From 56005c8c92f7ffc195c25956b9658fd3483acc13 Mon Sep 17 00:00:00 2001 From: Joe VLcek Date: Thu, 12 Sep 2024 11:36:13 -0400 Subject: [PATCH] feat: Remove autoheal functionality from rhsmcertd Card ID: CCT-723 Removed autoheal sub-command from rhsmcertd because autoheal is useless in pure SCA mode.. --- INSTALL.md | 2 +- etc-conf/rhsm.conf | 2 - etc-conf/rhsmcertd.completion.sh | 2 +- man/asciidoc/rhsm.conf.5.asciidoc | 5 - man/rhsm.conf.5 | 5 - man/rhsmcertd.8 | 24 ++- src/daemons/rhsmcertd.c | 77 +--------- src/subscription_manager/action_client.py | 18 --- src/subscription_manager/healinglib.py | 143 ------------------ .../scripts/rhsmcertd_worker.py | 15 +- test/test_certmgr.py | 45 ------ test/test_healinglib.py | 73 --------- 12 files changed, 20 insertions(+), 391 deletions(-) delete mode 100644 src/subscription_manager/healinglib.py delete mode 100644 test/test_healinglib.py diff --git a/INSTALL.md b/INSTALL.md index d3566b2647..09a6962927 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -100,7 +100,7 @@ Other versions or distributions may require some adaptation. alias rhsmcertd="sudo \ PYTHONPATH=/path/to/subscription-manager/src \ $(which python3) \ - -m subscription_manager.scripts.rhsmcertd_worker --autoheal" + -m subscription_manager.scripts.rhsmcertd_worker" ``` Before you run rhsm service manually, ensure you have disabled the system service first: diff --git a/etc-conf/rhsm.conf b/etc-conf/rhsm.conf index 5fec341697..b0553f2ac4 100644 --- a/etc-conf/rhsm.conf +++ b/etc-conf/rhsm.conf @@ -87,8 +87,6 @@ progress_messages = 1 [rhsmcertd] # Interval to run cert check (in minutes): certCheckInterval = 240 -# Interval to run auto-attach (in minutes): -autoAttachInterval = 1440 # If set to zero, the checks done by the rhsmcertd daemon will not be splayed (randomly offset) splay = 1 # If set to 1, rhsmcertd will not execute. diff --git a/etc-conf/rhsmcertd.completion.sh b/etc-conf/rhsmcertd.completion.sh index 24e0e2a2ce..1f82e5894d 100644 --- a/etc-conf/rhsmcertd.completion.sh +++ b/etc-conf/rhsmcertd.completion.sh @@ -11,7 +11,7 @@ _rhsmcertd() first="${COMP_WORDS[1]}" cur="${COMP_WORDS[COMP_CWORD]}" prev="${COMP_WORDS[COMP_CWORD-1]}" - opts="-h --help -c --cert-check-interval --cert-interval -d --debug --heal-interval -i --auto-attach-interval -n --now -s --no-splay -a --auto-registration -r --auto-registration-interval" + opts="-h --help -c --cert-check-interval --cert-interval -d --debug -i -n --now -s --no-splay -a --auto-registration -r --auto-registration-interval" case "${cur}" in -*) diff --git a/man/asciidoc/rhsm.conf.5.asciidoc b/man/asciidoc/rhsm.conf.5.asciidoc index 90bd2bd66e..b2eb48dc78 100644 --- a/man/asciidoc/rhsm.conf.5.asciidoc +++ b/man/asciidoc/rhsm.conf.5.asciidoc @@ -129,11 +129,6 @@ pluginConfDir:: certCheckInterval:: The number of minutes between runs of the *rhsmcertd* daemon -autoAttachInterval:: - The number of minutes between attempts to run auto-attach on this - consumer. - - AUTHOR ------ Bryan Kearney diff --git a/man/rhsm.conf.5 b/man/rhsm.conf.5 index 3ba69dbe05..925f4b5c73 100644 --- a/man/rhsm.conf.5 +++ b/man/rhsm.conf.5 @@ -240,11 +240,6 @@ The number of minutes between runs of the daemon .RE .PP -autoAttachInterval -.RS 4 -The number of minutes between attempts to run auto\-attach on this consumer\&. -.RE -.PP splay .RS 4 1 to enable splay. 0 to disable splay. If enabled, this feature delays the initial auto attach and cert check by an amount between 0 seconds and the interval given for the action being delayed. For example if the diff --git a/man/rhsmcertd.8 b/man/rhsmcertd.8 index ea2143c268..4623ac7ffe 100644 --- a/man/rhsmcertd.8 +++ b/man/rhsmcertd.8 @@ -3,12 +3,12 @@ rhsmcertd \- Periodically scans and updates the entitlement certificates on a registered system. .SH SYNOPSIS -rhsmcertd [--cert-check-interval=MINUTES] [--auto-attach-interval=MINUTES] [--auto-registration-interval] [--no-splay] [--now] [--auto-registration] [--debug] [--help] +rhsmcertd [--cert-check-interval=MINUTES] [--auto-registration-interval] [--no-splay] [--now] [--auto-registration] [--debug] [--help] .PP .I Deprecated usage .PP -rhsmcertd [\fIcertInterval autoattachInterval\fP] +rhsmcertd [\fIcertInterval\fP] .SH DESCRIPTION Red Hat provides content updates and support by issuing @@ -21,7 +21,7 @@ When subscriptions are applied to a system or when new subscriptions are availab process runs periodically to check for changes in the subscriptions available to a machine by updating the entitlement certificates installed on the machine and by installing new entitlement certificates as they're available. .PP -At a defined interval, the process checks with the subscription management service to see if any new subscriptions are available to the system. If there are, it pulls in the associated subscription certificates. If any subscriptions have expired and new subscriptions are available, then the \fBrhsmcertd\fP process will automatically request those subscriptions. By default, the initial auto-attach is delayed by a random amount of seconds from zero to the \fBautoAttachInterval\fP. The initial cert check is delayed by a random amount of seconds from zero to \fBcertCheckInterval\fP. +At a defined interval, the process checks with the subscription management service to see if any new subscriptions are available to the system. If there are, it pulls in the associated subscription certificates. If any subscriptions have expired and new subscriptions are available, then the \fBrhsmcertd\fP process will automatically request those subscriptions. By default, the initial cert check is delayed by a random amount of seconds from zero to \fBcertCheckInterval\fP. .PP This \fbrhsmcertd\fP process can also perform automatic registration, when VM is running in the public cloud. Three public cloud providers are supported: AWS, Azure and GCP. When it is desired to perform automatic registration by rhsmcertd, then it is also necessary to configure mapping of "Cloud ID" to "RHSM organization ID" on https://cloud.redhat.com. @@ -33,7 +33,7 @@ rhsmcertd-worker.py script to perform the certificate add and update operations. .PP -Both the certificate interval and the auto-attach interval are configurable and can be reset through the \fBrhsmcertd\fP daemon itself or by editing the Subscription Manager \fB/etc/rhsm/rhsm.conf\fP file. +The certificate interval is configurable and can be reset through the \fBrhsmcertd\fP daemon itself or by editing the Subscription Manager \fB/etc/rhsm/rhsm.conf\fP file. .PP .B rhsmcertd @@ -58,12 +58,6 @@ Resets the interval for checking for new subscription certificates. This value i .B /etc/rhsm/rhsm.conf file are used (unless the argument is passed again). -.TP -.B -i, --auto-attach-interval=MINUTES -Resets the interval for checking for and replacing expired subscriptions. This value is in minutes. The default is 1440, or 24 hours. This interval is in effect until the daemon restarts, and then the values in the -.B /etc/rhsm/rhsm.conf -file are used (unless the argument is passed again). - .TP .B -r, --auto-registration-interval=MINUTES Resets the interval for automatic registration. This value is in minutes. The default is 60, or 1 hour. This interval is in effect until the daemon restarts, and then the values in the @@ -93,22 +87,22 @@ service rhsmcertd stop rhsmcertd --cert-check-interval=240 .fi -.SS RUNNING CERTIFICATE AND HEALING SCANS IMMEDIATELY -Normally, the certificate and auto-attach scans are run periodically, on a schedule defined in the \fBrhsmcertd\fP configuration. The scans can be run immediately -- which is useful if an administrator knows that there are new subscriptions available -- and then the scans resume their schedules. +.SS RUNNING CERTIFICATE SCANS IMMEDIATELY +Normally, the certificate scans are run periodically, on a schedule defined in the \fBrhsmcertd\fP configuration. The scans can be run immediately -- which is useful if an administrator knows that there are new subscriptions available -- and then the scans resume their schedules. .nf service rhsmcertd stop rhsmcertd -n .fi .SS DEPRECATED USAGE -\fBrhsmcertd\fP used to allow the certificate and auto-attach intervals to be reset simply by passing two integers as arguments. +\fBrhsmcertd\fP used to allow the certificate intervals to be reset simply by passing an integer argument. .PP -\fBrhsmcertd\fP \fIcertInterval autoAttachInterval\fP +\fBrhsmcertd\fP \fIcertInterval\fP .PP For example: .nf service rhsmcertd stop -rhsmcertd 180 480 +rhsmcertd 180 .fi .PP This usage is still allowed, but it is deprecated and not recommended. diff --git a/src/daemons/rhsmcertd.c b/src/daemons/rhsmcertd.c index b7568af375..58cde21ca0 100644 --- a/src/daemons/rhsmcertd.c +++ b/src/daemons/rhsmcertd.c @@ -47,7 +47,6 @@ typedef enum { #define LOGFILE LOGDIR"/rhsmcertd.log" #define LOCKFILE "/var/lock/subsys/rhsmcertd" #define NEXT_CERT_UPDATE_FILE "/run/rhsm/next_cert_check_update" -#define NEXT_AUTO_ATTACH_UPDATE_FILE "/run/rhsm/next_auto_attach_update" #define NEXT_AUTO_REGISTER_UPDATE_FILE "/run/rhsm/next_auto_register_update" #define WORKER LIBEXECDIR"/rhsmcertd-worker" #define WORKER_NAME WORKER @@ -55,7 +54,6 @@ typedef enum { #define INITIAL_DELAY_SECONDS 120 #define DEFAULT_AUTO_REG_INTERVAL_SECONDS 3600 /* 1 hour */ #define DEFAULT_CERT_INTERVAL_SECONDS 14400 /* 4 hours */ -#define DEFAULT_HEAL_INTERVAL_SECONDS 86400 /* 24 hours */ #define DEFAULT_SPLAY_ENABLED true #define DEFAULT_AUTO_REGISTRATION false #define DEFAULT_LOG_LEVEL LOG_LEVEL_INFO @@ -86,7 +84,6 @@ static LOG_LEVEL log_level = DEFAULT_LOG_LEVEL; static gboolean show_debug = FALSE; static gboolean run_now = FALSE; static gint arg_cert_interval_minutes = -1; -static gint arg_heal_interval_minutes = -1; static gint arg_reg_interval_minutes = -1; static gboolean arg_no_splay = FALSE; static gboolean arg_auto_registration = FALSE; @@ -94,25 +91,13 @@ static int fd_lock = -1; struct CertCheckData { int interval_seconds; - bool heal; char *next_update_file; }; static GOptionEntry entries[] = { - /* marked deprecated as of 02-19-2013, needs to be removed...? */ - {"cert-interval", 0, 0, G_OPTION_ARG_INT, &arg_heal_interval_minutes, - N_("deprecated, see --cert-check-interval"), - "MINUTES"}, {"cert-check-interval", 'c', 0, G_OPTION_ARG_INT, &arg_cert_interval_minutes, N_("interval to run cert check (in minutes)"), "MINUTES"}, - /* marked deprecated as of 11-16-2012, needs to be removed...? */ - {"heal-interval", 0, 0, G_OPTION_ARG_INT, &arg_heal_interval_minutes, - N_("deprecated, see --auto-attach-interval"), - "MINUTES"}, - {"auto-attach-interval", 'i', 0, G_OPTION_ARG_INT, &arg_heal_interval_minutes, - N_("interval to run auto-attach (in minutes)"), - "MINUTES"}, {"auto-registration-interval", 'r', 0, G_OPTION_ARG_INT, &arg_reg_interval_minutes, N_("interval to run auto-registration (in minutes)"), "MINUTES"}, @@ -132,7 +117,6 @@ static GOptionEntry entries[] = { typedef struct _Config { int auto_reg_interval_seconds; - int heal_interval_seconds; int cert_interval_seconds; bool splay; bool auto_registration; @@ -433,7 +417,7 @@ auto_register(gpointer data) } static gboolean -cert_check (gboolean heal) +cert_check (G_GNUC_UNUSED gpointer data) { int status = 0; @@ -443,23 +427,14 @@ cert_check (gboolean heal) exit (EXIT_FAILURE); } if (pid == 0) { - if (heal) { - debug ("(Auto-attach) executing: %s --autoheal", WORKER); - execl (WORKER, WORKER_NAME, "--autoheal", NULL); - } else { - debug ("(Cert check) executing: %s", WORKER); - execl (WORKER, WORKER_NAME, NULL); - } + debug ("(Cert