Skip to content
This repository has been archived by the owner on Jul 25, 2022. It is now read-only.

add restriction support like eu-access restriction #245

Merged
merged 1 commit into from
Aug 20, 2020
Merged

add restriction support like eu-access restriction #245

merged 1 commit into from
Aug 20, 2020

Conversation

neo-liang-sap
Copy link
Contributor

What this PR does / why we need it:
This PR will display eu-access restriction warning msg in gardenctl terminal if cluster is configed with eu-access and garden config is configed with enabling the eu-access
Which issue(s) this PR fixes:
Fixes #232

Special notes for your reviewer:
To use this PR:

  1. shoot needs to be configed with eu-access restriction
    image
  2. corresponding garden config needs to be config to enable the eu-access restriction
    image
  3. tests has been perform for following scenario with cross permutation
    shoot:
    a. config eu-access
    b. config node-eu-access
    c. addons eu-access
    garden config:
    a. has/has no access restriction
    b. true/false in access restriction key and option key

Release note:

display eu-access restriction warning msg in gardenctl terminal if cluster is configed with eu-access and garden config is configed with enabling the eu-access restriction

@neo-liang-sap neo-liang-sap requested a review from a team as a code owner August 4, 2020 01:45
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 4, 2020
@neo-liang-sap
Copy link
Contributor Author

/cc @petersutter

@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 4, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 4, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 4, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 4, 2020
@neo-liang-sap
Copy link
Contributor Author

@gardener/gardenctl-maintainers any comments on this PR?

@neo-liang-sap
Copy link
Contributor Author

per communication with @petersutter , he will review this PR after back from holiday

petersutter
petersutter reviewed Aug 18, 2020
View reviewed changes
Copy link
Contributor

@petersutter petersutter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall lgtm, however to improve the readability of the code I have made some suggestions

pkg/cmd/target.go
config := reader.ReadConfig(pathGardenConfig)
for _, garden := range config.GardenClusters {
if garden.Name == gardenName && len(garden.AccessRestrictions) > 0 {
ars = garden.AccessRestrictions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you have a match you can return already here or at least break the loop

pkg/cmd/target.go Outdated
@@ -1011,6 +1068,11 @@ func shootWrapper(targetReader TargetReader, targetWriter TargetWriter, configRe
return fmt.Errorf("no match for %q", args[1])
} else if len(shoots) == 1 {
targetShoot(targetWriter, shoots[0])
warningMsg := checkShootsRestriction(shoots[0], configReader, target.Stack()[0].Name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extract target.Stack()[0].Name to variable for better readability

pkg/cmd/target.go Outdated
Comment on lines 1028 to 1029
for j := 0; j < len(ars); j++ {
ar := ars[j]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use range loop if you do not need the index

pkg/cmd/target.go Outdated
Comment on lines 1036 to 1037
for i := 0; i < len(ar.Options); i++ {
option := ar.Options[i]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here, use range loop

pkg/cmd/target.go Outdated
Comment on lines 1030 to 1055
if _, ok := shootMatchLabels[ar.Key]; ok {
if shootMatchLabels[ar.Key] == strconv.FormatBool(ar.NotifyIf) {
warningMsg += ar.Msg
warningMsg += "\n"
//if upper level msg will not show, neither will lower level msg show
if len(ar.Options) > 0 {
for i := 0; i < len(ar.Options); i++ {
option := ar.Options[i]
if _, ok := shootAnnotations[option.Key]; ok {
if shootAnnotations[option.Key] == strconv.FormatBool(option.NotifyIf) {
warningMsg += option.Msg
warningMsg += "\n"
}
}

}
}

}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to simplify nested if statements, use early return pattern. This improves readability

@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@neo-liang-sap
Copy link
Contributor Author

Hello @petersutter , i've fixed my PR per your comments, thanks for your review! -Neo

@petersutter
Copy link
Contributor

petersutter commented Aug 19, 2020
edited
Loading

OK I have just tested it locally. However it only worked when targeting the shoot via the dashboard url, e.g. gardenctl target --server https://gardener.example.com --project myproject --shoot myshoot but not via gardenctl target shoot myshoot
sorry my fault, it works now as expected

@petersutter
Copy link
Contributor

I was using the command wrong for targeting a shoot by missing the shoot parameter. But somehow it still worked to target the shoot, except the warning was not displayed.
Why is this working anyhow? Is this intended?

bash-5.0$ ./gardenctl-darwin-amd64 target deleteme
Shoot:
KUBECONFIG=/Users/d050337/.garden/cache/dev-virtual/projects/core/deleteme/kubeconfig.yaml
                                                                                                                         
bash-5.0$ ./gardenctl-darwin-amd64 target shoot deleteme
Shoot:
KUBECONFIG=/Users/d050337/.garden/cache/dev-virtual/projects/core/deleteme/kubeconfig.yaml
Attention, EU-Access is enabled!
Do not debug cluster addons!

@neo-liang-sap
Copy link
Contributor Author

Interesting. I will check the code and update here. Thanks!

@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@neo-liang-sap
Copy link
Contributor Author

Hi @petersutter , thanks for your catch! yes gardenctl target xxx is by design and the code is here
i've update code to cover this scenario.
Thanks again for your nice catch!
-Neo

@petersutter petersutter self-requested a review August 19, 2020 13:18
petersutter
petersutter approved these changes Aug 19, 2020
View reviewed changes
Copy link
Contributor

@petersutter petersutter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added the reviewed/lgtm Has approval for merging label Aug 19, 2020
@neo-liang-sap neo-liang-sap merged commit 62c787c into gardener-attic:master Aug 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@petersutter petersutter petersutter approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Access Restrictions
6 participants
@neo-liang-sap @petersutter @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot