Skip to content

Commit

Permalink
OCM-3963 | feat: ROSA CLI V2
Browse files Browse the repository at this point in the history
  • Loading branch information
@ciaranRoche
ciaranRoche authored and den-rgb committed Mar 15, 2024
1 parent 4ff9a2d commit 7d63428
Show file tree
Hide file tree
Showing 1,811 changed files with 755,536 additions and 495,978 deletions.
18 changes: 9 additions & 9 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,12 +92,12 @@ codecov: coverage
@./hack/codecov.sh

mocks: $(MOCKGEN)
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/iamapi_mock.go github.com/aws/aws-sdk-go/service/iam/iamiface IAMAPI
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/organaztionsapi_mock.go github.com/aws/aws-sdk-go/service/organizations/organizationsiface OrganizationsAPI
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/stsapi_mock.go github.com/aws/aws-sdk-go/service/sts/stsiface STSAPI
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/cloudformationapi_mock.go github.com/aws/aws-sdk-go/service/cloudformation/cloudformationiface CloudFormationAPI
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/ec2api_mock.go github.com/aws/aws-sdk-go/service/ec2/ec2iface EC2API
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/servicequotasapi_mock.go github.com/aws/aws-sdk-go/service/servicequotas/servicequotasiface ServiceQuotasAPI
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=cmd/create/idp/mocks/identityprovider_mock.go -source=cmd/create/idp/cmd.go IdentityProvider
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/s3api_mock.go github.com/aws/aws-sdk-go/service/s3/s3iface S3API
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=pkg/aws/mocks/secretsmanagerapi_mock.go github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface SecretsManagerAPI
$(MOCKGEN) --build_flags=--mod=mod -package mocks -destination=cmd/create/idp/mocks/identityprovider.go -source=cmd/create/idp/cmd.go IdentityProvider
$(MOCKGEN) -source=pkg/aws/api_interface/iam_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_iam_api_client.go
$(MOCKGEN) -source=pkg/aws/api_interface/organizations_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_organizations_api_client.go
$(MOCKGEN) -source=pkg/aws/api_interface/sts_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_sts_api_client.go
$(MOCKGEN) -source=pkg/aws/api_interface/cloudformation_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_cloudformation_api_client.go
$(MOCKGEN) -source=pkg/aws/api_interface/servicequotas_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_servicequotas_api_client.go
$(MOCKGEN) -source=pkg/aws/api_interface/ec2_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_ec2_api_client.go
$(MOCKGEN) -source=pkg/aws/api_interface/s3_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_s3_api_client.go
$(MOCKGEN) -source=pkg/aws/api_interface/secretsmanager_api_client.go -package=mocks -destination=pkg/aws/mocks/mock_secretsmanager_api_client.go
2 changes: 1 addition & 1 deletion cmd/create/accountroles/cmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -407,7 +407,7 @@ func run(cmd *cobra.Command, argv []string) {
})
case aws.ModeManual:
err = aws.GenerateAccountRolePolicyFiles(r.Reporter, env, policies, rolesCreator.skipPermissionFiles(),
rolesCreator.getAccountRolesMap())
rolesCreator.getAccountRolesMap(), r.Creator.Partition)
if err != nil {
r.Reporter.Errorf("There was an error generating the policy files: %s", err)
r.OCMClient.LogEvent("ROSACreateAccountRolesModeManual", map[string]string{
Expand Down
17 changes: 8 additions & 9 deletions cmd/create/accountroles/creators.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func (mp *managedPoliciesCreator) createRoles(r *rosa.Runtime, input *accountRol

for file, role := range aws.AccountRoles {
accRoleName := common.GetRoleName(input.prefix, role.Name)
assumeRolePolicy := getAssumeRolePolicy(file, input)
assumeRolePolicy := getAssumeRolePolicy(r.Creator.Partition, file, input)

r.Reporter.Debugf("Creating role '%s'", accRoleName)
tagsList := mp.getRoleTags(file, input)
Expand Down Expand Up @@ -172,7 +172,7 @@ func (up *unmanagedPoliciesCreator) createRoles(r *rosa.Runtime, input *accountR

for file, role := range aws.AccountRoles {
accRoleName := common.GetRoleName(input.prefix, role.Name)
assumeRolePolicy := getAssumeRolePolicy(file, input)
assumeRolePolicy := getAssumeRolePolicy(r.Creator.Partition, file, input)
tagsList := up.getRoleTags(file, input)
filename := fmt.Sprintf("sts_%s_permission_policy", file)

