Skip to content
This repository was archived by the owner on Feb 20, 2025. It is now read-only.

feat: sign destination component #93

Merged
merged 3 commits into from
Nov 30, 2023
Merged

feat: sign destination component #93

merged 3 commits into from
Nov 30, 2023

Conversation

Skarlso
Copy link
Contributor

@Skarlso Skarlso commented Nov 28, 2023

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.

What type of PR is this? (check all applicable)

  • 🍕 Feature
  • 🐛 Bug Fix
  • 📝 Documentation Update
  • 🎨 Style
  • 🧑‍💻 Code Refactor
  • 🔥 Performance Improvements
  • ✅ Test
  • 🤖 Build
  • 🔁 CI
  • 📦 Chore (Release)
  • ⏩ Revert

Related Tickets & Documents

  • Related Issue # (issue)
  • Closes # (issue)
  • Fixes # (issue)

Remove if not applicable

Screenshots

Added tests?

  • 👍 yes
  • 🙅 no, because they aren't needed
  • 🙋 no, because I need help
  • Separate ticket for tests # (issue/pr)

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

Added to documentation?

  • 📜 README.md
  • 🙅 no documentation needed

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@Skarlso Skarlso requested review from phoban01 and souleb November 28, 2023 12:42
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 28, 2023
edited
Loading

Mend Scan Summary: ❌

Repository: open-component-model/replication-controller

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 0
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 0
LICENSE RISK HIGH 4
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 1

Detailed Logs: mend-scan-> Generate Report
Mend UI

phoban01
phoban01 reviewed Nov 28, 2023
View reviewed changes
Copy link
Contributor

@phoban01 phoban01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good so far. Will we add the product validation in a letter changeset?

phoban01
phoban01 reviewed Nov 29, 2023
View reviewed changes
controllers/componentsubscription_controller.go
}

func (r *ComponentSubscriptionReconciler) checkComponentIsMPASEnabled(cv ocm2.ComponentVersionAccess) error {
resources, err := cv.GetResourcesByResourceSelectors(compdesc.ResourceSelectorFunc(func(obj compdesc.ResourceSelectionContext) (bool, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice 👍🏻

controllers/componentsubscription_controller.go
return fmt.Errorf("failed to verify component validity: %w", err)
}

pub, err := r.OCMClient.SignDestinationComponent(ctx, sourceComponentVersion)
Copy link
Contributor

@phoban01 phoban01 Nov 29, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's not the component that we need to sign. it's the digest of the spec of the subscription. otherwise what's the point in having the digest?

controllers/componentsubscription_controller.go
},
}

hash, err := hashstructure.Hash(obj.Spec, hashstructure.FormatV2, nil)
Copy link
Contributor

@phoban01 phoban01 Nov 29, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is what we should be signing

controllers/componentsubscription_controller.go
if err := r.OCMClient.TransferComponent(ctx, octx, obj, sourceComponentVersion, latestSourceComponentVersion.Original()); err != nil {
err := fmt.Errorf("failed to transfer components: %w", err)
status.MarkNotReady(r.EventRecorder, obj, v1alpha1.TransferFailedReason, err.Error())
if r.MpasEnabled {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need if/else here? could we not just do the validation and signature calculation if mpas is enabled and then use the same reconcile logic from that point onwards.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'll try to simplify this a bit. Let me see what I can cook up. :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah thanks. Turns out I overcomplicated it a bit... If it's an mpas component we already check if destination is there. So the code below didn't need change at all anyways. It's a lot nicer now.

@Skarlso Skarlso merged commit ce5f43f into main Nov 30, 2023
@Skarlso Skarlso deleted the sign-component branch November 30, 2023 15:02
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@phoban01 phoban01 phoban01 approved these changes

@souleb souleb Awaiting requested review from souleb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Skarlso @phoban01