composer: don't expose ec2 and ec2-ha RHEL images via WeldrAPI

The `ec2` and `ec2-ha` images include RHUI client packages, which are not publicly available. For this reason, building of such images in the on-premise use case via WeldrAPI would always fail, unless the system would be inside the Red Hat internal network or VPN. Mark the `ec2` and `ec2-ha` image types for `rhel-*` distribution as denied in WeldrAPI by default. Extend and modify affected unit tests. Signed-off-by: Tomas Hozza <thozza@redhat.com>
2021-08-04 10:43:36 +02:00 · 2021-08-04 10:43:36 +02:00 · 4e92b65721
commit 4e92b65721
parent aed3bf785c
3 changed files with 51 additions and 12 deletions
--- a/cmd/osbuild-composer/config.go
+++ b/cmd/osbuild-composer/config.go
@ -28,9 +28,11 @@ type ComposerConfigFile struct {
 	ComposerAPI struct {
 		IdentityFilter []string `toml:"identity_filter"`
 	} `toml:"composer_api"`
-	WeldrAPI struct {
-		DistroConfigs map[string]WeldrDistroConfig `toml:"distros"`
-	} `toml:"weldr_api"`
+	WeldrAPI WeldrAPIConfig `toml:"weldr_api"`
+}
+
+type WeldrAPIConfig struct {
+	DistroConfigs map[string]WeldrDistroConfig `toml:"distros"`
 }

 type WeldrDistroConfig struct {
@ -51,17 +53,35 @@ func (c *ComposerConfigFile) weldrDistrosImageTypeDenyList() map[string][]string
 	return distrosImageTypeDenyList
 }

+// GetDefaultConfig returns the default configuration of osbuild-composer
+// Defaults:
+// - 'ec2' and 'ec2-ha' image types on 'rhel-85' are not exposed via Weldr API
+func GetDefaultConfig() *ComposerConfigFile {
+	return &ComposerConfigFile{
+		WeldrAPI: WeldrAPIConfig{
+			map[string]WeldrDistroConfig{
+				"rhel-*": {
+					ImageTypeDenyList: []string{
+						"ec2",
+						"ec2-ha",
+					},
+				},
+			},
+		},
+	}
+}
+
 func LoadConfig(name string) (*ComposerConfigFile, error) {
-	var c ComposerConfigFile
-	_, err := toml.DecodeFile(name, &c)
+	c := GetDefaultConfig()
+	_, err := toml.DecodeFile(name, c)
 	if err != nil {
 		return nil, err
 	}
-	err = loadConfigFromEnv(&c)
+	err = loadConfigFromEnv(c)
 	if err != nil {
 		return nil, err
 	}
-	return &c, nil
+	return c, nil
 }

 func loadConfigFromEnv(intf interface{}) error {
--- a/cmd/osbuild-composer/config_test.go
+++ b/cmd/osbuild-composer/config_test.go
@ -11,11 +11,7 @@ func TestEmpty(t *testing.T) {
 	config, err := LoadConfig("testdata/empty-config.toml")
 	require.NoError(t, err)
 	require.NotNil(t, config)
-	require.Empty(t, config.Koji.AllowedDomains)
-	require.Empty(t, config.Koji.CA)
-	require.Empty(t, config.Worker.AllowedDomains)
-	require.Empty(t, config.Worker.CA)
-	require.Empty(t, config.Worker.PGDatabase)
+	require.Equal(t, GetDefaultConfig(), config)
 }

 func TestNonExisting(t *testing.T) {
@ -25,6 +21,26 @@ func TestNonExisting(t *testing.T) {
 	require.Nil(t, config)
 }

+func TestDefaultConfig(t *testing.T) {
+	defaultConfig := GetDefaultConfig()
+	require.Empty(t, defaultConfig.Koji)
+	require.Empty(t, defaultConfig.Worker)
+	require.Empty(t, defaultConfig.ComposerAPI)
+
+	expectedWeldrAPIConfig := WeldrAPIConfig{
+		DistroConfigs: map[string]WeldrDistroConfig{
+			"rhel-*": {
+				[]string{
+					"ec2",
+					"ec2-ha",
+				},
+			},
+		},
+	}
+
+	require.Equal(t, expectedWeldrAPIConfig, defaultConfig.WeldrAPI)
+}
+
 func TestConfig(t *testing.T) {
 	config, err := LoadConfig("testdata/test.toml")
 	require.NoError(t, err)
--- a/cmd/osbuild-composer/testdata/test.toml
+++ b/cmd/osbuild-composer/testdata/test.toml
@ -12,3 +12,6 @@ image_type_denylist = [ "qcow2", "vmdk" ]

 [weldr_api.distros.rhel-84]
 image_type_denylist = [ "qcow2" ]
+
+# overrides the default rhel-* configuration
+[weldr_api.distros."rhel-*"]