Expand All @@ -198,7 +198,7 @@ func (up *unmanagedPoliciesCreator) printCommands(r *rosa.Runtime, input *accoun

createPolicy := buildCreatePolicyCommand(policyName, policyDocument, iamTags, input.path)

policyARN := aws.GetPolicyARN(input.accountID, accRoleName, input.path)
policyARN := aws.GetPolicyARN(r.Creator.Partition, input.accountID, accRoleName, input.path)

attachRolePolicy := buildAttachRolePolicyCommand(accRoleName, policyARN)

Expand Down Expand Up @@ -276,7 +276,7 @@ func createRoleUnmanagedPolicy(r *rosa.Runtime, input *accountRolesCreationInput

policyPermissionDetail := aws.GetPolicyDetails(input.policies, filename)

policyARN := aws.GetPolicyARN(r.Creator.AccountID, accRoleName, input.path)
policyARN := aws.GetPolicyARN(r.Creator.Partition, r.Creator.AccountID, accRoleName, input.path)

r.Reporter.Debugf("Creating permission policy '%s'", policyARN)
if args.forcePolicyCreation {
Expand All @@ -294,12 +294,11 @@ func createRoleUnmanagedPolicy(r *rosa.Runtime, input *accountRolesCreationInput
return r.AWSClient.AttachRolePolicy(accRoleName, policyARN)
}

func getAssumeRolePolicy(file string, input *accountRolesCreationInput) string {
func getAssumeRolePolicy(partition string, file string, input *accountRolesCreationInput) string {
filename := fmt.Sprintf("sts_%s_trust_policy", file)
policyDetail := aws.GetPolicyDetails(input.policies, filename)

return aws.InterpolatePolicyDocument(policyDetail, map[string]string{
"partition": aws.GetPartition(),
return aws.InterpolatePolicyDocument(partition, policyDetail, map[string]string{
"partition": partition,
"aws_account_id": aws.GetJumpAccount(input.env),
})
}
Expand All @@ -311,7 +310,7 @@ func (hcp *hcpManagedPoliciesCreator) createRoles(r *rosa.Runtime, input *accoun

for file, role := range aws.HCPAccountRoles {
accRoleName := common.GetRoleName(input.prefix, role.Name)
assumeRolePolicy := getAssumeRolePolicy(file, input)
assumeRolePolicy := getAssumeRolePolicy(r.Creator.Partition, file, input)

r.Reporter.Debugf("Creating role '%s'", accRoleName)
tagsList := hcp.getRoleTags(file, input)
Expand Down
52 changes: 27 additions & 25 deletions cmd/create/cluster/cmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ import (
"strings"
"time"

awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
awssdk "github.com/aws/aws-sdk-go-v2/aws"
ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
clustervalidations "github.com/openshift-online/ocm-common/pkg/cluster/validations"
idputils "github.com/openshift-online/ocm-common/pkg/idp/utils"
passwordValidator "github.com/openshift-online/ocm-common/pkg/idp/validations"
Expand Down Expand Up @@ -2099,7 +2099,7 @@ func run(cmd *cobra.Command, _ []string) {
privateSubnetsCount := 0

var availabilityZones []string
var subnets []*ec2.Subnet
var subnets []ec2types.Subnet
mapSubnetIDToSubnet := make(map[string]aws.Subnet)
if useExistingVPC || subnetsProvided {
initialSubnets, err := getInitialValidSubnets(awsClient, args.subnetIDs, r.Reporter)
Expand Down Expand Up @@ -2153,7 +2153,7 @@ func run(cmd *cobra.Command, _ []string) {
for _, subnetArg := range subnetIDs {
verifiedSubnet := false
for _, subnet := range subnets {
if awssdk.StringValue(subnet.SubnetId) == subnetArg {
if awssdk.ToString(subnet.SubnetId) == subnetArg {
verifiedSubnet = true
}
}
Expand All @@ -2165,15 +2165,15 @@ func run(cmd *cobra.Command, _ []string) {
}
}

