diff --git a/common/messages/messages_en.go b/common/messages/messages_en.go index 854fcab0..c216f4a5 100644 --- a/common/messages/messages_en.go +++ b/common/messages/messages_en.go @@ -170,6 +170,34 @@ var messagesEn = map[string]util.Message{ RC: 500, Action: "Wait for file share deletion", }, + "ListSubnetsFailed": { + Code: "ListSubnetsFailed", + Description: "Unable to fetch list of subnet.", + Type: util.RetrivalFailed, + RC: 500, + Action: "Unable to list subnets. Target to appropriate region 'ibmcloud target -r ' and verify if 'ibmcloud is subnets' is returning the subnets. If it is not returning then raise ticket for VPC team else raise ticket for IKS team.", + }, + "SubnetFindFailedWithZoneAndSubnetID": { + Code: "SubnetFindFailedWithZoneAndSubnetID", + Description: "A subnet with the specified zone '%s' and available cluster subnet list '%s' could not be found.", + Type: util.RetrivalFailed, + RC: 404, + Action: "Verify that the subnet from the cluster subnet list exists. Target to appropriate region 'ibmcloud target -r ' and verify if 'ibmcloud is subnets' is returning the subnets. If it is not returning the matching subnet from the cluster subnet list then raise ticket for VPC team else raise ticket for IKS team.", + }, + "ListSecurityGroupsFailed": { + Code: "ListSecurityGroupsFailed", + Description: "Unable to fetch list of securityGroup.", + Type: util.RetrivalFailed, + RC: 500, + Action: "Unable to list securityGroup. Target to appropriate region 'ibmcloud target -r ' and verify if 'ibmcloud is securityGroups' is returning the securityGroups. If it is not returning then raise ticket for VPC team else raise ticket for IKS team.", + }, + "SecurityGroupFindFailedWithVPCAndSecurityGroupName": { + Code: "SecurityGroupFindFailedWithVPCAndSecurityGroupName", + Description: "A securityGroup with the specified cluster securityGroup name '%s' could not be found.", + Type: util.RetrivalFailed, + RC: 404, + Action: "Verify that the cluster securityGroup exists. Target to appropriate region 'ibmcloud target -r ' and verify if 'ibmcloud is securityGroups' is returning the securityGroups. Please provide the output and raise ticket for IKS team.", + }, "ListVolumesFailed": { Code: "ListVolumesFailed", Description: "Unable to fetch list of file shares.", diff --git a/common/vpcclient/models/constants.go b/common/vpcclient/models/constants.go index 4ba8ea2a..eea24675 100644 --- a/common/vpcclient/models/constants.go +++ b/common/vpcclient/models/constants.go @@ -19,14 +19,11 @@ package models const ( // APIVersion is the target RIaaS API spec version - APIVersion = "2023-05-30" + APIVersion = "2023-07-11" // APIGeneration ... APIGeneration = 1 // UserAgent identifies IKS to the RIaaS API UserAgent = "IBM-Kubernetes-Service" - - // MaturityBeta flag - MaturityBeta = "beta" ) diff --git a/common/vpcclient/models/security_group.go b/common/vpcclient/models/security_group.go new file mode 100644 index 00000000..72109f59 --- /dev/null +++ b/common/vpcclient/models/security_group.go @@ -0,0 +1,41 @@ +/******************************************************************************* + * IBM Confidential + * OCO Source Materials + * IBM Cloud Kubernetes Service, 5737-D43 + * (C) Copyright IBM Corp. 2023 All Rights Reserved. + * The source code for this program is not published or otherwise divested of + * its trade secrets, irrespective of what has been deposited with + * the U.S. Copyright Office. + ******************************************************************************/ + +// Package models ... +package models + +import ( + "github.com/IBM/ibmcloud-volume-interface/lib/provider" +) + +// SecurityGroup ... +type SecurityGroup struct { + CRN string `json:"crn,omitempty"` + Href string `json:"href,omitempty"` + ID string `json:"id,omitempty"` + Name string `json:"name,omitempty"` + ResourceGroup *ResourceGroup `json:"resource_group,omitempty"` + VPC *provider.VPC `json:"vpc,omitempty"` +} + +// SecurityGroupList ... +type SecurityGroupList struct { + First *HReference `json:"first,omitempty"` + Next *HReference `json:"next,omitempty"` + SecurityGroups []SecurityGroup `json:"security_groups,omitempty"` + Limit int `json:"limit,omitempty"` + TotalCount int `json:"total_count,omitempty"` +} + +// ListSecurityGroupFilters ... +type ListSecurityGroupFilters struct { + ResourceGroupID string `json:"resource_group.id,omitempty"` + VPCID string `json:"vpc.id,omitempty"` +} diff --git a/common/vpcclient/models/share.go b/common/vpcclient/models/share.go index 617f8a9e..38e60b9f 100644 --- a/common/vpcclient/models/share.go +++ b/common/vpcclient/models/share.go @@ -35,9 +35,10 @@ type Share struct { Profile *Profile `json:"profile,omitempty"` CreatedAt *time.Time `json:"created_at,omitempty"` // Status of share named - deleted, deleting, failed, pending, stable, updating, waiting, suspended - Status StatusType `json:"lifecycle_state,omitempty"` - ShareTargets *[]ShareTarget `json:"mount_targets,omitempty"` - Zone *Zone `json:"zone,omitempty"` + Status StatusType `json:"lifecycle_state,omitempty"` + ShareTargets *[]ShareTarget `json:"mount_targets,omitempty"` + Zone *Zone `json:"zone,omitempty"` + AccessControlMode string `json:"access_control_mode,omitempty"` } // ListShareTargerFilters ... diff --git a/common/vpcclient/models/share_target.go b/common/vpcclient/models/share_target.go index 1e9e4a27..6577fc35 100644 --- a/common/vpcclient/models/share_target.go +++ b/common/vpcclient/models/share_target.go @@ -32,6 +32,9 @@ type ShareTarget struct { // Status of share target named - deleted, deleting, failed, pending, stable, updating, waiting, suspended Status string `json:"lifecycle_state,omitempty"` VPC *provider.VPC `json:"vpc,omitempty"` + //EncryptionInTransit + EncryptionInTransit string `json:"transit_encryption,omitempty"` + VirtualNetworkInterface *VirtualNetworkInterface `json:"virtual_network_interface,omitempty"` //Share ID this target is associated to ShareID string `json:"-"` Zone *Zone `json:"zone,omitempty"` @@ -47,6 +50,15 @@ type ShareTargetList struct { TotalCount int `json:"total_count,omitempty"` } +// VirtualNetworkInterface +type VirtualNetworkInterface struct { + Name string `json:"name,omitempty"` + Subnet *SubnetRef `json:"subnet,omitempty"` + SecurityGroups *[]provider.SecurityGroup `json:"security_groups,omitempty"` + PrimaryIP *provider.PrimaryIP `json:"primary_ip,omitempty"` + ResourceGroup *provider.ResourceGroup `json:"resource_group,omitempty"` +} + // NewShareTarget creates ShareTarget from VolumeAccessPointRequest func NewShareTarget(volumeAccessPointRequest provider.VolumeAccessPointRequest) ShareTarget { va := ShareTarget{ diff --git a/common/vpcclient/models/subnet.go b/common/vpcclient/models/subnet.go new file mode 100644 index 00000000..c334aeb6 --- /dev/null +++ b/common/vpcclient/models/subnet.go @@ -0,0 +1,50 @@ +/******************************************************************************* + * IBM Confidential + * OCO Source Materials + * IBM Cloud Kubernetes Service, 5737-D43 + * (C) Copyright IBM Corp. 2023 All Rights Reserved. + * The source code for this program is not published or otherwise divested of + * its trade secrets, irrespective of what has been deposited with + * the U.S. Copyright Office. + ******************************************************************************/ + +// Package models ... +package models + +import ( + "github.com/IBM/ibmcloud-volume-interface/lib/provider" +) + +// Subnet ... +type Subnet struct { + CRN string `json:"crn,omitempty"` + Href string `json:"href,omitempty"` + ID string `json:"id,omitempty"` + Name string `json:"name,omitempty"` + ResourceGroup *ResourceGroup `json:"resource_group,omitempty"` + VPC *provider.VPC `json:"vpc,omitempty"` + Zone *Zone `json:"zone,omitempty"` +} + +// SubnetRef ... +type SubnetRef struct { + CRN string `json:"crn,omitempty"` + ID string `json:"id,omitempty"` + Href string `json:"href,omitempty"` +} + +// SubnetList ... +type SubnetList struct { + First *HReference `json:"first,omitempty"` + Next *HReference `json:"next,omitempty"` + Subnets []Subnet `json:"subnets,omitempty"` + Limit int `json:"limit,omitempty"` + TotalCount int `json:"total_count,omitempty"` +} + +// ListSubnetFilters ... +type ListSubnetFilters struct { + ResourceGroupID string `json:"resource_group.id,omitempty"` + VPCID string `json:"vpc.id,omitempty"` + ZoneName string `json:"zone.name,omitempty"` +} diff --git a/common/vpcclient/riaas/riaas.go b/common/vpcclient/riaas/riaas.go index 3b5af62b..4050fe2f 100644 --- a/common/vpcclient/riaas/riaas.go +++ b/common/vpcclient/riaas/riaas.go @@ -69,7 +69,6 @@ func New(config Config) (*Session, error) { queryValues := url.Values{ "version": []string{backendAPIVersion}, "generation": []string{strconv.Itoa(apiGen)}, - "maturity": []string{models.MaturityBeta}, } riaasClient := client.New(ctx, config.baseURL(), queryValues, config.httpClient(), config.ContextID, config.ResourceGroup) diff --git a/common/vpcclient/vpcfilevolume/constants.go b/common/vpcclient/vpcfilevolume/constants.go index 6741a1ca..7e0fb496 100644 --- a/common/vpcclient/vpcfilevolume/constants.go +++ b/common/vpcclient/vpcfilevolume/constants.go @@ -26,4 +26,6 @@ const ( shareTargetsPath = "/mount_targets" shareTargetIDParam = "target-id" shareTargetIDPath = shareTargetsPath + "/{" + shareTargetIDParam + "}" + subnets = Version + "/subnets" + securityGroups = Version + "/security_groups" ) diff --git a/common/vpcclient/vpcfilevolume/fakes/share.go b/common/vpcclient/vpcfilevolume/fakes/share.go index f097c0c8..9305d0ca 100644 --- a/common/vpcclient/vpcfilevolume/fakes/share.go +++ b/common/vpcclient/vpcfilevolume/fakes/share.go @@ -169,6 +169,38 @@ type FileShareService struct { result1 *models.ShareList result2 error } + ListSecurityGroupsStub func(int, string, *models.ListSecurityGroupFilters, *zap.Logger) (*models.SecurityGroupList, error) + listSecurityGroupsMutex sync.RWMutex + listSecurityGroupsArgsForCall []struct { + arg1 int + arg2 string + arg3 *models.ListSecurityGroupFilters + arg4 *zap.Logger + } + listSecurityGroupsReturns struct { + result1 *models.SecurityGroupList + result2 error + } + listSecurityGroupsReturnsOnCall map[int]struct { + result1 *models.SecurityGroupList + result2 error + } + ListSubnetsStub func(int, string, *models.ListSubnetFilters, *zap.Logger) (*models.SubnetList, error) + listSubnetsMutex sync.RWMutex + listSubnetsArgsForCall []struct { + arg1 int + arg2 string + arg3 *models.ListSubnetFilters + arg4 *zap.Logger + } + listSubnetsReturns struct { + result1 *models.SubnetList + result2 error + } + listSubnetsReturnsOnCall map[int]struct { + result1 *models.SubnetList + result2 error + } invocations map[string][][]interface{} invocationsMutex