Merge pull request #102 from cedricherzog-passbolt/Enable-parallel-resource-decryption-using-thread-safe-SDK

Enable parallel resource decryption using thread-safe SDK

Author: speatzle

go.mod

@@ -7,7 +7,7 @@ toolchain go1.24.9
 require (
 	al.essio.dev/pkg/shellescape v1.6.0
 	github.com/google/cel-go v0.26.1
-	github.com/passbolt/go-passbolt v0.7.3-0.20251103091542-cb52308eb1b6
+	github.com/passbolt/go-passbolt v0.7.3-0.20251222145204-2c0e56ef73c3
 	github.com/pterm/pterm v0.12.82
 	github.com/spf13/cobra v1.10.1
 	github.com/spf13/viper v1.21.0

go.sum

@@ -85,10 +85,8 @@ github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw=
 github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
-github.com/passbolt/go-passbolt v0.7.3-0.20251031091721-286d90c417f1 h1:GGtUfSQhwUnTiVZEqrxG6qC98CIu57p70/nHkg42zGA=
-github.com/passbolt/go-passbolt v0.7.3-0.20251031091721-286d90c417f1/go.mod h1:YU35wLUTbqylBQGyEhyI8HjyceLChXDxajTIyyQlVU4=
-github.com/passbolt/go-passbolt v0.7.3-0.20251103091542-cb52308eb1b6 h1:qrV98eGK+9bpcAbcCrjhzO8uXqX40wBL71BE1FWtb3M=
-github.com/passbolt/go-passbolt v0.7.3-0.20251103091542-cb52308eb1b6/go.mod h1:YU35wLUTbqylBQGyEhyI8HjyceLChXDxajTIyyQlVU4=
+github.com/passbolt/go-passbolt v0.7.3-0.20251222145204-2c0e56ef73c3 h1:2orpLWXfGymctdjTPZr83KJE0RuGdT+X/XXs9aExu0w=
+github.com/passbolt/go-passbolt v0.7.3-0.20251222145204-2c0e56ef73c3/go.mod h1:YU35wLUTbqylBQGyEhyI8HjyceLChXDxajTIyyQlVU4=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

keepass/export.go

@@ -1,7 +1,6 @@
 package keepass
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"net/url"
@@ -54,7 +53,7 @@ func KeepassExport(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	defer client.Logout(context.TODO())
+	defer util.SaveSessionKeysAndLogout(ctx, client)
 	cmd.SilenceUsage = true
 
 	if keepassPassword == "" {

resource/filter.go

@@ -6,12 +6,10 @@ import (
 
 	"github.com/google/cel-go/cel"
 	"github.com/passbolt/go-passbolt-cli/util"
-	"github.com/passbolt/go-passbolt/api"
-	"github.com/passbolt/go-passbolt/helper"
 )
 
-// Environments for CEl
-var celEnvOptions = []cel.EnvOption{
+// CelEnvOptions defines the CEL environment for resource filtering
+var CelEnvOptions = []cel.EnvOption{
 	cel.Variable("ID", cel.StringType),
 	cel.Variable("FolderParentID", cel.StringType),
 	cel.Variable("Name", cel.StringType),
@@ -23,48 +21,42 @@ var celEnvOptions = []cel.EnvOption{
 	cel.Variable("ModifiedTimestamp", cel.TimestampType),
 }
 
-// Filters the slice resources by invoke CEL program for each resource
-func filterResources(resources *[]api.Resource, celCmd string, ctx context.Context, client *api.Client) ([]api.Resource, error) {
+// filterDecryptedResources filters already-decrypted resources by evaluating a CEL expression.
+func filterDecryptedResources(resources []decryptedResource, celCmd string, ctx context.Context) ([]decryptedResource, error) {
 	if celCmd == "" {
-		return *resources, nil
+		return resources, nil
 	}
 
-	program, err := util.InitCELProgram(celCmd, celEnvOptions...)
+	program, err := util.InitCELProgram(celCmd, CelEnvOptions...)
 	if err != nil {
 		return nil, err
 	}
 
-	filteredResources := []api.Resource{}
-	for _, resource := range *resources {
-		// TODO We should decrypt the secret only when required for performance reasonse
-		_, name, username, uri, pass, desc, err := helper.GetResource(ctx, client, resource.ID)
-		if err != nil {
-			return nil, fmt.Errorf("Get Resource %w", err)
-		}
-
+	filtered := []decryptedResource{}
+	for _, d := range resources {
 		val, _, err := (*program).ContextEval(ctx, map[string]any{
-			"Id":                resource.ID,
-			"FolderParentID":    resource.FolderParentID,
-			"Name":              name,
-			"Username":          username,
-			"URI":               uri,
-			"Password":          pass,
-			"Description":       desc,
-			"CreatedTimestamp":  resource.Created.Time,
-			"ModifiedTimestamp": resource.Modified.Time,
+			"ID":                d.resource.ID,
+			"FolderParentID":    d.resource.FolderParentID,
+			"Name":              d.name,
+			"Username":          d.username,
+			"URI":               d.uri,
+			"Password":          d.password,
+			"Description":       d.description,
+			"CreatedTimestamp":  d.resource.Created.Time,
+			"ModifiedTimestamp": d.resource.Modified.Time,
 		})
 
 		if err != nil {
 			return nil, err
 		}
 
 		if val.Value() == true {
-			filteredResources = append(filteredResources, resource)
+			filtered = append(filtered, d)
 		}
 	}
 
-	if len(filteredResources) == 0 {
+	if len(filtered) == 0 {
 		return nil, fmt.Errorf("No such Resources found with filter %v!", celCmd)
 	}
-	return filteredResources, nil
+	return filtered, nil
 }

resource/get.go

@@ -1,7 +1,6 @@
 package resource
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"strconv"
@@ -59,7 +58,7 @@ func ResourceGet(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	defer client.Logout(context.TODO())
+	defer util.SaveSessionKeysAndLogout(ctx, client)
 	cmd.SilenceUsage = true
 
 	folderParentID, name, username, uri, password, description, err := helper.GetResource(
@@ -118,7 +117,7 @@ func ResourcePermission(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	defer client.Logout(context.TODO())
+	defer util.SaveSessionKeysAndLogout(ctx, client)
 	cmd.SilenceUsage = true
 
 	permissions, err := client.GetResourcePermissions(ctx, resource)