mapVpcToSubnet := map[string][]*ec2.Subnet{}
mapVpcToSubnet := map[string][]ec2types.Subnet{}

for _, subnet := range subnets {
mapVpcToSubnet[*subnet.VpcId] = append(mapVpcToSubnet[*subnet.VpcId], subnet)
subnetID := awssdk.StringValue(subnet.SubnetId)
availabilityZone := awssdk.StringValue(subnet.AvailabilityZone)
subnetID := awssdk.ToString(subnet.SubnetId)
availabilityZone := awssdk.ToString(subnet.AvailabilityZone)
mapSubnetIDToSubnet[subnetID] = aws.Subnet{
AvailabilityZone: availabilityZone,
OwnerID: awssdk.StringValue(subnet.OwnerId),
OwnerID: awssdk.ToString(subnet.OwnerId),
}
mapAZCreated[availabilityZone] = false
}
Expand Down Expand Up @@ -3246,7 +3246,8 @@ func run(cmd *cobra.Command, _ []string) {
output = fmt.Sprintf("%s\t%s\n", output, rolesCMD)
}
oidcEndpointURL := cluster.AWS().STS().OIDCEndpointURL()
oidcProviderExists, err := r.AWSClient.HasOpenIDConnectProvider(oidcEndpointURL, r.Creator.AccountID)
oidcProviderExists, err := r.AWSClient.HasOpenIDConnectProvider(oidcEndpointURL,
r.Creator.Partition, r.Creator.AccountID)
if err != nil {
if strings.Contains(err.Error(), "AccessDenied") {
r.Reporter.Debugf("Failed to verify if OIDC provider exists: %s", err)
Expand Down Expand Up @@ -3435,21 +3436,21 @@ func handleOidcConfigOptions(r *rosa.Runtime, cmd *cobra.Command, isSTS bool, is
return oidcConfig
}

func filterPrivateSubnets(initialSubnets []*ec2.Subnet, r *rosa.Runtime) []*ec2.Subnet {
func filterPrivateSubnets(initialSubnets []ec2types.Subnet, r *rosa.Runtime) []ec2types.Subnet {
excludedSubnetsDueToPublic := []string{}
filteredSubnets := []*ec2.Subnet{}
filteredSubnets := []ec2types.Subnet{}
publicSubnetMap, err := r.AWSClient.FetchPublicSubnetMap(initialSubnets)
if err != nil {
r.Reporter.Errorf("Unable to check if subnet have an IGW: %v", err)
os.Exit(1)
}
for _, subnet := range initialSubnets {
skip := false
if isPublic, ok := publicSubnetMap[awssdk.StringValue(subnet.SubnetId)]; ok {
if isPublic, ok := publicSubnetMap[awssdk.ToString(subnet.SubnetId)]; ok {
if isPublic {
excludedSubnetsDueToPublic = append(
excludedSubnetsDueToPublic,
awssdk.StringValue(subnet.SubnetId),
awssdk.ToString(subnet.SubnetId),
)
skip = true
}
Expand All @@ -3469,13 +3470,13 @@ func filterPrivateSubnets(initialSubnets []*ec2.Subnet, r *rosa.Runtime) []*ec2.
// filterCidrRangeSubnets filters the initial set of subnets to those that are part of the machine network,
// and not part of the service network
func filterCidrRangeSubnets(
initialSubnets []*ec2.Subnet,
initialSubnets []ec2types.Subnet,
machineNetwork *net.IPNet,
serviceNetwork *net.IPNet,
r *rosa.Runtime,
) ([]*ec2.Subnet, error) {
) ([]ec2types.Subnet, error) {
excludedSubnetsDueToCidr := []string{}
filteredSubnets := []*ec2.Subnet{}
filteredSubnets := []ec2types.Subnet{}
for _, subnet := range initialSubnets {
skip := false
subnetIP, subnetNetwork, err := net.ParseCIDR(*subnet.CidrBlock)
Expand All @@ -3484,7 +3485,7 @@ func filterCidrRangeSubnets(
}

if !isValidCidrRange(subnetIP, subnetNetwork, machineNetwork, serviceNetwork) {
excludedSubnetsDueToCidr = append(excludedSubnetsDueToCidr, awssdk.StringValue(subnet.SubnetId))
excludedSubnetsDueToCidr = append(excludedSubnetsDueToCidr, awssdk.ToString(subnet.SubnetId))
skip = true
}

Expand Down Expand Up @@ -3975,8 +3976,8 @@ func getExpectedResourceIDForAccRole(hostedCPPolicies bool, roleARN string, role
return strings.ToLower(fmt.Sprintf("%s-%s-Role", rolePrefix, accountRoles[roleType].Name)), rolePrefix, nil
}

func getInitialValidSubnets(awsClient aws.Client, ids []string, r *reporter.Object) ([]*ec2.Subnet, error) {
initialValidSubnets := []*ec2.Subnet{}
func getInitialValidSubnets(awsClient aws.Client, ids []string, r *reporter.Object) ([]ec2types.Subnet, error) {
var initialValidSubnets []ec2types.Subnet
rhManagedSubnets := []string{}
localZoneSubnets := []string{}

Expand All @@ -3985,17 +3986,18 @@ func getInitialValidSubnets(awsClient aws.Client, ids []string, r *reporter.Obje
if err != nil {
return initialValidSubnets, err
}

for _, subnet := range validSubnets {
hasRHManaged := tags.Ec2ResourceHasTag(subnet.Tags, tags.RedHatManaged, strconv.FormatBool(true))
if hasRHManaged {
rhManagedSubnets = append(rhManagedSubnets, awssdk.StringValue(subnet.SubnetId))
rhManagedSubnets = append(rhManagedSubnets, awssdk.ToString(subnet.SubnetId))
} else {
zoneType, err := awsClient.GetAvailabilityZoneType(awssdk.StringValue(subnet.AvailabilityZone))
zoneType, err := awsClient.GetAvailabilityZoneType(awssdk.ToString(subnet.AvailabilityZone))
if err != nil {
return initialValidSubnets, err
}
if zoneType == aws.LocalZone || zoneType == aws.WavelengthZone {
localZoneSubnets = append(localZoneSubnets, awssdk.StringValue(subnet.SubnetId))
localZoneSubnets = append(localZoneSubnets, awssdk.ToString(subnet.SubnetId))
} else {
initialValidSubnets = append(initialValidSubnets, subnet)
}
Expand All @@ -4020,7 +4022,7 @@ func outputClusterAdminDetails(r *rosa.Runtime, isClusterAdmin bool, createAdmin
}

func getSecurityGroups(r *rosa.Runtime, cmd *cobra.Command, isVersionCompatibleComputeSgIds bool,
kind string, useExistingVpc bool, isHostedCp bool, currentSubnets []*ec2.Subnet, subnetIds []string,
kind string, useExistingVpc bool, isHostedCp bool, currentSubnets []ec2types.Subnet, subnetIds []string,
additionalSgIds *[]string) {
hasChangedSgIdsFlag := cmd.Flags().Changed(securitygroups.SgKindFlagMap[kind])
if hasChangedSgIdsFlag {
Expand Down Expand Up @@ -4050,8 +4052,8 @@ func getSecurityGroups(r *rosa.Runtime, cmd *cobra.Command, isVersionCompatibleC
} else if interactive.Enabled() && isVersionCompatibleComputeSgIds && useExistingVpc && !isHostedCp {
vpcId := ""
for _, subnet := range currentSubnets {
if awssdk.StringValue(subnet.SubnetId) == subnetIds[0] {
vpcId = awssdk.StringValue(subnet.VpcId)
if awssdk.ToString(subnet.SubnetId) == subnetIds[0] {
vpcId = awssdk.ToString(subnet.VpcId)
}
}
if vpcId == "" {
Expand Down
30 changes: 16 additions & 14 deletions cmd/create/cluster/cmd_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,12 @@ import (
"strings"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/golang/mock/gomock"
"go.uber.org/mock/gomock"

"github.com/aws/aws-sdk-go-v2/aws"
ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
v1 "github.com/openshift-online/ocm-sdk-go/accountsmgmt/v1"
Expand All @@ -19,7 +22,6 @@ import (
"github.com/openshift/rosa/pkg/logging"
"github.com/openshift/rosa/pkg/ocm"
"github.com/openshift/rosa/pkg/rosa"
"github.com/openshift/rosa/pkg/test/matchers"
)

var _ = Describe("Validate build command", func() {
Expand Down Expand Up @@ -353,31 +355,31 @@ var _ = Describe("Validations", func() {
var _ = Describe("Filtering", func() {
r := rosa.NewRuntime()
DescribeTable("should filter CIDR range requests", func(
initialSubnets []*ec2.Subnet,
initialSubnets []ec2types.Subnet,
machineNetwork *net.IPNet,
serviceNetwork *net.IPNet,
expected []*ec2.Subnet,
expected []ec2types.Subnet,
expectedError string,
) {
out, err := filterCidrRangeSubnets(initialSubnets, machineNetwork, serviceNetwork, r)
if expectedError == "" {
Expect(err).To(BeNil())
Expect(cmp.Equal(out, expected, cmpopts.IgnoreUnexported(ec2types.Subnet{}))).To(BeTrue())
} else {
Expect(err).To(MatchError(ContainSubstring(expectedError)))
}
Expect(out).To(matchers.MatchExpected(expected))
},
Entry(
"no input subnets to filter",
[]*ec2.Subnet{}, /* initialSubnets */
[]ec2types.Subnet{}, /* initialSubnets */
mustParseCIDR("192.0.2.0/24"), /* machineNetwork */
mustParseCIDR("142.0.0.0/16"), /* serviceNetwork */
[]*ec2.Subnet{}, /* expected */
[]ec2types.Subnet{}, /* expected */
"", /* expectedError */
),
Entry(
"invalid input subnets filtered",
[]*ec2.Subnet{ /* initialSubnets */
[]ec2types.Subnet{ /* initialSubnets */
{CidrBlock: aws.String("wrong"), SubnetId: aws.String("id")},
},
mustParseCIDR("192.0.2.0/24"), /* machineNetwork */
Expand All @@ -387,15 +389,15 @@ var _ = Describe("Filtering", func() {
),
Entry(
"input subnets filtered",
[]*ec2.Subnet{ /* initialSubnets */
[]ec2types.Subnet{ /* initialSubnets */
{CidrBlock: aws.String("57.0.2.0/24"), SubnetId: aws.String("id")},
{CidrBlock: aws.String("123.244.128.0/24"), SubnetId: aws.String("id")},
{CidrBlock: aws.String("192.0.2.0/30"), SubnetId: aws.String("id")},
{CidrBlock: aws.String("142.6.12.0/28"), SubnetId: aws.String("id")},
},
mustParseCIDR("192.0.2.0/24"), /* machineNetwork */
mustParseCIDR("142.0.0.0/16"), /* serviceNetwork */
[]*ec2.Subnet{ /* expected */
[]ec2types.Subnet{ /* expected */
{CidrBlock: aws.String("192.0.2.0/30"), SubnetId: aws.String("id")},
},
"", /* expectedError */
Expand Down Expand Up @@ -436,11 +438,11 @@ var _ = Describe("getInitialValidSubnets()", func() {
mockClient *mock.MockClient

ids = []string{"subnet-mockid-1", "subnet-mockid-2", "subnet-mockid-3", "subnet-mockid-4"}
subnets = []*ec2.Subnet{
subnets = []ec2types.Subnet{
{
SubnetId: aws.String("subnet-mockid-1"),
AvailabilityZone: aws.String("us-east-1"),
Tags: []*ec2.Tag{
Tags: []ec2types.Tag{
{
Key: aws.String(tags.RedHatManaged),
Value: aws.String("true"),
Expand Down
3 changes: 2 additions & 1 deletion cmd/create/idp/cmd_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
package idp_test

import (
"github.com/golang/mock/gomock"
gomock "go.uber.org/mock/gomock"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"

Expand Down
7 changes: 6 additions & 1 deletion cmd/create/idp/mocks/identityprovider_mock.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 7d63428

Please sign in to comment.