Skip to content

Commit

Permalink
OCM-12364 | feat: create/cluster validation for hcpsharedvpc flags
Browse files Browse the repository at this point in the history
  • Loading branch information
hunterkepley authored and openshift-cherrypick-robot committed Dec 5, 2024
1 parent e22e1ea commit bdccf8d
Show file tree
Hide file tree
Showing 3 changed files with 129 additions and 1 deletion.
35 changes: 34 additions & 1 deletion cmd/create/cluster/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -2332,7 +2332,39 @@ func run(cmd *cobra.Command, _ []string) {
isSharedVPC = true
}

if len(subnetIDs) == 0 && isSharedVPC {
// validate flags for hcp shared vpc
isHcpSharedVpc := false
route53RoleArn := sharedVPCRoleARN // TODO: Change when fully deprecating old flag name
vpcEndpointRoleArn := strings.Trim(args.vpcEndpointRoleArn, " \t")
hcpInternalCommunicationHostedZoneId := strings.Trim(args.hcpInternalCommunicationHostedZoneId, " \t")
ingressPrivateHostedZoneId := privateHostedZoneID // TODO: Change when fully deprecating old flag name

anyHcpSharedVpcFlagsUsed := route53RoleArn != "" || vpcEndpointRoleArn != "" ||
hcpInternalCommunicationHostedZoneId != "" || ingressPrivateHostedZoneId != ""

if anyHcpSharedVpcFlagsUsed {
if isHostedCP {
isHcpSharedVpc = true
err = validateHcpSharedVpcArgs(route53RoleArn, vpcEndpointRoleArn, ingressPrivateHostedZoneId,
hcpInternalCommunicationHostedZoneId)
if err != nil {
r.Reporter.Errorf("Error when validating flags: %v", err)
os.Exit(1)
}
} else {
if vpcEndpointRoleArn != "" {
r.Reporter.Errorf(hcpSharedVpcFlagOnlyErrorMsg,
vpcEndpointRoleArnFlag)
os.Exit(1)
} else if hcpInternalCommunicationHostedZoneId != "" {
r.Reporter.Errorf(hcpSharedVpcFlagOnlyErrorMsg,
hcpInternalCommunicationHostedZoneIdFlag)
os.Exit(1)
}
}
}

if len(subnetIDs) == 0 && (isSharedVPC || isHcpSharedVpc) {
r.Reporter.Errorf("Installing a cluster into a shared VPC is only supported for BYO VPC clusters")
os.Exit(1)
}
Expand All @@ -2347,6 +2379,7 @@ func run(cmd *cobra.Command, _ []string) {
}

isSharedVPC = true

if privateHostedZoneID == "" || sharedVPCRoleARN == "" || baseDomain == "" {
if !interactive.Enabled() {
interactive.Enable()
Expand Down
38 changes: 38 additions & 0 deletions cmd/create/cluster/validation.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
package cluster

import (
"fmt"

"github.com/aws/aws-sdk-go-v2/aws/arn"
)

const (
hcpSharedVpcFlagOnlyErrorMsg = "setting the '%s' flag is only supported when creating a Hosted Control Plane " +
"cluster"

hcpSharedVpcFlagNotFilledErrorMsg = "must supply '%s' flag when creating a Hosted Control Plane shared VPC cluster"

isNotValidArnErrorMsg = "ARN supplied with flag '%s' is not a valid ARN format"
)

func validateHcpSharedVpcArgs(route53RoleArn string, vpcEndpointRoleArn string,
ingressPrivateHostedZoneId string, hcpInternalCommunicationHostedZoneId string) error {

if route53RoleArn == "" {
return fmt.Errorf(hcpSharedVpcFlagNotFilledErrorMsg, route53RoleArnFlag)
} else if !arn.IsARN(route53RoleArn) {
return fmt.Errorf(isNotValidArnErrorMsg, route53RoleArnFlag)
}
if vpcEndpointRoleArn == "" {
return fmt.Errorf(hcpSharedVpcFlagNotFilledErrorMsg, vpcEndpointRoleArnFlag)
} else if !arn.IsARN(vpcEndpointRoleArn) {
return fmt.Errorf(isNotValidArnErrorMsg, vpcEndpointRoleArnFlag)
}
if ingressPrivateHostedZoneId == "" {
return fmt.Errorf(hcpSharedVpcFlagNotFilledErrorMsg, ingressPrivateHostedZoneIdFlag)
}
if hcpInternalCommunicationHostedZoneId == "" {
return fmt.Errorf(hcpSharedVpcFlagNotFilledErrorMsg, hcpInternalCommunicationHostedZoneIdFlag)
}
return nil
}
57 changes: 57 additions & 0 deletions cmd/create/cluster/validation_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
package cluster

import (
"fmt"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)

var _ = Describe("Test validation functions", func() {

validTestArn := "arn:aws:iam::123456789012:role/test"
invalidTestArn := "123arn:aws?"

Context("Validation of HCP shared VPC", func() {
When("isHostedCp", func() {
It("OK: Passes validation (all flags filled out and correct format", func() {
err := validateHcpSharedVpcArgs(validTestArn, validTestArn, "123", "123")
Expect(err).ToNot(HaveOccurred())
})
It("KO: Invalid Route53 ARN", func() {
err := validateHcpSharedVpcArgs(invalidTestArn, validTestArn, "123", "123")
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring(fmt.Sprintf(isNotValidArnErrorMsg, route53RoleArnFlag)))
})
It("KO: invalid VPC Endpoint ARN", func() {
err := validateHcpSharedVpcArgs(validTestArn, invalidTestArn, "123", "123")
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring(fmt.Sprintf(isNotValidArnErrorMsg, vpcEndpointRoleArnFlag)))
})
It("KO: Route53 ARN flag not populated", func() {
err := validateHcpSharedVpcArgs("", validTestArn, "123", "123")
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring(fmt.Sprintf(hcpSharedVpcFlagNotFilledErrorMsg,
route53RoleArnFlag)))
})
It("KO: VPC Endpoint ARN flag not populated", func() {
err := validateHcpSharedVpcArgs(validTestArn, "", "123", "123")
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring(fmt.Sprintf(hcpSharedVpcFlagNotFilledErrorMsg,
vpcEndpointRoleArnFlag)))
})
It("KO: Ingress Private Hosted Zone ID flag not populated", func() {
err := validateHcpSharedVpcArgs(validTestArn, validTestArn, "", "123")
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring(fmt.Sprintf(hcpSharedVpcFlagNotFilledErrorMsg,
ingressPrivateHostedZoneIdFlag)))
})
It("KO: HCP Internal Communication Hosted Zone ID flag not populated", func() {
err := validateHcpSharedVpcArgs(validTestArn, validTestArn, "123", "")
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring(fmt.Sprintf(hcpSharedVpcFlagNotFilledErrorMsg,
hcpInternalCommunicationHostedZoneIdFlag)))
})
})
})
})

0 comments on commit bdccf8d

Please sign in to comment.