Use unified configfile parser for policy.json#711
Use unified configfile parser for policy.json#711jankaluza wants to merge 4 commits intocontainers:mainfrom
Conversation
github-actions
bot
added
common
|
@Luap99 , Hi, could you please check if this PR makes a sense? I also added two questions for parts of code I'm not sure about... |
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
Just an extremely brief skim.
jankaluza
changed the title
Luap99
left a comment
Luap99
left a comment
There was a problem hiding this comment.
it would be good to if you can squash the re-add SignaturePolicyPath commits, i.e when reviewing this it makes no sense to look at something getting remove to be added again. It also break git bisect most likely when vendoring from another repo.
| } | ||
|
|
||
| if conf.EnvironmentName != "" { | ||
| if conf.EnvironmentName != "" && !conf.DoNotLoadDropInFiles { |
There was a problem hiding this comment.
please add a new test case here for that behavior
There was a problem hiding this comment.
And document that behavior! It’s rather unexpected based on plain reading of the current option (although there is some logic to it).
Probably not, but maybe we’d want s/DoNotLoadDropInFiles/DropInFilesUnsupported/ ?!
There was a problem hiding this comment.
I am in favour of naming it DropInFilesUnsupported, though then I guess we would want to rename DoNotLoadMainFiles as well to MainFilesUnsupported? I suppose we could rename that outside of the scope of this PR if wanted.
There was a problem hiding this comment.
I kind of think of them as different dimensions: “do not load a file at $this path” is more of a directive vs. “the consumer cannot process multiple drop-ins regardless of names” is more of a capability declaration, but that’s a very weak reasoning.
I’m also quite fine with leaving the name as is.
There was a problem hiding this comment.
I would remove that in another PR if possible to not add more unrelated changes to this one if that's fine for you. I added the documentation part, that's good point :-).
| } | ||
|
|
||
| if conf.EnvironmentName != "" { | ||
| if conf.EnvironmentName != "" && !conf.DoNotLoadDropInFiles { |
There was a problem hiding this comment.
And document that behavior! It’s rather unexpected based on plain reading of the current option (although there is some logic to it).
Probably not, but maybe we’d want s/DoNotLoadDropInFiles/DropInFilesUnsupported/ ?!
jankaluza
force-pushed
the
policy.json
branch
3 times, most recently
from
89fd676 to
d9da724
Compare
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
I didn’t carefully read the added tests or think about coverage, I’m hoping for a simpler version first.
There are also a bunch of earlier outstanding review comments.
storage/pkg/configfile/parse.go
Outdated
| // Expected ENOENT errors are already ignored in this function and must not be handled again by callers. | ||
| // The given File options must not be nil and populated with valid options. | ||
| // | ||
| // The _OVERRIDE environment is ignored if DoNotLoadDropInFiles is set. |
There was a problem hiding this comment.
This does not talk about _OVERRIDE so this is a bit of an unexpected place to suddenly go into this detail.
OTOH the EnvironmentName field does not document _OVERRIDE, and I think it should. That might also be a place to add that note.
There was a problem hiding this comment.
This comment is still open, documenting this behavior on the function comment feels odd and duplicated. Having it as part of the struct field comments seem enough.
|
Packit jobs failed. @containers/packit-build please check. |
Luap99
left a comment
Luap99
left a comment
There was a problem hiding this comment.
(commit 3 should be squashed into commit 1 and that one needs WIP stripped)
|
@mtrmac are you fine with the new approach suggested by me? @jankaluza Generally speaking I would like to see a "clean" history, i.e. not add ReadWithPaths just to remove it again as this makes reviewing harder but lets with for @mtrmac feedback first |
|
@Luap99 , yeah, I will squash the commits before merge. |
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
Sure, the ErrorIfNotFound approach is (given the signature-side test) fine. We can rework storage/configfile as needed. ACK overall.
Some outstanding nits:
- #711 (comment) (that would not have test coverage, that’s fine)
- #711 (comment)
- #711 (comment)
- #711 (comment)
- please squash, per @Luap99 .
Replace custom path resolution with configfile.Read and remove legacy SignaturePolicyPath defaults and helpers. Fixes: containers#207 Fixes: containers#202 Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit introduces `File.ErrorIfNotFound`. If it is true, the Read returns an error which contains all the paths it tried when searching for a config file. It uses this in DefaultPolicy() to include the searched paths in the error message when no policy file is found. The useless policy_paths_*.go files are removed. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
storage/pkg/configfile/parse.go
Outdated
| // Expected ENOENT errors are already ignored in this function and must not be handled again by callers. | ||
| // The given File options must not be nil and populated with valid options. | ||
| // | ||
| // The _OVERRIDE environment is ignored if DoNotLoadDropInFiles is set. |
There was a problem hiding this comment.
This comment is still open, documenting this behavior on the function comment feels odd and duplicated. Having it as part of the struct field comments seem enough.
Return an error if multiple policy files are encountered, which should not happen with configfile.Read. Update tests to use full Policy comparisons and cover nil/empty SystemContext cases. Clarify CONTAINERS_POLICY_JSON and *_OVERRIDE behavior in docs. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
|
@Luap99 , I fixed the issues you've pointed out. |
|
I have not checked buildah. I'll do that first thing tomorrow morning. |
Introduce ErrConfigFileNotFound error. This can be used by API caller to detect the File not found error and handle this situation. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
|
@Luap99, I've added one more commit. |
|
| } | ||
| if policy != nil { | ||
| // Coverage: This should never happen, configfile.Read ensures at most one policy file. | ||
| return nil, fmt.Errorf("internal error: expected at most one policy file, got another item %q", item.Name) //nolint:revive |
There was a problem hiding this comment.
What is the nolint directive supposed to silence? (We don’t have revive enabled and) when removing that directive and manually running golangci-lint run --max-issues-per-linter 0 --max-same-issues 0 --enable=revive ./image/signature I see nothing reported on this line.
If it is truly necessary, please use //nolint:revive // a short explanation what this is trying to silence and/or why silencing that is OK
| } | ||
|
|
||
| if conf.ErrorIfNotFound && !foundAny { | ||
| yield(nil, fmt.Errorf("%w: no %s file found; searched paths: %q", ErrConfigFileNotFound, configFileName, usedPaths)) |
There was a problem hiding this comment.
I’m not asking for any change, just noting the possibility: If you want ErrConfigFileNotFound to be used without using any part of its error text, it is possible to use %.0w with Errorf.
| By default, the policy is read from `$XDG_CONFIG_HOME/containers/policy.json` (or from `$HOME/.config/containers/policy.json` if `$XDG_CONFIG_HOME` is unset), if it exists; otherwise from `/etc/containers/policy.json`; otherwise from `/usr/share/containers/policy.json`. Applications performing verification may allow using a different policy instead. | ||
|
|
||
| If `CONTAINERS_POLICY_JSON` is set, it specifies the policy file to use, | ||
| unless overridden by application-specific configuration. |
There was a problem hiding this comment.
(Absolutely non-blocking: This works fine.
“the policy is read from $CONTAINERS_POLICY_JSON if set; otherwise from $HOME … ; … /usr/share…. Applications … may allow using a different policy instead” might be a simpler way to say the same thing, representing this as a single linear order, and not repeating the application-specific part.
Also, pre-existing, maybe s/may allow using/may choose to use.)
3 participants
This PR switches
policy.jsonloading to the unifiedstorage/pkg/configfileparser instead of maintaining separate lookup logic in image/signature.The
SignaturePolicyPathsupport is preserved, so explicit callers continue to work as before. The policy loader also now uses CONTAINERS_POLICY_JSON for environment-based override. TheCONTAINERS_POLICY_JSON_OVERRIDEremains ignored for policy.json because drop-in loading is disabled for that this configuration file.It also extends the
configfileAPI to return the paths it searched. This is showed to users when there is no policy.json found.Fixes: #207
Fixes: #202