зеркало из https://github.com/Azure/ARO-RP.git
feat: renamed csr approval functions and introduced better error handling
This commit is contained in:
Родитель
087f675451
Коммит
bc82e3e1bb
|
@ -54,8 +54,8 @@ func (f *frontend) _postAdminOpenShiftClusterApproveCSR(ctx context.Context, r *
|
||||||
}
|
}
|
||||||
|
|
||||||
if csrName != "" {
|
if csrName != "" {
|
||||||
return k.RunCertificateApprove(ctx, csrName)
|
return k.ApproveCsr(ctx, csrName)
|
||||||
}
|
}
|
||||||
|
|
||||||
return k.RunCertificateMassApprove(ctx)
|
return k.ApproveAllCsrs(ctx)
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,7 +44,7 @@ func TestAdminApproveCSR(t *testing.T) {
|
||||||
csrName: "aro-csr",
|
csrName: "aro-csr",
|
||||||
mocks: func(tt *test, k *mock_adminactions.MockKubeActions) {
|
mocks: func(tt *test, k *mock_adminactions.MockKubeActions) {
|
||||||
k.EXPECT().
|
k.EXPECT().
|
||||||
RunCertificateApprove(gomock.Any(), tt.csrName).
|
ApproveCsr(gomock.Any(), tt.csrName).
|
||||||
Return(nil)
|
Return(nil)
|
||||||
},
|
},
|
||||||
wantStatusCode: http.StatusOK,
|
wantStatusCode: http.StatusOK,
|
||||||
|
@ -55,7 +55,7 @@ func TestAdminApproveCSR(t *testing.T) {
|
||||||
resourceID: fmt.Sprintf("/subscriptions/%s/resourcegroups/resourceGroup/providers/Microsoft.RedHatOpenShift/openShiftClusters/resourceName", mockSubID),
|
resourceID: fmt.Sprintf("/subscriptions/%s/resourcegroups/resourceGroup/providers/Microsoft.RedHatOpenShift/openShiftClusters/resourceName", mockSubID),
|
||||||
mocks: func(tt *test, k *mock_adminactions.MockKubeActions) {
|
mocks: func(tt *test, k *mock_adminactions.MockKubeActions) {
|
||||||
k.EXPECT().
|
k.EXPECT().
|
||||||
RunCertificateMassApprove(gomock.Any()).
|
ApproveAllCsrs(gomock.Any()).
|
||||||
Return(nil)
|
Return(nil)
|
||||||
},
|
},
|
||||||
wantStatusCode: http.StatusOK,
|
wantStatusCode: http.StatusOK,
|
||||||
|
|
|
@ -15,22 +15,25 @@ import (
|
||||||
"github.com/Azure/ARO-RP/pkg/api"
|
"github.com/Azure/ARO-RP/pkg/api"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (k *kubeActions) RunCertificateApprove(ctx context.Context, csrName string) error {
|
func (k *kubeActions) ApproveCsr(ctx context.Context, csrName string) error {
|
||||||
csr, err := k.kubecli.CertificatesV1().CertificateSigningRequests().Get(ctx, csrName, metav1.GetOptions{})
|
csr, err := k.kubecli.CertificatesV1().CertificateSigningRequests().Get(ctx, csrName, metav1.GetOptions{})
|
||||||
|
if err != nil {
|
||||||
if kerrors.IsNotFound(err) {
|
if kerrors.IsNotFound(err) {
|
||||||
return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeResourceNotFound, "", "certificate signing request '%s' was not found.", csrName)
|
return api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeResourceNotFound, "", "certificate signing request '%s' was not found.", csrName)
|
||||||
}
|
}
|
||||||
|
return err
|
||||||
return k.RunCertificateApprovalUpdate(ctx, csr)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *kubeActions) RunCertificateMassApprove(ctx context.Context) error {
|
return k.updateCsr(ctx, csr)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *kubeActions) ApproveAllCsrs(ctx context.Context) error {
|
||||||
csrs, err := k.kubecli.CertificatesV1().CertificateSigningRequests().List(ctx, metav1.ListOptions{})
|
csrs, err := k.kubecli.CertificatesV1().CertificateSigningRequests().List(ctx, metav1.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
for _, csr := range csrs.Items {
|
for _, csr := range csrs.Items {
|
||||||
err = k.RunCertificateApprovalUpdate(ctx, &csr)
|
err = k.updateCsr(ctx, &csr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -38,7 +41,7 @@ func (k *kubeActions) RunCertificateMassApprove(ctx context.Context) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *kubeActions) RunCertificateApprovalUpdate(ctx context.Context, csr *certificatesv1.CertificateSigningRequest) error {
|
func (k *kubeActions) updateCsr(ctx context.Context, csr *certificatesv1.CertificateSigningRequest) error {
|
||||||
modifiedCSR, hasCondition, err := addConditionIfNeeded(csr, string(certificatesv1.CertificateDenied), string(certificatesv1.CertificateApproved), "AROSupportApprove", "This CSR was approved by ARO support personnel.")
|
modifiedCSR, hasCondition, err := addConditionIfNeeded(csr, string(certificatesv1.CertificateDenied), string(certificatesv1.CertificateApproved), "AROSupportApprove", "This CSR was approved by ARO support personnel.")
