mirror of
https://github.com/openshift/installer.git
synced 2026-02-05 15:47:14 +01:00
CORS-3254: Update google.golang.org/api/cloudresourcemanager library version
This commit is contained in:
Bharath B
@@ -554,8 +554,7 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
|
||||
return fmt.Errorf("%s: No GCP build found", st.FormatPrefix(archName))
|
||||
}
|
||||
|
||||
tags, err := gcpconfig.GetUserTags(ctx,
|
||||
gcpconfig.NewTagManager(client),
|
||||
tags, err := gcpconfig.NewTagManager(client).GetUserTags(ctx,
|
||||
installConfig.Config.Platform.GCP.ProjectID,
|
||||
installConfig.Config.Platform.GCP.UserTags)
|
||||
if err != nil {
|
||||
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
|
||||
"github.com/pkg/errors"
|
||||
googleoauth "golang.org/x/oauth2/google"
|
||||
"google.golang.org/api/cloudresourcemanager/v1"
|
||||
"google.golang.org/api/cloudresourcemanager/v3"
|
||||
compute "google.golang.org/api/compute/v1"
|
||||
dns "google.golang.org/api/dns/v1"
|
||||
"google.golang.org/api/googleapi"
|
||||
@@ -16,6 +16,8 @@ import (
|
||||
"google.golang.org/api/option"
|
||||
"google.golang.org/api/serviceusage/v1"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
|
||||
gcpconsts "github.com/openshift/installer/pkg/constants/gcp"
|
||||
)
|
||||
|
||||
//go:generate mockgen -source=./client.go -destination=./mock/gcpclient_generated.go -package=mock
|
||||
@@ -48,6 +50,8 @@ type API interface {
|
||||
GetProjectPermissions(ctx context.Context, project string, permissions []string) (sets.Set[string], error)
|
||||
GetProjectByID(ctx context.Context, project string) (*cloudresourcemanager.Project, error)
|
||||
ValidateServiceAccountHasPermissions(ctx context.Context, project string, permissions []string) (bool, error)
|
||||
GetProjectTags(ctx context.Context, projectID string) (sets.Set[string], error)
|
||||
GetNamespacedTagValue(ctx context.Context, tagNamespacedName string) (*cloudresourcemanager.TagValue, error)
|
||||
}
|
||||
|
||||
// Client makes calls to the GCP API.
|
||||
@@ -317,9 +321,9 @@ func (c *Client) GetProjects(ctx context.Context) (map[string]string, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
req := svc.Projects.List()
|
||||
req := svc.Projects.Search()
|
||||
projects := make(map[string]string)
|
||||
if err := req.Pages(ctx, func(page *cloudresourcemanager.ListProjectsResponse) error {
|
||||
if err := req.Pages(ctx, func(page *cloudresourcemanager.SearchProjectsResponse) error {
|
||||
for _, project := range page.Projects {
|
||||
projects[project.ProjectId] = project.Name
|
||||
}
|
||||
@@ -340,7 +344,7 @@ func (c *Client) GetProjectByID(ctx context.Context, project string) (*cloudreso
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return svc.Projects.Get(project).Context(ctx).Do()
|
||||
return svc.Projects.Get(fmt.Sprintf(gcpconsts.ProjectNameFmt, project)).Context(ctx).Do()
|
||||
}
|
||||
|
||||
// GetRegions gets the regions that are valid for the project. An error is returned when unsuccessful
|
||||
@@ -485,7 +489,7 @@ func (c *Client) getPermissions(ctx context.Context, project string, permissions
|
||||
|
||||
projectsService := cloudresourcemanager.NewProjectsService(service)
|
||||
rb := &cloudresourcemanager.TestIamPermissionsRequest{Permissions: permissions}
|
||||
response, err := projectsService.TestIamPermissions(project, rb).Context(ctx).Do()
|
||||
response, err := projectsService.TestIamPermissions(fmt.Sprintf(gcpconsts.ProjectNameFmt, project), rb).Context(ctx).Do()
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "failed to get Iam permissions")
|
||||
}
|
||||
@@ -513,3 +517,49 @@ func (c *Client) ValidateServiceAccountHasPermissions(ctx context.Context, proje
|
||||
}
|
||||
return validPermissions.Len() == len(permissions), nil
|
||||
}
|
||||
|
||||
// GetProjectTags returns the list of effective tags attached to the provided project resource.
|
||||
func (c *Client) GetProjectTags(ctx context.Context, projectID string) (sets.Set[string], error) {
|
||||
service, err := c.getCloudResourceService(ctx)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create cloud resource service: %w", err)
|
||||
}
|
||||
|
||||
effectiveTags := sets.New[string]()
|
||||
effectiveTagsService := cloudresourcemanager.NewEffectiveTagsService(service)
|
||||
effectiveTagsRequest := effectiveTagsService.List().
|
||||
Context(ctx).
|
||||
Parent(fmt.Sprintf(gcpconsts.ProjectParentPathFmt, projectID))
|
||||
|
||||
if err := effectiveTagsRequest.Pages(ctx, func(page *cloudresourcemanager.ListEffectiveTagsResponse) error {
|
||||
for _, effectiveTag := range page.EffectiveTags {
|
||||
effectiveTags.Insert(effectiveTag.NamespacedTagValue)
|
||||
}
|
||||
return nil
|
||||
}); err != nil {
|
||||
return nil, fmt.Errorf("failed to fetch tags attached to %s project: %w", projectID, err)
|
||||
}
|
||||
|
||||
return effectiveTags, nil
|
||||
}
|
||||
|
||||
// GetNamespacedTagValue returns the Tag Value metadata fetched using the tag's NamespacedName.
|
||||
func (c *Client) GetNamespacedTagValue(ctx context.Context, tagNamespacedName string) (*cloudresourcemanager.TagValue, error) {
|
||||
service, err := c.getCloudResourceService(ctx)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create cloud resource service: %w", err)
|
||||
}
|
||||
|
||||
tagValuesService := cloudresourcemanager.NewTagValuesService(service)
|
||||
|
||||
tagValue, err := tagValuesService.GetNamespaced().
|
||||
Context(ctx).
|
||||
Name(tagNamespacedName).
|
||||
Do()
|
||||
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to fetch %s tag value: %w", tagNamespacedName, err)
|
||||
}
|
||||
|
||||
return tagValue, nil
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
google "golang.org/x/oauth2/google"
|
||||
cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1"
|
||||
cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v3"
|
||||
compute "google.golang.org/api/compute/v1"
|
||||
dns "google.golang.org/api/dns/v1"
|
||||
sets "k8s.io/apimachinery/pkg/util/sets"
|
||||
@@ -144,6 +144,21 @@ func (mr *MockAPIMockRecorder) GetMachineTypeWithZones(ctx, project, region, mac
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMachineTypeWithZones", reflect.TypeOf((*MockAPI)(nil).GetMachineTypeWithZones), ctx, project, region, machineType)
|
||||
}
|
||||
|
||||
// GetNamespacedTagValue mocks base method.
|
||||
func (m *MockAPI) GetNamespacedTagValue(ctx context.Context, tagNamespacedName string) (*cloudresourcemanager.TagValue, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetNamespacedTagValue", ctx, tagNamespacedName)
|
||||
ret0, _ := ret[0].(*cloudresourcemanager.TagValue)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// GetNamespacedTagValue indicates an expected call of GetNamespacedTagValue.
|
||||
func (mr *MockAPIMockRecorder) GetNamespacedTagValue(ctx, tagNamespacedName interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetNamespacedTagValue", reflect.TypeOf((*MockAPI)(nil).GetNamespacedTagValue), ctx, tagNamespacedName)
|
||||
}
|
||||
|
||||
// GetNetwork mocks base method.
|
||||
func (m *MockAPI) GetNetwork(ctx context.Context, network, project string) (*compute.Network, error) {
|
||||
m.ctrl.T.Helper()
|
||||
@@ -189,6 +204,21 @@ func (mr *MockAPIMockRecorder) GetProjectPermissions(ctx, project, permissions i
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetProjectPermissions", reflect.TypeOf((*MockAPI)(nil).GetProjectPermissions), ctx, project, permissions)
|
||||
}
|
||||
|
||||
// GetProjectTags mocks base method.
|
||||
func (m *MockAPI) GetProjectTags(ctx context.Context, projectID string) (sets.Set[string], error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetProjectTags", ctx, projectID)
|
||||
ret0, _ := ret[0].(sets.Set[string])
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// GetProjectTags indicates an expected call of GetProjectTags.
|
||||
func (mr *MockAPIMockRecorder) GetProjectTags(ctx, projectID interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetProjectTags", reflect.TypeOf((*MockAPI)(nil).GetProjectTags), ctx, projectID)
|
||||
}
|
||||
|
||||
// GetProjects mocks base method.
|
||||
func (m *MockAPI) GetProjects(ctx context.Context) (map[string]string, error) {
|
||||
m.ctrl.T.Helper()
|
||||
|
||||
@@ -1,67 +0,0 @@
|
||||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: ./usertags.go
|
||||
|
||||
// Package mock is a generated GoMock package.
|
||||
package mock
|
||||
|
||||
import (
|
||||
context "context"
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v3"
|
||||
sets "k8s.io/apimachinery/pkg/util/sets"
|
||||
)
|
||||
|
||||
// MockTagManager is a mock of TagManager interface.
|
||||
type MockTagManager struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockTagManagerMockRecorder
|
||||
}
|
||||
|
||||
// MockTagManagerMockRecorder is the mock recorder for MockTagManager.
|
||||
type MockTagManagerMockRecorder struct {
|
||||
mock *MockTagManager
|
||||
}
|
||||
|
||||
// NewMockTagManager creates a new mock instance.
|
||||
func NewMockTagManager(ctrl *gomock.Controller) *MockTagManager {
|
||||
mock := &MockTagManager{ctrl: ctrl}
|
||||
mock.recorder = &MockTagManagerMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockTagManager) EXPECT() *MockTagManagerMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// GetNamespacedTagValue mocks base method.
|
||||
func (m *MockTagManager) GetNamespacedTagValue(ctx context.Context, tagNamespacedName string) (*cloudresourcemanager.TagValue, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetNamespacedTagValue", ctx, tagNamespacedName)
|
||||
ret0, _ := ret[0].(*cloudresourcemanager.TagValue)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// GetNamespacedTagValue indicates an expected call of GetNamespacedTagValue.
|
||||
func (mr *MockTagManagerMockRecorder) GetNamespacedTagValue(ctx, tagNamespacedName interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetNamespacedTagValue", reflect.TypeOf((*MockTagManager)(nil).GetNamespacedTagValue), ctx, tagNamespacedName)
|
||||
}
|
||||
|
||||
// GetProjectTags mocks base method.
|
||||
func (m *MockTagManager) GetProjectTags(ctx context.Context, projectID string) (sets.Set[string], error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetProjectTags", ctx, projectID)
|
||||
ret0, _ := ret[0].(sets.Set[string])
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// GetProjectTags indicates an expected call of GetProjectTags.
|
||||
func (mr *MockTagManagerMockRecorder) GetProjectTags(ctx, projectID interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetProjectTags", reflect.TypeOf((*MockTagManager)(nil).GetProjectTags), ctx, projectID)
|
||||
}
|
||||
@@ -10,15 +10,11 @@ import (
|
||||
|
||||
"github.com/googleapis/gax-go/v2/apierror"
|
||||
"github.com/sirupsen/logrus"
|
||||
tags "google.golang.org/api/cloudresourcemanager/v3"
|
||||
"google.golang.org/api/option"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
|
||||
"github.com/openshift/installer/pkg/types/gcp"
|
||||
)
|
||||
|
||||
//go:generate mockgen -source=./usertags.go -destination=./mock/usertags_mock.go -package=mock
|
||||
|
||||
const (
|
||||
// maxUserTagLimit is the maximum userTags that can be configured as defined in openshift/api.
|
||||
// https://github.com/openshift/api/commit/ae73a19d05c35068af16c9aeff375d0b7c936a8a#diff-07b264a49084976b670fb699badaca1795027d6ea732a99226a5388104f6174fR604-R613
|
||||
@@ -39,17 +35,11 @@ type processedUserTags struct {
|
||||
sync.Mutex
|
||||
}
|
||||
|
||||
// tagManager handles resource tagging.
|
||||
type tagManager struct {
|
||||
// TagManager handles resource tagging.
