Skip to content
This repository was archived by the owner on Sep 18, 2025. It is now read-only.

add turnpike content guard (HMS-4783) #2726

Merged
loadtheaccumulator merged 1 commit into from
Dec 11, 2024
Merged

add turnpike content guard (HMS-4783) #2726

loadtheaccumulator merged 1 commit into from
Dec 11, 2024

Conversation

@loadtheaccumulator
Copy link
Collaborator

@loadtheaccumulator loadtheaccumulator commented Oct 31, 2024
edited
Loading

Description

Add turnpike content guard for ostree and associated feature flag
Add mTLS URL swap to support turnpike switch
Switch RBAC to configurable option

FIXES: HMS-4783

Type of change

What is it?

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Documentation update
  • Tests update
  • Refactor

@loadtheaccumulator loadtheaccumulator marked this pull request as draft October 31, 2024 05:18
@mergify mergify bot added the new feature New feature label Oct 31, 2024
@loadtheaccumulator
Copy link
Collaborator Author

loadtheaccumulator commented Oct 31, 2024

I set this to draft while additional tests run, but wanted to get this up here for perusal while I'm out through Friday.

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 2 times, most recently from 6726259 to 0bab10b Compare October 31, 2024 05:30
lzap
lzap reviewed Nov 1, 2024
View reviewed changes
Copy link
Collaborator

@lzap lzap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not complete, looks great, tho I suggest to avoid new feature flags if we can.

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 3 times, most recently from 4ceea24 to d5ca88c Compare November 4, 2024 22:10
lzap
lzap reviewed Nov 5, 2024
View reviewed changes
lzap
lzap reviewed Nov 5, 2024
View reviewed changes
lzap
lzap reviewed Nov 5, 2024
View reviewed changes
@lzap
Copy link
Collaborator

lzap commented Nov 5, 2024

I am almost done adding MTLS, this is the last PR: osbuild/osbuild-composer#4412

Once this is merged and promoted to stage, IB should be automatically able to reach out to any pulp repository on stage or prod as long as the DN is set accordingly in edge.

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 3 times, most recently from ea5c462 to 1ebba29 Compare November 5, 2024 21:49
@adarshdubey-star
Copy link
Contributor

adarshdubey-star commented Nov 6, 2024

/retest

1 similar comment
@loadtheaccumulator
Copy link
Collaborator Author

loadtheaccumulator commented Nov 6, 2024

/retest

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 2 times, most recently from c80696c to afa4250 Compare November 8, 2024 13:42
lzap
lzap reviewed Nov 9, 2024
View reviewed changes
lzap
lzap reviewed Nov 9, 2024
View reviewed changes
lzap
lzap reviewed Nov 9, 2024
View reviewed changes
@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 5 times, most recently from 22f1245 to 748b66c Compare November 13, 2024 14:56
@loadtheaccumulator
Copy link
Collaborator Author

loadtheaccumulator commented Nov 13, 2024

/retest

@ezr-ondrej ezr-ondrej changed the title add turnpike content guard add turnpike content guard (HMS-4783) Nov 15, 2024
ezr-ondrej
ezr-ondrej reviewed Nov 15, 2024
View reviewed changes
@mergify mergify bot closed this Nov 29, 2024
@mergify
Copy link
Contributor

mergify bot commented Nov 29, 2024

This pull request looks stale. Feel free to reopen it if you think it's a mistake.

@lzap
Copy link
Collaborator

lzap commented Nov 29, 2024

My bad, is taking too long. I am almost there, the patch is in, we need to kill workers...

@ezr-ondrej ezr-ondrej reopened this Dec 2, 2024
@lzap
Copy link
Collaborator

lzap commented Dec 4, 2024

The update edge builds are finally fixed on stage. Let me know when this is ready for re-review.

@loadtheaccumulator
Copy link
Collaborator Author

loadtheaccumulator commented Dec 10, 2024

/retest

@loadtheaccumulator loadtheaccumulator force-pushed the pulp_cert_contentguard branch 3 times, most recently from a7baf57 to 4749d76 Compare December 11, 2024 06:26
@loadtheaccumulator loadtheaccumulator marked this pull request as ready for review December 11, 2024 06:32
@loadtheaccumulator
add turnpike content guard
21b9b8e 
Signed-off-by: Jonathan Holloway <jholloway@redhat.com>
lzap
lzap approved these changes Dec 11, 2024
View reviewed changes
pkg/clients/pulp/guards_composite.go
// that the composite guard is not created or the guards are not the same as the ones provided, it will delete it
// and recreate it. This method is idempotent and will not create the guards if they already exist.
func (ps *PulpService) ContentGuardEnsure(ctx context.Context, orgID string) (*CompositeContentGuardResponse, error) {
var contentGuardHrefs []string
Copy link
Collaborator

@lzap lzap Dec 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fine, two appends will create a slice of capacity two, one extra copy operation is not big deal: https://go.dev/play/p/SAxjQTDwNCT

Interesting fact: Go increases capacity in power of twos up until 256 and then it is just 1.25x: https://github.com/golang/go/blob/master/src/runtime/slice.go#L289

@loadtheaccumulator loadtheaccumulator merged commit 97ee9c9 into RedHatInsights:main Dec 11, 2024
8 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@ezr-ondrej ezr-ondrej ezr-ondrej left review comments

@lzap lzap lzap approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

new feature New feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@loadtheaccumulator @lzap @adarshdubey-star @ezr-ondrej