
+            nv = v - i
+            buf = s_msgpack.en(nv)
+            self.eq(nv, s_msgpack.un(buf))
+
+        # We can also support values > 128 bits in width
+        valu = 0xfffffffffffffffffffffffffffffffff
+        item = ('woot', valu)
+        byts = s_msgpack.en(item)
+        self.eq(item, s_msgpack.un(byts))
+        self.eq(byts, s_msgpack._fallback_en(item))
+
+        negvalu = -1 * valu
+        negitem = ('woot', negvalu)
+        negbytes = s_msgpack.en(negitem)
+        self.eq(negitem, s_msgpack.un(negbytes))
+        self.eq(negbytes, s_msgpack._fallback_en(negitem))
+
     def test_msgpack_un(self):
         item = s_msgpack.un(b'\x92\xa4hehe\n')
         self.eq(item, ('hehe', 10))
@@ -106,8 +150,8 @@ class MsgPackTest(s_t_utils.SynTest):
         self.checkLoadfile(s_msgpack._fallback_en)
 
     def checkTypes(self, enfunc):
-        # This is a future-proofing test for msgpack to ensure that
-        buf = b'\x92\xa4hehe\x85\xa3str\xa41234\xa3int\xcd\x04\xd2\xa5float\xcb@(\xae\x14z\xe1G\xae\xa3bin\xc4\x041234\xa9realworld\xac\xc7\x8b\xef\xbf\xbd\xed\xa1\x82\xef\xbf\xbd\x12'
+        # This is a future-proofing test for msgpack to ensure that we have stability with msgpack-python
+        buf = b'\x92\xa4hehe\x8b\xa3str\xa41234\xa3int\xcd\x04\xd2\xa5float\xcb@(\xae\x14z\xe1G\xae\xa3bin\xc4\x041234\xa9realworld\xac\xc7\x8b\xef\xbf\xbd\xed\xa1\x82\xef\xbf\xbd\x12\xabalmostlarge\xcf\xff\xff\xff\xff\xff\xff\xff\xfe\xb1extlargeThreshold\xcf\xff\xff\xff\xff\xff\xff\xff\xff\xa8extlarge\xc7\t\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\xabalmostsmall\xd3\x80\x00\x00\x00\x00\x00\x00\x01\xb4almostsmallThreshold\xd3\x80\x00\x00\x00\x00\x00\x00\x00\xa8extsmall\xc7\t\x01\xff\x7f\xff\xff\xff\xff\xff\xff\xff'
         struct = (
             'hehe',
             {
@@ -115,7 +159,15 @@ class MsgPackTest(s_t_utils.SynTest):
                 'int': 1234,
                 'float': 12.34,
                 'bin': b'1234',
-                'realworld': '\u01cb\ufffd\ud842\ufffd\u0012'
+                'realworld': '\u01cb\ufffd\ud842\ufffd\u0012',
+                'almostlarge': 0xffffffffffffffff - 1,
+                'extlargeThreshold': 0xffffffffffffffff,
+                # extlarge is handled with our custom extension type
+                'extlarge': 0xffffffffffffffff + 1,
+                'almostsmall': -0x8000000000000000 + 1,
+                'almostsmallThreshold': -0x8000000000000000,
+                # extsmall is handled with our custom extension type
+                'extsmall': -0x8000000000000000 - 1,
             }
         )
         unode = s_msgpack.un(buf)
@@ -135,7 +187,7 @@ class MsgPackTest(s_t_utils.SynTest):
         unpk = s_msgpack.Unpk()
         objs = unpk.feed(buf)
         self.len(1, objs)
-        self.eq(objs[0], (71, struct))
+        self.eq(objs[0], (212, struct))
 
         # Generic isok helper
         self.true(s_msgpack.isok(1))
@@ -148,6 +200,8 @@ class MsgPackTest(s_t_utils.SynTest):
         self.true(s_msgpack.isok([1]))
         self.true(s_msgpack.isok((1,)))
         self.true(s_msgpack.isok({1: 1}))
+        self.true(s_msgpack.isok(0xffffffffffffffff + 1))
+        self.true(s_msgpack.isok(-0x8000000000000000 - 1))
         # unpackage types
         self.false(s_msgpack.isok({1, 2}))  # set
         self.false(s_msgpack.isok(print))  # function
@@ -198,10 +252,6 @@ class MsgPackTest(s_t_utils.SynTest):
         self.raises(s_exc.NotMsgpackSafe, enfunc, {1, 2})
         self.raises(s_exc.NotMsgpackSafe, enfunc, Exception())
         self.raises(s_exc.NotMsgpackSafe, enfunc, s_msgpack.en)
-        # too long
-        with self.raises(s_exc.NotMsgpackSafe) as cm:
-            enfunc({'longlong': 45234928034723904723906})
-        self.isin('OverflowError', cm.exception.get('mesg'))
 