check) executing: %s", WORKER); + execl (WORKER, WORKER_NAME, NULL); _exit (errno); } waitpid (pid, &status, 0); status = WEXITSTATUS (status); char *action = "Cert Check"; - if (heal) { - action = "Auto-attach"; - } - if (status == 0) { info ("(%s) Certificates updated.", action); } else { @@ -474,11 +449,11 @@ static gboolean initial_cert_check (gpointer data) { struct CertCheckData *cert_data = data; - cert_check (cert_data->heal); + cert_check (NULL); // Add the timeout to begin waiting on interval but offset by the initial // delay. g_timeout_add (cert_data->interval_seconds * 1000, - (GSourceFunc) cert_check, (gpointer) cert_data->heal); + (GSourceFunc) cert_check, NULL); g_timeout_add (cert_data->interval_seconds * 1000, (GSourceFunc) log_update_from_cert_data, (gpointer) cert_data); @@ -615,17 +590,6 @@ key_file_init_config (Config * config, GKeyFile * key_file) config->cert_interval_seconds = cert_frequency * 60; } - int heal_frequency = get_int_from_config_file (key_file, "rhsmcertd", - "healFrequency"); - int auto_attach_interval = get_int_from_config_file (key_file, "rhsmcertd", - "autoAttachInterval"); - if (auto_attach_interval > 0) { - config->heal_interval_seconds = auto_attach_interval * 60; - } - else if (heal_frequency > 0) { - config->heal_interval_seconds = heal_frequency * 60; - } - bool splay_enabled = get_bool_from_config_file (key_file, "rhsmcertd", "splay", DEFAULT_SPLAY_ENABLED); config->splay = splay_enabled; @@ -682,7 +646,7 @@ key_file_init_config (Config * config, GKeyFile * key_file) void deprecated_arg_init_config (Config * config, int argc, char *argv[]) { - if (argc != 3) { + if (argc != 2) { error ("Wrong number of arguments specified."); print_argument_error(N_("Wrong number of arguments specified.\n")); free (config); @@ -690,7 +654,6 @@ deprecated_arg_init_config (Config * config, int argc, char *argv[]) } config->cert_interval_seconds = atoi (argv[1]) * 60; - config->heal_interval_seconds = atoi (argv[2]) * 60; } bool @@ -701,10 +664,6 @@ opt_parse_init_config (Config * config) config->cert_interval_seconds = arg_cert_interval_minutes * 60; } - if (arg_heal_interval_minutes != -1) { - config->heal_interval_seconds = arg_heal_interval_minutes * 60; - } - if (arg_reg_interval_minutes != -1) { config->auto_reg_interval_seconds = arg_reg_interval_minutes * 60; } @@ -719,7 +678,6 @@ opt_parse_init_config (Config * config) // Let the caller know if opt parser found arg values // for the intervals. return arg_cert_interval_minutes != -1 - || arg_heal_interval_minutes != -1 || arg_reg_interval_minutes != -1 || arg_no_splay != FALSE || arg_auto_registration != FALSE; @@ -734,7 +692,6 @@ get_config (int argc, char *argv[]) // Set the default values config->auto_reg_interval_seconds = DEFAULT_AUTO_REG_INTERVAL_SECONDS; config->cert_interval_seconds = DEFAULT_CERT_INTERVAL_SECONDS; - config->heal_interval_seconds = DEFAULT_HEAL_INTERVAL_SECONDS; config->splay = DEFAULT_SPLAY_ENABLED; config->auto_registration = DEFAULT_AUTO_REGISTRATION; @@ -823,7 +780,6 @@ main (int argc, char *argv[]) // up its resources more reliably in case of error. int auto_reg_interval_seconds = config->auto_reg_interval_seconds; int cert_interval_seconds = config->cert_interval_seconds; - int heal_interval_seconds = config->heal_interval_seconds; bool splay_enabled = config->splay; bool auto_reg_enabled = config->auto_registration; free (config); @@ -861,8 +817,6 @@ main (int argc, char *argv[]) } else { debug ("Auto-registration disabled"); } - info ("Auto-attach interval: %.1f minutes [%d seconds]", - heal_interval_seconds / 60.0, heal_interval_seconds); info ("Cert check interval: %.1f minutes [%d seconds]", cert_interval_seconds / 60.0, cert_interval_seconds); @@ -873,12 +827,10 @@ main (int argc, char *argv[]) // NOTE: We put the initial checks on a timer so that in the case of systemd, // we