Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Clear the inventory data hash on re-authentication #1719

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jo-lund
Copy link

@jo-lund jo-lund commented Dec 18, 2024

This fixes the case where e.g. a third party tool re-authenticates by using the D-Bus API while mender-update is waiting for the next poll interval to expire. The inventory will now be resubmitted when the poll triggers.

Ticket: MEN-7873
Changelog: Title

@mender-test-bot
Copy link

@jo-lund, Let me know if you want to start the integration pipeline by mentioning me and the command "start pipeline".


my commands and options

You can trigger a pipeline on multiple prs with:

  • mentioning me and start pipeline --pr mender/127 --pr mender-connect/255

You can start a fast pipeline, disabling full integration tests with:

  • mentioning me and start pipeline --fast

You can trigger GitHub->GitLab branch sync with:

  • mentioning me and sync

You can cherry pick to a given branch or branches with:

  • mentioning me and:
 cherry-pick to:
 * 1.0.x
 * 2.0.x

@jo-lund
Copy link
Author

jo-lund commented Dec 18, 2024

@mender-test-bot start pipeline

@mender-test-bot
Copy link

Hello 😺 I created a pipeline for you here: Pipeline-1593862884

Build Configuration Matrix

Key Value
BUILD_BEAGLEBONEBLACK true
BUILD_CLIENT true
BUILD_QEMUX86_64_BIOS_GRUB true
BUILD_QEMUX86_64_BIOS_GRUB_GPT true
BUILD_QEMUX86_64_UEFI_GRUB true
BUILD_VEXPRESS_QEMU true
BUILD_VEXPRESS_QEMU_FLASH true
BUILD_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true
INTEGRATION_REV master
MENDER_ARTIFACT_REV master
MENDER_BINARY_DELTA_REV master
MENDER_CLI_REV master
MENDER_CONFIGURE_MODULE_REV master
MENDER_CONNECT_REV master
MENDER_CONVERT_REV master
MENDER_GATEWAY_REV master
MENDER_REV pull/1719/head
MENDER_SETUP_REV master
MENDER_SNAPSHOT_REV master
MONITOR_CLIENT_REV master
RUN_INTEGRATION_TESTS true
TEST_QEMUX86_64_BIOS_GRUB true
TEST_QEMUX86_64_BIOS_GRUB_GPT true
TEST_QEMUX86_64_UEFI_GRUB true
TEST_VEXPRESS_QEMU true
TEST_VEXPRESS_QEMU_FLASH true
TEST_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true

@jo-lund
Copy link
Author

jo-lund commented Dec 19, 2024

@mender-test-bot start pipeline

@mender-test-bot
Copy link

Hello 😺 I created a pipeline for you here: Pipeline-1595533100

Build Configuration Matrix

Key Value
BUILD_BEAGLEBONEBLACK true
BUILD_CLIENT true
BUILD_QEMUX86_64_BIOS_GRUB true
BUILD_QEMUX86_64_BIOS_GRUB_GPT true
BUILD_QEMUX86_64_UEFI_GRUB true
BUILD_VEXPRESS_QEMU true
BUILD_VEXPRESS_QEMU_FLASH true
BUILD_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true
INTEGRATION_REV master
MENDER_ARTIFACT_REV master
MENDER_BINARY_DELTA_REV master
MENDER_CLI_REV master
MENDER_CONFIGURE_MODULE_REV master
MENDER_CONNECT_REV master
MENDER_CONVERT_REV master
MENDER_GATEWAY_REV master
MENDER_REV pull/1719/head
MENDER_SETUP_REV master
MENDER_SNAPSHOT_REV master
MONITOR_CLIENT_REV master
RUN_INTEGRATION_TESTS true
TEST_QEMUX86_64_BIOS_GRUB true
TEST_QEMUX86_64_BIOS_GRUB_GPT true
TEST_QEMUX86_64_UEFI_GRUB true
TEST_VEXPRESS_QEMU true
TEST_VEXPRESS_QEMU_FLASH true
TEST_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true

@jo-lund jo-lund force-pushed the failed-inventory-update branch from 1c44ba8 to 2ff5efa Compare December 19, 2024 10:34
@jo-lund
Copy link
Author

