Merge branch 'main' into aap-20044

Author: jshimkus-rh

src/aap_eda/services/activation/engine/podman.py

@@ -12,8 +12,6 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-import base64
-import json
 import logging
 import os
 
@@ -31,7 +29,6 @@
     ContainerEngine,
     ContainerRequest,
     ContainerStatus,
-    Credential,
     LogHandler,
 )
 
@@ -73,7 +70,6 @@ def __init__(
                 self.client = get_podman_client()
             LOGGER.debug(self.client.version())
 
-            self.auth_file = None
         except APIError as e:
             LOGGER.error(f"Failed to initialize podman engine: f{e}")
             raise exceptions.ContainerEngineInitError(str(e))
@@ -100,6 +96,11 @@ def cleanup(self, container_id: str, log_handler: LogHandler) -> None:
         # ContainerCleanupError handled by the manager
         except APIError as e:
             raise exceptions.ContainerCleanupError(str(e)) from e
+        finally:
+            # Ensure volumes are purged due to a bug in podman
+            # ref: https://github.com/containers/podman-py/issues/328
+            pruned_volumes = self.client.volumes.prune()
+            LOGGER.info(f"Pruned volumes: {pruned_volumes}")
 
     def _image_exists(self, image_url: str) -> bool:
         try:
@@ -113,7 +114,6 @@ def start(self, request: ContainerRequest, log_handler: LogHandler) -> str:
             raise exceptions.ContainerStartError("Missing image url")
 
         try:
-            self._set_auth_json_file()
             self._login(request)
             LOGGER.info(f"Image URL is {request.image_url}")
             if request.pull_policy == "Always" or not self._image_exists(
@@ -326,44 +326,6 @@ def _login(self, request: ContainerRequest) -> None:
             LOGGER.exception("Login failed: f{e}")
             raise exceptions.ContainerStartError(str(e))
 
-    def _write_auth_json(self, request: ContainerRequest) -> None:
-        if not self.auth_file:
-            LOGGER.debug("No auth file to create")
-            return
-
-        auth_dict = {}
-        if os.path.exists(self.auth_file):
-            with open(self.auth_file, encoding="utf-8") as f:
-                auth_dict = json.load(f)
-
-        if "auths" not in auth_dict:
-            auth_dict["auths"] = {}
-        registry = request.image_url.split("/")[0]
-        auth_dict["auths"][registry] = self._create_auth_key(
-            request.credential
-        )
-
-        with open(self.auth_file, mode="w", encoding="utf-8") as f:
-            json.dump(auth_dict, f, indent=6)
-
-    def _create_auth_key(self, credential: Credential) -> dict:
-        data = f"{credential.username}:{credential.secret}"
-        encoded_data = data.encode("ascii")
-        return {"auth": base64.b64encode(encoded_data).decode("ascii")}
-
-    def _set_auth_json_file(self) -> None:
-        xdg_runtime_dir = os.getenv(
-            "XDG_RUNTIME_DIR", f"/run/user/{os.getuid()}"
-        )
-        auth_file = f"{xdg_runtime_dir}/containers/auth.json"
-        dir_name = os.path.dirname(auth_file)
-        if os.path.exists(dir_name):
-            self.auth_file = auth_file
-            LOGGER.debug("Will use auth file %s", auth_file)
-        else:
-            self.auth_file = None
-            LOGGER.debug("Will not use auth file")
-
     def _pull_image(
         self, request: ContainerRequest, log_handler: LogHandler
     ) -> Image:
@@ -376,7 +338,6 @@ def _pull_image(
                     "username": request.credential.username,
                     "password": request.credential.secret,
                 }
-                self._write_auth_json(request)
             image = self.client.images.pull(request.image_url, **kwargs)
 
             # https://github.com/containers/podman-py/issues/301

src/aap_eda/services/activation/manager.py

@@ -1075,9 +1075,13 @@ def _get_container_request(self) -> ContainerRequest:
     @staticmethod
     def check_new_process_allowed(parent_type: str, parent_id: int) -> bool:
         """Check if a new process is allowed."""
+        if settings.MAX_RUNNING_ACTIVATIONS < 0:
+            return True
+
         num_running_processes = models.RulebookProcess.objects.filter(
             status__in=[ActivationStatus.RUNNING, ActivationStatus.STARTING],
         ).count()
+
         if num_running_processes >= settings.MAX_RUNNING_ACTIVATIONS:
             LOGGER.info(
                 "No capacity to start a new rulebook process. "

src/aap_eda/settings/default.py

@@ -447,6 +447,8 @@ def _get_secret_key() -> str:
 ACTIVATION_MAX_RESTARTS_ON_FAILURE = int(
     settings.get("ACTIVATION_MAX_RESTARTS_ON_FAILURE", 5)
 )
+
+# -1 means no limit
 MAX_RUNNING_ACTIVATIONS = int(settings.get("MAX_RUNNING_ACTIVATIONS", 5))
 
 # ---------------------------------------------------------

tests/integration/services/activation/engine/test_podman.py

@@ -587,27 +587,3 @@ def raise_error(*args, **kwargs):
 
     with pytest.raises(ContainerUpdateLogsError, match="Not found"):
         engine.update_logs("100", log_handler)
-
-
-@pytest.mark.django_db
-def test_set_auth_json(podman_engine):
-    engine = podman_engine
-
-    with mock.patch("os.path.dirname"):
-        engine._set_auth_json_file()
-
-        xdg_runtime_dir = os.getenv(
-            "XDG_RUNTIME_DIR", f"/run/user/{os.getuid()}"
-        )
-
-        assert engine.auth_file == f"{xdg_runtime_dir}/containers/auth.json"
-
-
-@pytest.mark.django_db
-def test_write_auth_json(init_data, podman_engine):
-    engine = podman_engine
-    engine.auth_file = f"{DATA_DIR}/auth.json"
-    request = get_request_with_credential(init_data)
-
-    engine._write_auth_json(request)
-    assert engine.auth_file is not None