can ensure that the network interfaces are all up before the initial // checks are done. - int auto_attach_initial_delay = 0; int cert_check_initial_delay = 0; if (run_now) { info ("Initial checks will be run now!"); } else { - int auto_attach_offset = 0; int cert_check_offset = 0; if (splay_enabled == true) { unsigned long int seed; @@ -916,13 +868,9 @@ main (int argc, char *argv[]) } #endif srand((unsigned int) seed); - auto_attach_offset = gen_random(heal_interval_seconds); cert_check_offset = gen_random(cert_interval_seconds); } - auto_attach_initial_delay = INITIAL_DELAY_SECONDS + auto_attach_offset; - info ("Waiting %.1f minutes plus %d splay seconds [%d seconds total] before performing first auto-attach.", - INITIAL_DELAY_SECONDS / 60.0, auto_attach_offset, auto_attach_initial_delay); cert_check_initial_delay = INITIAL_DELAY_SECONDS + cert_check_offset; info ("Waiting %.1f minutes plus %d splay seconds [%d seconds total] before performing first cert check.", INITIAL_DELAY_SECONDS / 60.0, cert_check_offset, cert_check_initial_delay); @@ -930,35 +878,24 @@ main (int argc, char *argv[]) struct CertCheckData auto_register_data; auto_register_data.interval_seconds = auto_reg_interval_seconds; - auto_register_data.heal = false; auto_register_data.next_update_file = NEXT_AUTO_REGISTER_UPDATE_FILE; struct CertCheckData cert_check_data; cert_check_data.interval_seconds = cert_interval_seconds; - cert_check_data.heal = false; cert_check_data.next_update_file = NEXT_CERT_UPDATE_FILE; - struct CertCheckData auto_attach_data; - auto_attach_data.interval_seconds = heal_interval_seconds; - auto_attach_data.heal = true; - auto_attach_data.next_update_file = NEXT_AUTO_ATTACH_UPDATE_FILE; - if (auto_reg_enabled) { auto_register((gpointer) &auto_register_data); } g_timeout_add (cert_check_initial_delay * 1000, (GSourceFunc) initial_cert_check, (gpointer) &cert_check_data); - g_timeout_add (auto_attach_initial_delay * 1000, - (GSourceFunc) initial_cert_check, (gpointer) &auto_attach_data); // NB: we only use cert_interval_seconds when calculating the next update - // time. This works for most users, since the cert_interval aligns with - // runs of heal_interval (i.e., heal_interval % cert_interval = 0) + // time. if (auto_reg_enabled) { log_update (0, NEXT_AUTO_REGISTER_UPDATE_FILE); } log_update (cert_check_initial_delay, NEXT_CERT_UPDATE_FILE); - log_update (auto_attach_initial_delay, NEXT_AUTO_ATTACH_UPDATE_FILE); GMainLoop *main_loop = g_main_loop_new (main_context, FALSE); g_main_loop_run (main_loop); diff --git a/src/subscription_manager/action_client.py b/src/subscription_manager/action_client.py index fc2a33f834..66098b257b 100644 --- a/src/subscription_manager/action_client.py +++ b/src/subscription_manager/action_client.py @@ -26,7 +26,6 @@ from subscription_manager.entcertlib import EntCertActionInvoker from subscription_manager.identitycertlib import IdentityCertActionInvoker -from subscription_manager.healinglib import HealingActionInvoker from subscription_manager.factlib import FactsActionInvoker from subscription_manager.packageprofilelib import PackageProfileActionInvoker from subscription_manager.installedproductslib import InstalledProductsActionInvoker @@ -63,23 +62,6 @@ def _get_libset(self) -> List["BaseActionInvoker"]: return lib_set -class HealingActionClient(base_action_client.BaseActionClient): - def _get_libset(self) -> List["BaseActionInvoker"]: - self.entcertlib = EntCertActionInvoker() - self.installedprodlib = InstalledProductsActionInvoker() - self.syspurposelib = SyspurposeSyncActionInvoker() - self.healinglib = HealingActionInvoker() - - lib_set: List[BaseActionInvoker] = [ - self.installedprodlib, - self.syspurposelib, - self.healinglib, - self.entcertlib, - ] - - return lib_set - - # it may make more sense to have *Lib.cleanup actions? # *Lib things are weird, since some are idempotent, but # some are not. entcertlib/repolib .update can both install diff --git a/src/subscription_manager/healinglib.py b/src/subscription_manager/healinglib.py deleted file mode 100644 index 737585a3f3..0000000000 --- a/src/subscription_manager/healinglib.py +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright (c) 2013 Red Hat, Inc. -# -# This software is licensed to you under the GNU General Public License, -# version 2 (GPLv2). There is NO WARRANTY for this software, express or -# implied, including the implied warranties of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 -# along with this software; if not, see -# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. -# -# Red Hat trademarks are not licensed under GPLv2. No permission is -# granted to use or replicate Red Hat trademarks that are incorporated -# in this software or its documentation. -# - -import datetime -import logging -from typing import List, TYPE_CHECKING - -from rhsm import certificate - -from subscription_manager import certlib -from subscription_manager import entcertlib -from subscription_manager import injection as inj - -if TYPE_CHECKING: - from subscription_manager.cert_sorter import CertSorter - from subscription_manager.identity import Identity - from subscription_manager.plugins import PluginManager - from rhsm.connection import UEPConnection - from subscription_manager.cp_provider import CPProvider - -log = logging.getLogger(__name__) - - -class HealingActionInvoker(certlib.BaseActionInvoker): - """ - An object used to run healing nightly. Checks cert validity for today, heals - if necessary, then checks for 24 hours from now, so we theoretically will - never have invalid certificates if subscriptions are available. - - NOTE: We may update entitlement status in this class, but we do not - update entitlement certs, since we are inside a lock. So a - EntCertActionInvoker.update() needs to follow a HealingActionInvoker.update() - """ - - def _do_update(self) -> int: - action = HealingUpdateAction() - return action.perform() - - -class HealingUpdateAction: - """UpdateAction for ent cert healing. - - Core if entitlement certificate healing. - - Asks RHSM API to calculate entitlement status today, and tomorrow. - If either show incomplete entitlement, ask the RHSM API to - auto attach pools to fix entitlement. - - Attempts to avoid gaps in entitlement coverage. - - Used by subscription-manager if the "autoheal" options - are enabled. - - Returns an EntCertUpdateReport with information about any ent - certs that were changed. - - Plugin hooks: - pre_auto_attach - post_auto_attach - """ - - def __init__(self): - self.cp_provider: CPProvider = inj.require(inj.CP_PROVIDER) - self.uep: UEPConnection = self.cp_provider.get_consumer_auth_cp() - self.report: entcertlib.EntCertUpdateReport = entcertlib.EntCertUpdateReport() - self.plugin_manager: PluginManager = inj.require(inj.PLUGIN_MANAGER) - - def perform(self): - # inject - identity: Identity = inj.require(inj.IDENTITY) - uuid: str = identity.uuid - consumer: dict = self.uep.getConsumer(uuid) - - if "autoheal" not in consumer or not consumer["autoheal"]: - log.warning("Auto-heal disabled on server, skipping.") - return 0 - - try: - today: datetime.datetime = datetime.datetime.now(certificate.GMT()) - tomorrow: datetime.datetime = today + datetime.timedelta(days=1) - valid_today: bool = False - valid_tomorrow: bool = False - - # Check if we're invalid today and heal if so. If we are - # valid, see if 24h from now is greater than our "valid until" - # date, and heal for tomorrow if so. - - cs: CertSorter = inj.require(inj.CERT_SORTER) - - cert_updater = entcertlib.EntCertActionInvoker() - if not cs.is_valid(): - log.warning("Found invalid entitlements for today: %s" % today) - self.plugin_manager.run("pre_auto_attach", consumer_uuid=uuid) - ents: List[dict] = self.uep.bind(uuid, today) - self.plugin_manager.run("post_auto_attach", consumer_uuid=uuid, entitlement_data=ents) - - # NOTE: we need to call EntCertActionInvoker.update after Healing.update - # otherwise, the locking get's crazy - # hmm, we use RLock, maybe we could use it here - self.report = cert_updater.update() - else: - valid_today = True - - if cs.compliant_until is None: - # Edge case here, not even sure this can happen as we - # should have a compliant until date if we're valid - # today, but just in case: - log.warning("Got valid status from server but no valid until date.") - elif tomorrow > cs.compliant_until: - log.warning("Entitlements will be invalid by tomorrow: %s" % tomorrow) - self.plugin_manager.run("pre_auto_attach", consumer_uuid=uuid) - ents = self.uep.bind(uuid, tomorrow) - self.plugin_manager.run("post_auto_attach", consumer_uuid=uuid, entitlement_data=ents) - self.report = cert_updater.update() - else: - valid_tomorrow = True - - msg = "Entitlement auto healing was checked and entitlements" - if valid_today: - msg += " are valid today %s" % today - if valid_tomorrow: - msg += " and tomorrow %s" % tomorrow - log.debug(msg) - - except Exception as e: - log.error("Error attempting to auto-heal:") - log.exception(e) - self.report._exceptions.append(e) - return self.report - else: - log.debug("Auto-heal check complete.") - return self.report diff --git a/src/subscription_manager/scripts/rhsmcertd_worker.py b/src/subscription_manager/scripts/rhsmcertd_worker.py index 236b095a44..0e90a8e9aa 100644 --- a/src/subscription_manager/scripts/rhsmcertd_worker.py +++ b/src/subscription_manager/scripts/rhsmcertd_worker.py @@ -31,7 +31,7 @@ from subscription_manager import cache from subscription_manager import entcertlib from subscription_manager import managerlib -from subscription_manager.action_client import HealingActionClient, ActionClient +from subscription_manager.action_client import ActionClient from subscription_manager.i18n import ugettext as _ from subscription_manager.i18n_argparse import ArgumentParser, USAGE from subscription_manager.identity import Identity, ConsumerIdentity @@ -330,11 +330,7 @@ def _main(args: "argparse.Namespace"): uep.supports_resource(None) try: - if args.autoheal: - action_client = HealingActionClient() - else: - action_client = ActionClient() - + action_client = ActionClient() action_client.update() for update_report in action_client.update_reports: @@ -366,13 +362,6 @@ def main(): logutil.init_logger() parser = ArgumentParser(usage=USAGE) - parser.add_argument( - "--autoheal", - dest="autoheal", - action="store_true", - default=False, - help="perform an autoheal check", - ) parser.add_argument("--force", dest="force", action="store_true", default=False, help=SUPPRESS) parser.add_argument( "--auto-register", diff --git a/test/test_certmgr.py b/test/test_certmgr.py index 3f64841d23..99586f07f6 100644 --- a/test/test_certmgr.py +++ b/test/test_certmgr.py @@ -30,7 +30,6 @@ from rhsm.profile import RPMProfile from rhsm.connection import GoneException -from rhsm.certificate import GMT from .fixture import SubManFixture, set_up_mock_sp_store @@ -280,47 +279,3 @@ def test_exception_on_cert_write(self, mock_log, mock_cert_build): if call[0] == "exception" and isinstance(call[1][0], ExceptionalException): return self.fail("Did not ExceptionException in the logged exceptions") - - -class TestHealingActionClient(TestActionClient): - def test_healing_no_heal(self): - self.mock_cert_sorter.is_valid = mock.Mock(return_value=True) - self.mock_cert_sorter.compliant_until = datetime.now() + timedelta(days=15) - actionclient = action_client.HealingActionClient() - actionclient.update() - self.assertFalse(self.mock_uep.bind.called) - - def test_healing_needs_heal(self): - # need a stub product dir with prods with no entitlements, - # don't have to mock here since we can actually pass in a product - self.mock_cert_sorter.is_valid = mock.Mock(return_value=False) - actionclient = action_client.HealingActionClient() - actionclient.update() - self.assertTrue(self.mock_uep.bind.called) - - @mock.patch.object(entcertlib.EntitlementCertBundleInstaller, "build_cert") - def test_healing_needs_heal_tomorrow(self, cert_build_mock): - # Valid today, but not valid 24h from now: - self.mock_cert_sorter.is_valid = mock.Mock(return_value=True) - self.mock_cert_sorter.compliant_until = datetime.now(GMT()) + timedelta(hours=6) - cert_build_mock.return_value = (mock.Mock(), self.stub_ent_expires_tomorrow) - - self._stub_certificate_calls([self.stub_ent_expires_tomorrow]) - actionclient = action_client.HealingActionClient() - actionclient.update() - # see if we tried to update certs - self.assertTrue(self.mock_uep.bind.called) - - # TODO: use Mock(wraps=) instead of hiding all logging - @mock.patch("subscription_manager.healinglib.log") - def test_healing_trigger_exception(self, mock_log): - # Forcing is_valid to throw the type error we used to expect from - # cert sorter using the product dir. Just making sure an unexpected - # exception is logged and not bubbling up. - self.mock_cert_sorter.is_valid = mock.Mock(side_effect=TypeError()) - actionclient = action_client.HealingActionClient() - actionclient.update() - for call in mock_log.method_calls: - if call[0] == "exception" and isinstance(call[1][0], TypeError): - return - self.fail("Did not see TypeError in the logged exceptions") diff --git a/test/test_healinglib.py b/test/test_healinglib.py deleted file mode 100644 index 044447cd5d..0000000000 --- a/test/test_healinglib.py +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright (c) 2013 Red Hat, Inc. -# -# This software is licensed to you under the GNU General Public License, -# version 2 (GPLv2). There is NO WARRANTY for this software, express or -# implied, including the implied warranties of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 -# along with this software; if not, see -# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. -# -# Red Hat trademarks are not licensed under GPLv2. No permission is -# granted to use or replicate Red Hat trademarks that are incorporated -# in this software or its documentation. -# - -from unittest import mock - -from . import fixture - -from subscription_manager import healinglib - - -class TestHealingActionInvoker(fixture.SubManFixture): - def setUp(self): - super(TestHealingActionInvoker, self).setUp() - - def test_autoheal_off(self): - mock_uep = mock.Mock() - mock_uep.getConsumer = mock.Mock(return_value=self._consumer()) - self.set_consumer_auth_cp(mock_uep) - - hl = healinglib.HealingActionInvoker() - hl.update() - - def test_autoheal_on(self): - mock_uep = mock.Mock() - consumer = {"autoheal": True} - mock_uep.getConsumer = mock.Mock(return_value=consumer) - self.set_consumer_auth_cp(mock_uep) - - hl = healinglib.HealingActionInvoker() - report = hl.update() - report.print_exceptions() - - def _consumer(self): - consumer = {} - return consumer - - -# FIXME: assert something -class TestHealingUpdateAction(fixture.SubManFixture): - # HealingLib is very thin wrapper to HealingUpdateAction atm, - # so basically the same tests - def setUp(self): - super(TestHealingUpdateAction, self).setUp() - - def test_autoheal_off(self): - mock_uep = mock.Mock() - # nothing set on consumer - consumer = {} - mock_uep.getConsumer = mock.Mock(return_value=consumer) - self.set_consumer_auth_cp(mock_uep) - - hl = healinglib.HealingUpdateAction() - hl.perform() - - def test_autoheal_on(self): - mock_uep = mock.Mock() - consumer = {"autoheal": True} - mock_uep.getConsumer = mock.Mock(return_value=consumer) - self.set_consumer_auth_cp(mock_uep) - - hl = healinglib.HealingUpdateAction() - hl.perform()