jo-lund commented Dec 19, 2024

@mender-test-bot start pipeline

@mender-test-bot
Copy link

Hello 😺 I created a pipeline for you here: Pipeline-1595781641

Build Configuration Matrix

Key Value
BUILD_BEAGLEBONEBLACK true
BUILD_CLIENT true
BUILD_QEMUX86_64_BIOS_GRUB true
BUILD_QEMUX86_64_BIOS_GRUB_GPT true
BUILD_QEMUX86_64_UEFI_GRUB true
BUILD_VEXPRESS_QEMU true
BUILD_VEXPRESS_QEMU_FLASH true
BUILD_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true
INTEGRATION_REV master
MENDER_ARTIFACT_REV master
MENDER_BINARY_DELTA_REV master
MENDER_CLI_REV master
MENDER_CONFIGURE_MODULE_REV master
MENDER_CONNECT_REV master
MENDER_CONVERT_REV master
MENDER_GATEWAY_REV master
MENDER_REV pull/1719/head
MENDER_SETUP_REV master
MENDER_SNAPSHOT_REV master
MONITOR_CLIENT_REV master
RUN_INTEGRATION_TESTS true
TEST_QEMUX86_64_BIOS_GRUB true
TEST_QEMUX86_64_BIOS_GRUB_GPT true
TEST_QEMUX86_64_UEFI_GRUB true
TEST_VEXPRESS_QEMU true
TEST_VEXPRESS_QEMU_FLASH true
TEST_VEXPRESS_QEMU_UBOOT_UEFI_GRUB true

Copy link
Contributor

@vpodzime vpodzime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me this is not a good way to achieve the desired behavior. It is a working solution, but from a high-level/abstract perspective pulling inventory into the Authenticator is wrong. IMHO, the Authenticator should have zero knowledge (dependency) of (on) things like inventory, deployments checking,..., whatever else.
So let me suggest that we add a new callback to the Authenticator to call on re-authentication. It's a cleaner design and also more future proof because next time we need to do something else in case of re-authentication we won't have to modify the Authenticator itself.

src/api/auth.hpp Outdated
namespace inventory {
class InventoryAPI;
}
} // namespace update
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should not be needed. mender-update/inventory.hpp should be #included instead.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used a forward declaration here exactly to avoid using include, which can reduce compile time etc.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I got it. A nice habit for sure. But we use #ifndef-#define guards that should prevent those issues and we should be consistent.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Include guards and forward declarations are not the same and serve different purposes. When you include a file the whole file will be inserted into the current one together with all the includes in that file as well (as long as they have not been included already because they have defined an include guard). Include guards prevent the same header file from being included multiple times and therefore prevent redefinition of the same symbol.

With forward declarations you get just the symbol with incomplete type. This can reduce compile time substantially, e.g. because you don't need to recompile several files when a header changes.

@jo-lund
Copy link
Author

jo-lund commented Dec 19, 2024

To me this is not a good way to achieve the desired behavior. It is a working solution, but from a high-level/abstract perspective pulling inventory into the Authenticator is wrong. IMHO, the Authenticator should have zero knowledge (dependency) of (on) things like inventory, deployments checking,..., whatever else. So let me suggest that we add a new callback to the Authenticator to call on re-authentication. It's a cleaner design and also more future proof because next time we need to do something else in case of re-authentication we won't have to modify the Authenticator itself.

I agree, but the problem here is that HandleReceivedToken can be called from a dbus signal handler which is decoupled from the state machine itself.

@vpodzime
Copy link
Contributor

a dbus signal handler which is decoupled from the state machine itself

Yes, I know. That's why I told Lluis immediately when discovered this issue that the solution won't be easy and straightforward. But if we allow passing the re-authentication callback as an argument (to the constructor, for example), it can be a lambda with a capture of the inventory_client shared pointer and thus having access to something from the state machine.

@jo-lund
Copy link
Author

jo-lund commented Dec 20, 2024

a dbus signal handler which is decoupled from the state machine itself

Yes, I know. That's why I told Lluis immediately when discovered this issue that the solution won't be easy and straightforward. But if we allow passing the re-authentication callback as an argument (to the constructor, for example), it can be a lambda with a capture of the inventory_client shared pointer and thus having access to something from the state machine.

Yes, that would be a better design, and it would be nice to have a generic API for this. I was actually looking for a publish/subscribe mechanism in the code when implementing this change.

@vpodzime
Copy link
Contributor

I was actually looking for a publish/subscribe mechanism in the code when implementing this change.

👍 That would be nice. But we only have callbacks and lambdas, hoping for the best regarding memory management and object lifetime. 😀

This fixes the case where e.g. a third party tool re-authenticates by
using the D-Bus API while mender-update is waiting for the next poll
interval to expire. The inventory will now be resubmitted when the
poll triggers.

Ticket: MEN-7873
Changelog: Title

Signed-off-by: John Olav Lund <[email protected]>
@jo-lund jo-lund force-pushed the failed-inventory-update branch from 2ff5efa to 9d1d579 Compare December 23, 2024 08:50
@mender-test-bot
Copy link

mender-test-bot commented Dec 23, 2024

Merging these commits will result in the following changelog entries:

Changelogs

mender (failed-inventory-update)

New changes in mender since master:

Bug Fixes
  • Clear the inventory data hash on re-authentication
    (MEN-7873)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants