gcp: verify project services are enabled before install #3773
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
/assign |
SujanaN08
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
/assign @abhinavdahiya |
abhinavdahiya
changed the title
.idea/.gitignore
Outdated
| @@ -0,0 +1,8 @@ | |||
| # Default ignored files | |||
There was a problem hiding this comment.
I don't think you intented to add .idea files to the PR.
You can look at https://stackoverflow.com/a/1753078 to add .idea/ to your local git repo so it doesn't show up in unstaged files.
| @@ -133,3 +133,18 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
| } | |||
| return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
| } | |||
|
|
|||
| func CheckForServicesToBeEnabled(projectServices []string) error { | |||
There was a problem hiding this comment.
provide good info on how you should document functions are that public API of a package.
| @@ -133,3 +133,18 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
| } | |||
| return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
| } | |||
|
|
|||
| func CheckForServicesToBeEnabled(projectServices []string) error { | |||
There was a problem hiding this comment.
| func CheckForServicesToBeEnabled(projectServices []string) error { | |
| func ValidateEnabledServices(services []string) error { |
remember in Go, the package name is usually part of the call site, so keeping that in mind gcp.ValidateEnabledServices is much closer describing what the function does.
| @@ -133,3 +133,18 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
| } | |||
| return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
| } | |||
|
|
|||
| func CheckForServicesToBeEnabled(projectServices []string) error { | |||
| services := map[string]string{"compute.googleapis.com": "enabled", "cloudapis.googleapis.com": "enabled", | |||
There was a problem hiding this comment.
try using https://godoc.org/k8s.io/apimachinery/pkg/util/sets
that package provides an easy sets.NewString(<list of string values>) to easily run a check Has(<service>)
| if _, ok := services[service]; ok { | ||
| return errors.New(service + "is not enabled") | ||
| } |
There was a problem hiding this comment.
If we were using sets,
requiredServices Set;
enabledServices Set;
if remaining := requiredServices.Difference(enabledService); remainging.Len() > 0 {
return error that remaining.List() services are not enabled but required.
}
|
|
||
|
|
| "github.com/openshift/installer/pkg/types/aws" | ||
| "github.com/openshift/installer/pkg/types/azure" | ||
| "github.com/openshift/installer/pkg/types/baremetal" | ||
| "github.com/openshift/installer/pkg/types/gcp" | ||
| gcp "github.com/openshift/installer/pkg/types/gcp" |
There was a problem hiding this comment.
| gcp "github.com/openshift/installer/pkg/types/gcp" | |
| "github.com/openshift/installer/pkg/types/gcp" |
should also just work.. ?
| } | ||
| services, err := client.GetEnabledServices(ctx, ic.Config.GCP.ProjectID) | ||
| if err != nil { | ||
| return err |
There was a problem hiding this comment.
| return err | |
| return errors.Wrap(err, "failed to enabled services for the project") |
| } | ||
| err = gcpconfig.CheckForServicesToBeEnabled(services) | ||
| if err != nil { | ||
| return err |
There was a problem hiding this comment.
| return err | |
| return errors.Wrap(err, "validating required services") |
|
I think you need to run gofmt and golint on the code, you can run Secondly, using the new services client requires updating the vendor, so run |
|
/test e2e-gcp |
| @@ -133,3 +134,25 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
| } | |||
| return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
| } | |||
|
|
|||
| func CheckForServicesToBeEnabled(projectServices []string) error { | |||
| services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", | |||
There was a problem hiding this comment.
| services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", | |
| services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", |
|
Also maybe something to look into will be, if we get Unauthorized error when listing the services enabled for the project, we should just skip the check and continue as warning. |
|
Also currently the commits have changes across multiple one for the same file, try to collect them into logical groups. keep the vendor update separate, the rest can stay as one. |
go.mod
Outdated
| @@ -26,6 +26,7 @@ require ( | |||
| github.com/coreos/etcd v3.3.18+incompatible // indirect | |||
| github.com/coreos/go-systemd v0.0.0 // indirect | |||
| github.com/coreos/ignition v0.35.0 | |||
| github.com/davecgh/go-spew v1.1.1 | |||
There was a problem hiding this comment.
Spew probably crept in while you were debugging but should not be added to the repo.
| @@ -133,3 +134,25 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
| } | |||
| return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
| } | |||
|
|
|||
| func CheckForServicesToBeEnabled(projectServices []string) error { | |||
| services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", | |||
There was a problem hiding this comment.
I think these are hard to read. Try listing them out on individual lines.
| var count int = 0 | ||
| for _, service := range projectServices { | ||
| if services.Has(service) { | ||
| count++ |
There was a problem hiding this comment.
this approach is reasonable and works.
To me, a more intuitive approach would be to make a set of the project's enabled services and iterate through the required services, checking if each is enabled.
This would have the added benefit that if a required service was not found, you could append the missing service to a slice then include the slice of all missing services in an error message to the user, so they could see which service needs to be enabled.
There was a problem hiding this comment.
Also in the same area for improvement #3773 (comment)
| if err != nil { | ||
| return err | ||
| } | ||
| services, err := client.GetEnabledServices(ctx, "projects/"+ic.Config.GCP.ProjectID) |
There was a problem hiding this comment.
rather than calling this here in platformpermscheck, I would pass the client to your validation function and get the services there.
| if err != nil { | ||
| return err | ||
| } | ||
| services, err := client.GetEnabledServices(ctx, "projects/"+ic.Config.GCP.ProjectID) |
There was a problem hiding this comment.
It was good that you figured out the API issue here.
A few things:
- concatenating strings within a function's parameters is hard to read. you should move this a variable, probably named
parent - Also you could probably do that string formatting within GetEnabledServices, so it is still just taking the
projectID and then is transformed intoparentin the function. Also you should probably use Sprintf instead of concatentation - The idea of
parentis new to me in the Google API and I don't think I have seen examples in our codebase but I do see some context is provided in the docs I would leave a brief comment that would provide some context of why we need to prepend "projects/" before projectID
openshift-ci-robot
added
the
needs-rebase
SujanaN08
force-pushed
the
CORS-1254
branch
2 times, most recently
from
4b2e8e8
to
16cae1e
Compare
|
/retest Please review the full test history for this PR and help us cut down flakes. |
22 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/override ci/prow/e2e-aws Previous e2e AWS failed on of adm must gather flake, e2e gcp is already green |
|
@abhinavdahiya: Overrode contexts on behalf of abhinavdahiya: ci/prow/e2e-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/override ci/prow/e2e-aws |
|
@abhinavdahiya: Overrode contexts on behalf of abhinavdahiya: ci/prow/e2e-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@SujanaN08: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
xref: https://issues.redhat.com/browse/CORS-1254
https://serviceusage.googleapis.com/v1/{parent=*/*}/services via the gcp client.go.
The link to the documentaion is here