sync.RWMutex } @@ -891,6 +923,140 @@ func (fake *FileShareService) ListFileSharesReturnsOnCall(i int, result1 *models }{result1, result2} } +func (fake *FileShareService) ListSecurityGroups(arg1 int, arg2 string, arg3 *models.ListSecurityGroupFilters, arg4 *zap.Logger) (*models.SecurityGroupList, error) { + fake.listSecurityGroupsMutex.Lock() + ret, specificReturn := fake.listSecurityGroupsReturnsOnCall[len(fake.listSecurityGroupsArgsForCall)] + fake.listSecurityGroupsArgsForCall = append(fake.listSecurityGroupsArgsForCall, struct { + arg1 int + arg2 string + arg3 *models.ListSecurityGroupFilters + arg4 *zap.Logger + }{arg1, arg2, arg3, arg4}) + stub := fake.ListSecurityGroupsStub + fakeReturns := fake.listSecurityGroupsReturns + fake.recordInvocation("ListSecurityGroups", []interface{}{arg1, arg2, arg3, arg4}) + fake.listSecurityGroupsMutex.Unlock() + if stub != nil { + return stub(arg1, arg2, arg3, arg4) + } + if specificReturn { + return ret.result1, ret.result2 + } + return fakeReturns.result1, fakeReturns.result2 +} + +func (fake *FileShareService) ListSecurityGroupsCallCount() int { + fake.listSecurityGroupsMutex.RLock() + defer fake.listSecurityGroupsMutex.RUnlock() + return len(fake.listSecurityGroupsArgsForCall) +} + +func (fake *FileShareService) ListSecurityGroupsCalls(stub func(int, string, *models.ListSecurityGroupFilters, *zap.Logger) (*models.SecurityGroupList, error)) { + fake.listSecurityGroupsMutex.Lock() + defer fake.listSecurityGroupsMutex.Unlock() + fake.ListSecurityGroupsStub = stub +} + +func (fake *FileShareService) ListSecurityGroupsArgsForCall(i int) (int, string, *models.ListSecurityGroupFilters, *zap.Logger) { + fake.listSecurityGroupsMutex.RLock() + defer fake.listSecurityGroupsMutex.RUnlock() + argsForCall := fake.listSecurityGroupsArgsForCall[i] + return argsForCall.arg1, argsForCall.arg2, argsForCall.arg3, argsForCall.arg4 +} + +func (fake *FileShareService) ListSecurityGroupsReturns(result1 *models.SecurityGroupList, result2 error) { + fake.listSecurityGroupsMutex.Lock() + defer fake.listSecurityGroupsMutex.Unlock() + fake.ListSecurityGroupsStub = nil + fake.listSecurityGroupsReturns = struct { + result1 *models.SecurityGroupList + result2 error + }{result1, result2} +} + +func (fake *FileShareService) ListSecurityGroupsReturnsOnCall(i int, result1 *models.SecurityGroupList, result2 error) { + fake.listSecurityGroupsMutex.Lock() + defer fake.listSecurityGroupsMutex.Unlock() + fake.ListSecurityGroupsStub = nil + if fake.listSecurityGroupsReturnsOnCall == nil { + fake.listSecurityGroupsReturnsOnCall = make(map[int]struct { + result1 *models.SecurityGroupList + result2 error + }) + } + fake.listSecurityGroupsReturnsOnCall[i] = struct { + result1 *models.SecurityGroupList + result2 error + }{result1, result2} +} + +func (fake *FileShareService) ListSubnets(arg1 int, arg2 string, arg3 *models.ListSubnetFilters, arg4 *zap.Logger) (*models.SubnetList, error) { + fake.listSubnetsMutex.Lock() + ret, specificReturn := fake.listSubnetsReturnsOnCall[len(fake.listSubnetsArgsForCall)] + fake.listSubnetsArgsForCall = append(fake.listSubnetsArgsForCall, struct { + arg1 int + arg2 string + arg3 *models.ListSubnetFilters + arg4 *zap.Logger + }{arg1, arg2, arg3, arg4}) + stub := fake.ListSubnetsStub + fakeReturns := fake.listSubnetsReturns + fake.recordInvocation("ListSubnets", []interface{}{arg1, arg2, arg3, arg4}) + fake.listSubnetsMutex.Unlock() + if stub != nil { + return stub(arg1, arg2, arg3, arg4) + } + if specificReturn { + return ret.result1, ret.result2 + } + return fakeReturns.result1, fakeReturns.result2 +} + +func (fake *FileShareService) ListSubnetsCallCount() int { + fake.listSubnetsMutex.RLock() + defer fake.listSubnetsMutex.RUnlock() + return len(fake.listSubnetsArgsForCall) +} + +func (fake *FileShareService) ListSubnetsCalls(stub func(int, string, *models.ListSubnetFilters, *zap.Logger) (*models.SubnetList, error)) { + fake.listSubnetsMutex.Lock() + defer fake.listSubnetsMutex.Unlock() + fake.ListSubnetsStub = stub +} + +func (fake *FileShareService) ListSubnetsArgsForCall(i int) (int, string, *models.ListSubnetFilters, *zap.Logger) { + fake.listSubnetsMutex.RLock() + defer fake.listSubnetsMutex.RUnlock() + argsForCall := fake.listSubnetsArgsForCall[i] + return argsForCall.arg1, argsForCall.arg2, argsForCall.arg3, argsForCall.arg4 +} + +func (fake *FileShareService) ListSubnetsReturns(result1 *models.SubnetList, result2 error) { + fake.listSubnetsMutex.Lock() + defer fake.listSubnetsMutex.Unlock() + fake.ListSubnetsStub = nil + fake.listSubnetsReturns = struct { + result1 *models.SubnetList + result2 error + }{result1, result2} +} + +func (fake *FileShareService) ListSubnetsReturnsOnCall(i int, result1 *models.SubnetList, result2 error) { + fake.listSubnetsMutex.Lock() + defer fake.listSubnetsMutex.Unlock() + fake.ListSubnetsStub = nil + if fake.listSubnetsReturnsOnCall == nil { + fake.listSubnetsReturnsOnCall = make(map[int]struct { + result1 *models.SubnetList + result2 error + }) + } + fake.listSubnetsReturnsOnCall[i] = struct { + result1 *models.SubnetList + result2 error + }{result1, result2} +} + func (fake *FileShareService) Invocations() map[string][][]interface{} { fake.invocationsMutex.RLock() defer fake.invocationsMutex.RUnlock() @@ -916,6 +1082,10 @@ func (fake *FileShareService) Invocations() map[string][][]interface{} { defer fake.listFileShareTargetsMutex.RUnlock() fake.listFileSharesMutex.RLock() defer fake.listFileSharesMutex.RUnlock() + fake.listSecurityGroupsMutex.RLock() + defer fake.listSecurityGroupsMutex.RUnlock() + fake.listSubnetsMutex.RLock() + defer fake.listSubnetsMutex.RUnlock() copiedInvocations := map[string][][]interface{}{} for key, value := range fake.invocations { copiedInvocations[key] = value diff --git a/common/vpcclient/vpcfilevolume/file_share_service.go b/common/vpcclient/vpcfilevolume/file_share_service.go index 263c2405..240e4c7d 100644 --- a/common/vpcclient/vpcfilevolume/file_share_service.go +++ b/common/vpcclient/vpcfilevolume/file_share_service.go @@ -59,8 +59,14 @@ type FileShareManager interface { // DeleteFileShareTarget delete the share target by share ID and target ID/VPC ID/Subnet ID DeleteFileShareTarget(shareTargetDeleteRequest *models.ShareTarget, ctxLogger *zap.Logger) (*http.Response, error) - //ExpandVolume expand the share by share ID and target + // ExpandVolume expand the share by share ID and target ExpandVolume(shareID string, shareTemplate *models.Share, ctxLogger *zap.Logger) (*models.Share, error) + + // Get all subnets by using filter options + ListSubnets(limit int, start string, filters *models.ListSubnetFilters, ctxLogger *zap.Logger) (*models.SubnetList, error) + + // Get all securityGroups by using filter options + ListSecurityGroups(limit int, start string, filters *models.ListSecurityGroupFilters, ctxLogger *zap.Logger) (*models.SecurityGroupList, error) } // FileShareService ... diff --git a/common/vpcclient/vpcfilevolume/list_security_groups.go b/common/vpcclient/vpcfilevolume/list_security_groups.go new file mode 100644 index 00000000..728717b5 --- /dev/null +++ b/common/vpcclient/vpcfilevolume/list_security_groups.go @@ -0,0 +1,76 