-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using the new options for image-scanning options #45
Using the new options for image-scanning options #45
Conversation
@enoodle nice! I think this would do it. |
8b7f74b
to
85e515b
Compare
85e515b
to
c4dc70b
Compare
c4dc70b
to
c634dab
Compare
405651f
to
3456a86
Compare
59c341c
to
408f9a8
Compare
}, | ||
:cve_url => { | ||
:label => N_('CVE location'), | ||
:help_text => N_('Enables defining a URL for XCCDF file instead of accessing the Internet'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I remember something about this being a prefix and not url?
would it be possible to add an example to each value, even only a comment?
I'm thinking this would be great if I need to use one of these I could look here and see what I need.
408f9a8
to
71008d7
Compare
@moolitayer I can also have the example in the |
👍 That would be much better 🌶️ |
@moolitayer done. |
918eebe
to
9152ba5
Compare
@@ -348,6 +347,7 @@ def inspector_admin_secret | |||
end | |||
|
|||
def pod_definition(inspector_admin_secret_name) | |||
@ems_options = ext_management_system.options[:image_inspector_options] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we please have ems_options as a method and not an instance variable?
I might be reading this wrong but the usage of @ems_options[:registry]
in line 429 looks like a side effect of calling this method first. (you can memoize it if you want to save lookups)
9152ba5
to
e9964da
Compare
}, | ||
:cve_url => { | ||
:label => N_('CVE location'), | ||
:help_text => N_('Enables defining a URL path prefix for XCCDF file instead of accessing the default location. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@@ -347,6 +346,10 @@ def inspector_admin_secret | |||
return nil | |||
end | |||
|
|||
def ems_options | |||
@provider_options ||= ext_management_system.options[:image_inspector_options] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
env << {:name => att.name.upcase, | ||
:value => att.value} unless att.value.blank? | ||
PROXY_ENV_VARIABLES.each_with_object([]) do |var_name, env| | ||
if ems_options.keys.include?(var_name.to_sym) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ems_options.key?(var_name.to_sym)
:user => options[:user] || authentication_userid(options[:auth_type]), | ||
:pass => options[:pass] || authentication_password(options[:auth_type]), | ||
:bearer => options[:bearer] || authentication_token(options[:auth_type] || 'bearer'), | ||
:http_proxy => self.options.fetch_path(:proxy_settings, :http_proxy), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ems_options.fetch_path maybe? self.options
is nil according to Travis
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor comments and fix travis, other than that
LGTM 👍
@enoodle can you fix travis? |
a8773d3
to
6a6c84c
Compare
@moolitayer I added tests and now travis is green. PTAL |
@@ -0,0 +1,73 @@ | |||
module ManageIQ::Providers::Kubernetes::ContainerManager::Options | |||
extend ActiveSupport::Concern |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you need ActiveSupport::Concern? what does it do here? (extend
into an extend
ed module is too much for my brain ;-)
I think you don't need it, this simply has methods that become class methods due to extend ...ContainerManager::Options
.
or if you want to use ActiveSupport::Concern idiomatically, switch to include
ing this module and put the methods under ClassMethods
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay, very nice.
@@ -347,6 +346,10 @@ def inspector_admin_secret | |||
return nil | |||
end | |||
|
|||
def ems_options |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
consider renaming to ems_image_inspector_options
(or something intermediate).
because ems_options[:registry]
sounds like these are top-level options on the ems.
env << {:name => att.name.upcase, | ||
:value => att.value} unless att.value.blank? | ||
PROXY_ENV_VARIABLES.each_with_object([]) do |var_name, env| | ||
next unless ems_options.key?(var_name.to_sym) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure it matters, but previous code checking .blank?
allowed "unsetting" by setting to empty string, this requires actually unsetting the option — is that even possible with the new per-EMS options?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is possible to totally unset an option if you set the options without the ones you don't want:
ems.update(:options => {})
or ems.update(:options => {:image_inspector_options => {:http_proxy => "my_proxy"}})
. The options are only set from the UI [1] so it will be up to that piece of code to make sure that empty values are not set.
I wonder if it is smart to add tests for the empty option case making sure that they are treated as unset. (then making sure it is so here) - This will prevent us from assigning them the empty value. WDYT?
:user => options[:user] || authentication_userid(options[:auth_type]), | ||
:pass => options[:pass] || authentication_password(options[:auth_type]), | ||
:bearer => options[:bearer] || authentication_token(options[:auth_type] || 'bearer'), | ||
:http_proxy => self.options ? self.options.fetch_path(:proxy_settings, :http_proxy) : nil, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why :proxy_settings, :http_proxy
here and just :http_proxy
in kubernetes_connect
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kubernetes_connect
gets its options from here, calling raw_connect
will eventually kubernetes_connect
. I put them in http_proxy
so no need for the proxy_settings
. Openshift calls kubernetes_connect
as well after adding its own options.
6a6c84c
to
9257f08
Compare
Some comments on commit enoodle@9257f08 spec/models/manageiq/providers/kubernetes/container_manager/scanning/job_spec.rb
|
Checked commit enoodle@9257f08 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@@ -14,6 +14,7 @@ class ManageIQ::Providers::Kubernetes::ContainerManager < ManageIQ::Providers::C | |||
require_nested :Scanning | |||
|
|||
include ManageIQ::Providers::Kubernetes::ContainerManagerMixin | |||
include ManageIQ::Providers::Kubernetes::ContainerManager::Options |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on ManageIQ/manageiq#15398
This will use the options field for per-provider configuration in image scanning.
Also, This will try to use the http_proxy set in the options to connect to the provider instead of the one defined in the settings file. Originally it was planned to have
https_proxy
andno_proxy
options as well for the connection to the provider but as they are not used currently I left them out.