|
||||
type TagManager struct {
|
||||
client API
|
||||
}
|
||||
|
||||
// TagManager is the interface that wraps methods for resource tag operations.
|
||||
type TagManager interface {
|
||||
GetProjectTags(ctx context.Context, projectID string) (sets.Set[string], error)
|
||||
GetNamespacedTagValue(ctx context.Context, tagNamespacedName string) (*tags.TagValue, error)
|
||||
}
|
||||
|
||||
// newProcessedUserTags is for initializing an instance of processedUserTags.
|
||||
func newProcessedUserTags() *processedUserTags {
|
||||
return &processedUserTags{}
|
||||
@@ -100,16 +90,16 @@ func (p *processedUserTags) copy() map[string]string {
|
||||
return t
|
||||
}
|
||||
|
||||
// NewTagManager creates a tagManager instance.
|
||||
func NewTagManager(client API) TagManager {
|
||||
return &tagManager{client: client}
|
||||
// NewTagManager creates a TagManager instance.
|
||||
func NewTagManager(client API) *TagManager {
|
||||
return &TagManager{client: client}
|
||||
}
|
||||
|
||||
// GetUserTags returns the processed list of user provided tags if already available,
|
||||
// else validates, persists in-memory and returns the processed tags.
|
||||
func GetUserTags(ctx context.Context, mgr TagManager, projectID string, userTags []gcp.UserTag) (map[string]string, error) {
|
||||
func (t *TagManager) GetUserTags(ctx context.Context, projectID string, userTags []gcp.UserTag) (map[string]string, error) {
|
||||
if !processedTags.isProcessed() {
|
||||
if err := validateAndPersistUserTags(ctx, mgr, projectID, userTags); err != nil {
|
||||
if err := t.validateAndPersistUserTags(ctx, projectID, userTags); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
@@ -123,7 +113,7 @@ func GetUserTags(ctx context.Context, mgr TagManager, projectID string, userTags
|
||||
// with key of the form `tagKeys/{tag_key_id}` and value of the form
|
||||
// `tagValues/{tag_value_id}`. Returns error when fetching a tag fails or when
|
||||
// tag already exists on the project resource.
|
||||
func validateAndPersistUserTags(ctx context.Context, mgr TagManager, project string, userTags []gcp.UserTag) error {
|
||||
func (t *TagManager) validateAndPersistUserTags(ctx context.Context, project string, userTags []gcp.UserTag) error {
|
||||
if len(userTags) == 0 {
|
||||
return nil
|
||||
}
|
||||
@@ -135,7 +125,7 @@ func validateAndPersistUserTags(ctx context.Context, mgr TagManager, project str
|
||||
return fmt.Errorf("more than %d user tags is not allowed, configured count: %d", maxUserTagLimit, len(userTags))
|
||||
}
|
||||
|
||||
projectTags, err := mgr.GetProjectTags(ctx, project)
|
||||
projectTags, err := t.client.GetProjectTags(ctx, project)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -148,7 +138,7 @@ func validateAndPersistUserTags(ctx context.Context, mgr TagManager, project str
|
||||
nonexistentTags := make([]string, 0)
|
||||
for _, tag := range userTags {
|
||||
name := fmt.Sprintf("%s/%s/%s", tag.ParentID, tag.Key, tag.Value)
|
||||
tagValue, err := mgr.GetNamespacedTagValue(ctx, name)
|
||||
tagValue, err := t.client.GetNamespacedTagValue(ctx, name)
|
||||
if err != nil {
|
||||
// check and return all non-existing tags at once
|
||||
// for user to fix in one go.
|
||||
@@ -187,60 +177,3 @@ func findDuplicateTags(userTags []gcp.UserTag, parentTags sets.Set[string]) []st
|
||||
}
|
||||
return dupTags
|
||||
}
|
||||
|
||||
// getCloudResourceServiceForTags returns the client required for querying resource manager resources.
|
||||
func (m *tagManager) getCloudResourceServiceForTags(ctx context.Context) (*tags.Service, error) {
|
||||
svc, err := tags.NewService(ctx, option.WithCredentials(m.client.GetCredentials()))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create cloud resource service: %w", err)
|
||||
}
|
||||
return svc, nil
|
||||
}
|
||||
|
||||
// GetProjectTags returns the list of effective tags attached to the provided project resource.
