split: replace internal packages with images library
Remove all the internal package that are now in the github.com/osbuild/images package and vendor it. A new function in internal/blueprint/ converts from an osbuild-composer blueprint to an images blueprint. This is necessary for keeping the blueprint implementation in both packages. In the future, the images package will change the blueprint (and most likely rename it) and it will only be part of the osbuild-composer internals and interface. The Convert() function will be responsible for converting the blueprint into the new configuration object.
This commit is contained in:
Achilleas Koutsou
Sanne Raymaekers
parent
d59199670f
commit
0e4a9e586f
446 changed files with 5690 additions and 13312 deletions
29
vendor/github.com/osbuild/images/pkg/rhsm/facts/facts.go
generated
vendored
Normal file
29
vendor/github.com/osbuild/images/pkg/rhsm/facts/facts.go
generated
vendored
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
package facts
|
||||
|
||||
import "fmt"
|
||||
|
||||
type APIType uint64
|
||||
|
||||
func (at APIType) String() string {
|
||||
switch at {
|
||||
case TEST_APITYPE:
|
||||
return "test-manifest"
|
||||
case CLOUDV2_APITYPE:
|
||||
return "cloudapi-v2"
|
||||
case WELDR_APITYPE:
|
||||
return "weldr"
|
||||
}
|
||||
panic(fmt.Sprintf("invalid APIType value %d", at))
|
||||
}
|
||||
|
||||
const (
|
||||
TEST_APITYPE APIType = iota
|
||||
CLOUDV2_APITYPE
|
||||
WELDR_APITYPE
|
||||
)
|
||||
|
||||
// The ImageOptions specify things to be stored into the Insights facts
|
||||
// storage. This mostly relates to how the build of the image was performed.
|
||||
type ImageOptions struct {
|
||||
APIType APIType
|
||||
}
|
||||
190
vendor/github.com/osbuild/images/pkg/rhsm/secrets.go
generated
vendored
Normal file
190
vendor/github.com/osbuild/images/pkg/rhsm/secrets.go
generated
vendored
Normal file
|
|
@ -0,0 +1,190 @@
|
|||
package rhsm
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
"gopkg.in/ini.v1"
|
||||
)
|
||||
|
||||
type subscription struct {
|
||||
id string
|
||||
baseurl string
|
||||
sslCACert string
|
||||
sslClientKey string
|
||||
sslClientCert string
|
||||
}
|
||||
|
||||
// Subscriptions encapsulates all available subscriptions from the
|
||||
// host system.
|
||||
type Subscriptions struct {
|
||||
available []subscription
|
||||
secrets *RHSMSecrets // secrets are used in there is no matching subscription
|
||||
|
||||
Consumer *ConsumerSecrets
|
||||
}
|
||||
|
||||
// RHSMSecrets represents a set of CA certificate, client key, and
|
||||
// client certificate for a specific repository.
|
||||
type RHSMSecrets struct {
|
||||
SSLCACert string
|
||||
SSLClientKey string
|
||||
SSLClientCert string
|
||||
}
|
||||
|
||||
// These secrets are present on any subscribed system and uniquely identify the host
|
||||
type ConsumerSecrets struct {
|
||||
ConsumerKey string
|
||||
ConsumerCert string
|
||||
}
|
||||
|
||||
func getRHSMSecrets() (*RHSMSecrets, error) {
|
||||
keys, err := filepath.Glob("/etc/pki/entitlement/*-key.pem")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for _, key := range keys {
|
||||
cert := strings.TrimSuffix(key, "-key.pem") + ".pem"
|
||||
if _, err := os.Stat(cert); err == nil {
|
||||
return &RHSMSecrets{
|
||||
SSLCACert: "/etc/rhsm/ca/redhat-uep.pem",
|
||||
SSLClientKey: key,
|
||||
SSLClientCert: cert,
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
return nil, fmt.Errorf("no matching key and certificate pair")
|
||||
}
|
||||
|
||||
func getListOfSubscriptions() ([]subscription, error) {
|
||||
// This file has a standard syntax for yum repositories which is
|
||||
// documented in `man yum.conf`. The same parsing mechanism could
|
||||
// be used for any other repo file in /etc/yum.repos.d/.
