Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[1.28] CCT-69: Anonymous registration #3383

Draft
wants to merge 19 commits into
base: subscription-manager-1.28
Choose a base branch
from

Conversation

m-horky
Copy link
Contributor

@m-horky m-horky commented Mar 4, 2024

@m-horky m-horky requested a review from jirihnidek March 4, 2024 14:51
@m-horky m-horky force-pushed the mhorky/cct67-automatic-registration-1.28 branch from 04025e4 to 7af3f9f Compare March 5, 2024 09:12
Copy link

github-actions bot commented Mar 5, 2024

Coverage

Coverage •
FileStmtsMissCoverMissing
rhsm
   connection.py99747652%48–49, 71, 91–92, 139, 257, 271, 279, 297, 331–336, 340–349, 409, 411, 512, 515, 522–528, 589, 599, 616–617, 626, 629–630, 632–633, 635, 655–657, 661–663, 667–671, 673, 675, 693–700, 702–703, 709, 711, 713–717, 719–730, 732, 735–741, 743–744, 746–747, 758–761, 772–775, 780, 801, 803, 816, 825–829, 831, 836–840, 845–848, 850–855, 859, 861–863, 865–867, 871, 873–874, 883, 885–889, 892–893, 898, 900, 945, 962–965, 992, 1014, 1020, 1023, 1026, 1029, 1053–1054, 1056–1058, 1061, 1097–1101, 1109–1110, 1112, 1121–1122, 1124, 1138, 1148–1150, 1153–1154, 1157, 1168, 1173, 1177, 1191, 1194–1195, 1197–1198, 1200–1201, 1203–1217, 1219–1221, 1223–1234, 1236, 1251–1253, 1255–1257, 1259–1262, 1267–1270, 1294, 1314–1342, 1347–1348, 1350–1352, 1355–1357, 1359–1361, 1364–1365, 1368–1369, 1372–1373, 1395–1396, 1406–1407, 1414–1415, 1421–1423, 1425, 1431–1433, 1435, 1441–1443, 1445, 1451–1452, 1455–1459, 1465–1466, 1472–1473, 1479–1480, 1486–1487, 1505–1508, 1514–1515, 1531–1537, 1539, 1545–1546, 1567–1570, 1578–1580, 1607–1608, 1610, 1612, 1615–1616, 1619–1620, 1623–1624, 1627, 1629–1630, 1633, 1644, 1646–1648, 1650, 1652, 1655, 1657–1670, 1672–1673, 1676–1679, 1682–1683, 1686–1688, 1699–1700, 1703–1704, 1706, 1708–1710, 1716–1718, 1727–1729, 1750, 1753–1754, 1757–1758, 1765, 1767–1768, 1770, 1772–1775, 1777–1779, 1782, 1784, 1791, 1793–1794, 1796, 1798–1801, 1803–1805, 1808, 1810, 1813–1814, 1820–1821, 1827–1828, 1834–1837, 1844–1848, 1850–1852, 1858–1860, 1866, 1868–1871, 1873–1874, 1880–1883, 1890–1892, 1898–1900
subscription_manager
   cache.py63212280%47, 73, 80, 86, 93, 98–100, 127–129, 142–145, 148, 191, 193, 230–233, 240–243, 256, 259–261, 277–278, 280, 289, 326–327, 362, 368, 384, 386–387, 389, 399, 447, 451, 456, 461–465, 473, 476–477, 496, 562, 567, 592, 688, 706, 743, 745–746, 772, 775, 778–784, 787, 803, 806–812, 815, 847–850, 852, 863, 883, 903–904, 942–945, 947, 973, 999–1000, 1025–1026, 1047–1048, 1052, 1056, 1058, 1066, 1105, 1132–1138, 1140, 1142, 1149–1152, 1154
   entcertlib.py2866278%36, 58–59, 62, 65, 67, 74, 77–82, 126–128, 153–161, 164, 196, 200, 202, 206, 223–225, 240, 242–243, 272, 351, 360, 410–411, 413–414, 416, 462, 474, 498, 510–514, 516–519, 521, 526–527, 529–530, 532
   identity.py1325161%59–62, 66, 71–78, 81, 84–85, 88–89, 92, 94, 97, 105–106, 111–118, 121–126, 129–131, 134, 161, 169, 193–195, 210–212, 216, 219
   identitycertlib.py360100% 
   managerlib.py48014370%67–73, 78, 81–82, 87–90, 92, 113–118, 120–125, 185–189, 244, 247–249, 251–252, 349, 357, 382, 415, 515–516, 518–522, 524–525, 529–530, 532–534, 536, 540, 542–545, 556, 558, 591, 621–623, 628–630, 634–635, 637, 654, 656–657, 665–668, 670–673, 721–724, 745, 786, 808–810, 812, 815–816, 842–844, 846, 857, 871–874, 876–879, 883–886, 888, 891, 894–895, 899–902, 904, 907–908, 910–913, 915, 919–922, 930–936, 938–939
   repolib.py3554387%75–80, 83, 88, 92, 222–223, 233–236, 238, 382–385, 387–388, 390, 392, 394–396, 407–411, 413–414, 457–460, 468–469, 476, 532, 620
subscription_manager/scripts
   rhsmcertd_worker.py20514031%50–53, 95, 100–103, 108–109, 114–117, 157, 177–179, 181–183, 187, 196, 198, 202–204, 208, 211–214, 217, 220–221, 227–229, 231–236, 238–239, 241–247, 249–250, 252–253, 263, 265, 267–268, 285, 288–289, 292, 295, 297–298, 301–303, 306, 310–315, 319–321, 325–328, 331, 335–337, 339, 342, 347, 349, 351–354, 356–358, 360–361, 365, 367, 369, 371, 373–375, 377, 379, 381, 383–384, 386–390, 396–397, 401, 403, 407, 409–410, 417–418, 428–431, 436–441, 445
TOTAL22318933058% 

Tests Skipped Failures Errors Time
2376 11 💤 0 ❌ 0 🔥 38.998s ⏱️

Copy link
Contributor

@jirihnidek jirihnidek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current code LGTM

@m-horky m-horky force-pushed the mhorky/cct67-automatic-registration-1.28 branch from 7af3f9f to 3fadb47 Compare June 6, 2024 07:50
m-horky and others added 17 commits October 2, 2024 11:48
The code for it was removed in 3095f59 (2021-09).

(Cherry picked from 1844d95)
* Card ID: CCT-67 (main branch)
* Card ID: CCT-69 (backport)

- /cloud/authorize?version=2: New
- /consumers/{uuid}/certificates: Added 'Authorization' header

(Cherry-picked from 43f57ca)
* Card ID: CCT-67 (main branch)
* Card ID: CCT-69 (backport)

The token we receive from Candlepin is valid for two days and should be
kept even when the system is restarted. This cache files is used to
make sure it persists.

(Cherry-picked from ccc03e4)
* Card ID: CCT-67 (main branch)
* Card ID: CCT-69 (backport)

An abstraction managing anonymous entitlement certificates.

(Cherry-picked from 23db3a4)
This patch creates a system for exit codes used by the worker. This way
the C wrapper may be able to understand what happened inside of the
application and alter its behavior.

(Cherry-picked from f19eb00)
* Card ID: CCT-67 (main branch)
* Card ID: CCT-69 (backport)

This patch implements the standard and anonymous flows for automatic
cloud registration.

(Cherry-picked from eba1a76)
* Card ID: CCT-67 (main branch)
* Card ID: CCT-69 (backport)

(Cherry-picked from b70aaf8)
* Card ID: CCT-67 (main branch)
* Card ID: CCT-69 (backport)

The delay was introduced in early versions of the code when Python was
not reliable for long-running tasks. Since we want to make automatic
registration in both standard and anonymous flow to be as fast as
possible, this delay is removed.

This splay period is now performed by the Python code in case the we
have obtained the anonymous entitlement certificates; before we ask for
the identity certificate.

(Cherry-picked from cb18b79)
* Card ID: CCT-66 (main branch)
* Card ID: CCT-67 (backport)

During the first phase of anonymous cloud registration, the system has
valid entitlement certificates that aren't associated with any consumer.

We shouldn't be reporting missing identity. Previously this was an error
state that was not valid, but with automatic registration it is possible
to have a system consuming content that does not have an identity, for
a transition period before it is part of an anonymous or claimed
organization.

(Cherry-picked from 4820e5f)
Originally fixed through ENT-5549, we need this patch in RHEL 8 as well.

(Cherry-picked from bdb6a07)
Move the code that performs the waiting/delay during automatic
registration in its own function; this way it can be reused also in
other places.

This is only a code recfatoring, there is no behaviour changes.

(cherry picked from commit 85544b2)
The initial delay when performing the standard autoregistration used to
be done directly in rhsmcertd (the C daemon). When the anonymous
autoregistration was implemented, since it has to start immediately,
that delay in rhsmcertd was dropped in favour of doing it "inline"
during the autoregistration. The waiting was added only during the
anonymous autoregistration flow and not during the standard
autoregistration.

Hence, add the autoregistration wait/delay before performing the
standard autoregistration, restoring the previous behaviour.

(cherry picked from commit 0d27a59)
@ptoscano ptoscano force-pushed the mhorky/cct67-automatic-registration-1.28 branch from d691dc4 to 26e9d1d Compare October 2, 2024 09:48
* Card ID: CCT-759

We have to ensure we normalize the headers before we search for the
Retry-After header.

(cherry picked from commit 4c8a44a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants