Add Sources field to Config #501
Conversation
|
TODO: Need to add sources to the configs coming from remote urls, cmdline etc |
and remove directory which is only meant to be used by yip configs (not user configs read by the kairos-agent). This needs to be explained in the release notes. Needs this: kairos-io/kairos-sdk#501 Part of: kairos-io/kairos#2737 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #501 +/- ##
==========================================
+ Coverage 54.04% 54.40% +0.36%
==========================================
Files 19 19
Lines 1558 1566 +8
==========================================
+ Hits 842 852 +10
+ Misses 587 586 -1
+ Partials 129 128 -1 ☔ View full report in Codecov by Sentry. |
| @@ -98,14 +95,28 @@ func (c *Config) MergeConfig(newConfig *Config) error { | |||
| return err | |||
| } | |||
|
|
|||
| // TODO: Consider removing the `name:` key because in the end we end up with the | |||
There was a problem hiding this comment.
The same thing applies to "config_url" which ends up having the value of the last merged config. Maybe we should care about it in this PR?
|
The I'm still not convinced this will be a very helpful command. It's not clear when it should be used and with what expectations. |
|
I'm opening this for review to gather the team's feedback. There are a couple of TODOs but we can worry about them only if we decide we want this change. |
jimmykarily
force-pushed
the
2737-add-sources-to-config
branch
from
0e48992
to
15d08d7
Compare
I actually just posted in slack a question related to this - we are building a custom OS with Kairos as base. We are wanting to lock it down a little more. As such, being able to see what config was used during the installation process is going to be huge for us to ensure we built it as intended and know what is active or not. Specifically we intend to run a more strict version of https://github.com/kairos-io/packages/blob/a1ee7d4fa956e4b764891f299e85ee82f5d576ac/packages/static/kairos-overlay-files/files/system/oem/50_recovery.yaml#L21 To clarify, will the system ones still be active? I originally read this as the system ones would be skipped but is it just being skipped from the |
The system ones (these) don't define any That's the reason we decided they are not relevant to the What do you mean by "more strict version"? Can you explain the use case in a bit more detail? |
|
Ahh okay I'm tracking with what is meant there.
For our use case, we don't want our users to be able to boot the device into recovery mode and have access to do things. I know that the OS is immutable and there's only so much they could do on the installed version (if anything). We just don't want them to even poke around aimlessly. We'd like to instead only offer them a kiosk mode to do such things. |
That's indeed very nice idea. We already create and admin group which is for users with |
|
Installing with this config prevents all logins in recovery: If you play around with PAM you may be able to limit logins to just admins (e.g. like described here). |
There was a problem hiding this comment.
Overall, I really like the idea 👏
If I get it right, it will put each source according to how it merged it, so if one would manually follow the process, I could tell why a certain value was overwritten. With 2 files that would work, but with 10+ I guess it would be very hard.
I wonder if what we need long term is more of a "ledger" lacking a better name. And that I could quickly ask the config, where does this value come from, and points me to the source that brought it in ... or comment the full yaml with sources?
#cloud-config
key_one:
sub_key_one: value2 #source ./file/path.extension
wdyt?
|
@mauromorales what you describe would be even better. The problem is that comments are lost when yamls are unmarshalled to objects and the configs spend most of their time in code being objects. If we need full tracking of where the values are coming from, we need to completely change how we merged yamls and such. |
|
@jimmykarily yup you're right. I'd really like for us to have a smarter marshalling 🤣 Because I find it so strange that you can have a single cloud-config file that you feed the system, and when you check the resulting file, it doesn't follow the same order that you put it in. But maybe that's just a nice to have for now in comparison to other features in the backlog |
and keep track of merged files there. Also print the Sources as a comment in the String() method. Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
although nobody should consume it since we errored Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
jimmykarily
force-pushed
the
2737-add-sources-to-config
branch
from
5240ad4
to
a18102f
Compare
to check that these all generate a line: - cmdline - remote config (config_url) - local files Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
and remove directory which is only meant to be used by yip configs (not user configs read by the kairos-agent). This needs to be explained in the release notes. Needs this: kairos-io/kairos-sdk#501 Part of: kairos-io/kairos#2737 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
and remove directory which is only meant to be used by yip configs (not user configs read by the kairos-agent). This needs to be explained in the release notes. Needs this: kairos-io/kairos-sdk#501 Part of: kairos-io/kairos#2737 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
and remove directory which is only meant to be used by yip configs (not user configs read by the kairos-agent). This needs to be explained in the release notes. Needs this: kairos-io/kairos-sdk#501 Part of: kairos-io/kairos#2737 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
and keep track of merged files there. Also print the Sources as a comment in the String() method.
Part of kairos-io/kairos#2737
(not really documentation but need this to make the docs clearer)
Allows us to generate something like this: