-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Allow return the client without performing a matchRepository #18053
base: master
Are you sure you want to change the base?
Conversation
… the application'plugin be configured by its name Signed-off-by: Javier Solana <javier.solana@cabify.com>
util/app/discovery/discovery.go
Outdated
@@ -165,7 +165,12 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil | |||
return nil, nil, false | |||
} | |||
|
|||
isSupported, isDiscoveryEnabled, err := matchRepositoryCMP(ctx, appPath, repoPath, cmpClient, env, tarExcludedGlobs) | |||
// if plugin name is specified, lets return the client directly | |||
if namedPlugin { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we still only want to do this if discovery is not enabled, since the CMP author might be using discovery as a sort of safety or even security mechanism.
We probably need a pre-flight request to get isDiscoveryEnabled
without sending the whole repo. That's a somewhat more involved change, since it'll introduce a new API endpoint.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make a lot of sense, let me update the MR
Thanks a lot for your feedback!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think @crenshaw-dev ?
plugin.proto
message CheckPluginConfigurationResponse {
bool isDiscoveryConfigured = 1;
}
...
// CheckPluginConfiguration is a pre-flight request to check the plugin configuration
// without sending the whole repo.
rpc CheckPluginConfiguration(stream AppStreamRequest) returns (CheckPluginConfigurationResponse) {
}
In that case isDiscoveryConfigured
will be true if there is any discovery.FileName
or discovery.Find
info (in this case we won't propagate repo info, then, no pattern matching will be executed)
plugin.go
type CheckPluginConfigurationStream interface {
Stream
SendAndClose(response *apiclient.CheckPluginConfigurationResponse) error
}
func (s *Service) CheckPluginConfiguration(stream apiclient.ConfigManagementPluginService_CheckPluginConfigurationServer) error {
return s.checkPluginConfigurationGeneric(stream)
}
func (s *Service) checkPluginConfigurationGeneric(stream CheckPluginConfigurationStream) error {
isDiscoveryConfigured := s.isDiscoveryConfigured()
repoResponse := &apiclient.CheckPluginConfigurationResponse{IsDiscoveryConfigured: isDiscoveryConfigured}
err := stream.SendAndClose(repoResponse)
if err != nil {
return fmt.Errorf("error sending check plugin configuration response: %w", err)
}
return nil
}
func (s *Service) isDiscoveryConfigured() (IsDiscoveryConfigured bool) {
config := s.initConstants.PluginConfig
return config.Spec.Discover.FileName != "" || config.Spec.Discover.Find.Glob != "" || len(config.Spec.Discover.Find.Command.Command) > 0
}
Wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the rough idea makes sense. I'm not sure it would need to be a streaming request. If I understand correctly, we wouldn't need to send any streaming contents to the CMP.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep I was thinking the same, I ve mimic other operations but no strong opinion about stream vs unary op in this moment 😅
Gonna update it to use unary call
Thanks mate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done! Let me know wdyt! (also title and description of the PR was updated)
Thanks for all your support @crenshaw-dev :)
Signed-off-by: Javier Solana <javier.solana@cabify.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #18053 +/- ##
==========================================
- Coverage 45.08% 45.08% -0.01%
==========================================
Files 354 354
Lines 48006 48022 +16
==========================================
+ Hits 21644 21651 +7
- Misses 23547 23556 +9
Partials 2815 2815 ☔ View full report in Codecov by Sentry. |
Signed-off-by: Javier Solana <javier.solana@cabify.com>
common.SecurityField: common.SecurityMedium, | ||
common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we drop these fields? I don't think they're needed. I'll put up another PR to remove them from the unrelated lines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you mean
cfg, err := cmpClient.CheckPluginConfiguration(ctx, &empty.Empty{})
if err != nil {
log.Errorf("error checking plugin configuration %s, %v", fileName, err)
return nil, nil, false
}
correct?
Why?
Closes #17948
Modify the behavior during
DetectConfigManagementPlugin
to avoid transferring the entire repository to cmp-server hereUse a new pre-flight operation to check if discovery is enabled or not.
If
discover
is not configured, returns the client without without further checksChecklist: