-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suma payg rhui via payg client connection #7421
Suma payg rhui via payg client connection #7421
Conversation
Suggested tests to cover this Pull Request
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is a port of an already reviewed PR I am going to approve without full review. If you want a proper code review please re-request the review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just looked at the Python code and left a few comments. The biggest question mark for me is about the certificates and the changes around that. Is RHUI not setting a subject common name? Do we want to relax the dates check from "all" to "any"?
cn = subject.CN | ||
try: | ||
cn = subject.CN | ||
except: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we catch the relevant exception instead of everything (including Ctrl+C) ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not easy to find out which one it is. It happens in one of the clouds, but we need to retest all of them.
I would suggest to keep this, and when you refactor reposync, we can maybe get rid of this whole paramater.
I think it is not needed, but I am not 100% sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's always an AttributeError
, just like when you try to access subject.FOO
>>> cert = X509.load_cert_string(c)
>>> subject = cert.get_subject()
>>> subject.FOO
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.11/site-packages/M2Crypto/X509.py", line 359, in __getattr__
raise AttributeError(self, attr)
AttributeError: (<M2Crypto.X509.X509_Name object at 0x7f22a0ba1bd0>, 'FOO')
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I have changed it
repo_conf_file.write(repo_cfg.format( | ||
reponame=self.channel_label or self.reponame, | ||
repo_url='baseurl' if not mirrorlist else 'mirrorlist', | ||
repo_url='baseurl' if not mirrorlist or plugin_used else 'mirrorlist', | ||
url=_url, | ||
gpgcheck="0" if self.insecure else "1" | ||
)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO it's not easy to read conditional expressions with multiple conditions. Can we move that out of the function call and do something like:
repo_url = "baseurl"
if mirrorlist and not plugin_used:
repo_url = "mirrorlist"
repo_conf_file.write(repo_cfg.format(...))
is_cert = False | ||
if not verify_certificate_dates(cert): | ||
return False | ||
cert = "" | ||
continue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do I understand this change correctly that we change the date verification from "all certs have valid dates" to "any cert has an valid date"?
If that's the intention, we could also short-circuit the loop and return True
as soon as we find the first valid cert.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have to run certificate bundles with this funktion.
And RedHat has some expired certificates in the bundle.
So if 1 cert is provided, it must be valid. If multiple are provided, it is ok if one has a valid date.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I change this to return on the first valid certificate
664908f
to
8dda1a1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Python code LGTM!
required for RHEL 7 RHUI support
8dda1a1
to
a9fc4ae
Compare
What does this PR change?
Support RHUI configuration via Pay-as-you-Go client connection in the cloud
Replace #7050
Port of https://github.com/SUSE/spacewalk/pull/21590
GUI diff
No difference.
Documentation
automatically setup and update RHUI repos uyuni-docs#2274
DONE
Test coverage
Unit tests were added
DONE
Changelogs
Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository
If you don't need a changelog check, please mark this checkbox:
If you uncheck the checkbox after the PR is created, you will need to re-run
changelog_test
(see below)Re-run a test
If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run: