-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: import targets #195
feature: import targets #195
Conversation
Implements the feature import target `rstuf admin import-targets`. This feature gives the RSTUF administrator the functionality to import a large number of existent targets. It helps to roll out and deploy the RSTUF in existing repositories. This feature is detailed and explained at these links - repository-service-tuf/repository-service-tuf#188 - BDD Feature: repository-service-tuf/repository-service-tuf#218 Some changes in the ceremony was done to reuse in the code: - The `ceremony._check_server` was converted to `helpers.api_client.get_headers` - The `ceremony._bootstrap_state` was converted to `helpers.api_client.task_status` Added 100% coverage to `helpsers.api_client` Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
This feature implements #39, right? |
It partially implements #39. Should we create a specific issue for it? Should I also implement add-targets to this PR?
What I mention is that "the feature is described in repository-service-tuf/repository-service-tuf#188" and on the BDD. |
I see what you did now.
I don't think it will be necerry to create a new issue now when we have a pr, but could you update #39 (comment) comment with the remaining steps (mentioning this step of importing targets) and their status?
Yes, got it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I reviewed the core code without the tests yet.
I have too many questions/comments on it.
Overall the work is big. It's visible it caused you a great amount of time an effort.
Besides my comments: do you plan on adding a test file with tests specifically testing
repository_service_tuf/cli/admin/import_targets.py
?
response = request_server( | ||
server, URL.bootstrap.value, Methods.get, headers=headers | ||
) | ||
if response.status_code != 200: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the previous implementation when this was the _check_server
function inside ceremony.py
you also checked in the response if bootstrap
is true.
I see that in ceremony.py
before calling get_headers
you check the bootstrap status and it is not required but inside the new file import_targets.py
you don't check the bootstrap
status before calling get_headers
.
Is this missed or it's deliberate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the import-targets
requires the bootstrap done. I will add the check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now I am looking into this code again and I am wondering: why do you add a separate request_server
call in lines 159-161 in import_targets.py
just to complete the bootstrap check when you can make it there?
What do you save by not doing it here directly?
You already made the request_server
call to ask about the bootstrap status, not sure why you don't parse the response here directly...
Is it to not repeat the bootstrap check when you call get_headers
from the ceremony.py
file where you already did it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
get_headers
returns only the headers.
The call used by get_headers
to the bootstrap is to validate the token itself as the CLI token has all required scopes.
The bootstrap check from the ceremony and import-targets is the same data but has a different check.
- ceremony the expect a bootstrap not completed.
- import-targets expect a bootstrap completed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I have mentioned in my comment here 82b64ab#r1106678265 we can continue this discussion in a separate issue as there are already lots of changes.
Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
The optional dependencies `psycopg2` and `sqlalchemy` are optional. This is required only when the user aim to use the `import-targets` feature. Add to documentation the new feature Add details about the usage and CSV Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- add typing notation - make the `_check_csv_files` more explicity Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
I will have a look tomorrow and review as well 👍 |
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- Added some small refactoring in the implementation - 100% coverage for the UT - Fix some comments from the review Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
@MVrachev, it is ready for another review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed everything except the test_api_client.py
file.
Still, I decided to submit my review as I have multiple questions and comments.
response = request_server( | ||
server, URL.bootstrap.value, Methods.get, headers=headers | ||
) | ||
if response.status_code != 200: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now I am looking into this code again and I am wondering: why do you add a separate request_server
call in lines 159-161 in import_targets.py
just to complete the bootstrap check when you can make it there?
What do you save by not doing it here directly?
You already made the request_server
call to ask about the bootstrap status, not sure why you don't parse the response here directly...
Is it to not repeat the bootstrap check when you call get_headers
from the ceremony.py
file where you already did it?
Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
Co-authored-by: Martin Vrachev <martin.vrachev@gmail.com>
@@ -69,6 +74,94 @@ def is_logged(server: str, token: str): | |||
return Login(state=True, data=data) | |||
|
|||
else: | |||
click.ClickException( | |||
f"Error {response.status_code} {response.json()['detail']}" | |||
raise click.ClickException( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think is_logged
does not work as expected in all cases.
A GET api/v1/token/
request may also return a 200
response with a body of:
{
"detail": {
"error": "Failed to validate token"
}
}
See here. In this case, data
is None
and data.get("expired")
will throw an AttributeError
I spotted it here, but if you validate it I can open a bug. (BTW quick fix: data = response.json().get("data", {})
)
On the other hand, we are always validating a token with the same token in the headers, so I assume if the token is invalid it won't be because it can't be decoded... so it might be fine this way. I will not delete it, but I believe you can ignore my comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I spotted it here, but if you validate it I can open a bug. (BTW quick fix:
data = response.json().get("data", {})
)
That's a good spot. I'm implementing the quick fix.
On the other hand, we are always validating a token with the same token in the headers, so I assume if the token is invalid it won't be because it can't be decoded... so it might be fine this way. I will not delete it, but I believe you can ignore my comment.
Maybe we can have a specific issue for this part to implement or remove this check.
Can you file the issue giving the background?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@KAUTH when you open it could please link it here for future reference?
Also, a good catch indeed. :))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I opened this issue
- move parameters to use double dash `--{names}` - remove duplicate check that is done by `is_logged` - fix tests Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- fix `is_logged` bug in case of no data with 200 status code - fix typing for the `task_status` response - fix typo/wording for task status Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
- remove login keyword parameters from lambda Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see only one place that requires change and I have described it in my comment:
#195 (comment)
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
Codecov ReportBase: 84.33% // Head: 90.52% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #195 +/- ##
==========================================
+ Coverage 84.33% 90.52% +6.18%
==========================================
Files 9 10 +1
Lines 549 633 +84
==========================================
+ Hits 463 573 +110
+ Misses 86 60 -26
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job @kairoaraujo!
LGTM from me, but will wait for another day in hope that @KAUTH can review it again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had a look at the tests as well, LGTM.
A big PR, nice work guys!
With two approvals how could you not merge this :)) |
Implements the feature import target
rstuf admin import-targets
.This feature gives the RSTUF administrator the functionality to import a large number of existent targets. It helps to roll out and deploy the RSTUF in existing repositories.
This feature is detailed and explained at these links
Some changes in the ceremony was done to reuse in the code:
ceremony._check_server
was converted tohelpers.api_client.get_headers
ceremony._bootstrap_state
was converted tohelpers.api_client.task_status
Added 100% coverage to
helpsers.api_client
Signed-off-by: Kairo de Araujo kdearaujo@vmware.com