|
||||
func (m *tagManager) GetProjectTags(ctx context.Context, projectID string) (sets.Set[string], error) {
|
||||
const (
|
||||
// projectParentPathFmt is the format string for parent path of a project resource.
|
||||
projectParentPathFmt = "//cloudresourcemanager.googleapis.com/projects/%s"
|
||||
)
|
||||
|
||||
ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
|
||||
defer cancel()
|
||||
|
||||
service, err := m.getCloudResourceServiceForTags(ctx)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create cloud resource service: %w", err)
|
||||
}
|
||||
|
||||
effectiveTags := sets.New[string]()
|
||||
effectiveTagsService := tags.NewEffectiveTagsService(service)
|
||||
effectiveTagsRequest := effectiveTagsService.List().Context(ctx).Parent(fmt.Sprintf(projectParentPathFmt, projectID))
|
||||
if err := effectiveTagsRequest.Pages(ctx, func(page *tags.ListEffectiveTagsResponse) error {
|
||||
for _, effectiveTag := range page.EffectiveTags {
|
||||
effectiveTags.Insert(effectiveTag.NamespacedTagValue)
|
||||
}
|
||||
return nil
|
||||
}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return effectiveTags, nil
|
||||
}
|
||||
|
||||
// GetNamespacedTagValue returns the Tag Value metadata fetched using the tag's NamespacedName.
|
||||
func (m *tagManager) GetNamespacedTagValue(ctx context.Context, tagNamespacedName string) (*tags.TagValue, error) {
|
||||
ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
|
||||
defer cancel()
|
||||
|
||||
service, err := m.getCloudResourceServiceForTags(ctx)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create cloud resource service: %w", err)
|
||||
}
|
||||
|
||||
tagValuesService := tags.NewTagValuesService(service)
|
||||
|
||||
return tagValuesService.GetNamespaced().
|
||||
Context(ctx).
|
||||
Name(tagNamespacedName).
|
||||
Do()
|
||||
}
|
||||
|
||||
@@ -211,16 +211,16 @@ func TestGetUserTags(t *testing.T) {
|
||||
defer mockCtrl.Finish()
|
||||
|
||||
gcpClient := mock.NewMockAPI(mockCtrl)
|
||||
tagMgr := mock.NewMockTagManager(mockCtrl)
|
||||
tagMgr := NewTagManager(gcpClient)
|
||||
|
||||
// Return fake credentials.
|
||||
gcpClient.EXPECT().GetCredentials().Return(&googleoauth.Credentials{JSON: []byte(fakeCreds)}).AnyTimes()
|
||||
|
||||
// Return ["openshift/key1/value1", "openshift/key2/value2"] tags for "test-project" project.
|
||||
tagMgr.EXPECT().GetProjectTags(gomock.Any(), testProject).Return(sets.Insert(sets.New[string](), "openshift/key1/value1", "openshift/key2/value2"), nil).AnyTimes()
|
||||
gcpClient.EXPECT().GetProjectTags(gomock.Any(), testProject).Return(sets.Insert(sets.New[string](), "openshift/key1/value1", "openshift/key2/value2"), nil).AnyTimes()
|
||||
|
||||
// Return error for "fail-project" project.
|
||||
tagMgr.EXPECT().GetProjectTags(gomock.Any(), "fail-project").
|
||||
gcpClient.EXPECT().GetProjectTags(gomock.Any(), "fail-project").
|
||||
Return(
|
||||
nil,
|
||||
fmt.Errorf("failed to fetch tags attached to fail-project: The caller does not have permission")).
|
||||
@@ -228,7 +228,7 @@ func TestGetUserTags(t *testing.T) {
|
||||
|
||||
// Return ["openshift/key6/value6", "openshift/key7/value7", "openshift/key8/value8",
|
||||
// "openshift/key9/value9", "openshift/key10/value10"] tags for "dup-project" project.
|
||||
tagMgr.EXPECT().GetProjectTags(gomock.Any(), "dup-project").
|
||||
gcpClient.EXPECT().GetProjectTags(gomock.Any(), "dup-project").
