Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Inspection refactoring and cleanup #400

Closed
wants to merge 6 commits into from

Conversation

cbosdo
Copy link
Contributor

@cbosdo cbosdo commented Jul 12, 2024

What does this PR change?

Split the inspection scripts based on their usage

It doesn't make sense to try to extract all the values for both
containers and hosts. This commit introduces Inspector objects that are
responsible for generating the inspection script and parsing it into a
structure.

While at it, the extracted values that were not used have been removed.
This gains quite some time at each execution since extracting the
SCC registration status was quite long.

While doing this we could also drop the InspectData proxyHost flag as
SCC credentials are extracted for both server and proxy hosts.

Test coverage

  • Unit tests were added

  • DONE

Links

Issue(s): #

  • DONE

Changelogs

Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository

If you don't need a changelog check, please mark this checkbox:

  • No changelog needed

If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)

Before you merge

Check How to branch and merge properly!

cbosdo and others added 2 commits July 11, 2024 13:39
In order to avoid adding return variables for each value we want to
extract at migration time we are now collecting them in a result object.

This object could later be extended and reused for the inspect scripts
instead of using a map.
When migrating from a non-containerized server, the user may want to
setup confidential computing attestation.
@cbosdo cbosdo requested a review from mbussolotto July 12, 2024 08:20
@cbosdo cbosdo force-pushed the inspect-refactoring branch from bc75baa to dc76504 Compare July 12, 2024 08:32
@aaannz
Copy link
Contributor

aaannz commented Jul 12, 2024

We have rather clean dir structure, how about having shared/utils/inspector, shared/utils/inspector/inspect.go, shared/utils/inspector/host.go and shared/utils/inspector/server.go?

@cbosdo cbosdo force-pushed the inspect-refactoring branch 2 times, most recently from 3432d88 to 9db69f8 Compare July 12, 2024 14:36
@cbosdo
Copy link
Contributor Author

cbosdo commented Jul 12, 2024

We have rather clean dir structure, how about having shared/utils/inspector, shared/utils/inspector/inspect.go, shared/utils/inspector/host.go and shared/utils/inspector/server.go?

I was hesitating doing it... looks like I'll do it if we have the same idea 😉

@cbosdo cbosdo force-pushed the inspect-refactoring branch 2 times, most recently from 8d7bde6 to 4692c1d Compare July 12, 2024 15:22
Copy link
Member

@mbussolotto mbussolotto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

cbosdo added 3 commits July 15, 2024 11:52
Using podman creds is not secure as those will show up in the the ps output.
Instead we generate a temporary podman authentication file and pass it to
podman pull.
@cbosdo cbosdo force-pushed the inspect-refactoring branch from 4692c1d to ab101b8 Compare July 15, 2024 12:41
Copy link
Member

@rjmateus rjmateus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, just a few nitpicks

shared/podman/login.go Outdated Show resolved Hide resolved
mgradm/cmd/migrate/podman/utils.go Show resolved Hide resolved
It doesn't make sense to try to extract all the values for both
containers and hosts. This commit introduces Inspector objects that are
responsible for generating the inspection script and parsing it into a
structure.

While at it, the extracted values that were not used have been removed.
This gains quite some time at each execution since extracting the
SCC registration status was quite long.

While doing this we could also drop the InspectData proxyHost flag as
SCC credentials are extracted for both server and proxy hosts.
token := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", creds.SccUsername, creds.SccPassword)))
authFileContent := fmt.Sprintf(`{
"auths": {
"registry.suse.com" : {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we hard code this registry when we can have a different registry name on the cloud?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only set if we have SCC credentials... so no other registry uses them

@cbosdo cbosdo closed this Jul 19, 2024
@cbosdo cbosdo deleted the inspect-refactoring branch July 19, 2024 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
SUSE Manager 5.0.1 Candidate PRs for 5.0.1 inclusion
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants