Use unified configfile parser for policy.json#711
Use unified configfile parser for policy.json#711jankaluza wants to merge 11 commits intocontainers:mainfrom
Conversation
github-actions
bot
added
common
|
@Luap99 , Hi, could you please check if this PR makes a sense? I also added two questions for parts of code I'm not sure about... |
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
Just an extremely brief skim.
| return filepath.Join(sys.RootForImplicitAbsolutePaths, systemPolicyPath), nil | ||
| var policy *Policy | ||
| found := false | ||
| for item, err := range configfile.Read(&policyFiles) { |
There was a problem hiding this comment.
This loop does not work; there is no merging. Is the intent to discard the policy values until the last one?!
There was a problem hiding this comment.
right, since we did not wanted to define merging rules the design doc says no drop in support and as such the main file will only ever be one per current parsing rules
There was a problem hiding this comment.
Reading more precisely, this loop should only iterate at most once; do we want to assert that?
jankaluza
changed the title
Luap99
left a comment
Luap99
left a comment
There was a problem hiding this comment.
it would be good to if you can squash the re-add SignaturePolicyPath commits, i.e when reviewing this it makes no sense to look at something getting remove to be added again. It also break git bisect most likely when vendoring from another repo.
| } | ||
|
|
||
| if conf.EnvironmentName != "" { | ||
| if conf.EnvironmentName != "" && !conf.DoNotLoadDropInFiles { |
There was a problem hiding this comment.
please add a new test case here for that behavior
There was a problem hiding this comment.
And document that behavior! It’s rather unexpected based on plain reading of the current option (although there is some logic to it).
Probably not, but maybe we’d want s/DoNotLoadDropInFiles/DropInFilesUnsupported/ ?!
There was a problem hiding this comment.
I am in favour of naming it DropInFilesUnsupported, though then I guess we would want to rename DoNotLoadMainFiles as well to MainFilesUnsupported? I suppose we could rename that outside of the scope of this PR if wanted.
There was a problem hiding this comment.
I kind of think of them as different dimensions: “do not load a file at $this path” is more of a directive vs. “the consumer cannot process multiple drop-ins regardless of names” is more of a capability declaration, but that’s a very weak reasoning.
I’m also quite fine with leaving the name as is.
There was a problem hiding this comment.
I would remove that in another PR if possible to not add more unrelated changes to this one if that's fine for you. I added the documentation part, that's good point :-).
| } | ||
|
|
||
| if conf.EnvironmentName != "" { | ||
| if conf.EnvironmentName != "" && !conf.DoNotLoadDropInFiles { |
There was a problem hiding this comment.
And document that behavior! It’s rather unexpected based on plain reading of the current option (although there is some logic to it).
Probably not, but maybe we’d want s/DoNotLoadDropInFiles/DropInFilesUnsupported/ ?!
| // Path overridden | ||
| {&types.SystemContext{SignaturePolicyPath: nondefaultPath}, false, true, nondefaultPath, ""}, | ||
| // Root overridden | ||
| for _, test := range []tc{ |
There was a problem hiding this comment.
I’m rather unhappy about no longer being able to truly test SystemContext == nil and SystemContext{}, but I also don’t see any good way to do that. This will just have to trust configfile.Read for that.
At least, please test (SystemContext == nil, SystemContext{})+(XDG_CONFIG_HOME,CONTAINERS_POLICY_CONF), enough to confirm that we got what we wanted (while we don’t control what exists in /etc and /usr)
There was a problem hiding this comment.
AFAICS there are no tests for SystemContext == nil and SystemContext{}.
There was a problem hiding this comment.
Still no test for SystemContext == nil?
jankaluza
force-pushed
the
policy.json
branch
3 times, most recently
from
89fd676 to
d9da724
Compare
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
I didn’t carefully read the added tests or think about coverage, I’m hoping for a simpler version first.
There are also a bunch of earlier outstanding review comments.
| // Path overridden | ||
| {&types.SystemContext{SignaturePolicyPath: nondefaultPath}, false, true, nondefaultPath, ""}, | ||
| // Root overridden | ||
| for _, test := range []tc{ |
There was a problem hiding this comment.
AFAICS there are no tests for SystemContext == nil and SystemContext{}.
|
Packit jobs failed. @containers/packit-build please check. |
Luap99
left a comment
Luap99
left a comment
There was a problem hiding this comment.
(commit 3 should be squashed into commit 1 and that one needs WIP stripped)
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
When no policy.json is found, `DefaultPolicy()`` previously returned a generic error without indicating where the system looked for the file. This commit introduces `configfile.ReadWithPaths()` to track all attempted config file locations during iteration. It uses this in DefaultPolicy() to include the searched paths in the error message when no policy file is found. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit does the following: - The `setup()` function now returns the SystemContext. - The hardcoded check for "no policy file found" has moved to the test itself. - Fixture is used for SignaturePolicyPath. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit introduces `File.ErrorIfNotFound`. If it is true, the Read returns an error which contains all the paths it tried when searching for a config file. The ReadWithPaths is replaced by this new logic. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
|
@mtrmac are you fine with the new approach suggested by me? @jankaluza Generally speaking I would like to see a "clean" history, i.e. not add ReadWithPaths just to remove it again as this makes reviewing harder but lets with for @mtrmac feedback first |
|
@Luap99 , yeah, I will squash the commits before merge. |
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
Sure, the ErrorIfNotFound approach is (given the signature-side test) fine. We can rework storage/configfile as needed. ACK overall.
Some outstanding nits:
- #711 (comment) (that would not have test coverage, that’s fine)
- #711 (comment)
- #711 (comment)
- #711 (comment)
- please squash, per @Luap99 .
3 participants
This PR switches
policy.jsonloading to the unifiedstorage/pkg/configfileparser instead of maintaining separate lookup logic in image/signature.The
SignaturePolicyPathsupport is preserved, so explicit callers continue to work as before. The policy loader also now uses CONTAINERS_POLICY_JSON for environment-based override. TheCONTAINERS_POLICY_JSON_OVERRIDEremains ignored for policy.json because drop-in loading is disabled for that this configuration file.It also extends the
configfileAPI to return the paths it searched. This is showed to users when there is no policy.json found.Fixes: #207
Fixes: #202