Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

censor versioning [T971] #321

Merged
merged 23 commits into from
Mar 1, 2019
Merged

censor versioning [T971] #321

merged 23 commits into from
Mar 1, 2019

Conversation

Lagovas
Copy link
Collaborator

@Lagovas Lagovas commented Feb 27, 2019

  • added parsing version from censor's config and compare it with hardcoded version var MinimalCensorConfigVersion = "0.84.2". If version in config is older than minimal then log error message and stop acra-server. But don't know how to check it better. Compare with version in config or with version of acra-server (also hardcoded). And which version will be supported by censor, less/greater/equal. When major/patch equals and ignore patch or full version value or maybe set minimal version (as it done in PR) and update hardcoded version after censor's updates?
  • when I did this PR golang 1.12 was released so I added it to tests (and removed 1.9.7 as unsupported for now). Plus due to added support of tls1.3 in golang1.12, added tests with new tls version too as separate go test run
  • because ci froze more frequently when I pushed commits and we decided that it's okay to add loop for tests with re-tries to avoid annoying failures so added it too
  • added exporting test's result in junit xml format to allow circleci parse them and show on his ui - https://circleci.com/docs/2.0/collect-test-data/. After this circleci show statistics with failed/successful tests, time of execution, etc.

Copy link
Collaborator

@vixentael vixentael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it was a long PR, but it worth it!

// LoadConfiguration loads configuration of AcraCensor
func (acraCensor *AcraCensor) LoadConfiguration(configuration []byte) error {
var censorConfiguration Config
err := yaml.Unmarshal(configuration, &censorConfiguration)
if err != nil {
return err
}
configVersion, err := utils.ParseVersion(censorConfiguration.Version)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

current censor configs don't have version, so it can be parsed. shouldn't we return ErrUnsupportedConfigVersion`?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it will return this error and log will looks like:

[...] "Can't setup censor" error="VERSION value has incorrect format (semver 2.0.0 format expected, https://semver.org/)"

There return another error value to distinguish cases when version is missed/has incorrect value and version is outdated. Maybe better to return 3 different error values: missed version/incorrect format/outdated?

Plus I think to change "VERSION value has incorrect format (semver 2.0.0 format expected, https://semver.org/)" -> "version value has incorrect format (semver 2.0.0 format expected, https://semver.org/)". Because at start it was a reference to variable VERSION

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a check on empty version and return ErrUnsupportedConfigVersion

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you, makes sense!

acra-censor/acra-censor_configuration_provider.go Outdated Show resolved Hide resolved
if err != nil {
return err
}
if censorVersion.Compare(configVersion) == utils.Greater {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if censorVersion.Compare(configVersion) == utils.Greater {
if currentlySupportedVersion.Compare(configVersion) == utils.Greater {

acra-censor/acra-censor_test.go Outdated Show resolved Hide resolved
return err
}
if censorVersion.Compare(configVersion) == utils.Greater {
// censor has version newer than config
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should log error in human readable form, smth like

acraCensor.logger.
  WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCensorSetupError).
  Errorln("AcraCensor config file version is not supported: probably AcraCensor configuration (acra-censor.yaml) is outdated, check docs for deprecation warnings https://docs.cossacklabs.com/pages/documentation-acra/#acracensor-acra-s-firewall")

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, added

{"1.0.0", "0.0.0", Greater},
{"0.0.0", "1.0.0", Less},

{"0.1.0", "0.0.0", Greater},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{"0.1.0", "0.0.0", Greater},
{"0.1.0", "0.0.0", Greater},
{"0.84.2", "0.1.0", Greater},
{"0.84.2", "1.0.0", Less},

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added (but imho it test the same cases : )

Copy link
Contributor

@ilammy ilammy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hurray for testing the TLS 1.3 preview!

.circleci/check_gotest.sh Outdated Show resolved Hide resolved
.circleci/integration.sh Show resolved Hide resolved
send_signal_by_process_name('acra-server', signal.SIGTERM)
send_signal_by_process_name('acra-connector', signal.SIGTERM)
send_signal_by_process_name('acra-server', signal.SIGKILL)
send_signal_by_process_name('acra-connector', signal.SIGKILL)
Copy link
Contributor

@shadinua shadinua Feb 28, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to use SIGKILL instead of SIGTERM? Is there any problem with process termination during test?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

siterm + sigkill after timeout sent via stop_process function above that uses pid's that was returned after expected fork from our code. send_signal_by_process_name use pidof to finally kill any zombie processes that may be forked after unexpected sighup signal. because after sighup the processes that we forked from tests create own fork with new pid that we don't know from test environment and terminate itself.

in general cases send_signal_by_process_name will do nothing because all processes was terminated correctly before.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the explanation.

@Lagovas Lagovas merged commit 4dd7cf7 into cossacklabs:master Mar 1, 2019
@Lagovas Lagovas deleted the lagovas/T971-censor-versioning branch March 11, 2019 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants