Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to check if the selected org is Tanzu Application platform enabled #731

Merged
merged 1 commit into from
Apr 19, 2024
Merged

Add support to check if the selected org is Tanzu Application platform enabled #731

merged 1 commit into from
Apr 19, 2024

Conversation

prkalle
Copy link
Contributor

@prkalle prkalle commented Apr 11, 2024
edited

What this PR does / why we need it

This PR adds support to check if the selected org is Tanzu Application Platform enabled

Summary of changes:

  • Added support to show warning to users if the CSP token received through login doesn't contain the necessary TAP scopes. The TAP scopes are fetched from the CLI central configuration file and can be modified without releasing new CLI version.

Which issue(s) this PR fixes

Fixes #

Describe testing done for PR

Used the local test registry to populate the central configuration and tested with organization with Tanzu Application Platform enabled. It was success

# start  the local test central repository
❯  make start-test-central-repo 

# update the CLI plugin default source to use local test cental repository
❯ tanzu plugin source update default -u localhost:9876/tanzu-cli/plugins/central:small

❯ ./bin/tanzu context create testTAPOrgCtx --type tanzu --staging --endpoint https://api.tanzu-dev.cloud.vmware.com
[i] Opening the browser window to complete the login
Log in by visiting this link:

    https://console-stg.cloud.vmware.com/csp/gateway/discovery?client_id=tanzu-cli-client-id&code_challenge=tdCdvLqhx8u0K2rjKx81cavc9r7TpDKKQh7vKbANNmU&code_challenge_method=S256&redirect_uri=http%3A%2F%2F127.0.0.1%3A64153%2Fcallback&response_type=code&state=56e24652ca96aec73024e9caf6dc05d6

    Optionally, paste your authorization code: [...]


[ok] Successfully logged into 'TestProjectSyncer' organization and created a tanzu context
[i] Checking for required plugins for context 'testTAPOrgCtx'...
[i] All required plugins are already installed and up-to-date

Used the local test registry to populate the central configuration and tested with organization WITHOUT Tanzu Application Platform enabled. It was success and the WARNING message is displayed stating the issue

❯ export TANZU_CLI_CLOUD_SERVICES_ORGANIZATION_ID=7753c388-914c-4085-88bc-1273f102c267
❯ ./bin/tanzu context create testNonTAPOrgCtx --type tanzu --staging --endpoint https://api.tanzu-dev.cloud.vmware.com
[i] Opening the browser window to complete the login
Log in by visiting this link:

    https://console-stg.cloud.vmware.com/csp/gateway/discovery?client_id=tanzu-cli-client-id&code_challenge=jZ4ayxsbXfKFt4p8QAKyr8GlpC1CDk2kBKgG_n2V40k&code_challenge_method=S256&orgId=7753c388-914c-4085-88bc-1273f102c267&redirect_uri=http%3A%2F%2F127.0.0.1%3A64263%2Fcallback&response_type=code&state=ddaf9f242d5b6784fd4910467b3d56d4

    Optionally, paste your authorization code: [...]


[ok] Successfully logged into '1_ARM_ESO_MAIN_FRESH' organization and created a tanzu context

[!] WARNING: While authenticated to organization '1_ARM_ESO_MAIN_FRESH', there are insufficient permissions to access
the Tanzu Application Platform service. Please ensure correct organization authentication and access permissions

[i] Checking for required plugins for context 'testNonTAPOrgCtx'...
[i] All required plugins are already installed and up-to-date

Verifed the TAP scope validations are skipped (and the warning message is not shown) during login/context creation by exporting the environment variable

❯ ./bin/tanzu login
[i] The tanzu cli essential plugins are outdated and are being updated now. The update may take a few seconds.
[i] Installing plugins from plugin group 'vmware-tanzucli/essentials:v9.9.9'
[i] Refreshing plugin inventory cache for "localhost:9876/tanzu-cli/plugins/central:small", this will take a few seconds.
[i] Installed plugin 'telemetry:v9.9.9' with target 'global' (from cache)

[i] Opening the browser window to complete the login
Log in by visiting this link:

    https://console.cloud.vmware.com/csp/gateway/discovery?client_id=tanzu-cli-client-id&code_challenge=N0o9d8wrYWmyPzpER3FvUj55HpBnvmpgzahqSNVgbYI&code_challenge_method=S256&redirect_uri=http%3A%2F%2F127.0.0.1%3A62923%2Fcallback&response_type=code&state=eee8dd54bb741e9e22dfa6284b4a50d8

    Optionally, paste your authorization code: [...]


[ok] Successfully logged into 'CMBU TMM' organization and created a tanzu context

[!] WARNING: While authenticated to organization 'CMBU TMM', there are insufficient permissions to access
the Tanzu Application Platform service. Please ensure correct organization authentication and access permissions

[i] Checking for required plugins for context 'CMBU_TMM'...
[i] All required plugins are already installed and up-to-date


❯ export TANZU_CLI_SKIP_TAP_SCOPES_VALIDATION_ON_TANZU_CONTEXT=true

❯ ./bin/tanzu login
[i] Opening the browser window to complete the login
Log in by visiting this link:

    https://console.cloud.vmware.com/csp/gateway/discovery?client_id=tanzu-cli-client-id&code_challenge=vahA5ae3GwlEWYYlJSs7lvlkP2YB69qBMDCPtYyLM80&code_challenge_method=S256&redirect_uri=http%3A%2F%2F127.0.0.1%3A63030%2Fcallback&response_type=code&state=ac7988dd35077dbd3682ab3069f1b425

    Optionally, paste your authorization code: [...]


