New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gcp: verify project services are enabled before install #3773
Conversation
/assign |
/assign @abhinavdahiya |
.idea/.gitignore
Outdated
@@ -0,0 +1,8 @@ | |||
# Default ignored files |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you intented to add .idea
files to the PR.
You can look at https://stackoverflow.com/a/1753078 to add .idea/
to your local git repo so it doesn't show up in unstaged files.
@@ -133,3 +133,18 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
} | |||
return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
} | |||
|
|||
func CheckForServicesToBeEnabled(projectServices []string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
provide good info on how you should document functions are that public API of a package.
@@ -133,3 +133,18 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
} | |||
return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
} | |||
|
|||
func CheckForServicesToBeEnabled(projectServices []string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func CheckForServicesToBeEnabled(projectServices []string) error { | |
func ValidateEnabledServices(services []string) error { |
remember in Go, the package name is usually part of the call site, so keeping that in mind gcp.ValidateEnabledServices
is much closer describing what the function does.
@@ -133,3 +133,18 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
} | |||
return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
} | |||
|
|||
func CheckForServicesToBeEnabled(projectServices []string) error { | |||
services := map[string]string{"compute.googleapis.com": "enabled", "cloudapis.googleapis.com": "enabled", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
try using https://godoc.org/k8s.io/apimachinery/pkg/util/sets
that package provides an easy sets.NewString(<list of string values>)
to easily run a check Has(<service>)
if _, ok := services[service]; ok { | ||
return errors.New(service + "is not enabled") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we were using sets,
requiredServices Set;
enabledServices Set;
if remaining := requiredServices.Difference(enabledService); remainging.Len() > 0 {
return error that remaining.List() services are not enabled but required.
}
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
extra lines
"github.com/openshift/installer/pkg/types/aws" | ||
"github.com/openshift/installer/pkg/types/azure" | ||
"github.com/openshift/installer/pkg/types/baremetal" | ||
"github.com/openshift/installer/pkg/types/gcp" | ||
gcp "github.com/openshift/installer/pkg/types/gcp" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gcp "github.com/openshift/installer/pkg/types/gcp" | |
"github.com/openshift/installer/pkg/types/gcp" |
should also just work.. ?
} | ||
services, err := client.GetEnabledServices(ctx, ic.Config.GCP.ProjectID) | ||
if err != nil { | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return err | |
return errors.Wrap(err, "failed to enabled services for the project") |
} | ||
err = gcpconfig.CheckForServicesToBeEnabled(services) | ||
if err != nil { | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return err | |
return errors.Wrap(err, "validating required services") |
I think you need to run gofmt and golint on the code, you can run Secondly, using the new services client requires updating the vendor, so run |
/test e2e-gcp |
@@ -133,3 +134,25 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
} | |||
return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
} | |||
|
|||
func CheckForServicesToBeEnabled(projectServices []string) error { | |||
services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", | |
services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", |
Also maybe something to look into will be, if we get Unauthorized error when listing the services enabled for the project, we should just skip the check and continue as warning. |
Also currently the commits have changes across multiple one for the same file, try to collect them into logical groups. keep the vendor update separate, the rest can stay as one. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a good start. left some suggestions.
go.mod
Outdated
@@ -26,6 +26,7 @@ require ( | |||
github.com/coreos/etcd v3.3.18+incompatible // indirect | |||
github.com/coreos/go-systemd v0.0.0 // indirect | |||
github.com/coreos/ignition v0.35.0 | |||
github.com/davecgh/go-spew v1.1.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Spew probably crept in while you were debugging but should not be added to the repo.
@@ -133,3 +134,25 @@ func validateMachineNetworksContainIP(fldPath *field.Path, networks []types.Mach | |||
} | |||
return field.ErrorList{field.Invalid(fldPath, subnetName, fmt.Sprintf("subnet CIDR range start %s is outside of the specified machine networks", ip))} | |||
} | |||
|
|||
func CheckForServicesToBeEnabled(projectServices []string) error { | |||
services := sets.NewString("compute.googleapis.com", "cloudapis.googleapis.com", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these are hard to read. Try listing them out on individual lines.
var count int = 0 | ||
for _, service := range projectServices { | ||
if services.Has(service) { | ||
count++ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this approach is reasonable and works.
To me, a more intuitive approach would be to make a set of the project's enabled services and iterate through the required services, checking if each is enabled.
This would have the added benefit that if a required service was not found, you could append the missing service to a slice then include the slice of all missing services in an error message to the user, so they could see which service needs to be enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also in the same area for improvement #3773 (comment)
if err != nil { | ||
return err | ||
} | ||
services, err := client.GetEnabledServices(ctx, "projects/"+ic.Config.GCP.ProjectID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rather than calling this here in platformpermscheck, I would pass the client to your validation function and get the services there.
if err != nil { | ||
return err | ||
} | ||
services, err := client.GetEnabledServices(ctx, "projects/"+ic.Config.GCP.ProjectID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was good that you figured out the API issue here.
A few things:
- concatenating strings within a function's parameters is hard to read. you should move this a variable, probably named
parent
- Also you could probably do that string formatting within GetEnabledServices, so it is still just taking the
project
ID and then is transformed intoparent
in the function. Also you should probably use Sprintf instead of concatentation - The idea of
parent
is new to me in the Google API and I don't think I have seen examples in our codebase but I do see some context is provided in the docs I would leave a brief comment that would provide some context of why we need to prepend "projects/" before projectID
4b2e8e8
to
16cae1e
Compare
/retest Please review the full test history for this PR and help us cut down flakes. |
22 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/override ci/prow/e2e-aws Previous e2e AWS failed on of adm must gather flake, e2e gcp is already green |
@abhinavdahiya: Overrode contexts on behalf of abhinavdahiya: ci/prow/e2e-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/override ci/prow/e2e-aws |
@abhinavdahiya: Overrode contexts on behalf of abhinavdahiya: ci/prow/e2e-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest Please review the full test history for this PR and help us cut down flakes. |
@SujanaN08: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
xref: https://issues.redhat.com/browse/CORS-1254
https://serviceusage.googleapis.com/v1/{parent=*/*}/services via the gcp client.go.
The link to the documentaion is here