osbuild-worker: use the new ostree resolver API (HMS-4773)

[lzap]

For Edge Pulp migration we need the very same thing as repositories (curl) but for ostree input.

[croissanne]

lgtm! thanks

[lzap]

Thanks, amended. For the record, these variables will be used in osbuild input. For commit resolution that happens in composer, I am working on a different patch that will read the config file directly:

osbuild/images#975

Composer part of this will come as another PR.

[lzap]

RPM packaging (unrelated?) failures.

[lzap]

So @achilleas-k wanted me to break the API and clean it up, RHSM/secrets are no longer used, the resolve function now takes a new struct that provides MTLS information.

Tests will fail until change in images is merged.

[lzap]

Amended vastly simplified version after discussion with @achilleas-k and @croissanne

[lzap]

Amended the images library version bump to 0.96 which contains the required change.

[lzap]

There are errors which might be related to this work:

Error: internal/weldr/upload.go:286:15: undefined: distro.BOOT_HYBRID
  Error: internal/weldr/upload.go:288:15: undefined: distro.BOOT_UEFI
  Error: internal/weldr/upload.go:290:15: undefined: distro.BOOT_LEGACY (typecheck)

I see a related change made by @achilleas-k so how are we gonna approach this?

[lzap]

Squashing the boot type minor refactoring.

[lzap]

Note for myself: needs to be rebased on top of #4412

[achilleas-k]

Note for myself: needs to be rebased on top of #4412

Correction: #4448

[achilleas-k]

So this doesn't change anything about the request right? Composer doesn't seem to be configuring anything in the resolve job nor the manifest creation yet?
The PR right now is pulling in the new images library and making it work but it's not reading the option to enable the certs from anywhere.

Is that coming in this PR or are you leaving it for a follow-up? In any case, can you update the PR title and description accordingly?

[lzap]

The PR right now is pulling in the new images library and making it work but it's not reading the option to enable the certs from anywhere.

Correct me if I am wrong, but I thought this osbuild-worker.go hunk does the change. It reads the configuration and applies it for all requests.

I am not planning any follow-up, my intention is to automatically use MTLS configuration for all ostree requests in hosted code path. On-prem ignores MTLS, this is where no configuration is read.

[croissanne]

lgtm overall, would be slightly easier to review if the images update commit would be separate.

[lzap]

Tests looks green, yay.

[achilleas-k]

Thanks. LGTM.

[lzap]

Thank you so much!