particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5221 commits 1 branch 0 tags 688 MiB
Commit graph

7 commits

Author SHA1 Message Date
Brian C. Lane
561bbbbdf3 azure: storageErr is already azblob.StorageError type 2022-09-15 03:57:40 -07:00
Ondřej Budai
caadee87ec azure: add an option to tag page blobs 
We want to start tagging page blobs so this commit adds a small tagging method
to our azure library and exposes it in the osbuild-upload-azure helper.

Example:

go run ./cmd/osbuild-upload-azure/ \
  -container azure-container \
  -image ./sample.vhd \
  -storage-access-key KEY \
  -storage-account account \
  -tag key:value \
  -tag hello:world \
  -tag bird:toucan

This commit also has to downgrade the azblob library version to 0.13 so the
API for blob tags is the same as the one currently shipped to Fedora.
This is suboptimal but it should unblock us for now.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2022-06-13 21:06:01 +02:00
Ondřej Budai
f71ca8f0ca azure: move the .vhd extension logic to the callers 
It always felt wrong that the method uploaded the blob under a different name
than the one specified in the blob metadata.

This commit moves the responsibility of specifying the right extension to
the callers. azure.EnsureVHDExtension helper was added to simplify this.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2022-06-13 21:06:01 +02:00
Juan Abia
c8cf835db3 gosec: G401, G501 - Weak cryptographic primitive 
azure, koji and gcp use md5 hashes. Gosec is not happy with it, so we
create exceptions for them (G401, G501).
 2021-12-13 12:17:30 +02:00
Ondřej Budai
385648223d spec: drop hacks for Fedora 32 
There are not needed anymore, yay!

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2021-07-05 11:16:08 +02:00
Ondřej Budai
2e39d629a9 worker: add azure image upload target 
This commit adds and implements org.osbuild.azure.image target.

Let's talk about the already implemented org.osbuild.azure target firstly:
The purpose of this target is to authenticate using the Azure Storage
credentials and upload the image file as a Page Blob. Page Blob is basically
an object in storage and it cannot be directly used to launch a VM. To achieve
that, you need to define an actual Azure Image with the Page Blob attached.

For the cloud API, we would like to create an actual Azure Image that is
immediately available for new VMs. The new target accomplishes it.
To achieve this, it must use a different authentication method: Azure OAuth.
The other important difference is that currently, the credentials are stored
on the worker and not in target options. This should lead to better security
because we don't send the credentials over network. In the future, we would
like to have credential-less setup using workers in Azure with the right
IAM policies applied but this requires more investigation and is not
implemented in this commit.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2021-03-06 15:40:48 +00:00
Ondřej Budai
4b031a4692 upload/azure: rename azure.go to azurestorage.go 
This file contains a client for Azure Storage API. As we soon introduce the
client for Azure API, we need a distinction here.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2021-03-06 15:40:48 +00:00
Renamed from internal/upload/azure/azure.go (Browse further)