From 4e92b65721c0394d51f24066c465de3750c85a56 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Wed, 4 Aug 2021 10:43:36 +0200 Subject: [PATCH] composer: don't expose `ec2` and `ec2-ha` RHEL images via WeldrAPI The `ec2` and `ec2-ha` images include RHUI client packages, which are not publicly available. For this reason, building of such images in the on-premise use case via WeldrAPI would always fail, unless the system would be inside the Red Hat internal network or VPN. Mark the `ec2` and `ec2-ha` image types for `rhel-*` distribution as denied in WeldrAPI by default. Extend and modify affected unit tests. Signed-off-by: Tomas Hozza --- cmd/osbuild-composer/config.go | 34 ++++++++++++++++++++----- cmd/osbuild-composer/config_test.go | 26 +++++++++++++++---- cmd/osbuild-composer/testdata/test.toml | 3 +++ 3 files changed, 51 insertions(+), 12 deletions(-) diff --git a/cmd/osbuild-composer/config.go b/cmd/osbuild-composer/config.go index 1cc737e1a..739a38ef2 100644 --- a/cmd/osbuild-composer/config.go +++ b/cmd/osbuild-composer/config.go @@ -28,9 +28,11 @@ type ComposerConfigFile struct { ComposerAPI struct { IdentityFilter []string `toml:"identity_filter"` } `toml:"composer_api"` - WeldrAPI struct { - DistroConfigs map[string]WeldrDistroConfig `toml:"distros"` - } `toml:"weldr_api"` + WeldrAPI WeldrAPIConfig `toml:"weldr_api"` +} + +type WeldrAPIConfig struct { + DistroConfigs map[string]WeldrDistroConfig `toml:"distros"` } type WeldrDistroConfig struct { @@ -51,17 +53,35 @@ func (c *ComposerConfigFile) weldrDistrosImageTypeDenyList() map[string][]string return distrosImageTypeDenyList } +// GetDefaultConfig returns the default configuration of osbuild-composer +// Defaults: +// - 'ec2' and 'ec2-ha' image types on 'rhel-85' are not exposed via Weldr API +func GetDefaultConfig() *ComposerConfigFile { + return &ComposerConfigFile{ + WeldrAPI: WeldrAPIConfig{ + map[string]WeldrDistroConfig{ + "rhel-*": { + ImageTypeDenyList: []string{ + "ec2", + "ec2-ha", + }, + }, + }, + }, + } +} + func LoadConfig(name string) (*ComposerConfigFile, error) { - var c ComposerConfigFile - _, err := toml.DecodeFile(name, &c) + c := GetDefaultConfig() + _, err := toml.DecodeFile(name, c) if err != nil { return nil, err } - err = loadConfigFromEnv(&c) + err = loadConfigFromEnv(c) if err != nil { return nil, err } - return &c, nil + return c, nil } func loadConfigFromEnv(intf interface{}) error { diff --git a/cmd/osbuild-composer/config_test.go b/cmd/osbuild-composer/config_test.go index 4e26a5aa8..b6a38faba 100644 --- a/cmd/osbuild-composer/config_test.go +++ b/cmd/osbuild-composer/config_test.go @@ -11,11 +11,7 @@ func TestEmpty(t *testing.T) { config, err := LoadConfig("testdata/empty-config.toml") require.NoError(t, err) require.NotNil(t, config) - require.Empty(t, config.Koji.AllowedDomains) - require.Empty(t, config.Koji.CA) - require.Empty(t, config.Worker.AllowedDomains) - require.Empty(t, config.Worker.CA) - require.Empty(t, config.Worker.PGDatabase) + require.Equal(t, GetDefaultConfig(), config) } func TestNonExisting(t *testing.T) { @@ -25,6 +21,26 @@ func TestNonExisting(t *testing.T) { require.Nil(t, config) } +func TestDefaultConfig(t *testing.T) { + defaultConfig := GetDefaultConfig() + require.Empty(t, defaultConfig.Koji) + require.Empty(t, defaultConfig.Worker) + require.Empty(t, defaultConfig.ComposerAPI) + + expectedWeldrAPIConfig := WeldrAPIConfig{ + DistroConfigs: map[string]WeldrDistroConfig{ + "rhel-*": { + []string{ + "ec2", + "ec2-ha", + }, + }, + }, + } + + require.Equal(t, expectedWeldrAPIConfig, defaultConfig.WeldrAPI) +} + func TestConfig(t *testing.T) { config, err := LoadConfig("testdata/test.toml") require.NoError(t, err) diff --git a/cmd/osbuild-composer/testdata/test.toml b/cmd/osbuild-composer/testdata/test.toml index da6b3a977..fb415a83e 100644 --- a/cmd/osbuild-composer/testdata/test.toml +++ b/cmd/osbuild-composer/testdata/test.toml @@ -12,3 +12,6 @@ image_type_denylist = [ "qcow2", "vmdk" ] [weldr_api.distros.rhel-84] image_type_denylist = [ "qcow2" ] + +# overrides the default rhel-* configuration +[weldr_api.distros."rhel-*"]