Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove deprecated 'securityGroupId' property from createEC2InstanceInput #247

Conversation

AlexVulaj
Copy link
Contributor

@AlexVulaj AlexVulaj commented Jul 8, 2024

Removes deprecated securityGroupId property from createEc2InstanceInput struct.

Depends on PRs to the three known downstream consumers to stop using the field:
osdctl: openshift/osdctl#592 (merged)
CAD: openshift/configuration-anomaly-detection#300 (merged)
CS: No uses detected

@codecov-commenter
Copy link

codecov-commenter commented Jul 8, 2024

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 31.27%. Comparing base (705bbe5) to head (46bbee7).
Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #247      +/-   ##
==========================================
+ Coverage   31.18%   31.27%   +0.08%     
==========================================
  Files          12       12              
  Lines        1119     1116       -3     
==========================================
  Hits          349      349              
+ Misses        752      749       -3     
  Partials       18       18              
Files Coverage Δ
pkg/verifier/aws/aws_verifier.go 26.66% <ø> (+0.19%) ⬆️
pkg/verifier/package_verifier.go 0.00% <ø> (ø)
pkg/verifier/aws/entry_point.go 0.00% <0.00%> (ø)

... and 5 files with indirect coverage changes

@openshift-ci openshift-ci bot requested review from lnguyen1401 and reedcort July 8, 2024 19:24
Copy link
Contributor

@abyrne55 abyrne55 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, I think there's more that has to happen here. Consumers of the verifier are still setting the deprecated SecurityGroupId field of the AwsEgressConfig type instead of the SecurityGroupIDs field, and currently this PR leaves that deprecated field silently unhandled AFAICT. We either have to:

  • preserve AwsEgressConfig.SecurityGroupId and replace the compatibility shim removed by this PR with another shim somewhere else
  • yank AwsEgressConfig.SecurityGroupId, which is a breaking API change

I'm not terribly opposed to breaking API changes at the moment, considering the verifier's next release will likely bump the x- and/or y-stream version, but we might want to be careful about changing too much all at once.

@AlexVulaj
Copy link
Contributor Author

@abyrne55 good catch on these concerns. My take is that - considering this is still in "beta" technically and only has 3 known consumers, we should update those consumers to use the new field instead and then come back to this PR. Curious to hear your thoughts or any other maintainers'!

@AlexVulaj AlexVulaj force-pushed the remove-deprecated-security-group-id branch from d955171 to 281995a Compare July 9, 2024 14:58
@AlexVulaj
Copy link
Contributor Author

@abyrne55 I've updated osdctl and CAD with PRs linked in the description here. I didn't find any uses in clusters service.

Copy link
Contributor

@abyrne55 abyrne55 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work with those consumer PRs. One more thing here: could you just remove the securityGroupId field of the egressConfig struct type on cmd/egress/cmd.go:37, as well as the line that sets up a CLI flag for it near the bottom of the same file?

@AlexVulaj AlexVulaj force-pushed the remove-deprecated-security-group-id branch from 281995a to d1e7531 Compare July 11, 2024 17:49
@AlexVulaj AlexVulaj force-pushed the remove-deprecated-security-group-id branch from d1e7531 to 46bbee7 Compare July 11, 2024 17:57
Copy link
Contributor

openshift-ci bot commented Jul 11, 2024

@AlexVulaj: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@abyrne55
Copy link
Contributor

Tested locally and confirmed use of removed flag produces Error: unknown flag: --security-group-id. Also confirmed via AWS console that correct SG is applied when --security-group-ids is used

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 11, 2024
Copy link
Contributor

openshift-ci bot commented Jul 11, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abyrne55

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 11, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 7fcb1f1 into openshift:main Jul 11, 2024
6 checks passed
@AlexVulaj AlexVulaj deleted the remove-deprecated-security-group-id branch July 11, 2024 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants