Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor identity monitoring into separate function #483

Merged
merged 5 commits into from
Oct 15, 2024
Merged

Refactor identity monitoring into separate function #483

merged 5 commits into from
Oct 15, 2024
+119 −30

Conversation

linus-sun
Copy link
Collaborator

@linus-sun linus-sun commented Oct 10, 2024
edited
Loading

Summary

Per this design doc, this PR refactors the monitored identity portion of rekor-monitor's reusable monitoring workflow into a separate function, for preparation in splitting up the workflow into two separate tasks, a consistency check and an identity monitor. A conditional check is added to see if a workflow input contains identities to monitor for.

This PR also temporarily changes a failing identity search to not hard fail the task, allowing the job to succeed and remediating the issue listed here. Future PRs will split this identity search into another task, allowing it to file a GitHub issue and not causing the consistency check to fail.

This PR depends on PR #482.

Release Note

NONE

Documentation

N/A - future PRs will update documentation once CLI/workflow functionality is altered.

@codecov Codecov
Copy link

codecov bot commented Oct 10, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 32.35294% with 23 lines in your changes missing coverage. Please review.

Project coverage is 70.82%. Comparing base (d271ec7) to head (299a8ac).
Report is 130 commits behind head on main.

Files with missing lines Patch % Lines
pkg/rekor/identity.go 5.00% 19 Missing ⚠️
pkg/rekor/verifier.go 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #483      +/-   ##
==========================================
+ Coverage   64.02%   70.82%   +6.79%     
==========================================
  Files           4       13       +9     
  Lines         303      802     +499     
==========================================
+ Hits          194      568     +374     
- Misses         78      179     +101     
- Partials       31       55      +24

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@linus-sun linus-sun force-pushed the linussun/split-identity-search branch from 2f370e0 to 6fd3fdb Compare October 10, 2024 22:23
@linus-sun linus-sun marked this pull request as ready for review October 10, 2024 22:27
mihaimaruseac
mihaimaruseac previously approved these changes Oct 14, 2024
View reviewed changes
Copy link
Collaborator

@mihaimaruseac mihaimaruseac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (reviewed only the last commit, as the other 2 seem to be #482)

@linus-sun linus-sun force-pushed the linussun/split-identity-search branch from 6fd3fdb to 1a3652a Compare October 14, 2024 19:04
@linus-sun linus-sun mentioned this pull request Oct 14, 2024
Merged
@linus-sun linus-sun force-pushed the linussun/split-identity-search branch from 404b723 to 11253dc Compare October 15, 2024 19:03
@linus-sun linus-sun force-pushed the linussun/split-identity-search branch from 11253dc to 299a8ac Compare October 15, 2024 20:29
@linus-sun linus-sun mentioned this pull request Oct 15, 2024
Merged
mihaimaruseac
mihaimaruseac approved these changes Oct 15, 2024
View reviewed changes
Copy link
Collaborator

@mihaimaruseac mihaimaruseac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

haydentherapper
haydentherapper approved these changes Oct 15, 2024
View reviewed changes
pkg/rekor/verifier.go
@@ -118,39 +118,16 @@ func RunConsistencyCheck(interval *time.Duration, rekorClient *client.Rekor, ver
// Write if there was no stored checkpoint or the sizes differ
if prevCheckpoint == nil || prevCheckpoint.Size != checkpoint.Size {
if err := file.WriteCheckpoint(checkpoint, *logInfoFile); err != nil {
return fmt.Errorf("failed to write checkpoint: %v", err)
// TODO: Once the consistency check and identity search are split into separate tasks, this should hard fail.
// Temporarily skipping this to allow this job to succeed, remediating the issue noted here: https://github.com/sigstore/rekor-monitor/issues/271
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This issue is more about handling failures for in writeIdentitiesBetweenCheckpoints where processing a single entry throws an error. Gracefully handling this would mean skipping the index and logging it somewhere.
This has to be fixed deeper in the stack, around MatchedIndices where we return both successfully matched indices and failures.

@haydentherapper haydentherapper merged commit 8dc9552 into sigstore:main Oct 15, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@linus-sun @mihaimaruseac @haydentherapper