build(snap): Upgrade snap base to core22, upgrade env file loading logic #4530
Conversation
Signed-off-by: Mengyi Wang <[email protected]>
Signed-off-by: Mengyi Wang <[email protected]>
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #4530 +/- ##
=======================================
Coverage 41.54% 41.54%
=======================================
Files 106 106
Lines 9764 9764
=======================================
Hits 4056 4056
Misses 5362 5362
Partials 346 346 |
Signed-off-by: Mengyi Wang <[email protected]>
|
Kudos, SonarCloud Quality Gate passed!
|
There was a problem hiding this comment.
I just realized that this has causes a regression because the additional ACL roles, set via the EDGEX_ADD_REGISTRY_ACL_ROLES env var are no longer passed to the security bootstrapper.
All external services that don't have the ACL role by default (device virtual, device-rest) fail with a similar error:
level=ERROR ts=2023-05-07T03:08:18.937346124Z app=device-mqtt source=bootstrap.go:48 msg="failed to create provider for all-services: failed to get Configuration Provider (consul) access token: HTTP response with status code 400, message: failed to generate Consul token using [device-mqtt]: {\"errors\":[\"role \\\"device-mqtt\\\" not found\"]}\n"
The env file gets generated locally:
$ sudo cat /var/snap/edgexfoundry/current/config/security-bootstrapper/overrides.env
# Sys-gen env vars from snap options:
EDGEX_ADD_REGISTRY_ACL_ROLES="app-functional-tests,app-rules-engine,app-http-export,app-mqtt-export,app-external-mqtt-trigger,app-push-to-core,app-rfid-llrp-inventory,application-service,device-camera,device-mqtt,device-modbus,device-coap,device-snmp,device-gpio,device-bacnet,device-grove,device-uart,device-rfid-llrp,device-usb-camera,device-onvif-camera,edgex-ekuiper"
But it isn't sourced before starting the service. See inline comments.
| if [ -z $ENV_FILE ]; then | ||
| ENV_FILE="$SNAP_DATA/config/$SERVICE/res/$SERVICE.env" | ||
| fi |
There was a problem hiding this comment.
This removes the possibility of passing $ENV_FILE from outside. The security-consul-bootstrapper and security-bootstrapper-redis apps use a different path, set inside the snapcraft.yaml file.
| after: | ||
| - security-secretstore-setup | ||
| command: bin/setup-redis-acl.sh | ||
| command-chain: | ||
| - bin/service-config-overrides.sh | ||
| - bin/source-env-file.sh | ||
| environment: | ||
| ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env |
There was a problem hiding this comment.
ENV_FILE should be changed to $SNAP_DATA/config/security-bootstrapper/overrides.env
| after: | ||
| - security-secretstore-setup | ||
| command: bin/setup-consul-acl.sh | ||
| command-chain: | ||
| - bin/service-config-overrides.sh | ||
| - bin/source-env-file.sh | ||
| environment: | ||
| ENV_FILE: $SNAP_DATA/config/security-bootstrapper/res/security-bootstrapper.env |
There was a problem hiding this comment.
ENV_FILE should be changed to $SNAP_DATA/config/security-bootstrapper/overrides.env
This PR upgrades the snap base from core20 to core22, and also upgrades env file loading logic to incorporate the following fixes:
If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-go/blob/main/.github/Contributing.md
PR Checklist
Please check if your PR fulfills the following requirements:
BREAKING CHANGE:describing the break)Testing Instructions
New Dependency Instructions (If applicable)