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -10,7 +10,6 @@ import (
|
||||||
"github.com/Azure/go-autorest/autorest/to"
|
"github.com/Azure/go-autorest/autorest/to"
|
||||||
configclient "github.com/openshift/client-go/config/clientset/versioned"
|
configclient "github.com/openshift/client-go/config/clientset/versioned"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
certificatesv1 "k8s.io/api/certificates/v1"
|
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
kerrors "k8s.io/apimachinery/pkg/api/errors"
|
kerrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
@ -32,9 +31,8 @@ type KubeActions interface {
|
||||||
KubeDelete(ctx context.Context, groupKind, namespace, name string, force bool) error
|
KubeDelete(ctx context.Context, groupKind, namespace, name string, force bool) error
|
||||||
CordonNode(ctx context.Context, nodeName string, unschedulable bool) error
|
CordonNode(ctx context.Context, nodeName string, unschedulable bool) error
|
||||||
DrainNode(ctx context.Context, nodeName string) error
|
DrainNode(ctx context.Context, nodeName string) error
|
||||||
RunCertificateApprove(ctx context.Context, csrName string) error
|
ApproveCsr(ctx context.Context, csrName string) error
|
||||||
RunCertificateMassApprove(ctx context.Context) error
|
ApproveAllCsrs(ctx context.Context) error
|
||||||
RunCertificateApprovalUpdate(ctx context.Context, csr *certificatesv1.CertificateSigningRequest) error
|
|
||||||
Upgrade(ctx context.Context, upgradeY bool) error
|
Upgrade(ctx context.Context, upgradeY bool) error
|
||||||
KubeGetPodLogs(ctx context.Context, namespace, name, containerName string) ([]byte, error)
|
KubeGetPodLogs(ctx context.Context, namespace, name, containerName string) ([]byte, error)
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,6 @@ import (
|
||||||
compute "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2020-06-01/compute"
|
compute "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2020-06-01/compute"
|
||||||
gomock "github.com/golang/mock/gomock"
|
gomock "github.com/golang/mock/gomock"
|
||||||
logrus "github.com/sirupsen/logrus"
|
logrus "github.com/sirupsen/logrus"
|
||||||
v1 "k8s.io/api/certificates/v1"
|
|
||||||
unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -39,6 +38,34 @@ func (m *MockKubeActions) EXPECT() *MockKubeActionsMockRecorder {
|
||||||
return m.recorder
|
return m.recorder
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ApproveAllCsrs mocks base method.
|
||||||
|
func (m *MockKubeActions) ApproveAllCsrs(arg0 context.Context) error {
|
||||||
|
m.ctrl.T.Helper()
|
||||||
|
ret := m.ctrl.Call(m, "ApproveAllCsrs", arg0)
|
||||||
|
ret0, _ := ret[0].(error)
|
||||||
|
return ret0
|
||||||
|
}
|
||||||
|
|
||||||
|
// ApproveAllCsrs indicates an expected call of ApproveAllCsrs.
|
||||||
|
func (mr *MockKubeActionsMockRecorder) ApproveAllCsrs(arg0 interface{}) *gomock.Call {
|
||||||
|
mr.mock.ctrl.T.Helper()
|
||||||
|
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ApproveAllCsrs", reflect.TypeOf((*MockKubeActions)(nil).ApproveAllCsrs), arg0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ApproveCsr mocks base method.
|
||||||
|
func (m *MockKubeActions) ApproveCsr(arg0 context.Context, arg1 string) error {
|
||||||
|
m.ctrl.T.Helper()
|
||||||
|
ret := m.ctrl.Call(m, "ApproveCsr", arg0, arg1)
|
||||||
|
ret0, _ := ret[0].(error)
|
||||||
|
return ret0
|
||||||
|
}
|
||||||
|
|
||||||
|
// ApproveCsr indicates an expected call of ApproveCsr.
|
||||||
|
func (mr *MockKubeActionsMockRecorder) ApproveCsr(arg0, arg1 interface{}) *gomock.Call {
|
||||||
|
mr.mock.ctrl.T.Helper()
|
||||||
|
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ApproveCsr", reflect.TypeOf((*MockKubeActions)(nil).ApproveCsr), arg0, arg1)
|
||||||
|
}
|
||||||
|
|
||||||
// CordonNode mocks base method.
|
// CordonNode mocks base method.
|
||||||
func (m *MockKubeActions) CordonNode(arg0 context.Context, arg1 string, arg2 bool) error {
|
func (m *MockKubeActions) CordonNode(arg0 context.Context, arg1 string, arg2 bool) error {
|
||||||
m.ctrl.T.Helper()
|
m.ctrl.T.Helper()
|
||||||
|
@ -140,48 +167,6 @@ func (mr *MockKubeActionsMockRecorder) KubeList(arg0, arg1, arg2 interface{}) *g
|
||||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "KubeList", reflect.TypeOf((*MockKubeActions)(nil).KubeList), arg0, arg1, arg2)
|
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "KubeList", reflect.TypeOf((*MockKubeActions)(nil).KubeList), arg0, arg1, arg2)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RunCertificateApprovalUpdate mocks base method.
|
|
||||||
func (m *MockKubeActions) RunCertificateApprovalUpdate(arg0 context.Context, arg1 *v1.CertificateSigningRequest) error {
|
|
||||||
m.ctrl.T.Helper()
|
|
||||||
ret := m.ctrl.Call(m, "RunCertificateApprovalUpdate", arg0, arg1)
|
|
||||||
ret0, _ := ret[0].(error)
|
|
||||||
return ret0
|
|
||||||
}
|
|
||||||
|
|
||||||
// RunCertificateApprovalUpdate indicates an expected call of RunCertificateApprovalUpdate.
|
|
||||||
func (mr *MockKubeActionsMockRecorder) RunCertificateApprovalUpdate(arg0, arg1 interface{}) *gomock.Call {
|
|
||||||
mr.mock.ctrl.T.Helper()
|
|
||||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RunCertificateApprovalUpdate", reflect.TypeOf((*MockKubeActions)(nil).RunCertificateApprovalUpdate), arg0, arg1)
|
|
||||||
}
|
|
||||||
|
|
||||||
// RunCertificateApprove mocks base method.
|
|
||||||
func (m *MockKubeActions) RunCertificateApprove(arg0 context.Context, arg1 string) error {
|
|
||||||
m.ctrl.T.Helper()
|
|
||||||
ret := m.ctrl.Call(m, "RunCertificateApprove", arg0, arg1)
|
|
||||||
ret0, _ := ret[0].(error)
|
|
||||||
return ret0
|
|
||||||
}
|
|
||||||
|
|
||||||
// RunCertificateApprove indicates an expected call of RunCertificateApprove.
|
|
||||||
func (mr *MockKubeActionsMockRecorder) RunCertificateApprove(arg0, arg1 interface{}) *gomock.Call {
|
|
||||||
mr.mock.ctrl.T.Helper()
|
|
||||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RunCertificateApprove", reflect.TypeOf((*MockKubeActions)(nil).RunCertificateApprove), arg0, arg1)
|
|
||||||
}
|
|
||||||
|
|
||||||
// RunCertificateMassApprove mocks base method.
|
|
||||||
func (m *MockKubeActions) RunCertificateMassApprove(arg0 context.Context) error {
|
|
||||||
m.ctrl.T.Helper()
|
|
||||||
ret := m.ctrl.Call(m, "RunCertificateMassApprove", arg0)
|
|
||||||
ret0, _ := ret[0].(error)
|
|
||||||
return ret0
|
|
||||||
}
|
|
||||||
|
|
||||||
// RunCertificateMassApprove indicates an expected call of RunCertificateMassApprove.
|
|
||||||
func (mr *MockKubeActionsMockRecorder) RunCertificateMassApprove(arg0 interface{}) *gomock.Call {
|
|
||||||
mr.mock.ctrl.T.Helper()
|
|
||||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RunCertificateMassApprove", reflect.TypeOf((*MockKubeActions)(nil).RunCertificateMassApprove), arg0)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Upgrade mocks base method.
|
// Upgrade mocks base method.
|
||||||
func (m *MockKubeActions) Upgrade(arg0 context.Context, arg1 bool) error {
|
func (m *MockKubeActions) Upgrade(arg0 context.Context, arg1 bool) error {
|
||||||
m.ctrl.T.Helper()
|
m.ctrl.T.Helper()
|
||||||
|
|
Загрузка…
Ссылка в новой задаче