feat: degrade gracefully in offline / enterprise environments#337
Open
gtsiolis wants to merge 5 commits into
Conversation
5428042 to
79b63e1
Compare
fd896c8 to
696f298
Compare
658808b to
70643a3
Compare
Member
Author
|
Note to any reviewers, this is a stacked PR against #325. Cc @anisaoshafi |
Enterprise environments that cannot reach Docker Hub or the license server (offline/air-gapped, proxy or TLS interception) hit two hard failures: image pulls and license validation. Rather than gate this behind an explicit flag, container.Start now degrades gracefully when an internet request fails: - Image pull: if PullImage fails but the image is already available locally (via the new runtime.ImageExists), lstk warns and uses the local image instead of failing. - License pre-flight: validateLicense distinguishes a definitive server rejection (*api.LicenseError, still fatal) from a transport-level failure (offline/proxy/cert), skipping the check on transport failure and letting the container validate its own bundled license. runtime.PullImage always closes its progress channel, even when ImagePull fails early, so the local-image fallback does not leak the progress goroutine. Context cancellation is propagated during the license pre-flight so Ctrl+C aborts cleanly. Refs DEVX-703 Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
Adds end-to-end coverage for the two graceful-degradation paths that were previously only exercised by mock-based unit tests: - TestStartFallsBackToLocalImageWhenPullFails: tags a real LocalStack image under an unpullable name so the pull fails but the image exists locally, and asserts lstk warns and starts the local image. - TestStartContinuesWhenLicenseServerUnreachable: points the license endpoint at a closed server so the pre-flight fails at the transport level, and asserts lstk skips the check and the container still starts. Both require Docker and a valid LOCALSTACK_AUTH_TOKEN (the container must activate to become healthy), mirroring TestStartCommandSucceedsWithValidToken. Refs DEVX-703 Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
On Ctrl+C mid-pull, the cancelled context made the rt.ImageExists local-image probe fail, so the start surfaced a misleading "Failed to pull" error and emitted a spurious start-error telemetry event. Guard the pull-failure path with ctx.Err() so a user cancel propagates cleanly, mirroring the existing license pre-flight handling. Also documents the known limitation that an HTTP error response from the license server (5xx, or 407 from a proxy) is still treated as a definitive verdict rather than degrading. Refs DEVX-703 Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
A pinned image that is already present locally is not pulled (pullImages), so the CLI license pre-flight is now skipped for it too: the redundant network round-trip would otherwise block an entirely offline start, and the container validates its own bundled license at startup. This is symmetric with the existing skip-pull behaviour for local pinned images. tryPrePullLicenseValidation gains the runtime so it can probe ImageExists; a probe error is non-fatal and falls through to the pre-flight check.
… path The two offline start tests started a real container under an isolated t.TempDir() HOME, so the container's root-owned volume files (e.g. server.test.pem.key) could not be removed by t.TempDir cleanup, failing in CI. Use the real (inherited) HOME like every other fresh-start container test; config stays isolated via --config. Adds TestStartSkipsPullAndLicenseCheckWhenImageIsLocal covering the #325 review's success path: a pinned configured image found locally starts with no pull and no CLI license check (asserted via a license server that fails the test if contacted).
696f298 to
d059449
Compare
70643a3 to
61c278d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Makes
lstk startdegrade gracefully in offline / enterprise environments that cannot reach Docker Hub or the license server (offline/air-gapped, corporate proxy, or TLS interception) — without an explicit flag.PullImagefails but the image is already present locally (newruntime.ImageExists), lstk warns"using the local image"and starts the local image instead of failing.validateLicensenow distinguishes a definitive server rejection (*api.LicenseError, e.g. HTTP 403/400 — still fatal) from a transport-level failure (any other error — offline/proxy/cert). On a transport failure it skips the pre-flight check and lets the container validate its own bundled license at startup.runtime.PullImagealways closes itsprogresschannel, even whenImagePullfails early, so the local-image fallback path does not leak the progress goroutine.Scope
Second of the two PRs split out of DEVX-703. The custom
imageoverride half ships separately in #325. This PR is offline graceful-degradation only.Tests
internal/container):TestPullImages_FallsBackToLocalImageWhenPullFails,TestPullImages_FailsWhenPullFailsAndImageMissing,TestValidateLicense_ContinuesWhenServerUnreachable,TestValidateLicense_FailsOnServerRejection.Refs DEVX-703