Use distributed product properties #10554
Conversation
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
matejak
force-pushed
the
real_properties
branch
6 times, most recently
from
f0849c0
to
7e53bcc
Compare
matejak
force-pushed
the
real_properties
branch
2 times, most recently
from
2fe1174
to
3a40f80
Compare
| Use this functionality to associate product properties with product versions, | ||
| so you can use only product properties in the content. | ||
| In other words, use this functionality to avoid referencing product versions in macros used in checks or remediations. | ||
| Instead, use properties that directly relate to configurations being checked or set, and that help to reveal the intention of the check or remediation code. |
There was a problem hiding this comment.
This is now way better!
We probably should have a blog post in which we would show the "good" and "bad" examples.
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
ssg/products.py
Outdated
| data.update(self._acquired_data) | ||
| data.update(self._primary_data) |
There was a problem hiding this comment.
I think it would be great to print an error if there are multiple definitions of the same property.
product_properties/README.md
Outdated
| Processing of those files can use `jinja2`, and macros or conditionals have access to product properties defined previously and in the `product.yml`. | ||
| Properties read from these yaml files can be overriden by properties from files processed later, while the properties specified in the `product.yml` override all previous definitions. | ||
|
|
||
| Conventionally, use the filename prefix `10-` to define defaults, and use subsequent prefixes to override those defaults based on products. |
There was a problem hiding this comment.
I don't like it, I would prefer to have a single source of truth, i.e. define a given option only in 1 file.
There was a problem hiding this comment.
This is tricky: YAML requires that in mappings, keys have to be unique, so setting a value to the default and redefining it later isn't legal, although libraries may support it.
The idea to define everything in one file is reasonable to me, so here are the options:
What is illegal:
key: value
key: another-value
Dedicated default section:
default:
key: value
overrides:
key: another-value
while the build system has to write overrides over defaults.
List of mappings:
- key: value
- key: another-value
while the build system has to assemble the set of key-value mappings gradually by iterating over the list.
There was a problem hiding this comment.
I think that the first option can be unreliable and the third option can be unexpected by newcomers so I prefer the second option because it's explicit. But let's take a look how it fits into the whole context of the "product properties" feature.
There was a problem hiding this comment.
What are the benefits of having the key overrides in centrally placed lexicographically ordered files?
Why not keep a centrally defined default, and each product overrides properties in its own product.yml, or maybe a product property file in the product directory, like products/rhel8/product_properties.yml?
This also facilitates the addition and removal of a product.
For example, one can copy the file with the default values, and tweak / remove keys.
There was a problem hiding this comment.
What are the benefits of having the key overrides in centrally placed lexicographically ordered files? Why not keep a centrally defined default, and each product overrides properties in its own
product.yml, or maybe a product property file in the product directory, likeproducts/rhel8/product_properties.yml? This also facilitates the addition and removal of a product. For example, one can copy the file with the default values, and tweak / remove keys.
Sorry, race condition. The override possibility is no longer considered, and if we introduce core product attributes s.a. "family" (ubuntu, debian, ol, rhel) and major version (8, 2204), we may even make the core product properties available at other properties definition time, which would take the ordering away completely.
product_properties/README.md
Outdated
| Processing of those files can use `jinja2`, and macros or conditionals have access to product properties defined previously and in the `product.yml`. | ||
| Properties read from these yaml files can be overriden by properties from files processed later, while the properties specified in the `product.yml` override all previous definitions. | ||
|
|
||
| Conventionally, use the filename prefix `10-` to define defaults, and use subsequent prefixes to override those defaults based on products. |
There was a problem hiding this comment.
What are the benefits of having the key overrides in centrally placed lexicographically ordered files?
Why not keep a centrally defined default, and each product overrides properties in its own product.yml, or maybe a product property file in the product directory, like products/rhel8/product_properties.yml?
This also facilitates the addition and removal of a product.
For example, one can copy the file with the default values, and tweak / remove keys.
|
The code has been altered to use the default/overrides keys, and tests and docs have been updated accordingly, and I believe that questions were addressed. |
There was a problem hiding this comment.
I like this change very much. I believe it will help us keep the data better organized and it will make the content more approachable to the authors.
I have tried to change some keys or override some keys and the behavior I observed was expected.
Please resolve the CodeClimate problem and take a look at the directory structure docs.
Product properties can be expanded by other means, so the only way how to make sure that they remain stable is to check references for stability.
- Assign the grub helper exec to the product - Remove most of the references to product names from grub macros - Substitute literal invocations of e.g. grubby with macros
Grubby is not used in the context of grub, but in another context of BLS utility, and the macro doesn't understand this.
|
@ComplianceAsCode/ubuntu-maintainers @ComplianceAsCode/suse-maintainers @ComplianceAsCode/oracle-maintainers Can you take a look, please? |
jan-cerny
added
help-wanted
|
@matejak ping |
|
Code Climate has analyzed commit 1ca395c and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 53.2% (0.4% change). View more on Code Climate. |
|
@teacup-on-rockingchair Can you check if the latest changes feel accurate for you to approve this PR? |
|
@matejak PTAL at @marcusburghardt comment |
|
I reviewed the PR again now and confirmed that all pending comments were properly managed. I marked some simpler comments as resolved while kept others open because they have useful information. This is new to the project and improvements are naturally expected along the time but the current state is pretty good to land. We can merge it and have its benefits already in 0.1.69 release. |
Description:
The PR builds on top of #10529. After that one is merged, this should get rebased in order to become easily reviewable.It introduces product properties that can be read from a directory that can contain jinja2-powered yaml files that are processed in lexicographic order.
During processing of those files, they have access to the existing product properties. Properties read from those yaml files can be overriden by later files, while the properties specified in product yaml always stay on top.
Rationale:
This change will allow to move aspects of products from constants and source code in general to human-accessible yaml files in a top-level directory.
Review Hints: