fix: make PM mode work as a sane person might expect #174
Conversation
|
FYI, i put those What's the right way to do things around here? |
|
I think at that point either eprintln and/or expect() |
|
Assuming we want to run that in production at some point, we would have database creation as well as running migrations outside of the main process, in order to limit the permissions the actual database user requires. So we at least would need a mode which just accepts an existing database, assumes that the structure is present, and does not try to modify anything beyond actual data. |
|
Good points. I guess we need to ensure the "create db and ignore errors" behavior is only for "managed" db's. Which kind of conflicts with #173 I think. I don't have a clear solution in mind yet, so open to ideas. |
|
I agree that in Production we wouldn't want I'm not sure I agree that running migrations should be outside of Thinking back to my Ruby On Rails days, migrations were always in-process at boot time and that seems to have worked? |
|
wrt "create db and ignore errors" maybe needs to float up out of We either take an external config, or manage/bootstrap/ignore-errors up a db, and then ctor the Externalize the optional management of the aforementioned database. |
The downside of this is, that the user connecting to the database would need some "admin" permission set. Which the application itself would not need. Following the idea of "limiting access" … it feels better to not give a process, which receives connections from the internet, admin permissions to the DB. So the process we've in place for GUAC is: init container -> runs migrations, actual container -> runs code … the latter one has a limited set of permissions. And that works quite well. |
|
wrt |
|
Ah, I'd not realized that Agreed on the bifurcated migration-vs-runtime. |
|
@jcrossley3 so I think we can still make |
|
@ctron With my last commit to this PR, I think I have the Here are the steps to reproduce to see the output I'm getting. I'm seeing correct logging now -- no println's -- and my exit code is correct, but I don't think I'm doing it correctly, because I have 2 "Default to INFO logging" lines: one for |
jcrossley3
changed the title
Fixes trustification#171 Signed-off-by: Jim Crossley <jim@crossleys.org>
Fixes trustification#135 Signed-off-by: Jim Crossley <jim@crossleys.org>
This reverts commit e6e3767. Signed-off-by: Jim Crossley <jim@crossleys.org>
Signed-off-by: Jim Crossley <jim@crossleys.org>
This seems to work, but if the db doesn't exist, a timeout error will occur the first time you run trustd. Simply run it again. Signed-off-by: Jim Crossley <jim@crossleys.org>
Signed-off-by: Jim Crossley <jim@crossleys.org>
Signed-off-by: Jim Crossley <jim@crossleys.org>
The default behavior of creating the data dir on a tmpfs volume is much faster than an LVM module, so we need a bit more time. Signed-off-by: Jim Crossley <jim@crossleys.org>
Resolves trustification#135 according to the following: - have the infrastructure in the actual (sub-)command - the top level main would log terminal errors using eprintln - other, more cli like commands, can use env_logger In a nutshell: - cli sub-commands use env_logger - server style commands use infrastructure We also ensure the global env-logger is only initialized once. Signed-off-by: Jim Crossley <jim@crossleys.org>
Fixes trustification#173 The tests fail because the PostgreSQL instance goes out of scope without the DbStrategy::Managed variant. But we'll fix that in the next commit using a test-context. Signed-off-by: Jim Crossley <jim@crossleys.org>
This keeps the postgresql instance alive for the duration of the
test. Unfortunately, 2 of the tests fail:
Error: Query Error: error returned from database: could not access file "$libdir/plpgsql": No such file or directory
failures:
graph::sbom::tests::sbom_vulnerabilities
graph::sbom::tests::transitive_dependency_of
Signed-off-by: Jim Crossley <jim@crossleys.org>
Signed-off-by: Jim Crossley <jim@crossleys.org>
Signed-off-by: Jim Crossley <jim@crossleys.org>
| }; | ||
| let db = crate::db::Database::bootstrap(&config).await.unwrap(); | ||
|
|
||
| TrustifyContext { db, postgresql } |
There was a problem hiding this comment.
Wait, so all of this helped remove the DbStrategy runtime ish, yeah? Yay!
There was a problem hiding this comment.
Partly. DbStrategy's primary benefit was keeping the PostgreSQL instance in scope for the duration of a test. Which is what the TrustifyContext now does.
| pub async fn run(self) -> anyhow::Result<ExitCode> { | ||
| init_tracing("db-run", Tracing::Disabled); | ||
| use Command::*; | ||
| match self.command { |
There was a problem hiding this comment.
Do the commands stack? Do I need to invoke trustd at least twice in a fresh install, to Create and then Migrate?
There was a problem hiding this comment.
No and no. See the last line of Database::bootstrap: Self::new(database).await?.migrate().await
I couldn't think of a use case where I'd want to bootstrap a DB and not migrate it. But if you think we need that, we can revisit.
| async fn run(self) -> anyhow::Result<ExitCode> { | ||
| match self.command { | ||
| Some(Command::Api(run)) => run.run().await, | ||
| Some(Command::Db(run)) => run.run().await, |
There was a problem hiding this comment.
Which command handles the importer loops? Should the importer loops be split out from whichever one of these commands hides it? Or is that a regression and they don't run at all?
There was a problem hiding this comment.
I feel like you've asked about importer loops a lot, so I'm guessing my answers aren't punching through.
Currently, the API server will create a "loop" in response to a request like this:
http POST localhost:8080/api/v1/importer/redhat-sbom sbom[source]=https://access.redhat.com/security/data/sbom/beta/ sbom[keys][]=https://access.redhat.com/security/data/97f5eac4.txt#77E79ABE93673533ED09EBE2DCE3823597F5EAC4 sbom[disabled]:=false sbom[onlyPatterns][]=quarkus sbom[period]=30s sbom[v3Signatures]:=true
And you can see it like so:
http GET localhost:8080/api/v1/importer
Assuming you have https://httpie.io/ installed, try running those commands after firing up PM mode. Will that functionality suit the use cases you have in mind for importer loops? If not, what do we need to change?
| } | ||
| db.run().await?; | ||
|
|
||
| let api = Trustd::parse_from([ |
There was a problem hiding this comment.
I don't love the type-unsafe stringy parsing. Can we just rust up the api configured the way we like it, instead of strings?
There was a problem hiding this comment.
Interesting. I do love it, because it mirrors what the user would do. But I agree it'd be nice for the compiler to complain if we subsequently change the CLI.
Interestingly, my first pass was as you suggest, but I found myself wanting to implement Default for things that are already kind of implemented in the form of clap annotations that I didn't want to replicate. And I wanted to take advantage of that clap config, hence parse_from.
It's definitely a tradeoff, but for something like "PM mode", I was ok with it. Better than ok, actually, but if you insist...
Signed-off-by: Jim Crossley <jim@crossleys.org>
Fixes #171
And resolves #185 in favor of subcommands:
trustd apitrustd db create|migrate|refreshtrustdThe latter no-arg command is "PM mode", which fires up an embedded PostgreSQL instance (installed beneath
.trustify/) and then runstrustd db migrateandtrustd api --auth-disabled.