-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial merge of Development to Master #1
Conversation
Fix typos
reformat code
Fix typos
try { | ||
// Cannot autowire EcsAccountMapper for some reason. It returns every field wth null values. | ||
// Doing it this way is a problem. | ||
if (this.ecsAccountMapper == null) { | ||
this.ecsAccountMapper = (EcsAccountMapper) applicationContext.getBean("ecsAccountMapper"); | ||
} | ||
EcsProviderUtils.synchronizeEcsCredentialsMapper(ecsAccountMapper, lazyLoadCredentialsRepository); | ||
} catch (IllegalAccessException | NoSuchFieldException e) { | ||
log.error("Error encountered while updating ECS credentials mapper: {}", e.getMessage()); | ||
e.printStackTrace(); | ||
return; | ||
} catch (BeansException e) { | ||
log.error("Error obtaining EcsAccountMapper bean from Spring context."); | ||
return; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really do not like this. This is guaranteed to fail on @PostConstruct
. But I am not sure how to go about resolving this. @nimakaviani
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmmm I wonder if the problem you are seeing is somewhat similar to the issue discussed here: https://spinnakerteam.slack.com/archives/CK9FK4XDF/p1597093660354200
Have a look and let me know what you think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately that doesn't work. The issue is that EcsAccountMapper
depends on AccountCredentialsProvider
which depends on CredentialsRepository
. This plugin replaces CredentialsRepository
and it needs to be able to update EcsAccountMapper
when updates to accounts are made. So circular dependency. Note that this (BeansException
) happens only at startup. It works fine once started.
We can take it out of this class and do it in another class but it may cause ECS account state inconsistency.
Is there anything similar to Go's channels in Java? Something light weight to communicate between objects.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kotlin has the concept of coroutines and channels similar to golang (here) but nothing in Java that I know of. Let me check out the plugin code later today and play with it a bit to see if I can find any alternatives.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some minor suggestions as I was looking at the code.
CredentialsConfig.Account ec2Account = new CredentialsConfig.Account() {{ | ||
setName(account.getName()); | ||
setAccountId(account.getAccountId()); | ||
setAssumeRole(account.getAssumeRole()); | ||
setRegions(regions); | ||
setPermissions(account.getPermissions()); | ||
setEnvironment(account.getEnvironment()); | ||
}}; | ||
return ec2Account; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CredentialsConfig.Account ec2Account = new CredentialsConfig.Account() {{ | |
setName(account.getName()); | |
setAccountId(account.getAccountId()); | |
setAssumeRole(account.getAssumeRole()); | |
setRegions(regions); | |
setPermissions(account.getPermissions()); | |
setEnvironment(account.getEnvironment()); | |
}}; | |
return ec2Account; | |
return new CredentialsConfig.Account() {{ | |
setName(account.getName()); | |
setAccountId(account.getAccountId()); | |
setAssumeRole(account.getAssumeRole()); | |
setRegions(regions); | |
setPermissions(account.getPermissions()); | |
setEnvironment(account.getEnvironment()); | |
}};``` |
account-registration/src/main/java/com/amazon/aws/spinnaker/plugin/registration/Response.java
Outdated
Show resolved
Hide resolved
def accountToDelete = reservationReportAccounts.find { it.name == accountNameToDelete } | ||
|
||
if (accountToDelete) { | ||
reservationReportAccounts.remove(accountToDelete) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
def accountToDelete = reservationReportAccounts.find { it.name == accountNameToDelete } | |
if (accountToDelete) { | |
reservationReportAccounts.remove(accountToDelete) | |
} | |
reservationReportAccounts.removeIf { it.name == accountNameToDelete } |
Co-authored-by: Nima Kaviani <17132353+nimakaviani@users.noreply.github.com>
synchronizer.sync(); | ||
cred = super.getOne(key); | ||
if (cred != null) { | ||
save(key, cred); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That doesn't seem necessary.
List<Class> classes = new ArrayList<>(Arrays.asList(AmazonPollingSynchronizer.class, | ||
AmazonEC2InfraCachingAgentScheduler.class, | ||
AmazonAWSCachingAgentScheduler.class, AmazonECSCachingAgentScheduler.class)); | ||
for (Class calssToAdd : classes) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
calssToAdd
typo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it is. It's fixed in feature/refactor-account-response
. Thanks!
* Remove Account constructor and add AccountsStatus unit test * Remove unused code and imports * Fix formatting * remove @PostConstruct since it's guaranteed to fail
// agent removal | ||
private final CredentialsLoader<? extends NetflixAmazonCredentials> credentialsLoader; | ||
private final CredentialsConfig credentialsConfig; | ||
private final LazyLoadCredentialsRepository lazyLoadCredentialsRepository; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LazyLoadCredentialsRepository
is not required here. I'd just use AccountCredentialsRepository
.
} | ||
EcsProviderUtils.synchronizeEcsCredentialsMapper(ecsAccountMapper, lazyLoadCredentialsRepository); | ||
} catch (IllegalAccessException | NoSuchFieldException e) { | ||
log.error("Error encountered while updating ECS credentials mapper: {}", e.getMessage()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log.error(..., e)
, don't print stack trace.
return new ArrayList<>(ecsAccounts.values()); | ||
} | ||
|
||
public Boolean getDesiredAccounts() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can it return a boolean
instead of Boolean
? Otherwise we have to deal with value == null in the caller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed to boolean
. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm cool with it as long as everyone else is
* Implement IAM auth for API gateway
CredentialsConfig.Account ec2Account = new CredentialsConfig.Account() {{ | ||
setName("test1"); | ||
setAccountId("1"); | ||
setAssumeRole("role/role1"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we expecting the account registry to return SpinnakerAssumeRole with role/
prefixed to the role name? Seems like from the Response class in the code above, this is not a hard requirement.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It handles both cases. Spinnaker does require role name to start with role/
https://github.com/awslabs/aws-account-registration-plugin-spinnaker/blob/78b5c5d5a97543c6d6a5a231d7b80690d8f07f14/account-registration/src/main/java/com/amazon/aws/spinnaker/plugin/registration/Response.java#L75
if (exists != null) { | ||
continue; | ||
} | ||
if ("SUSPENDED".equals(account.getStatus()) || account.getProviders() == null || account.getProviders().isEmpty()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may want to make the status check case insensitive... If for whatever reason AWS changes the casing returned from the Orgs API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea. I will do that.
|
||
private Response getResources(String url) { | ||
if (lastSyncTime != null) { | ||
url = String.format("%s?after=%s", url, lastSyncTime.toString()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the base URL contains parameters, for instance https://somewhere[.]com/api?param=1234
, will this work? Is it supported?
* implement nextUrl support * Add debug logs * Add support for query strings in configuration * Finalize JSON schema
Coverage for non-utility classes.
|
* Add validity check for remote host response * Add support for whitespaces in regions * Handle cases where only deleted accounts are returned by remote host.
Initial merge of development branch to master.
Initial merge of Development to Master