From 71c78991a643763766c06319ad8665c3e94676b6 Mon Sep 17 00:00:00 2001 From: Sanne Raymaekers Date: Thu, 19 May 2022 15:28:53 +0200 Subject: [PATCH] cloudapi: Drop bucket from composer config This value is set in the worker config. In future it might also be passed through the api to upload into target accounts, but it should never be set in composer. --- cmd/osbuild-composer/composer.go | 1 - cmd/osbuild-composer/config.go | 26 +++++++------------ cmd/osbuild-composer/config_test.go | 3 --- internal/cloudapi/v2/handler.go | 2 -- internal/cloudapi/v2/server.go | 1 - internal/cloudapi/v2/v2_test.go | 1 - templates/composer.yml | 6 ----- test/cases/api.sh | 2 -- test/cases/multi-tenancy.sh | 3 +-- .../regression-old-worker-new-composer.sh | 2 -- tools/provision.sh | 1 + 11 files changed, 11 insertions(+), 37 deletions(-) diff --git a/cmd/osbuild-composer/composer.go b/cmd/osbuild-composer/composer.go index b25991317..f47cd2eff 100644 --- a/cmd/osbuild-composer/composer.go +++ b/cmd/osbuild-composer/composer.go @@ -128,7 +128,6 @@ func (c *Composer) InitWeldr(repoPaths []string, weldrListener net.Listener, func (c *Composer) InitAPI(cert, key string, enableTLS bool, enableMTLS bool, enableJWT bool, l net.Listener) error { config := v2.ServerConfig{ - AWSBucket: c.config.Koji.AWS.Bucket, JWTEnabled: c.config.Koji.EnableJWT, TenantProviderFields: c.config.Koji.JWTTenantProviderFields, } diff --git a/cmd/osbuild-composer/config.go b/cmd/osbuild-composer/config.go index edbf031e2..ea19a3c8d 100644 --- a/cmd/osbuild-composer/config.go +++ b/cmd/osbuild-composer/config.go @@ -20,20 +20,15 @@ type ComposerConfigFile struct { } type KojiAPIConfig struct { - AllowedDomains []string `toml:"allowed_domains"` - CA string `toml:"ca"` - EnableTLS bool `toml:"enable_tls"` - EnableMTLS bool `toml:"enable_mtls"` - EnableJWT bool `toml:"enable_jwt"` - JWTKeysURLs []string `toml:"jwt_keys_urls"` - JWTKeysCA string `toml:"jwt_ca_file"` - JWTACLFile string `toml:"jwt_acl_file"` - JWTTenantProviderFields []string `toml:"jwt_tenant_provider_fields"` - AWS AWSConfig `toml:"aws_config"` -} - -type AWSConfig struct { - Bucket string `toml:"bucket"` + AllowedDomains []string `toml:"allowed_domains"` + CA string `toml:"ca"` + EnableTLS bool `toml:"enable_tls"` + EnableMTLS bool `toml:"enable_mtls"` + EnableJWT bool `toml:"enable_jwt"` + JWTKeysURLs []string `toml:"jwt_keys_urls"` + JWTKeysCA string `toml:"jwt_ca_file"` + JWTACLFile string `toml:"jwt_acl_file"` + JWTTenantProviderFields []string `toml:"jwt_tenant_provider_fields"` } type WorkerAPIConfig struct { @@ -89,9 +84,6 @@ func GetDefaultConfig() *ComposerConfigFile { EnableTLS: true, EnableMTLS: true, EnableJWT: false, - AWS: AWSConfig{ - Bucket: "image-builder.service", - }, }, Worker: WorkerAPIConfig{ RequestJobTimeout: "0", diff --git a/cmd/osbuild-composer/config_test.go b/cmd/osbuild-composer/config_test.go index 13b6a12fb..2cb30379e 100644 --- a/cmd/osbuild-composer/config_test.go +++ b/cmd/osbuild-composer/config_test.go @@ -33,9 +33,6 @@ func TestDefaultConfig(t *testing.T) { EnableTLS: true, EnableMTLS: true, EnableJWT: false, - AWS: AWSConfig{ - Bucket: "image-builder.service", - }, }, defaultConfig.Koji) require.Equal(t, WorkerAPIConfig{ diff --git a/internal/cloudapi/v2/handler.go b/internal/cloudapi/v2/handler.go index c610418b3..777c4a42a 100644 --- a/internal/cloudapi/v2/handler.go +++ b/internal/cloudapi/v2/handler.go @@ -318,7 +318,6 @@ func (h *apiHandlers) PostCompose(ctx echo.Context) error { t := target.NewAWSTarget(&target.AWSTargetOptions{ Filename: imageType.Filename(), Region: awsUploadOptions.Region, - Bucket: h.server.config.AWSBucket, Key: key, ShareWithAccounts: awsUploadOptions.ShareWithAccounts, }) @@ -354,7 +353,6 @@ func (h *apiHandlers) PostCompose(ctx echo.Context) error { t := target.NewAWSS3Target(&target.AWSS3TargetOptions{ Filename: imageType.Filename(), Region: awsS3UploadOptions.Region, - Bucket: h.server.config.AWSBucket, Key: key, }) t.ImageName = key diff --git a/internal/cloudapi/v2/server.go b/internal/cloudapi/v2/server.go index 859361c6d..11f98d244 100644 --- a/internal/cloudapi/v2/server.go +++ b/internal/cloudapi/v2/server.go @@ -42,7 +42,6 @@ type Server struct { } type ServerConfig struct { - AWSBucket string TenantProviderFields []string JWTEnabled bool } diff --git a/internal/cloudapi/v2/v2_test.go b/internal/cloudapi/v2/v2_test.go index 769b33ef8..e67a02a20 100644 --- a/internal/cloudapi/v2/v2_test.go +++ b/internal/cloudapi/v2/v2_test.go @@ -33,7 +33,6 @@ func newV2Server(t *testing.T, dir string, depsolveChannels []string, enableJWT require.NotNil(t, distros) config := v2.ServerConfig{ - AWSBucket: "image-builder.service", JWTEnabled: enableJWT, TenantProviderFields: []string{"rh-org-id", "account_id"}, } diff --git a/templates/composer.yml b/templates/composer.yml index a7345f441..76fd92c01 100644 --- a/templates/composer.yml +++ b/templates/composer.yml @@ -259,8 +259,6 @@ objects: jwt_keys_urls = ["${RH_SSO_BASE_URL}/protocol/openid-connect/certs", "${MAS_SSO_BASE_URL}/protocol/openid-connect/certs"] jwt_acl_file = "${COMPOSER_CONFIG_DIR}/acl.yml" jwt_tenant_provider_fields = ["rh-org-id", "account_id"] - [koji.aws_config] - bucket = "${COMPOSER_CONFIG_BUCKET_NAME}" [worker] request_job_timeout = "20s" base_path = "/api/image-builder-worker/v1" @@ -419,10 +417,6 @@ parameters: name: COMPOSER_CONFIG_DIR required: true value: "/etc/osbuild-composer" - - description: Bucket to store aws artifacts - name: COMPOSER_CONFIG_BUCKET_NAME - required: true - value: "imagebuilder.service.staging" - description: Allowed tenants based on org id name: ACL_ORG_ID_TENANTS value: "15842261|15877963|15885990|16057323" diff --git a/test/cases/api.sh b/test/cases/api.sh index c430c8d03..7f04e6b91 100755 --- a/test/cases/api.sh +++ b/test/cases/api.sh @@ -82,8 +82,6 @@ log_level = "debug" [koji] allowed_domains = [ "localhost", "client.osbuild.org" ] ca = "/etc/osbuild-composer/ca-crt.pem" -[koji.aws_config] -bucket = "${AWS_BUCKET}" [worker] allowed_domains = [ "localhost", "worker.osbuild.org" ] ca = "/etc/osbuild-composer/ca-crt.pem" diff --git a/test/cases/multi-tenancy.sh b/test/cases/multi-tenancy.sh index dcaa9ba2f..54bc9bfef 100755 --- a/test/cases/multi-tenancy.sh +++ b/test/cases/multi-tenancy.sh @@ -71,8 +71,6 @@ jwt_keys_urls = ["https://localhost:8082/certs"] jwt_ca_file = "/etc/osbuild-composer/ca-crt.pem" jwt_acl_file = "" jwt_tenant_provider_fields = ["rh-org-id"] -[koji.aws_config] -bucket = "${AWS_BUCKET}" [worker] enable_artifacts = false enable_tls = true @@ -99,6 +97,7 @@ principal = "osbuild-krb@LOCAL" keytab = "/etc/osbuild-worker/client.keytab" [aws] +bucket = "${AWS_BUCKET}" credentials = "/etc/osbuild-worker/aws-credentials.toml" EOF diff --git a/test/cases/regression-old-worker-new-composer.sh b/test/cases/regression-old-worker-new-composer.sh index 51aeddfe6..fe6f5134a 100644 --- a/test/cases/regression-old-worker-new-composer.sh +++ b/test/cases/regression-old-worker-new-composer.sh @@ -89,8 +89,6 @@ log_level = "debug" [koji] allowed_domains = [ "localhost", "client.osbuild.org" ] ca = "/etc/osbuild-composer/ca-crt.pem" -[koji.aws_config] -bucket = "${AWS_BUCKET}" [worker] allowed_domains = [ "localhost", "worker.osbuild.org" ] ca = "/etc/osbuild-composer/ca-crt.pem" diff --git a/tools/provision.sh b/tools/provision.sh index f55f12c8f..b5c69f822 100755 --- a/tools/provision.sh +++ b/tools/provision.sh @@ -78,6 +78,7 @@ EOF [aws] credentials = "/etc/osbuild-worker/aws-credentials.toml" +bucket = "${AWS_BUCKET}" EOF set -x fi