[ok] Successfully logged into 'CMBU TMM' organization and created a tanzu context
[i] Checking for required plugins for context 'CMBU_TMM'...
[i] All required plugins are already installed and up-to-date

Release note

Add support to check if the selected org is Tanzu Application platform enabled. User can skip the TAP scopes validation by setting the environment variable "TANZU_CLI_SKIP_TAP_SCOPES_VALIDATION_ON_TANZU_CONTEXT" to true

Additional information

Special notes for your reviewer

We require to update the central configuration with the TAP scopes and publish to plugin repositories.

@prkalle prkalle requested a review from a team as a code owner April 11, 2024 23:56
vuil
vuil reviewed Apr 17, 2024
View reviewed changes
pkg/command/context.go Outdated Show resolved Hide resolved
pkg/command/org_validation_helper.go Show resolved Hide resolved
pkg/command/org_validation_helper.go Outdated Show resolved Hide resolved
vuil
vuil reviewed Apr 17, 2024
View reviewed changes
Copy link
Contributor

@vuil vuil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a couple more minor things.

pkg/command/org_validation_helper_test.go Outdated Show resolved Hide resolved
pkg/command/org_validation_helper.go Outdated Show resolved Hide resolved
pkg/command/org_validation_helper_test.go Outdated Show resolved Hide resolved
pkg/command/org_validation_helper.go Outdated Show resolved Hide resolved
@marckhouzam
Copy link
Contributor

@prem two quick things:

  1. the PR needs a rebase
  2. the second test in the PR description is in the Release Notes section instead of the testing section

marckhouzam
marckhouzam approved these changes Apr 18, 2024
View reviewed changes
Copy link
Contributor

@marckhouzam marckhouzam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. I like the use of the Central Config to allow to add or modify scopes whenever TAP evolves. The tricky thing will be to inform the relevant people (who?) that when a new scope is added or a scope renamed, the Central Config must be updated. But it is a quick fix if it is forgotten, and only a WARNING would show up.

Besides @vuil comments, LGTM.

@marckhouzam marckhouzam added this to the v1.3.0 milestone Apr 18, 2024
@prkalle prkalle force-pushed the feature/check_tanzu_org_perms branch 2 times, most recently from 6188660 to 25d0884 Compare April 18, 2024 23:00
@prkalle
Copy link
Contributor Author

prkalle commented Apr 18, 2024

The tricky thing will be to inform the relevant people (who?) that when a new scope is added or a scope renamed, the Central Config must be updated.

Thanks @marckhouzam. I was thinking that central configuration would check (periodically) and would be updated if it finds plugin inventory image is updated. Are you saying the user would see the warning for the time period between we post the updated inventory image(with new central config) and next automatic update that CLI would perform and download the latest central configuration? If so, yes I agree user would see this warning message till the next CLI update.

@prkalle prkalle force-pushed the feature/check_tanzu_org_perms branch 2 times, most recently from b3d3b67 to fbeb415 Compare April 19, 2024 16:29
@prkalle
Add support to check if the selected org is Tanzu Application platfor…
ccad300 
…m enabled

- Added support to show warning to users if the CSP token received through login doesn't contain the necessary TAP scopes. The TAP scopes are fetched from the CLI central configuration file and can be modified without releasing new CLI version.
- User can skip the TAP scopes validation on "tanzu" context using the environment variable "TANZU_CLI_SKIP_TAP_SCOPES_VALIDATION_ON_TANZU_CONTEXT"
- Updated the local test central repo with updated central config file

Signed-off-by: Prem Kumar Kalle <prem.kalle@broadcom.com>
@prkalle prkalle force-pushed the feature/check_tanzu_org_perms branch from fbeb415 to ccad300 Compare April 19, 2024 16:30
vuil
vuil approved these changes Apr 19, 2024
View reviewed changes
Copy link
Contributor

@vuil vuil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the updates.
Please mention the env var in the release notes section, and also add
doc-impact label.

@anujc25 anujc25 merged commit 07c48f5 into vmware-tanzu:main Apr 19, 2024
7 checks passed
vuil pushed a commit to vuil/tanzu-cli that referenced this pull request Apr 19, 2024
@prkalle @vuil
Add support to check if the selected org is Tanzu Application platfor…
2267d26 
…m enabled (vmware-tanzu#731)

- Added support to show warning to users if the CSP token received through login doesn't contain the necessary TAP scopes. The TAP scopes are fetched from the CLI central configuration file and can be modified without releasing new CLI version.
- User can skip the TAP scopes validation on "tanzu" context using the environment variable "TANZU_CLI_SKIP_TAP_SCOPES_VALIDATION_ON_TANZU_CONTEXT"
- Updated the local test central repo with updated central config file

Signed-off-by: Prem Kumar Kalle <prem.kalle@broadcom.com>
@prkalle prkalle added the docs-impact issues with documentation impact label Apr 19, 2024
vuil pushed a commit that referenced this pull request Apr 19, 2024
@prkalle @vuil
Add support to check if the selected org is Tanzu Application platfor…
3b98431 
…m enabled (#731)

- Added support to show warning to users if the CSP token received through login doesn't contain the necessary TAP scopes. The TAP scopes are fetched from the CLI central configuration file and can be modified without releasing new CLI version.
- User can skip the TAP scopes validation on "tanzu" context using the environment variable "TANZU_CLI_SKIP_TAP_SCOPES_VALIDATION_ON_TANZU_CONTEXT"
- Updated the local test central repo with updated central config file

Signed-off-by: Prem Kumar Kalle <prem.kalle@broadcom.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marckhouzam marckhouzam marckhouzam approved these changes

@vuil vuil vuil approved these changes

Assignees
No one assigned
Labels
cla-not-required docs-impact issues with documentation impact
Projects
None yet
Milestone
v1.3.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@prkalle @marckhouzam @vuil @anujc25 @vmwclabot