|
||||
Return(
|
||||
sets.Insert(sets.New[string](),
|
||||
"openshift/key6/value6",
|
||||
@@ -239,13 +239,13 @@ func TestGetUserTags(t *testing.T) {
|
||||
), nil).AnyTimes()
|
||||
|
||||
// Return Forbidden error "openshift/key51/value51" tag.
|
||||
tagMgr.EXPECT().GetNamespacedTagValue(gomock.Any(), "openshift/key51/value51").Return(nil, getTestGetNamespacedTagValueForbiddenError("openshift/key51/value51")).AnyTimes()
|
||||
gcpClient.EXPECT().GetNamespacedTagValue(gomock.Any(), "openshift/key51/value51").Return(nil, getTestGetNamespacedTagValueForbiddenError("openshift/key51/value51")).AnyTimes()
|
||||
|
||||
// Return Internal error "openshift/key52/value52" tag.
|
||||
tagMgr.EXPECT().GetNamespacedTagValue(gomock.Any(), "openshift/key52/value52").Return(nil, getTestGetNamespacedTagValueInternalError("openshift/key52/value52")).AnyTimes()
|
||||
gcpClient.EXPECT().GetNamespacedTagValue(gomock.Any(), "openshift/key52/value52").Return(nil, getTestGetNamespacedTagValueInternalError("openshift/key52/value52")).AnyTimes()
|
||||
|
||||
// Return details for the requested tag.
|
||||
tagMgr.EXPECT().GetNamespacedTagValue(gomock.Any(), gomock.Any()).
|
||||
gcpClient.EXPECT().GetNamespacedTagValue(gomock.Any(), gomock.Any()).
|
||||
DoAndReturn(func(ctx context.Context, tagNamespacedName string) (*cloudresourcemanager.TagValue, error) {
|
||||
return getTestNamespacedTagValueResp(tagNamespacedName), nil
|
||||
}).AnyTimes()
|
||||
@@ -260,7 +260,7 @@ func TestGetUserTags(t *testing.T) {
|
||||
if tc.projectID != "" {
|
||||
projectID = tc.projectID
|
||||
}
|
||||
tags, err := GetUserTags(context.Background(), tagMgr, projectID, tc.userTags)
|
||||
tags, err := tagMgr.GetUserTags(context.Background(), projectID, tc.userTags)
|
||||
|
||||
if (err != nil || tc.expectedError != "") && err.Error() != tc.expectedError {
|
||||
t.Errorf("GetUserTags(): error: got: %v, want: %v", err, tc.expectedError)
|
||||
|
||||
@@ -641,5 +641,5 @@ func checkArchitecture(imageArch string, icArch types.Architecture, role string)
|
||||
// validateUserTags check for existence and accessibility of user-defined tags and persists
|
||||
// validated tags in-memory.
|
||||
func validateUserTags(client API, projectID string, userTags []gcp.UserTag) error {
|
||||
return validateAndPersistUserTags(context.Background(), NewTagManager(client), projectID, userTags)
|
||||
return NewTagManager(client).validateAndPersistUserTags(context.Background(), projectID, userTags)
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ import (
|
||||
logrusTest "github.com/sirupsen/logrus/hooks/test"
|
||||
"github.com/stretchr/testify/assert"
|
||||
googleoauth "golang.org/x/oauth2/google"
|
||||
"google.golang.org/api/cloudresourcemanager/v1"
|
||||
"google.golang.org/api/cloudresourcemanager/v3"
|
||||
compute "google.golang.org/api/compute/v1"
|
||||
dns "google.golang.org/api/dns/v1"
|
||||
"google.golang.org/api/googleapi"
|
||||
|
||||
13
pkg/constants/gcp/gcp.go
Normal file
13
pkg/constants/gcp/gcp.go
Normal file
@@ -0,0 +1,13 @@
|
||||
package gcp
|
||||
|
||||
const (
|
||||
// ProjectNameFmt is the format string for GCP project resource name.
|
||||
ProjectNameFmt = "projects/%s"
|
||||
|
||||
// ProjectParentPathFmt is the format string for parent path of a GCP project resource.
|
||||
ProjectParentPathFmt = "//cloudresourcemanager.googleapis.com/projects/%s"
|
||||
|
||||
// ClusterIDLabelFmt is the format string for the default label
|
||||
// added to the OpenShift created GCP resources.
|
||||
ClusterIDLabelFmt = "kubernetes-io-cluster-%s"
|
||||
)
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
"github.com/pborman/uuid"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
resourcemanager "google.golang.org/api/cloudresourcemanager/v1"
|
||||
resourcemanager "google.golang.org/api/cloudresourcemanager/v3"
|
||||
"google.golang.org/api/compute/v1"
|
||||
"google.golang.org/api/dns/v1"
|
||||
"google.golang.org/api/googleapi"
|
||||
@@ -21,6 +21,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
|
||||
gcpconfig "github.com/openshift/installer/pkg/asset/installconfig/gcp"
|
||||
gcpconsts "github.com/openshift/installer/pkg/constants/gcp"
|
||||
"github.com/openshift/installer/pkg/destroy/providers"
|
||||
"github.com/openshift/installer/pkg/types"
|
||||
gcptypes "github.com/openshift/installer/pkg/types/gcp"
|
||||
@@ -35,10 +36,6 @@ var (
|
||||
type resourceScope string
|
||||
|
||||
const (
|
||||
// ocpDefaultLabelFmt is the format string for the default label
|
||||
// added to the OpenShift created GCP resources.
|
||||
ocpDefaultLabelFmt = "kubernetes-io-cluster-%s"
|
||||
|
||||
// capgProviderOwnedLabelFmt is the format string for the label
|
||||
// used for resources created by the Cluster API GCP provider.
|
||||
capgProviderOwnedLabelFmt = "capg-cluster-%s"
|
||||
@@ -255,7 +252,7 @@ func (o *ClusterUninstaller) clusterIDFilter() string {
|
||||
|
||||
func (o *ClusterUninstaller) clusterLabelFilter() string {
|
||||
return fmt.Sprintf("(labels.%s = \"owned\") OR (labels.%s = \"owned\")",
|
||||
fmt.Sprintf(ocpDefaultLabelFmt, o.ClusterID), fmt.Sprintf(capgProviderOwnedLabelFmt, o.ClusterID))
|
||||
fmt.Sprintf(gcpconsts.ClusterIDLabelFmt, o.ClusterID), fmt.Sprintf(capgProviderOwnedLabelFmt, o.ClusterID))
|
||||
}
|
||||
|
||||
func (o *ClusterUninstaller) clusterLabelOrClusterIDFilter() string {
|
||||
|
||||
@@ -2,20 +2,26 @@ package gcp
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
resourcemanager "google.golang.org/api/cloudresourcemanager/v1"
|
||||
resourcemanager "google.golang.org/api/cloudresourcemanager/v3"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
)
|
||||
|
||||
const (
|
||||
// projectNameFmt is the format string for project resource name.
|
||||
projectNameFmt = "projects/%s"
|
||||
)
|
||||
|
||||
func (o *ClusterUninstaller) getProjectIAMPolicy(ctx context.Context) (*resourcemanager.Policy, error) {
|
||||
o.Logger.Debug("Fetching project IAM policy")
|
||||
ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
|
||||
defer cancel()
|
||||
req := &resourcemanager.GetIamPolicyRequest{}
|
||||
policy, err := o.rmSvc.Projects.GetIamPolicy(o.ProjectID, req).Context(ctx).Do()
|
||||
policy, err := o.rmSvc.Projects.GetIamPolicy(fmt.Sprintf(projectNameFmt, o.ProjectID), req).Context(ctx).Do()
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "failed to fetch project IAM policy")
|
||||
}
|
||||
@@ -27,7 +33,7 @@ func (o *ClusterUninstaller) setProjectIAMPolicy(ctx context.Context, policy *re
|
||||
ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
|
||||
defer cancel()
|
||||
req := &resourcemanager.SetIamPolicyRequest{Policy: policy}
|
||||
_, err := o.rmSvc.Projects.SetIamPolicy(o.ProjectID, req).Context(ctx).Do()
|
||||
_, err := o.rmSvc.Projects.SetIamPolicy(fmt.Sprintf(projectNameFmt, o.ProjectID), req).Context(ctx).Do()
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "failed to set project IAM policy")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user