-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rest-proxy: split out into standalone module #993
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Except the minor note LGTM
daccba7
to
7b9bb5c
Compare
7b9bb5c
to
3cf0f16
Compare
Coverage reportClick to see where and how coverage changed
This report was generated by python-coverage-comment-action |
with closing(arg.config_file): | ||
config = read_config(arg.config_file) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you aren't using the closing arg I don't think you are closing it correctly.
Shouldn't be:
with closing(foo) as bar:
config = read_config(bar)
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can take a look, once again, this is existing code 😉
if "password" in key: | ||
value = "****" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is dangerous, you should keep the info about the secrecy of the field in the context of where its created. Otherwise if tomorrow we add another field like e.g. sentry_api_token
this isn't filtered and there isn't any hint about this indirect dependency.
I suggest to add the filtering in the object itself, you can add to the Config
object a method like:
SENSITIVE_FIELDS: Final = ("registry_password", "ssl_password", "sasl_plain_password", "sasl_oauth_token")
@staticmethod
def is_field_a_secret(self, field_name: str) -> bool:
if field_name not in Config:
raise ValueError(f"{field_name} is not known")
return field_name not in SENSITIVE_FIELDS
In that way the filtering logic its "near" to where the addition/removal/renaming of the property is, its a property of the data structure rather than a piece of coupled code put randomly in another file and that the developer should know to look before adding/removing something far away.
PS I think the logic wasn't covering the sasl_oauth_token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once again, this is existing code 😉
I'd reason around your suggestions and see to add/fix or create follow up items 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of notes, again near to the merge 😄
for ((i = 0; i <= retries; i++)); do | ||
response=$(curl --silent --verbose --fail http://localhost:8083/topics) | ||
|
||
if [[ $response == '["_schemas","__consumer_offsets"]' ]]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would __consumer_offsets
be enough here, the _schemas
is schema registry special.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think testing against _schemas
adds a little bit more coverage as that topic is created from application code and truly verifies the flow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also this is existing code/logic.
@@ -27,6 +27,22 @@ rest) | |||
echo "Starting Karapace REST API" | |||
exec python3 -m karapace.karapace_all /opt/karapace/rest.config.json | |||
;; | |||
rest_proxy) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The case rest)
is not required anymore.
Setting as draft PR, so I can run some system test against this hash. |
About this change - What it does
Make
rest-proxy
component standalone module still running therapu
based webserver, leaving onlyschema_registry
and shared components insrc/karapace
.Why this way
We can make future changes that aid in providing the karapace components as separate services.