|
||||
availableSubscriptionsFile := "/etc/yum.repos.d/redhat.repo"
|
||||
content, err := os.ReadFile(availableSubscriptionsFile)
|
||||
if err != nil {
|
||||
if pErr, ok := err.(*os.PathError); ok {
|
||||
if pErr.Err.Error() == "no such file or directory" {
|
||||
// The system is not subscribed
|
||||
return nil, nil
|
||||
}
|
||||
}
|
||||
return nil, fmt.Errorf("failed to open the file with subscriptions: %w", err)
|
||||
}
|
||||
subscriptions, err := parseRepoFile(content)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to parse the file with subscriptions: %w", err)
|
||||
}
|
||||
|
||||
return subscriptions, nil
|
||||
}
|
||||
|
||||
func getConsumerSecrets() (*ConsumerSecrets, error) {
|
||||
res := ConsumerSecrets{
|
||||
ConsumerKey: "/etc/pki/consumer/key.pem",
|
||||
ConsumerCert: "/etc/pki/consumer/cert.pem",
|
||||
}
|
||||
|
||||
if _, err := os.Stat(res.ConsumerKey); err != nil {
|
||||
return nil, fmt.Errorf("no consumer key found")
|
||||
}
|
||||
if _, err := os.Stat(res.ConsumerCert); err != nil {
|
||||
return nil, fmt.Errorf("no consumer cert found")
|
||||
}
|
||||
return &res, nil
|
||||
}
|
||||
|
||||
// LoadSystemSubscriptions loads all the available subscriptions.
|
||||
func LoadSystemSubscriptions() (*Subscriptions, error) {
|
||||
consumerSecrets, err := getConsumerSecrets()
|
||||
if err != nil {
|
||||
logrus.Warnf("Failed to load consumer certs: %v", err)
|
||||
}
|
||||
|
||||
subscriptions, err1 := getListOfSubscriptions()
|
||||
secrets, err2 := getRHSMSecrets()
|
||||
if subscriptions == nil && secrets == nil {
|
||||
// Neither works, return an error because at least one has to be available
|
||||
if err1 != nil {
|
||||
return nil, err1
|
||||
}
|
||||
if err2 != nil {
|
||||
return nil, err2
|
||||
}
|
||||
return nil, fmt.Errorf("failed to load subscriptions")
|
||||
}
|
||||
|
||||
return &Subscriptions{
|
||||
available: subscriptions,
|
||||
secrets: secrets,
|
||||
|
||||
Consumer: consumerSecrets,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func parseRepoFile(content []byte) ([]subscription, error) {
|
||||
cfg, err := ini.Load(content)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
subscriptions := make([]subscription, 0)
|
||||
|
||||
for _, section := range cfg.Sections() {
|
||||
id := section.Name()
|
||||
key, err := section.GetKey("baseurl")
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
baseurl := key.String()
|
||||
key, err = section.GetKey("sslcacert")
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
sslcacert := key.String()
|
||||
key, err = section.GetKey("sslclientkey")
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
sslclientkey := key.String()
|
||||
key, err = section.GetKey("sslclientcert")
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
sslclientcert := key.String()
|
||||
subscriptions = append(subscriptions, subscription{
|
||||
id: id,
|
||||
baseurl: baseurl,
|
||||
sslCACert: sslcacert,
|
||||
sslClientKey: sslclientkey,
|
||||
sslClientCert: sslclientcert,
|
||||
})
|
||||
}
|
||||
|
||||
return subscriptions, nil
|
||||
}
|
||||
|
||||
// GetSecretsForBaseurl queries the Subscriptions structure for a RHSMSecrets of a single repository.
|
||||
func (s *Subscriptions) GetSecretsForBaseurl(baseurls []string, arch, releasever string) (*RHSMSecrets, error) {
|
||||
for _, subs := range s.available {
|
||||
for _, baseurl := range baseurls {
|
||||
url := strings.Replace(subs.baseurl, "$basearch", arch, -1)
|
||||
url = strings.Replace(url, "$releasever", releasever, -1)
|
||||
if url == baseurl {
|
||||
return &RHSMSecrets{
|
||||
SSLCACert: subs.sslCACert,
|
||||
SSLClientKey: subs.sslClientKey,
|
||||
SSLClientCert: subs.sslClientCert,
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
// If there is no matching URL, fall back to the global secrets
|
||||
if s.secrets != nil {
|
||||
return s.secrets, nil
|
||||
}
|
||||
return nil, fmt.Errorf("no such baseurl in the available subscriptions")
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue