Initial merge of Development to Master #1
Conversation
Fix typos
reformat code
Fix typos
| try { | ||
| // Cannot autowire EcsAccountMapper for some reason. It returns every field wth null values. | ||
| // Doing it this way is a problem. | ||
| if (this.ecsAccountMapper == null) { | ||
| this.ecsAccountMapper = (EcsAccountMapper) applicationContext.getBean("ecsAccountMapper"); | ||
| } | ||
| EcsProviderUtils.synchronizeEcsCredentialsMapper(ecsAccountMapper, lazyLoadCredentialsRepository); | ||
| } catch (IllegalAccessException | NoSuchFieldException e) { | ||
| log.error("Error encountered while updating ECS credentials mapper: {}", e.getMessage()); | ||
| e.printStackTrace(); | ||
| return; | ||
| } catch (BeansException e) { | ||
| log.error("Error obtaining EcsAccountMapper bean from Spring context."); | ||
| return; | ||
| } |
There was a problem hiding this comment.
I really do not like this. This is guaranteed to fail on @PostConstruct . But I am not sure how to go about resolving this. @nimakaviani
There was a problem hiding this comment.
hmmmm I wonder if the problem you are seeing is somewhat similar to the issue discussed here: https://spinnakerteam.slack.com/archives/CK9FK4XDF/p1597093660354200
Have a look and let me know what you think.
There was a problem hiding this comment.
Unfortunately that doesn't work. The issue is that EcsAccountMapper depends on AccountCredentialsProvider which depends on CredentialsRepository. This plugin replaces CredentialsRepository and it needs to be able to update EcsAccountMapper when updates to accounts are made. So circular dependency. Note that this (BeansException) happens only at startup. It works fine once started.
We can take it out of this class and do it in another class but it may cause ECS account state inconsistency.
Is there anything similar to Go's channels in Java? Something light weight to communicate between objects.
There was a problem hiding this comment.
Kotlin has the concept of coroutines and channels similar to golang (here) but nothing in Java that I know of. Let me check out the plugin code later today and play with it a bit to see if I can find any alternatives.
| CredentialsConfig.Account ec2Account = new CredentialsConfig.Account() {{ | ||
| setName(account.getName()); | ||
| setAccountId(account.getAccountId()); | ||
| setAssumeRole(account.getAssumeRole()); | ||
| setRegions(regions); | ||
| setPermissions(account.getPermissions()); | ||
| setEnvironment(account.getEnvironment()); | ||
| }}; | ||
| return ec2Account; |
There was a problem hiding this comment.
| CredentialsConfig.Account ec2Account = new CredentialsConfig.Account() {{ | |
| setName(account.getName()); | |
| setAccountId(account.getAccountId()); | |
| setAssumeRole(account.getAssumeRole()); | |
| setRegions(regions); | |
| setPermissions(account.getPermissions()); | |
| setEnvironment(account.getEnvironment()); | |
| }}; | |
| return ec2Account; | |
| return new CredentialsConfig.Account() {{ | |
| setName(account.getName()); | |
| setAccountId(account.getAccountId()); | |
| setAssumeRole(account.getAssumeRole()); | |
| setRegions(regions); | |
| setPermissions(account.getPermissions()); | |
| setEnvironment(account.getEnvironment()); | |
| }};``` |
account-registration/src/main/java/com/amazon/aws/spinnaker/plugin/registration/Response.java
Outdated
Show resolved
Hide resolved
| def accountToDelete = reservationReportAccounts.find { it.name == accountNameToDelete } | ||
|
|
||
| if (accountToDelete) { | ||
| reservationReportAccounts.remove(accountToDelete) | ||
| } |
There was a problem hiding this comment.
| def accountToDelete = reservationReportAccounts.find { it.name == accountNameToDelete } | |
| if (accountToDelete) { | |
| reservationReportAccounts.remove(accountToDelete) | |
| } | |
| reservationReportAccounts.removeIf { it.name == accountNameToDelete } |
Co-authored-by: Nima Kaviani <17132353+nimakaviani@users.noreply.github.com>
| synchronizer.sync(); | ||
| cred = super.getOne(key); | ||
| if (cred != null) { | ||
| save(key, cred); |
There was a problem hiding this comment.
That doesn't seem necessary.
| List<Class> classes = new ArrayList<>(Arrays.asList(AmazonPollingSynchronizer.class, | ||
| AmazonEC2InfraCachingAgentScheduler.class, | ||
| AmazonAWSCachingAgentScheduler.class, AmazonECSCachingAgentScheduler.class)); | ||
| for (Class calssToAdd : classes) { |
There was a problem hiding this comment.
Yes it is. It's fixed in feature/refactor-account-response. Thanks!
* Remove Account constructor and add AccountsStatus unit test * Remove unused code and imports * Fix formatting * remove @PostConstruct since it's guaranteed to fail
| // agent removal | ||
| private final CredentialsLoader<? extends NetflixAmazonCredentials> credentialsLoader; | ||
| private final CredentialsConfig credentialsConfig; | ||
| private final LazyLoadCredentialsRepository lazyLoadCredentialsRepository; |
There was a problem hiding this comment.
LazyLoadCredentialsRepository is not required here. I'd just use AccountCredentialsRepository.
| } | ||
| EcsProviderUtils.synchronizeEcsCredentialsMapper(ecsAccountMapper, lazyLoadCredentialsRepository); | ||
| } catch (IllegalAccessException | NoSuchFieldException e) { | ||
| log.error("Error encountered while updating ECS credentials mapper: {}", e.getMessage()); |
There was a problem hiding this comment.
log.error(..., e), don't print stack trace.
| return new ArrayList<>(ecsAccounts.values()); | ||
| } | ||
|
|
||
| public Boolean getDesiredAccounts() { |
There was a problem hiding this comment.
Can it return a boolean instead of Boolean? Otherwise we have to deal with value == null in the caller.
There was a problem hiding this comment.
changed to boolean. Thanks!
* Implement IAM auth for API gateway
| CredentialsConfig.Account ec2Account = new CredentialsConfig.Account() {{ | ||
| setName("test1"); | ||
| setAccountId("1"); | ||
| setAssumeRole("role/role1"); |
There was a problem hiding this comment.
Are we expecting the account registry to return SpinnakerAssumeRole with role/ prefixed to the role name? Seems like from the Response class in the code above, this is not a hard requirement.
There was a problem hiding this comment.
It handles both cases. Spinnaker does require role name to start with role/
https://github.com/awslabs/aws-account-registration-plugin-spinnaker/blob/78b5c5d5a97543c6d6a5a231d7b80690d8f07f14/account-registration/src/main/java/com/amazon/aws/spinnaker/plugin/registration/Response.java#L75
| if (exists != null) { | ||
| continue; | ||
| } | ||
| if ("SUSPENDED".equals(account.getStatus()) || account.getProviders() == null || account.getProviders().isEmpty()) { |
There was a problem hiding this comment.
We may want to make the status check case insensitive... If for whatever reason AWS changes the casing returned from the Orgs API.
There was a problem hiding this comment.
Good idea. I will do that.
|
|
||
| private Response getResources(String url) { | ||
| if (lastSyncTime != null) { | ||
| url = String.format("%s?after=%s", url, lastSyncTime.toString()); |
There was a problem hiding this comment.
If the base URL contains parameters, for instance https://somewhere[.]com/api?param=1234, will this work? Is it supported?
* implement nextUrl support * Add debug logs * Add support for query strings in configuration * Finalize JSON schema
|
Coverage for non-utility classes.
|
* Add validity check for remote host response * Add support for whitespaces in regions * Handle cases where only deleted accounts are returned by remote host.
Initial merge of development branch to master.
Initial merge of Development to Master