-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd: Fix --authfile/--insecure flags #2242
Conversation
d1bccf6 ("gadgets/run: Support eBPF parameters") introduced a logic to remove the flags before calling GetGadgetInfo(), unfortunately it also broke the --authfile/--insecure flags as they were removed. This commit changes the approach to use ParseEarlyFlags() to parse flags that are already known before contacting the server, like --insecure & --authfile, so they can be used by the server while it executes GetGadgetInfo(). Fixes: d1bccf6 ("gadgets/run: Support eBPF parameters") Signed-off-by: Mauricio Vásquez <mauriciov@microsoft.com>
b7fddfa
to
c49480a
Compare
a6b4551
to
d970a43
Compare
I added an integration test for the --insecure flag, unfortunately doing the same for the --authfile isn't so easy as it'll require to configure native basic auth and TLS certificates in the registry. I'll open an issue to handle this later on. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested it and it works fine:
$ sudo -E ./ig run localhost:5000/gadget/open --insecure
INFO[0000] Experimental features enabled
RUNTIME.CONTAINERNAME PID COMM UID GID RET FNAME
elated_payne 85381 bash 0 0 3 /etc/ld.so.cache
I nonetheless do not understand what is wrong with the test as the image seems to be copied:
Copied [registry] ttl.sh/3285379a0774706d29b7142bb33e117faedaf732/trace_open:2242-merge => [registry] 10.244.1.20:5000/trace_open:2242-merge
Digest: sha256:28a480836f3a974cbb847b4c615c31bb24a3d83e8d729b8c6518cee357c0c8e4
It seems that the |
d970a43
to
0e62515
Compare
I made this change, kicked the CI few times and it seems to be working fine now. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
In other places we also have sleep
commands but we could maybe change that
} | ||
RunTestSteps(orasCpCmds, t) | ||
|
||
// TODO: Ideally it should not depend on a real gadget, but we don't have a "test gadget" available yet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created issue #2255 to track this.
Signed-off-by: Mauricio Vásquez <mauriciov@microsoft.com>
0e62515
to
f7f13f0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested it and it works fine, thanks!
d1bccf6 ("gadgets/run: Support eBPF parameters") introduced a logic to remove the flags before calling GetGadgetInfo(), unfortunately it also broke the --authfile/--insecure flags as they were removed.
This commit changes the approach to use ParseEarlyFlags() to parse flags that are already known before contacting the server, like --insecure & --authfile, so they can be used by the server while it executes GetGadgetInfo().
Fixes: d1bccf6 ("gadgets/run: Support eBPF parameters")
Fix #2225
How to test
I manually tested the following:
ig
ig + gadgectl using default unix socket
$ sudo -E ig daemon INFO[0000] Experimental features enabled INFO[0000] starting Inspektor Gadget daemon at "unix:///var/run/ig/ig.socket" ... $ sudo -E ./gadgetctl run 192.168.1.150:5000/foo:latest INFO[0000] Experimental features enabled RUNTIME.CONTAINERNAME PID PPID COMM UID GID RETVAL
ig + gadgectl using tcp
$ sudo -E ig daemon -H tcp://127.0.0.1:1234 INFO[0000] Experimental features enabled INFO[0000] starting Inspektor Gadget daemon at "tcp://127.0.0.1:1234" ... $ ./gadgetctl run 192.168.1.150:5000/foo:latest --remote-address tcp://127.0.0.1:1234 --insecure INFO[0000] Experimental features enabled RUNTIME.CONTAINERNAME PID PPID COMM UID GID RETVAL
kubectl gadget
TODO