Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(snap): Upgrade snap base to core22, upgrade env file loading logic #4530

Merged
merged 3 commits into from
May 3, 2023

Conversation

MonicaisHer
Copy link
Contributor

@MonicaisHer MonicaisHer commented Apr 26, 2023

This PR upgrades the snap base from core20 to core22, and also upgrades env file loading logic to incorporate the following fixes:

If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-go/blob/main/.github/Contributing.md

PR Checklist

Please check if your PR fulfills the following requirements:

  • I am not introducing a breaking change (if you are, flag in conventional commit message with BREAKING CHANGE: describing the break)
  • I am not introducing a new dependency (add notes below if you are)
  • I have added unit tests for the new feature or bug fix (if not, why?)
  • I have fully tested (add details below) this the new feature or bug fix (if not, why?)
  • I have opened a PR for the related docs change (if not, why?)

Testing Instructions

New Dependency Instructions (If applicable)

Signed-off-by: Mengyi Wang <mengyi.wang@canonical.com>
Signed-off-by: Mengyi Wang <mengyi.wang@canonical.com>
@codecov-commenter
Copy link

codecov-commenter commented Apr 26, 2023

Codecov Report

Merging #4530 (8449c7e) into main (5776811) will not change coverage.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@           Coverage Diff           @@
##             main    #4530   +/-   ##
=======================================
  Coverage   41.54%   41.54%           
=======================================
  Files         106      106           
  Lines        9764     9764           
=======================================
  Hits         4056     4056           
  Misses       5362     5362           
  Partials      346      346           

@MonicaisHer MonicaisHer marked this pull request as ready for review April 26, 2023 14:19
Signed-off-by: Mengyi Wang <mengyi.wang@canonical.com>
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@MonicaisHer MonicaisHer requested a review from farshidtz April 26, 2023 16:21
Copy link
Member

@farshidtz farshidtz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a few manual tests for user creation and TLS certificate replacements and they work too.

Thanks!

@farshidtz farshidtz merged commit 47e5a6d into edgexfoundry:main May 3, 2023
Copy link
Member

@farshidtz farshidtz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just realized that this has causes a regression because the additional ACL roles, set via the EDGEX_ADD_REGISTRY_ACL_ROLES env var are no longer passed to the security bootstrapper.

All external services that don't have the ACL role by default (device virtual, device-rest) fail with a similar error:
level=ERROR ts=2023-05-07T03:08:18.937346124Z app=device-mqtt source=bootstrap.go:48 msg="failed to create provider for all-services: failed to get Configuration Provider (consul) access token: HTTP response with status code 400, message: failed to generate Consul token using [device-mqtt]: {\"errors\":[\"role \\\"device-mqtt\\\" not found\"]}\n"

The env file gets generated locally:

$ sudo cat /var/snap/edgexfoundry/current/config/security-bootstrapper/overrides.env 
# Sys-gen env vars from snap options:
EDGEX_ADD_REGISTRY_ACL_ROLES="app-functional-tests,app-rules-engine,app-http-export,app-mqtt-export,app-external-mqtt-trigger,app-push-to-core,app-rfid-llrp-inventory,application-service,device-camera,device-mqtt,device-modbus,device-coap,device-snmp,device-gpio,device-bacnet,device-grove,device-uart,device-rfid-llrp,device-usb-camera,device-onvif-camera,edgex-ekuiper"

But it isn't sourced before starting the service. See inline comments.

Comment on lines -11 to -13
if [ -z $ENV_FILE ]; then
ENV_FILE="$SNAP_DATA/config/$SERVICE/res/$SERVICE.env"
fi
Copy link
Member

@farshidtz farshidtz May 8, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This removes the possibility of passing $ENV_FILE from outside. The security-consul-bootstrapper and security-bootstrapper-redis apps use a different path, set inside the snapcraft.yaml file.

after:
- security-secretstore-setup
command: bin/setup-redis-acl.sh
command-chain:
- bin/service-config-overrides.sh
- bin/source-env-file.sh
environment:
ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ENV_FILE should be changed to $SNAP_DATA/config/security-bootstrapper/overrides.env

after:
- security-secretstore-setup
command: bin/setup-consul-acl.sh
command-chain:
- bin/service-config-overrides.sh
- bin/source-env-file.sh
environment:
ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ENV_FILE should be changed to $SNAP_DATA/config/security-bootstrapper/overrides.env

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants