Reimplement a way to retrieve an aws-sdk-go-v2 config from backplane #257
Conversation
|
On the testing side, I modified osdctl to build off my local copy of backplane-cli and verified that |
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #257 +/- ##
==========================================
- Coverage 51.87% 48.66% -3.22%
==========================================
Files 52 52
Lines 3433 3438 +5
==========================================
- Hits 1781 1673 -108
- Misses 1357 1504 +147
+ Partials 295 261 -34
|
mjlshen
force-pushed
the
OSD-19711
branch
2 times, most recently
from
4d2a30c
to
a644f77
Compare
This was originally added in #66, but was mistakenly removed in #237 Since we are now required to pass AWS calls through a proxy, this PR adds additional logic to ensure the aws-sdk-go-v2 client returned by this function enforces the use of the provided proxy_url in a user's backplane config file. Signed-off-by: Michael Shen <mshen@redhat.com>
| It("should fail when AWS Unavailable", func() { | ||
| fakeAWSResp.StatusCode = http.StatusInternalServerError | ||
|
|
||
| mockClientUtil.EXPECT().GetBackplaneClient(proxyURI).Return(mockClient, nil).AnyTimes() | ||
| mockClient.EXPECT().GetCloudCredentials(gomock.Any(), trueClusterID).Return(fakeAWSResp, nil) | ||
| _, err := getCloudCredential(proxyURI, trueClusterID) | ||
| Expect(err).NotTo(BeNil()) | ||
|
|
||
| Expect(err.Error()).To(ContainSubstring("error from backplane: \n Status Code: 500\n")) | ||
|
|
||
| }) | ||
|
|
||
| It("should fail when GCP Unavailable", func() { | ||
| fakeGCloudResp.StatusCode = http.StatusInternalServerError | ||
|
|
||
| mockClientUtil.EXPECT().GetBackplaneClient(proxyURI).Return(mockClient, nil).AnyTimes() | ||
| mockClient.EXPECT().GetCloudCredentials(gomock.Any(), trueClusterID).Return(fakeGCloudResp, nil) | ||
| _, err := getCloudCredential(proxyURI, trueClusterID) | ||
| Expect(err).NotTo(BeNil()) | ||
|
|
||
| Expect(err.Error()).To(ContainSubstring("error from backplane: \n Status Code: 500\n")) | ||
|
|
There was a problem hiding this comment.
Any reson to remove existing tests with AWS v2 approch ?
There was a problem hiding this comment.
I'm ok with receiving pushback on this, but to share my reasoning mostly because they aren't passing anymore and it's critical to make sure that osdctl AWS calls are going through the proxy haha.
My personal preference is to refactor/add some tests back in a future PR, but I can add it into this PR if that's best. My functional "changes" are in the first commit in the PR and you can see all the refactored/mostly removed tests in the second commit.
There was a problem hiding this comment.
Good point, @mjlshen .. Let's add/refactor unit-test in future PR's .. ( we are on a journey to reach 80% code coverage for bp-cli :) )
| proxyURL, err := url.Parse(bpConfig.ProxyURL) | ||
| if err != nil { | ||
| return aws.Config{}, fmt.Errorf("failed to parse proxy_url from backplane config file: %w", err) | ||
| } |
There was a problem hiding this comment.
This may already checked when login to the cluster
backplane-cli/pkg/cli/config/config.go
Line 99 in 23570ca
There was a problem hiding this comment.
Yeah, but this function will not be called after ocm backplane login - e.g. https://github.com/openshift/osdctl/blob/1b906de67017e15057a6312d698ac28565250941/pkg/osdCloud/aws.go#L182-L190 so we cannot depend on that check
Though in general, ocm backplane cloud * can be called without needing to ocm backplane login
There was a problem hiding this comment.
ahh got your point, We should move all config validation to pkg/cli/config rather than individual sub-commands .. I'll create a card for moving that. I'm fine to keep it here for now.
There was a problem hiding this comment.
thanks @samanthajayasinghe , let's create a card for tracking this.
Signed-off-by: Michael Shen <mshen@redhat.com>
|
@mjlshen: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mjlshen, wanghaoran1988 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
What type of PR is this?
bug/feature
What this PR does / Why we need it?
This functionality was originally added in #66, but was mistakenly removed in #237
Since we are now required to pass AWS calls through a proxy, this PR adds additional logic to ensure the aws-sdk-go-v2 client returned by this function enforces the use of the provided proxy_url in a user's backplane config file.
Which Jira/Github issue(s) does this PR fix?
OSD-19711
Special notes for your reviewer
This is semi-urgent to merge+release because osdctl builds an aws-sdk-go-v2 client using this function https://github.com/openshift/osdctl/blob/1b906de67017e15057a6312d698ac28565250941/pkg/osdCloud/aws.go#L182-L190 pinned on an older version where it still exists: https://github.com/openshift/osdctl/blob/1b906de67017e15057a6312d698ac28565250941/go.mod#L38 so SRE's using commands like
osdctl network verify-egress,osdctl cluster resize infra, etc. are not going through the proxy configured in backplane.Pre-checks (if applicable)