-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor identity monitoring into separate function #483
Refactor identity monitoring into separate function #483
Conversation
… verification pkg Signed-off-by: linus-sun <[email protected]>
Signed-off-by: linus-sun <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #483 +/- ##
==========================================
+ Coverage 64.02% 70.82% +6.79%
==========================================
Files 4 13 +9
Lines 303 802 +499
==========================================
+ Hits 194 568 +374
- Misses 78 179 +101
- Partials 31 55 +24 ☔ View full report in Codecov by Sentry. |
2f370e0
to
6fd3fdb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM (reviewed only the last commit, as the other 2 seem to be #482)
Signed-off-by: linus-sun <[email protected]>
Signed-off-by: linus-sun <[email protected]>
6fd3fdb
to
1a3652a
Compare
404b723
to
11253dc
Compare
Signed-off-by: Linus Sun <[email protected]> Signed-off-by: linus-sun <[email protected]>
11253dc
to
299a8ac
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
@@ -118,39 +118,16 @@ func RunConsistencyCheck(interval *time.Duration, rekorClient *client.Rekor, ver | |||
// Write if there was no stored checkpoint or the sizes differ | |||
if prevCheckpoint == nil || prevCheckpoint.Size != checkpoint.Size { | |||
if err := file.WriteCheckpoint(checkpoint, *logInfoFile); err != nil { | |||
return fmt.Errorf("failed to write checkpoint: %v", err) | |||
// TODO: Once the consistency check and identity search are split into separate tasks, this should hard fail. | |||
// Temporarily skipping this to allow this job to succeed, remediating the issue noted here: https://github.com/sigstore/rekor-monitor/issues/271 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This issue is more about handling failures for in writeIdentitiesBetweenCheckpoints
where processing a single entry throws an error. Gracefully handling this would mean skipping the index and logging it somewhere.
This has to be fixed deeper in the stack, around MatchedIndices
where we return both successfully matched indices and failures.
Summary
Per this design doc, this PR refactors the monitored identity portion of rekor-monitor's reusable monitoring workflow into a separate function, for preparation in splitting up the workflow into two separate tasks, a consistency check and an identity monitor. A conditional check is added to see if a workflow input contains identities to monitor for.
This PR also temporarily changes a failing identity search to not hard fail the task, allowing the job to succeed and remediating the issue listed here. Future PRs will split this identity search into another task, allowing it to file a GitHub issue and not causing the consistency check to fail.
This PR depends on PR #482.
Release Note
NONE
Documentation
N/A - future PRs will update documentation once CLI/workflow functionality is altered.