interfaces/greengrass-support: back-port interface changes to 2.48 #9824
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These accesses are generally useful to snaps wanting to know more about their host system, but also more specifically useful to the new version of the Greengrass snap which will use much less privilege to run. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
…11 update This adds a new attribute to the greengrass-support interface, "flavor", which indicates what mode of containerization the greengrassd daemon is meant to be supporting with the plug. With no flavor attribute, or the "container" flavor, then the old policy is available so as to not break old users of the snap, but with a new "process" flavor, then a far less privileged version of the interface is provided, which allows the greengrassd daemon to implement no containerization and thus the lambdas that are run are not run with the additional privilege afforded to the original implementation of the interface, as that would allow lambdas to trivially escape the sandbox. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
The PR that added greengras attribute names was merged prematurely before Samuele had a chance to review the naming. This commit adds the TODO and will be milestoned 2.49 to ensure that we do not release anything to stable with the preliminary names.
The flavor attribute names are now as follows: - "legacy-container" is the full containerization also known as "Greengrass container" in AWS's UI. - "no-container" is the process-mode, no confinement mode, also known as "no container" in AWS's UI. Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
anonymouse64
changed the title
The yq tool changed its command line arguments and the test broke. Try not to depend on external tools and use a simple Python snippet to extract the cohort key. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
So that we don't have to deal with silly quoting when calling test-snapd-sh.sh. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is #9595 and #9639, back-ported to 2.48.
This also includes #9806 and #9807 in order to get unit tests + spread tests to run.