feature: import targets #195
Conversation
Implements the feature import target `rstuf admin import-targets`. This feature gives the RSTUF administrator the functionality to import a large number of existent targets. It helps to roll out and deploy the RSTUF in existing repositories. This feature is detailed and explained at these links - repository-service-tuf/repository-service-tuf#188 - BDD Feature: repository-service-tuf/repository-service-tuf#218 Some changes in the ceremony was done to reuse in the code: - The `ceremony._check_server` was converted to `helpers.api_client.get_headers` - The `ceremony._bootstrap_state` was converted to `helpers.api_client.task_status` Added 100% coverage to `helpsers.api_client` Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
|
This feature implements #39, right? |
It partially implements #39. Should we create a specific issue for it? Should I also implement add-targets to this PR?
What I mention is that "the feature is described in repository-service-tuf/repository-service-tuf#188" and on the BDD. |
I see what you did now.
I don't think it will be necerry to create a new issue now when we have a pr, but could you update #39 (comment) comment with the remaining steps (mentioning this step of importing targets) and their status?
Yes, got it. |
There was a problem hiding this comment.
I reviewed the core code without the tests yet.
I have too many questions/comments on it.
Overall the work is big. It's visible it caused you a great amount of time an effort.
Besides my comments: do you plan on adding a test file with tests specifically testing
repository_service_tuf/cli/admin/import_targets.py?
| response = request_server( | ||
| server, URL.bootstrap.value, Methods.get, headers=headers | ||
| ) | ||
| if response.status_code != 200: |
There was a problem hiding this comment.
In the previous implementation when this was the _check_server function inside ceremony.py you also checked in the response if bootstrap is true.
I see that in ceremony.py before calling get_headers you check the bootstrap status and it is not required but inside the new file import_targets.py you don't check the bootstrap status before calling get_headers.
Is this missed or it's deliberate?
There was a problem hiding this comment.
Yes, the import-targets requires the bootstrap done. I will add the check.
There was a problem hiding this comment.
Now I am looking into this code again and I am wondering: why do you add a separate request_server call in lines 159-161 in import_targets.py just to complete the bootstrap check when you can make it there?
What do you save by not doing it here directly?
You already made the request_server call to ask about the bootstrap status, not sure why you don't parse the response here directly...
Is it to not repeat the bootstrap check when you call get_headers from the ceremony.py file where you already did it?
There was a problem hiding this comment.
get_headers returns only the headers.
The call used by get_headers to the bootstrap is to validate the token itself as the CLI token has all required scopes.
The bootstrap check from the ceremony and import-targets is the same data but has a different check.
- ceremony the expect a bootstrap not completed.
- import-targets expect a bootstrap completed.
There was a problem hiding this comment.
As I have mentioned in my comment here 82b64ab#r1106678265 we can continue this discussion in a separate issue as there are already lots of changes.
Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
The optional dependencies `psycopg2` and `sqlalchemy` are optional. This is required only when the user aim to use the `import-targets` feature. Add to documentation the new feature Add details about the usage and CSV Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- add typing notation - make the `_check_csv_files` more explicity Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
|
I will have a look tomorrow and review as well 👍 |
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- Added some small refactoring in the implementation - 100% coverage for the UT - Fix some comments from the review Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
|
@MVrachev, it is ready for another review. |
| response = request_server( | ||
| server, URL.bootstrap.value, Methods.get, headers=headers | ||
| ) | ||
| if response.status_code != 200: |
There was a problem hiding this comment.
Now I am looking into this code again and I am wondering: why do you add a separate request_server call in lines 159-161 in import_targets.py just to complete the bootstrap check when you can make it there?
What do you save by not doing it here directly?
You already made the request_server call to ask about the bootstrap status, not sure why you don't parse the response here directly...
Is it to not repeat the bootstrap check when you call get_headers from the ceremony.py file where you already did it?
Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
| @@ -69,6 +74,94 @@ def is_logged(server: str, token: str): | |||
| return Login(state=True, data=data) | |||
|
|
|||
| else: | |||
| click.ClickException( | |||
| f"Error {response.status_code} {response.json()['detail']}" | |||
| raise click.ClickException( | |||
There was a problem hiding this comment.
I think is_logged does not work as expected in all cases.
A GET api/v1/token/ request may also return a 200 response with a body of:
{
"detail": {
"error": "Failed to validate token"
}
}
See here. In this case, data is None and data.get("expired") will throw an AttributeError
I spotted it here, but if you validate it I can open a bug. (BTW quick fix: data = response.json().get("data", {}))
On the other hand, we are always validating a token with the same token in the headers, so I assume if the token is invalid it won't be because it can't be decoded... so it might be fine this way. I will not delete it, but I believe you can ignore my comment.
There was a problem hiding this comment.
I spotted it here, but if you validate it I can open a bug. (BTW quick fix:
data = response.json().get("data", {}))
That's a good spot. I'm implementing the quick fix.
On the other hand, we are always validating a token with the same token in the headers, so I assume if the token is invalid it won't be because it can't be decoded... so it might be fine this way. I will not delete it, but I believe you can ignore my comment.
Maybe we can have a specific issue for this part to implement or remove this check.
Can you file the issue giving the background?
There was a problem hiding this comment.
@KAUTH when you open it could please link it here for future reference?
Also, a good catch indeed. :))
There was a problem hiding this comment.
I opened this issue
- move parameters to use double dash `--{names}`
- remove duplicate check that is done by `is_logged`
- fix tests
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- fix `is_logged` bug in case of no data with 200 status code - fix typing for the `task_status` response - fix typo/wording for task status Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- remove login keyword parameters from lambda Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
There was a problem hiding this comment.
I see only one place that requires change and I have described it in my comment:
#195 (comment)
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Codecov ReportBase: 84.33% // Head: 90.52% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #195 +/- ##
==========================================
+ Coverage 84.33% 90.52% +6.18%
==========================================
Files 9 10 +1
Lines 549 633 +84
==========================================
+ Hits 463 573 +110
+ Misses 86 60 -26
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
There was a problem hiding this comment.
Great job @kairoaraujo!
LGTM from me, but will wait for another day in hope that @KAUTH can review it again.
|
With two approvals how could you not merge this :)) |
Implements the feature import target
rstuf admin import-targets.This feature gives the RSTUF administrator the functionality to import a large number of existent targets. It helps to roll out and deploy the RSTUF in existing repositories.
This feature is detailed and explained at these links
Some changes in the ceremony was done to reuse in the code:
ceremony._check_serverwas converted tohelpers.api_client.get_headersceremony._bootstrap_statewas converted tohelpers.api_client.task_statusAdded 100% coverage to
helpsers.api_clientSigned-off-by: Kairo de Araujo kdearaujo@vmware.com