-
Notifications
You must be signed in to change notification settings - Fork 897
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[V2V] Refactor ConversionHost to use AuthenticationMixin #18309
Conversation
@fdupont-redhat @agrare Just looking for some feedback here to see if it makes sense to leverage the AuthenticationMixin instead of the current code, while seems a bit clumsy to me. |
Hm I think we were relying on the fact that the underlying resource had the authentication not the conversion host? And a Vm and a Host both include AuthenticationMixin afaik |
We don't exactly rely on the resource authentications. In the case of OpenStack for example, the authentication is associated with the provider, forcing us to have a single key for all conversion hosts of the provider. It was implemented this way to simplify the UX, as it only required to expose the ssh_keypair authentication for the provider. It might be a good idea to revisit this topic with advanced UI for conversion host. |
This pull request is not mergeable. Please rebase and repush. |
This pull request is not mergeable. Please rebase and repush. |
This pull request is not mergeable. Please rebase and repush. |
@agrare Made a few changes. First, it will now use Second, I came around to the idea that iterating over every authentication was not necessary as there should only ever be one associated authentication. Plus, it simplified the code. Third, an AuthPrivateKey is automatically associated with the conversion host if the I've updated the specs, too. Please let me know if there are any other issues and/or if you want me to squash these commits. |
This one should also be |
@miq-bot add_label transformation, enhancement, hammer/yes |
This pull request is not mergeable. Please rebase and repush. |
…authentication_private_keys would include those results.
@agrare I think I've addressed your concerns. The only question mark is the |
…on_private_keys method and instead redefine authentication_key_pairs.
@agrare, just realized there's a minor issue i need to work out for cases where there's no associated authentication. |
@agrare ok, I had to update the rescue handler because otherwise we could get a false positive for |
Checked commits https://github.com/djberg96/manageiq/compare/5bc0dc517fdc68788d16e8d00a63f3dd6a7bf2eb~...002f7b4653511403f4eb6ca1be99b11ac2a73e74 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0 app/models/conversion_host.rb
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -67,7 +67,7 @@ def authentication_tokens | |||
end | |||
|
|||
def authentication_key_pairs | |||
authentications.select { |a| a.kind_of?(ManageIQ::Providers::Openstack::InfraManager::AuthKeyPair) } | |||
authentications.select { |a| a.kind_of?(AuthPrivateKey) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@djberg96 given the issues this causes on other providers I'm going to mark this refactoring hammer/no
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I recall, this was because in public clouds we also store the inventory-refreshed keypairs from the providers in the authentications table, and those happen to also be AuthKeyPair. Querying your key_pairs from the base class thus brings back both MIQ-owned and provider-owned, which is generally not wanted.
What really needs to happen is that we need to either a) move inventory-based key-pairs into a different table or b) create a separate intermediate class.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently there's a lot of hand-crafted ssh handling using the MiqSshUtil library baked into the ConversionHost model that is tied to specific providers. I thought we should leverage the AuthenticationMixin to take advantage of its features.
Specifically, this would give use a direct association between conversion hosts and authentications. This would be beneficial for certain providers, e.g. openstack, where we are currently using credentials set at the provider level. This way, we can set it on a per-resource level for all provider types by setting the authentication on the conversion host instance itself.
This will also be necessary for the UI where users are allowed to upload their own ssh keys.
https://bugzilla.redhat.com/show_bug.cgi?id=1673729https://bugzilla.redhat.com/show_bug.cgi?id=1695861