     def test_msgpack_bad_types(self):
         self.checkBadTypes(s_msgpack.en)

synapse/tests/test_lib_nexus.py

@@ -3,7 +3,6 @@ from unittest import mock
 
 import synapse.exc as s_exc
 import synapse.common as s_common
-import synapse.cortex as s_cortex
 
 import synapse.lib.cell as s_cell
 import synapse.lib.nexus as s_nexus
@@ -302,3 +301,47 @@ class NexusTest(s_t_utils.SynTest):
                     with self.raises(s_exc.IsReadOnly):
                         await cell01.sync()
                     self.isin(s_nexus.leaderversion, cell01.nexsroot.writeholds)
+
+    async def test_mirror_nexus_loop_failure(self):
+        with self.getTestDir() as dirn:
+
+            s_common.yamlsave({'nexslog:en': True}, dirn, 'cell.yaml')
+            async with await s_cell.Cell.anit(dirn=dirn) as cell00:
+
+                await cell00.runBackup(name='cell01')
+
+                path = s_common.genpath(dirn, 'backups', 'cell01')
+
+                conf = s_common.yamlload(path, 'cell.yaml')
+                conf['mirror'] = f'cell://{dirn}'
+                s_common.yamlsave(conf, path, 'cell.yaml')
+
+                seen = False
+                restarted = False
+                orig = s_nexus.NexsRoot.delWriteHold
+
+                # Patch NexsRoot.delWriteHold so we can cause an exception in
+                # the setup part of the nexus loop (NexsRoot.runMirrorLoop). The
+                # exception should only happen one time so we can check that the
+                # proxy and the nexus loop were both restarted
+                async def delWriteHold(self, reason):
+                    nonlocal seen
+                    nonlocal restarted
+                    if not seen:
+                        seen = True
+                        raise Exception('Knock over the nexus setup.')
+
+                    restarted = True
+                    return await orig(self, reason)
+
+                with mock.patch('synapse.lib.nexus.NexsRoot.delWriteHold', delWriteHold):
+                    with self.getLoggerStream('synapse.lib.nexus') as stream:
+                        async with await s_cell.Cell.anit(dirn=path) as cell01:
+                            await cell01.sync()
+
+                    stream.seek(0)
+                    data = stream.read()
+                    mesg = 'Unknown error during mirror loop startup: Knock over the nexus setup.'
+                    self.isin(mesg, data)
+
+                self.true(restarted)

synapse/tests/test_lib_storm.py

@@ -2283,9 +2283,9 @@ class StormTest(s_t_utils.SynTest):
             msgs = await core.stormlist(f'pkg.load --ssl-noverify https://127.0.0.1:{port}/api/v1/pkgtest/notok')
             self.stormIsInWarn('pkg.load got JSON error: FooBar', msgs)
 
-            replay = s_common.envbool('SYNDEV_NEXUS_REPLAY')
-            nevents = 4 if replay else 2
-            waiter = core.waiter(nevents, 'core:pkg:onload:complete')
+            # onload will on fire once. all other pkg.load events will effectively bounce
+            # because the pkg hasn't changed so no loading occurs
+            waiter = core.waiter(1, 'core:pkg:onload:complete')
 
             with self.getAsyncLoggerStream('synapse.cortex') as stream:
                 msgs = await core.stormlist(f'pkg.load --ssl-noverify https://127.0.0.1:{port}/api/v1/pkgtest/yep')
@@ -2301,10 +2301,10 @@ class StormTest(s_t_utils.SynTest):
             self.isin("No var with name: newp", buf)
             self.len(1, await core.nodes(f'ps:contact={cont}'))
 
-            evnts = await waiter.wait(timeout=2)
-            exp = []
-            for _ in range(nevents):
-                exp.append(('core:pkg:onload:complete', {'pkg': 'testload'}))
+            evnts = await waiter.wait(timeout=4)
+            exp = [
+                ('core:pkg:onload:complete', {'pkg': 'testload'})
+            ]
             self.eq(exp, evnts)
 
     async def test_storm_tree(self):