Skip to content

Parse minimal yaml instead of raw bash script #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 13, 2023
Merged

Parse minimal yaml instead of raw bash script #39

merged 1 commit into from
Jul 13, 2023

Conversation

@andywaltlova
Copy link
Collaborator

@andywaltlova andywaltlova commented Jul 11, 2023
edited
Loading

HMS-1994

  • The worker shall receive the data in a playbook-like format and use insights-client to verify the signature
  • The worker verifies that nobody has tampered with the contents of the bash script
  • Prepend all variables located under /vars/content_vars with RHC_WORKER_* and set them in the unix environment
  • Include a go-yaml library in the project to process the incoming yaml.

@andywaltlova
Copy link
Collaborator Author

andywaltlova commented Jul 11, 2023
edited
Loading

Current signed-bash-script file is not signed so the worker fails and in logs it can be seen that the yaml is invalid, question is what to do in that case, what should be content of the uploaded message?

If I used one of the existing playbooks that are used by insights (and change the struct for expected yaml), then the validation passes.

@andywaltlova andywaltlova force-pushed the feat/parse-validate-yaml branch 3 times, most recently from de082ac to bebe8d1 Compare July 12, 2023 14:22
@andywaltlova andywaltlova marked this pull request as ready for review July 12, 2023 14:23
@andywaltlova andywaltlova force-pushed the feat/parse-validate-yaml branch 4 times, most recently from e24ac9c to 9fef561 Compare July 13, 2023 10:16
@andywaltlova
Parse minimal yaml instead of raw bash script
2cfd548 
parse data via gopkg.in/yaml.v3
extract script to temporary file
set env variables
execute script and return stdout
implement signature verification for yaml file
update tests
local development nginx is now serving everything under development/nginx/data

Signed-off-by: Andrea Waltlova <awaltlov@redhat.com>
@andywaltlova andywaltlova force-pushed the feat/parse-validate-yaml branch from 9fef561 to 2cfd548 Compare July 13, 2023 10:29
@andywaltlova andywaltlova merged commit 9e31b52 into oamg:main Jul 13, 2023
@r0x0d r0x0d mentioned this pull request Aug 10, 2023
Merged
@andywaltlova andywaltlova deleted the feat/parse-validate-yaml branch August 17, 2023 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andywaltlova