aws: allow the user to customize their AMI name

[lavocatt]

In the frontend a new field is allowing user to setup customized names
for their images (see
osbuild/image-builder-frontend#1136).

To allow the customization to effectively take place, this commit is
slightly changing how EC2 images are activated.

The Name tag and the AMI Name are not always sharing the same value
exactly anymore. If the user provides a SnaphsotName, the raw value is
set in the Name tag and the AMI name is set to $SnaphsotName-$UUID
(to make it unique).

This means that the Name tag can't be used anymore for the maintenance
tooling. The tooling will have to use the new Build-By tag to identify
the images built by osbuild-composer.

Example
The request:

Ended up producing this AMI:

This pull request includes:

• adequate testing for the new functionality or fixed issue
• adequate documentation informing people about the change such as
  • submit a PR for the guides repository if this PR changed any behavior described there: https://www.osbuild.org/guides/

https://issues.redhat.com/browse/HMS-2959

[lavocatt]

What kind of test would be adequate for this functionality do you think? I could change the aws test to add a snapshotName in the request and see if I can get access to the proper name after upload? Wdyt?

[bcl]

What benefit is there in using a new UUID to make the AMI Name unique? Why not use the UUID of the image so that no matter which field you look at it is clear (ha!) that it is the same thing?

[lavocatt]

What benefit is there in using a new UUID to make the AMI Name unique? Why not use the UUID of the image so that no matter which field you look at it is clear (ha!) that it is the same thing?

Thanks for this input, I hadn't thought about it this way. I'll make the two UUIDs the same.

[lavocatt]

One thing I'm noticing is that the AMI Id seems to reference the content of the Name tag too, and I don't know why. Or is it the name of the snapshot in the parenthesis?

[lavocatt]

The tests are failing and I'm starting to understand what's happening.

We decided to reuse the snapshot_name because we thought that this field in the request wasn't really used anywhere. But it turns out that this field is being used in the tests:

osbuild-composer/test/cases/api/aws.sh

Lines 69 to 79 in 6735e74

	"image_request": {
	"architecture": "$ARCH",
	"image_type": "${IMAGE_TYPE}",
	"repositories": $(jq ".\"$ARCH\"" /usr/share/tests/osbuild-composer/repositories/"$DISTRO".json),
	"upload_options": {
	"region": "${AWS_REGION}",
	"snapshot_name": "${AWS_SNAPSHOT_NAME}",
	"share_with_accounts": ["${AWS_API_TEST_SHARE_ACCOUNT}"]
	}
	}
	}

osbuild-composer/test/cases/api/aws.sh

Lines 103 to 110 in 6735e74

	function verify() {
	$AWS_CMD ec2 describe-images \
	--owners self \
	--filters Name=name,Values="$AWS_SNAPSHOT_NAME" \
	> "$WORKDIR/ami.json"
	AMI_IMAGE_ID=$(jq -r '.Images[].ImageId' "$WORKDIR/ami.json")
	AWS_SNAPSHOT_ID=$(jq -r '.Images[].BlockDeviceMappings[].Ebs.SnapshotId' "$WORKDIR/ami.json")

The test suite is using this field to recover the ID of the image that was just built. Adding a UUID to the string broke that logic. There's an easy fix which implies to simply change how the test suite is finding the image by updating the filter from being equal to containing. For that I can just add a * to the filter.

Here's a few opened questions:

• Since there's no way to name a snapshot, maybe the snapshot_name field should be renamed to something else.
• This field was originally made to have an easy way to find an image. Should we keep the functionality as it was originally (without changing the filter)?

I think it's reasonable to could keep the broader filter (the one with a *). But I feel like renaming the field would be a nice addition to this PR. Maybe something like CustomName instead of SnaphsotName ?

What do you think?

[bcl]

The consistent UUID part of things looks good.

[thozza]

The change looks reasonable, but I'm wondering if we can't instead extend the maintenance service to use additional / different tag for filtering images? This would allow us to use the same value for the Name tag and as image name and would reduce the complexity and required changes in osbuild-composer a lot. 🤔

[thozza]

I think that part of this comment should be preserved. Especially the information that the maintenance service uses "Name:composer-api-*" to discover images is very useful.

[thozza]

tiny nitpick: I would suggest to rename this to NameTag instead. The TagName indicates (at least to me) that it is a name (a.k.a. the key) of a tag, not a value of a tag named Name.

[thozza]

I'm wondering if the maintenance service could not leverage this new tag instead of the image name for filtering? This would allow us to keep the image name and the value of the Name tag consistent. Since you are appending an UUID to the user-provided image name, it will be unique and usable as the single image name.

@croissanne WDYT about using this new tag for the maintenance service?

[croissanne]

Yup!

[croissanne]

The change looks reasonable, but I'm wondering if we can't instead extend the maintenance service to use additional / different tag for filtering images? This would allow us to use the same value for the Name tag and as image name and would reduce the complexity and required changes in osbuild-composer a lot. 🤔

I think that's already implied in the description. Might be useful to do this in the same PR though, would just require a tiny change.

[github-actions]

This PR is stale because it has been open 30 days with no activity. Remove "Stale" label or comment or this will be closed in 7 days.

[github-actions]

This PR was closed because it has been stalled for 30+7 days with no activity.