feat: A new Varlink interface com.redhat.rhsm

[jirihnidek]

• Card ID: CCT-2348
• The rhc-server listens on another socket: /run/rhc/com.redhat.rhsm
• The new socket will provides only com.redhat.rhsm* interfaces
• Added a new interface file .varlink com.redhat.rhsm interface
• The interface contains two methods:
  • IsRegistered()
  • Ping()
• It uses golang module: github.com/jirihnidek/rhsm2
• Modified one unit test

[jirihnidek]

BTW, when golang is used and standard net/http is used and TLS is used, then net/http tries to use HTTP/2. Because reverse proxy of hosted candlepin supports HTTP/2, then HTTP/2 is automatically negotiated. Thus, we will be able to use all benefits of HTTP/2:

* Request at 2026-05-20 12:23:06.369074678 +0200 CEST m=+302.615004922
* Request to https://subscription.rhsm.redhat.com:443/subscription/status
> GET /subscription/status HTTP/1.1
> Host: subscription.rhsm.redhat.com:443
> Accept: application/json
> Accept-Language: de_DE.UTF-8
> Connection: keep-alive
> Correlation-Id: 2ede2fb1-4795-4c3a-bfc8-a2839bd50b3c
> Keep-Alive: timeout=60
> Request-Id: 478ba829-9f78-4c83-a69f-895e7c2c3d86
> User-Agent: rhc-server (trigger-by: foo-client) fedora/44

* TLS connection using TLS 1.3 / TLS_AES_256_GCM_SHA384
* ALPN: h2 accepted
* Server certificate:
*  subject: CN=subscription.rhsm.redhat.com,O=Red Hat\, Inc.,L=Raleigh,ST=North Carolina,C=US
*  start date: Thu Sep 18 20:40:25 UTC 2025
*  expire date: Sat Sep 18 20:40:25 UTC 2027
*  issuer: CN=Red Hat Entitlement Operations Authority,OU=Red Hat Network,O=Red Hat\, Inc.,ST=North Carolina,C=US,1.2.840.113549.1.9.1=#0c1563612d737570706f7274407265646861742e636f6d
*  TLS certificate verify ok.
< HTTP/2.0 200 OK   <========================= HTTP/2 is used
< Cache-Control: max-age=56
< Content-Type: application/json
< Date: Wed, 20 May 2026 10:23:06 GMT
< Expires: Wed, 20 May 2026 10:24:02 GMT
< Vary: Accept-Encoding
< X-Candlepin-Request-Uuid: be697d3c-eab8-4f95-a641-938fe72f4a65
< X-Rh-Edge-Cache-Status: Hit from child
< X-Rh-Edge-Reference-Id: 0.9fd72c17.1779272586.51b9952
< X-Rh-Edge-Request-Id: 51b9952
< X-Version: 4.7.5-1

{
    "deviceAuthClientId": null,
    "deviceAuthRealm": null,
    "deviceAuthScope": null,
    "deviceAuthUrl": null,
    "keycloakAuthUrl": null,
    "keycloakRealm": null,
    "keycloakResource": null,
    "managerCapabilities": [
        "cloud_registration",
        "instance_multiplier",
        "derived_product",
        "vcpu",
        "cert_v3",
        "hypervisors_heartbeat",
        "remove_by_pool_id",
        "syspurpose",
        "storage_band",
        "cores",
        "ssl_verify_status",
        "multi_environment",
        "hypervisors_async",
        "org_level_content_access",
        "typed_environments",
        "guest_limit",
        "combined_reporting",
        "ram",
        "batch_bind"
    ],
    "mode": "NORMAL",
    "modeChangeTime": null,
    "modeReason": null,
    "release": "1",
    "result": true,
    "rulesSource": "default",
    "rulesVersion": "5.44",
    "standalone": false,
    "timeUTC": "2026-05-20T10:19:02+0000",
    "version": "4.7.5"
}
* Request took 116.926849ms

[jirihnidek]

How to test it? Build project with make command and then start rhc-server:

$ sudo ./rhc-server

Open another terminal and you can run following commands:

$ sudo varlinkctl call /run/rhc/com.redhat.rhsm com.redhat.rhsm.testing.Ping '{}'

$ sudo varlinkctl call /run/rhc/com.redhat.rhsm com.redhat.rhsm.testing.IsRegistered '{}'

You can test it on registered or unregistered system. You can also test it on system with not valid configuration file in ./rhsm.conf

You can try to use Metadata in the Ping() Varlink method.:

$ sudo varlinkctl call /run/rhc/com.redhat.rhsm com.redhat.rhsm.testing.Ping \
    '{"metadata": {"user_agent": "foo-client", "locale": "de-DE", "correlation_id": "foo-corr-id"}}'

You can use any combination of user_agent locale or correlation_id.

[jirihnidek]

This is reason, whey integration tests fails: https://github.com/RedHatInsights/rhc/blob/main/integration-tests/test_collector_api.py#L21

The rhc-server.socket and rhsm-server.socket have to be enabled in rhc.spec. Otherwise, customers will not be able to use it.