Add support for FIPS Updates images #483
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Clouds now have images with FIPS Updates instead of the regular FIPS ones. Focal has both, so there is a need to differentiate. Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
renanrodrigo
changed the title
renanrodrigo
commented
Apr 11, 2025
|
changes look good! Wrote an integration test to verify this works as expected. Will approve once you add it: diff --git a/tests/integration_tests/ec2/__init__.py b/tests/integration_tests/ec2/__init__.py
new file mode 100644
index 0000000..ea323f9
--- /dev/null
+++ b/tests/integration_tests/ec2/__init__.py
@@ -0,0 +1 @@
+"""EC2 integration tests."""
diff --git a/tests/integration_tests/ec2/test_images.py b/tests/integration_tests/ec2/test_images.py
new file mode 100644
index 0000000..16720aa
--- /dev/null
+++ b/tests/integration_tests/ec2/test_images.py
@@ -0,0 +1,51 @@
+"""EC2 integration tests testing image related functionality."""
+
+import logging
+
+import pytest
+
+from pycloudlib.cloud import ImageType
+from pycloudlib.ec2.cloud import EC2
+
+logger = logging.getLogger(__name__)
+
+
+@pytest.fixture
+def ec2_cloud():
+ """
+ Fixture to create an EC2 instance for testing.
+
+ Yields:
+ EC2: An instance of the EC2 cloud class.
+ """
+ with EC2(tag="integration-test-images") as ec2:
+ yield ec2
+
+
+def test_finding_all_image_types_focal(ec2_cloud: EC2):
+ """
+ Tests that all image types are available for the focal suite and that they are all unique.
+
+ As per issue #481, focal has both `fips` and `fips-updates` image types and previous to
+ introducing the `PRO_FIPS_UPDATES` image type, the `PRO_FIPS` image type could return a
+ `PRO_FIPS_UPDATES` image if it was newer. This test asserts that PR #483 prevents this from
+ happening.
+
+ Test assertions:
+ - All image types are available for the focal suite (exception is raised if not).
+ - No daily images returned per image type are the same (same image ID).
+ """
+ suite = "focal"
+ images: dict[ImageType, str] = {}
+ # iterate through all ImageType enum values
+ for image_type in ImageType:
+ images[image_type] = ec2_cloud.daily_image(release=suite, image_type=image_type)
+ logger.info(
+ "Found %s image for %s: %s",
+ image_type,
+ suite,
+ images[image_type],
+ )
+
+ # make sure that none of the images are the same
+ assert len(set(images.values())) == len(images), f"Not all images are unique: {images}"
|
rthill91
reviewed
Apr 14, 2025
Fixes: #481 Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Fixes: #482 Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Update the three clouds' demos to launch FIPS Updates images, using series where it is available. Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Signed-off-by: Alec Warren <alecwarren19@gmail.com> Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
renanrodrigo
force-pushed
the
add-fips-updates-ec2
branch
from
08e0059 to
a38b5bd
Compare
renanrodrigo
changed the title
|
@a-dubs @rthill91 Thanks much for the initial reviews!
I was looking at the PR and decided to add the functionality to the other clouds too - I created separate issues, but given each PR here is a version bump, it would make sense to me that the whole functionality lands with a single version bump. @a-dubs besides the test you suggested, do you think something similar would be needed to verify images are fetched correctly from |
|
I think it would be foolish to not add integration tests given the work already put in. Here's my implementation of a GCE integration test. Still not sure if something so hardcoded is the best approach if images become available for jammy/focal as time passes but for now this is nice to have because it codifies the current functionality we see/expect 🤷♂️ diff --git a/tests/integration_tests/gce/test_images.py b/tests/integration_tests/gce/test_images.py
new file mode 100644
index 0000000..3391b74
--- /dev/null
+++ b/tests/integration_tests/gce/test_images.py
@@ -0,0 +1,73 @@
+"""GCE integration tests testing image related functionality."""
+
+import logging
+
+import pytest
+
+from pycloudlib.cloud import ImageType
+from pycloudlib.errors import ImageNotFoundError
+from pycloudlib.gce.cloud import GCE
+
+logger = logging.getLogger(__name__)
+
+
+@pytest.fixture
+def gce_cloud():
+ """
+ Fixture to create a GCE instance for testing.
+
+ Yields:
+ GCE: An instance of the GCE cloud class.
+ """
+ with GCE(tag="integration-test-images") as gce:
+ yield gce
+
+@pytest.mark.parametrize(
+ "release, unavailable_image_types",
+ (
+ pytest.param(
+ "focal",
+ [ImageType.PRO_FIPS_UPDATES],
+ id="focal",
+ ),
+ pytest.param(
+ "jammy",
+ [ImageType.PRO_FIPS],
+ id="jammy",
+ ),
+ ),
+)
+def test_finding_all_image_types_focal(
+ gce_cloud: GCE,
+ release: str,
+ unavailable_image_types: list[ImageType],
+):
+ """
+ Tests that all image types are available for the focal suite and that they are all unique.
+
+ Test assertions:
+ - Certain image types are unavailable for the given release (exception is raised if not).
+ - No daily images returned per image type are the same (same image ID).
+ """
+ images: dict[ImageType, str] = {}
+ # iterate through all ImageType enum values
+ for image_type in ImageType:
+ if image_type in unavailable_image_types:
+ with pytest.raises(ImageNotFoundError) as exc_info:
+ gce_cloud.daily_image(release=release, image_type=image_type)
+ logger.info(
+ "Confirmed that %s image for %s is unavailable.",
+ image_type,
+ release,
+ )
+ else:
+ images[image_type] = gce_cloud.daily_image(release=release, image_type=image_type)
+ logger.info(
+ "Found %s image for %s: %s",
+ image_type,
+ release,
+ images[image_type],
+ )
+
+ # make sure that none of the images are the same
+ assert len(set(images.values())) == len(images), f"Not all images are unique: {images}" |
|
@renanrodrigo I will leave it up to you if you want to do an azure test or not because yes the implementation is hilariously hard coded like you mentioned. I don't feel like setting up an azure account just to test this so I have no way of testing it so I shall leave it up to you. should be simple enough to convert this GCE one to an azure one 🤷♂️ Cheers! Thanks for all your hard work on this. |
toabctl
approved these changes
Apr 22, 2025
Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
Signed-off-by: Renan Rodrigo <renanrodrigo@canonical.com>
renanrodrigo
force-pushed
the
add-fips-updates-ec2
branch
from
a38b5bd to
f47a3c0
Compare
a-dubs
approved these changes
Apr 27, 2025
There was a problem hiding this comment.
Heck yeah good stuff @renanrodrigo. thanks for all your work on this. LGTM 🚀
|
@rthill91 poking you for re-review 🫡 |
rthill91
approved these changes
Apr 29, 2025
|
@renanrodrigo fire in the hole! |
|
HEEEEEY thanks everyone |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR Checklist
tox -e formatlocally to automatically format my code before submittingtoxlocally ensuring that it passes before submittingDescription
This PR adds a new
ImageType:PRO_FIPS_UPDATES.Clouds are now shipping
fips-updatesimages instead of the regularfipsones.On EC2, Focal has both, so we need a way to tell them apart. There will be Focal
fips-updatesimages on the other clouds soon too - on GCE they can be differentiated by the name filter, and Azure needs to be added manually.For all clouds, this also adds the necessary filters/identifiers to launch Jammy
fips-updatesimages.Fixes: #481
Fixes: #482
Additional Context and Relevant Issues
N/ATest Steps
Run the demo! Check that
fipsis enabled on the FIPS image, andfips-updatesis enabled on the FIPS Updates image.