Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add turnpike content guard (HMS-4783) #2726

Merged
merged 1 commit into from
Dec 11, 2024
Merged

add turnpike content guard (HMS-4783) #2726

merged 1 commit into from
Dec 11, 2024

Conversation

loadtheaccumulator
Copy link
Collaborator

@loadtheaccumulator loadtheaccumulator commented Oct 31, 2024
edited
Loading

Description

Add turnpike content guard for ostree and associated feature flag
Add mTLS URL swap to support turnpike switch
Switch RBAC to configurable option

FIXES: HMS-4783

Type of change

What is it?

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Documentation update
  • Tests update
  • Refactor

@loadtheaccumulator loadtheaccumulator marked this pull request as draft October 31, 2024 05:18
@mergify mergify bot added the new feature New feature label Oct 31, 2024
@loadtheaccumulator
Copy link
Collaborator Author

I set this to draft while additional tests run, but wanted to get this up here for perusal while I'm out through Friday.

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 2 times, most recently from 6726259 to 0bab10b Compare October 31, 2024 05:30
lzap
lzap reviewed Nov 1, 2024
View reviewed changes
Copy link
Collaborator

@lzap lzap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not complete, looks great, tho I suggest to avoid new feature flags if we can.

pkg/clients/pulp/guards_composite.go Show resolved Hide resolved
pkg/clients/pulp/guards_turnpike.go Outdated Show resolved Hide resolved
pkg/services/repostore/pulpstore.go Show resolved Hide resolved
@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 3 times, most recently from 4ceea24 to d5ca88c Compare November 4, 2024 22:10
@lzap
Copy link
Collaborator

lzap commented Nov 5, 2024

I am almost done adding MTLS, this is the last PR: osbuild/osbuild-composer#4412

Once this is merged and promoted to stage, IB should be automatically able to reach out to any pulp repository on stage or prod as long as the DN is set accordingly in edge.

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 3 times, most recently from ea5c462 to 1ebba29 Compare November 5, 2024 21:49
@adarshdubey-star
Copy link
Contributor

/retest

1 similar comment
@loadtheaccumulator
Copy link
Collaborator Author

/retest

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 2 times, most recently from c80696c to afa4250 Compare November 8, 2024 13:42
@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 5 times, most recently from 22f1245 to 748b66c Compare November 13, 2024 14:56
@loadtheaccumulator
Copy link
Collaborator Author

/retest

@ezr-ondrej ezr-ondrej changed the title add turnpike content guard add turnpike content guard (HMS-4783) Nov 15, 2024
@mergify mergify bot closed this Nov 29, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 29, 2024

This pull request looks stale. Feel free to reopen it if you think it's a mistake.

@lzap
Copy link
Collaborator

lzap commented Nov 29, 2024

My bad, is taking too long. I am almost there, the patch is in, we need to kill workers...

@ezr-ondrej ezr-ondrej reopened this Dec 2, 2024
@lzap
Copy link
Collaborator

lzap commented Dec 4, 2024

The update edge builds are finally fixed on stage. Let me know when this is ready for re-review.

@loadtheaccumulator
Copy link
Collaborator Author

/retest

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 3 times, most recently from a7baf57 to 4749d76 Compare December 11, 2024 06:26
@loadtheaccumulator loadtheaccumulator marked this pull request as ready for review December 11, 2024 06:32
@loadtheaccumulator
add turnpike content guard
21b9b8e 
Signed-off-by: Jonathan Holloway <[email protected]>
lzap
lzap approved these changes Dec 11, 2024
View reviewed changes
pkg/clients/pulp/guards_composite.go
@@ -102,17 +137,35 @@ func (ps *PulpService) CompositeGuardEnsure(ctx context.Context, orgID, headerHr
// that the composite guard is not created or the guards are not the same as the ones provided, it will delete it
// and recreate it. This method is idempotent and will not create the guards if they already exist.
func (ps *PulpService) ContentGuardEnsure(ctx context.Context, orgID string) (*CompositeContentGuardResponse, error) {
var contentGuardHrefs []string
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fine, two appends will create a slice of capacity two, one extra copy operation is not big deal: https://go.dev/play/p/SAxjQTDwNCT

Interesting fact: Go increases capacity in power of twos up until 256 and then it is just 1.25x: https://github.com/golang/go/blob/master/src/runtime/slice.go#L289

@loadtheaccumulator loadtheaccumulator merged commit 97ee9c9 into RedHatInsights:main Dec 11, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ezr-ondrej ezr-ondrej ezr-ondrej left review comments

@lzap lzap lzap approved these changes

Assignees
No one assigned
Labels
new feature New feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@loadtheaccumulator @lzap @adarshdubey-star @ezr-ondrej