Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api: update cache for vulnerabilities #3318

Merged
merged 1 commit into from
Oct 4, 2024
Merged

api: update cache for vulnerabilities #3318

merged 1 commit into from
Oct 4, 2024

Conversation

lucasmoura
Copy link
Contributor

@lucasmoura lucasmoura commented Sep 20, 2024
edited
Loading

Why is this needed?

We are now caching the vulnerability result as well. That means that if we detect that there is now new vulnerability JSON data to be used and no dpkg related changes on the system, we can simply reuse the old results.

Test Steps

  1. Verify that the vulnerabilities integration tests are still working
  2. Verify that the result cache is being produced
  3. Verify when running two API commands in a row, the second one is way faster than the first
  • (un)check this to re-run the checklist action

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 20, 2024
edited by lucasmoura
Loading

PR Checklist

How to use this checklist

How to use this checklist

PR Author

For each section, check a box when it is true.
Uncheck a box if it becomes un-true.
Then check the box at the bottom of the PR description to re-run the action that creates this checklist.
The action that creates and updates this comment will retain your edits.
The action will fail if the checklist is not completed.

PR Reviewer

Check that the PR checklist action did not fail.
Double check that the author filled out the checklist accurately.
If you disagree with a checklist item, start a conversation.
For example, the author may say they don't think integration tests are necessary, but you may disagree.

Bug References

None.

Confirm

  • I've properly referenced all bugs that this PR fixes
How to properly reference fixed bugs
  • If this PR is related to a Jira item, include an SC-1234 reference in the PR title
  • If this PR is fixes a GitHub issue, include a Fixes: #1234 reference in the commit that fixes the issue
  • If this PR is fixes a Launchpad bug, include a LP: #12345678 reference in the commit that fixes the issue

Test Updates

Unit Tests

  • I have updated or added any unit tests accordingly
  • No unit test changes are necessary for this change

Integration Tests

  • I have updated or added any integration tests accordingly
  • No integration test changes are necessary for this change

Documentation

  • Changes here need to be documented and I have referenced the docs PR in the description
  • No documentation updates are necessary for this change

Does this PR require review from someone outside the core ubuntu-pro-client team?

  • Yes, and I have requested those reviews via GitHub
  • No

@lucasmoura lucasmoura mentioned this pull request Sep 20, 2024
Merged
1 task
renanrodrigo
renanrodrigo approved these changes Sep 23, 2024
View reviewed changes
uaclient/api/u/pro/security/vulnerabilities/usn/v1.py Outdated
):
self.all = all
self.unfixable = unfixable
self.data_file = data_file
self.manifest_file = manifest_file
self.series = series

if update is None:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this is a boolean you can set it to True directly on line 80 there and not make it optional, but this as is doesn't hurt either

uaclient/api/u/pro/security/vulnerabilities/_common/v1.py
@@ -50,25 +64,28 @@ def __init__(
cfg: UAConfig,
data_file: Optional[str] = None,
series: Optional[str] = None,
update_data: bool = True,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

heh you did it here

uaclient/api/u/pro/security/vulnerabilities/_common/v1.py
last_published_date: str,
cache_date_file: DataObjectFile,
) -> bool:
) -> Tuple[bool, Optional[datetime.datetime]]:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest some comment here explaining what is this datetime's meaning

@lucasmoura
Copy link
Contributor Author

@renanrodrigo updated

orndorffgrant
orndorffgrant requested changes Sep 24, 2024
View reviewed changes
Copy link
Collaborator

@orndorffgrant orndorffgrant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As part of our process to get ready for v35, I have rebased next-v35 onto main. As a result, next-v35 is now obsolete. Please rebase this on main and target the PR to main.

orndorffgrant
orndorffgrant reviewed Sep 25, 2024
View reviewed changes
Copy link
Collaborator

@orndorffgrant orndorffgrant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, we should document the architecture of these caching mechanisms, when they are used, and when they are invalidated in some kind of dev-docs explanation.

uaclient/api/u/pro/security/vulnerabilities/_common/v1.py Outdated
def _has_apt_state_changed(self):
latest_dpkg_status_time = apt.get_dpkg_status_time() or 0

dpkg_status_cache = DataObjectFile(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this can only be defined once as an instance variable and used here and above

uaclient/api/u/pro/security/vulnerabilities/_common/v1.py
)


class VulnerabilityResultCache:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We discussed not using or saving this cache when run against a manifest

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also if someone provides a series without a manifest it shouldn't work

@lucasmoura
Copy link
Contributor Author

Since we are now adding two more caches, I have created this diagram to simplify the visualization on how those caches are being used:

image

@lucasmoura
api: update cache for vulnerabilities
19c9268 
We are now caching the vulnerability result as well.
That means that if we detect that there is now new
vulnerability JSON data to be used and no dpkg related changes
on the system, we can simply reuse the old results.
@lucasmoura lucasmoura changed the base branch from next-v35 to main September 25, 2024 21:54
@lucasmoura
Copy link
Contributor Author

@orndorffgrant updated

dheyay
dheyay approved these changes Sep 30, 2024
View reviewed changes
Copy link
Contributor

@dheyay dheyay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks also for the diagram (helped understanding everything better) 😄

@lucasmoura lucasmoura enabled auto-merge (rebase) October 4, 2024 19:18
@lucasmoura lucasmoura merged commit 97b7777 into main Oct 4, 2024
6 of 7 checks passed
@renanrodrigo renanrodrigo deleted the update-vulnerability-cache branch October 4, 2024 19:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dheyay dheyay dheyay approved these changes

@renanrodrigo renanrodrigo renanrodrigo approved these changes

@orndorffgrant orndorffgrant orndorffgrant approved these changes

Assignees
No one assigned
Labels
next
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lucasmoura @orndorffgrant @renanrodrigo @dheyay