Part of #4109 (Phase 1). Owner: golang-engineer.
Replace the four hand-rolled vendor clients with one gofish-backed Deployer and implement the spec-correct deploy flow.
Scope
Add github.com/stmcginnis/gofish; delete generic.go/dmtf.go/hpe.go/supermicro.go (~2306 LOC) and the bespoke transport/auth/session boilerplate.
New Deployer interface wrapping gofish: Connect(ctx) / Close() / Inspect(ctx) / Deploy(ctx, DeployRequest{ImageURL, …}). URL-pull entrypoint — no local-path byte upload.
Flow: discover Systems/Managers (no hardcoded IDs) → VirtualMedia.InsertMedia → one-time boot override (Cd/UEFI) → ComputerSystem.Reset with ResetType → TaskService polling → eject + session DELETE .
Thread context.Context end to end (cancellable).
Fix SystemInfo memory/cpu nesting (Upgrading from v1.21.4-23 to v1.21.4-28 fails #13 MemorySummary/ProcessorSummary.
Do not leak *gofish.APIClient into pkg/hardware or the CLI — keep it behind our interface.
Closes catalogue items
#1 , #2 , #3 , #4 , #5 , #6 , #9 , #13 .
Security acceptance criteria (from Phase 0)
Close() calls Logout/DeleteSession, defer'd at the call boundary; fake-BMC test asserts the session DELETE fires on success AND error paths.VerifySSL=true produces a verifying client; insecure only via explicit opt-out (no silent downgrade; store zero-value must not mean "skip verify").No credential, token, or creds-bearing URL appears in any log line or returned error.
A cancelled context aborts the deploy.
Part of #4109 (Phase 1). Owner: golang-engineer.
Replace the four hand-rolled vendor clients with one gofish-backed
Deployerand implement the spec-correct deploy flow.Scope
github.com/stmcginnis/gofish; deletegeneric.go/dmtf.go/hpe.go/supermicro.go(~2306 LOC) and the bespoke transport/auth/session boilerplate.Deployerinterface wrapping gofish:Connect(ctx)/Close()/Inspect(ctx)/Deploy(ctx, DeployRequest{ImageURL, …}). URL-pull entrypoint — no local-path byte upload.VirtualMedia.InsertMedia→ one-time boot override (Cd/UEFI) →ComputerSystem.ResetwithResetType→ TaskService polling → eject + session DELETE.context.Contextend to end (cancellable).SystemInfomemory/cpu nesting (Upgrading from v1.21.4-23 to v1.21.4-28 fails #13) using gofish's typedMemorySummary/ProcessorSummary.*gofish.APIClientintopkg/hardwareor the CLI — keep it behind our interface.Closes catalogue items
#1, #2, #3, #4, #5, #6, #9, #13.
Security acceptance criteria (from Phase 0)
Close()callsLogout/DeleteSession,defer'd at the call boundary; fake-BMC test asserts the session DELETE fires on success AND error paths.VerifySSL=trueproduces a verifying client; insecure only via explicit opt-out (no silent downgrade; store zero-value must not mean "skip verify").