daemon,o/devicestate,asserts: add confdb-control api #15104
Conversation
github-actions
bot
added
the
Needs Documentation -auto-
|
Mon Feb 24 08:47:33 UTC 2025 No spread failures reported |
daemon/api_confdb.go
Outdated
| return BadRequest(fmt.Sprintf(`"confdbs" feature flag is disabled: set '%s' to true`, confName)) | ||
| _, confName := feature.ConfigOption() | ||
| return BadRequest( | ||
| fmt.Sprintf(`"%s" feature flag is disabled: set '%s' to true`, feature.String(), confName), |
There was a problem hiding this comment.
nitpick: can be simplified
| fmt.Sprintf(`"%s" feature flag is disabled: set '%s' to true`, feature.String(), confName), | |
| fmt.Sprintf(`feature flag %q is disabled: set '%s' to true`, feature, confName), |
daemon/api_confdb.go
Outdated
| func getOrCreateConfdbControl(st *state.State, devMgr *devicestate.DeviceManager) (*confdb.Control, int, error) { | ||
| serial, err := devMgr.Serial() | ||
| if err != nil { | ||
| return nil, 0, errors.New("device has no serial assertion") |
There was a problem hiding this comment.
this should wrap the returned error, this seems like a potential oversimplification
There was a problem hiding this comment.
I had checked the possible errors and some wouldn't be meaningful to the API user (like no state entry for key) and some are already captured in the simplified message (like serial assertion not found):
internal error: could not unmarshal state entry %q: %v # device state broken
no state entry for key
serial assertion not found
cannot find %q assertions for format %d higher than supported format %d # assertion format changed
These ones cannot occur unless the overlord/devicestate findSerial implementation changes:
internal error: assertion type cannot be nil
internal error: unknown assertion type serial
must provide primary key: %v # primary key not in provided headers
internal error: unpredefined assertion type for name %q used (unexpected address %p)
# ^ unknown assertion type
But I agree that wrapping would be useful for debugging since the errors are not logged.
daemon/api_confdb.go
Outdated
| } | ||
|
|
||
| // getOrCreateConfdbControl returns the confdb.Control base to build the next revision of the assertion. | ||
| func getOrCreateConfdbControl(st *state.State, devMgr *devicestate.DeviceManager) (*confdb.Control, int, error) { |
There was a problem hiding this comment.
This is a bit inconsistent, it's returning the delegations of the last assertion but the revision number for the new one. Returning the asserts.ConfdbControl might be clearer:
| func getOrCreateConfdbControl(st *state.State, devMgr *devicestate.DeviceManager) (*confdb.Control, int, error) { | |
| func getLatestConfdbControl(st *state.State, devMgr *devicestate.DeviceManager) (*asserts.Control, error) { |
daemon/api_confdb.go
Outdated
| if err != nil && !config.IsNoOption(err) { | ||
| return InternalError(fmt.Sprintf("internal error: cannot check confdbs feature flag: %s", err)) | ||
| return InternalError( | ||
| fmt.Sprintf("internal error: cannot check %s feature flag: %s", feature.String(), err), |
There was a problem hiding this comment.
| fmt.Sprintf("internal error: cannot check %s feature flag: %s", feature.String(), err), | |
| fmt.Sprintf("internal error: cannot check feature flag %q: %s", feature, err), |
daemon/api_confdb_test.go
Outdated
| c.Check(rspe.Message, Equals, `"confdb-control" feature flag is disabled: set 'experimental.confdb-control' to true`) | ||
| } | ||
|
|
||
| func (s *confdbSuite) TestValidateFeatureFlagErr(c *C) { |
There was a problem hiding this comment.
This isn't testing much in the daemon itself. IMO it's not really worth exporting validateFeature to cover a single line of error handling.
daemon/export_test.go
Outdated
| func ValidateFeatureFlag(st *state.State, feature features.SnapdFeature) *apiError { | ||
| return validateFeatureFlag(st, feature) | ||
| } |
There was a problem hiding this comment.
but if we keep it this can be shortened
| func ValidateFeatureFlag(st *state.State, feature features.SnapdFeature) *apiError { | |
| return validateFeatureFlag(st, feature) | |
| } | |
| var ValidateFeatureFlag = validateFeatureFlag |
daemon/api_confdb.go
Outdated
| } | ||
|
|
||
| // getOrCreateConfdbControl returns the confdb.Control base to build the next revision of the assertion. | ||
| func getOrCreateConfdbControl(st *state.State, devMgr *devicestate.DeviceManager) (*confdb.Control, int, error) { |
There was a problem hiding this comment.
it feels like for consistency maybe this also belong to devicestate in some form?
st3v3nmw
changed the title
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #15104 +/- ##
========================================
Coverage 78.07% 78.07%
========================================
Files 1182 1181 -1
Lines 157743 158004 +261
========================================
+ Hits 123154 123369 +215
- Misses 26943 26974 +31
- Partials 7646 7661 +15
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
This PR adds the confdb-control API as specified in SD186.
I've removed the mandatory requirement for
groupssince it's possible to have a confdb-control assertion without any delegations. Previously, it would raise an error: