OCPBUGS-27214: ccoctl - use proxy when validating CloudFront URL

[mtulio]

Supporting proxy environment variables in ccoctl when creating aws identity provider with "private bucket", using CloudFront as OIDC endpoint.

Changes:

• Support proxy in ccoctl when creating identity provider in aws with private bucket.

Tested scenarios/checklist:

• Client with direct access to the internet (without proxy vars). Result: resources created
• Client running from private subnet with proxy access (env var HTTP_PROXY set. Result: proxy used, resources created
• Client running from private subnet without proxy access (env var HTTP_PROXY set). Result: failed (as expected)

Follow up:

• Bug report: https://issues.redhat.com/browse/OCPBUGS-27214
• Slack thread: https://redhat-internal.slack.com/archives/CE3ETN3J8/p1703762408695639

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@mtulio: This pull request references Jira Issue OCPBUGS-27214, which is invalid:

• expected the bug to target the "4.16.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[mtulio]

/test all

[mtulio]

/test all

[mtulio]

/cc @jianping-shu @jstuever

[codecov]

Codecov Report

Attention: 4 lines in your changes are missing coverage. Please review.

Comparison is base (8bca79f) 48.34% compared to head (f442cd5) 48.41%.
Report is 19 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #654      +/-   ##
==========================================
+ Coverage   48.34%   48.41%   +0.06%     
==========================================
  Files          96       96              
  Lines       11780    11778       -2     
==========================================
+ Hits         5695     5702       +7     
+ Misses       5452     5443       -9     
  Partials      633      633              

Files	Coverage Δ
...g/cmd/provisioning/aws/create_identity_provider.go	65.32% <60.00%> (-0.36%)	⬇️

... and 3 files with indirect coverage changes

[mtulio]

/test all

[jianping-shu]

/retest

[jstuever]

Thanks for contributing. I believe we can simplify the code a bit while gaining HTTPS_PROXY and NO_PROXY at the same time.

[mtulio]

/assign jstuever

[jstuever]

/jira refresh

[openshift-ci-robot]

@jstuever: This pull request references Jira Issue OCPBUGS-27214, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.0) matches configured target version for branch (4.16.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jianping-shu

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jstuever]

/cherry-pick release-4.15

[openshift-cherrypick-robot]

@jstuever: once the present PR merges, I will cherry-pick it on top of release-4.15 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.15

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@mtulio: This pull request references Jira Issue OCPBUGS-27214, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.0) matches configured target version for branch (4.16.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @jianping-shu

In response to this:

Supporting proxy environment variables in ccoctl when creating aws identity provider with "private bucket", using CloudFront as OIDC endpoint.

Changes:

• Support proxy in ccoctl when creating identity provider in aws with private bucket.

Tested scenarios/checklist:

• Client with direct access to the internet (without proxy vars). Result: resources created
• Client running from private subnet with proxy access (env var HTTP_PROXY set. Result: proxy used, resources created
• Client running from private subnet without proxy access (env var HTTP_PROXY set). Result: failed (as expected)

Follow up:

• Bug report: https://issues.redhat.com/browse/OCPBUGS-27214
• Slack thread: https://redhat-internal.slack.com/archives/CE3ETN3J8/p1703762408695639

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jstuever]

/test e2e-aws-manual-oidc

[jstuever]

/retest

[openshift-ci]

@mtulio: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[jianping-shu]

Verified with cluster-bot build.
ccoctl worked with proxy in the private env.
Regression tests:
aws sts cluster with the public s3 installed successfully
aws sts cluster with the private s3 installed successfully

[mtulio]

@jstuever @jianping-shu is this ok to go?

[jstuever]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jstuever, mtulio

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jstuever]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@mtulio: Jira Issue OCPBUGS-27214: All pull requests linked via external trackers have merged:

• openshift/cloud-credential-operator#654

Jira Issue OCPBUGS-27214 has been moved to the MODIFIED state.

In response to this:

Supporting proxy environment variables in ccoctl when creating aws identity provider with "private bucket", using CloudFront as OIDC endpoint.

Changes:

• Support proxy in ccoctl when creating identity provider in aws with private bucket.

Tested scenarios/checklist:

• Client with direct access to the internet (without proxy vars). Result: resources created
• Client running from private subnet with proxy access (env var HTTP_PROXY set. Result: proxy used, resources created
• Client running from private subnet without proxy access (env var HTTP_PROXY set). Result: failed (as expected)

Follow up:

• Bug report: https://issues.redhat.com/browse/OCPBUGS-27214
• Slack thread: https://redhat-internal.slack.com/archives/CE3ETN3J8/p1703762408695639

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-cherrypick-robot]

@jstuever: new pull request created: #674

In response to this:

/cherry-pick release-4.15

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.