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package vpcfilevolume ... +package vpcfilevolume + +import ( + "strconv" + "time" + + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/client" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + util "github.com/IBM/ibmcloud-volume-interface/lib/utils" + "go.uber.org/zap" +) + +// ListSecurityGroups GETs /security_groups +func (vs *FileShareService) ListSecurityGroups(limit int, start string, filters *models.ListSecurityGroupFilters, ctxLogger *zap.Logger) (*models.SecurityGroupList, error) { + ctxLogger.Debug("Entry Backend ListSecurityGroups") + defer ctxLogger.Debug("Exit Backend ListSecurityGroups") + + defer util.TimeTracker("ListSecurityGroups", time.Now()) + + operation := &client.Operation{ + Name: "ListSecurityGroups", + Method: "GET", + PathPattern: securityGroups, + } + + var securityGroups models.SecurityGroupList + var apiErr models.Error + + request := vs.client.NewRequest(operation) + ctxLogger.Info("Equivalent curl command", zap.Reflect("URL", request.URL()), zap.Reflect("Operation", operation)) + + req := request.JSONSuccess(&securityGroups).JSONError(&apiErr) + + if limit > 0 { + req.AddQueryValue("limit", strconv.Itoa(limit)) + } + + if start != "" { + req.AddQueryValue("start", start) + } + + if filters != nil { + if filters.ResourceGroupID != "" { + req.AddQueryValue("resource_group.id", filters.ResourceGroupID) + } + if filters.VPCID != "" { + req.AddQueryValue("vpc.id", filters.VPCID) + } + } + + ctxLogger.Info("Equivalent curl command", zap.Reflect("URL", req.URL())) + + _, err := req.Invoke() + if err != nil { + return nil, err + } + + return &securityGroups, nil +} diff --git a/common/vpcclient/vpcfilevolume/list_security_groups_test.go b/common/vpcclient/vpcfilevolume/list_security_groups_test.go new file mode 100644 index 00000000..1dfa8520 --- /dev/null +++ b/common/vpcclient/vpcfilevolume/list_security_groups_test.go @@ -0,0 +1,121 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package vpcvolume_test ... +package vpcfilevolume_test + +import ( + "net/http" + "net/url" + "testing" + + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/riaas/test" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/vpcfilevolume" + "github.com/stretchr/testify/assert" + "go.uber.org/zap" +) + +func TestListSecurityGroups(t *testing.T) { + // Setup new style zap logger + logger, _ := GetTestContextLogger() + defer logger.Sync() + + testCases := []struct { + name string + + // Response + status int + content string + + limit int + start string + filters *models.ListSecurityGroupFilters + + // Expected return + expectErr string + verify func(*testing.T) + muxVerify func(*testing.T, *http.Request) + }{ + { + name: "Verify that the correct endpoint is invoked", + status: http.StatusNoContent, + }, { + name: "Verify that a 404 is returned to the caller", + status: http.StatusNotFound, + content: "{\"errors\":[{\"message\":\"testerr\"}]}", + expectErr: "Trace Code:, testerr Please check ", + }, { + name: "Verify that limit is added to the query", + limit: 12, + status: http.StatusNoContent, + muxVerify: func(t *testing.T, r *http.Request) { + expectedValues := url.Values{"limit": []string{"12"}, "version": []string{models.APIVersion}} + actualValues := r.URL.Query() + assert.Equal(t, expectedValues, actualValues) + }, + }, { + name: "Verify that start is added to the query", + start: "x-y-z", + status: http.StatusNoContent, + muxVerify: func(t *testing.T, r *http.Request) { + expectedValues := url.Values{"start": []string{"x-y-z"}, "version": []string{models.APIVersion}} + actualValues := r.URL.Query() + assert.Equal(t, expectedValues, actualValues) + }, + }, { + name: "Verify that resource_group.id and VPCID is added to the query", + filters: &models.ListSecurityGroupFilters{ + ResourceGroupID: "rgid", + VPCID: "vpc-1", + }, + status: http.StatusNoContent, + muxVerify: func(t *testing.T, r *http.Request) { + expectedValues := url.Values{"resource_group.id": []string{"rgid"}, "vpc.id": []string{"vpc-1"}, "version": []string{models.APIVersion}} + actualValues := r.URL.Query() + assert.Equal(t, expectedValues, actualValues) + }, + }, + } + + for _, testcase := range testCases { + t.Run(testcase.name, func(t *testing.T) { + mux, client, teardown := test.SetupServer(t) + test.SetupMuxResponse(t, mux, vpcfilevolume.Version+"/security_groups", http.MethodGet, nil, testcase.status, testcase.content, nil) + + defer teardown() + + logger.Info("Test case being executed", zap.Reflect("testcase", testcase.name)) + + shareFileService := vpcfilevolume.New(client) + + securityGroups, err := shareFileService.ListSecurityGroups(testcase.limit, testcase.start, testcase.filters, logger) + logger.Info("securityGroups", zap.Reflect("securityGroups", securityGroups)) + + if testcase.expectErr != "" && assert.Error(t, err) { + assert.Equal(t, testcase.expectErr, err.Error()) + assert.Nil(t, securityGroups) + } else { + assert.NoError(t, err) + assert.NotNil(t, securityGroups) + } + + if testcase.verify != nil { + testcase.verify(t) + } + }) + } +} diff --git a/common/vpcclient/vpcfilevolume/list_subnets.go b/common/vpcclient/vpcfilevolume/list_subnets.go new file mode 100644 index 00000000..fcfa0f49 --- /dev/null +++ b/common/vpcclient/vpcfilevolume/list_subnets.go @@ -0,0 +1,78 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package vpcfilevolume ... +package vpcfilevolume + +import ( + "strconv" + "time" + + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/client" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + util "github.com/IBM/ibmcloud-volume-interface/lib/utils" + "go.uber.org/zap" +) + +// ListSubnets GETs /subnets +func (vs *FileShareService) ListSubnets(limit int, start string, filters *models.ListSubnetFilters, ctxLogger *zap.Logger) (*models.SubnetList, error) { + ctxLogger.Debug("Entry Backend ListSubnets") + defer ctxLogger.Debug("Exit Backend ListSubnets") + + defer util.TimeTracker("ListSubnets", time.Now()) + + operation := &client.Operation{ + Name: "ListSubnets", + Method: "GET", + PathPattern: subnets, + } + + var subnets models.SubnetList + var apiErr models.Error + + request := vs.client.NewRequest(operation) + + req := request.JSONSuccess(&subnets).JSONError(&apiErr) + + if limit > 0 { + req.AddQueryValue("limit", strconv.Itoa(limit)) + } + + if start != "" { + req.AddQueryValue("start", start) + } + + if filters != nil { + if filters.ResourceGroupID != "" { + req.AddQueryValue("resource_group.id", filters.ResourceGroupID) + } + if filters.VPCID != "" { + req.AddQueryValue("vpc.id", filters.VPCID) + } + if filters.ZoneName != "" { + req.AddQueryValue("zone.name", filters.ZoneName) + } + } + + ctxLogger.Info("Equivalent curl command", zap.Reflect("URL", req.URL())) + + _, err := req.Invoke() + if err != nil { + return nil, err + } + + return &subnets, nil +} diff --git a/common/vpcclient/vpcfilevolume/list_subnets_test.go b/common/vpcclient/vpcfilevolume/list_subnets_test.go new file mode 100644 index 00000000..c84486dd --- /dev/null +++ b/common/vpcclient/vpcfilevolume/list_subnets_test.go @@ -0,0 +1,122 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package vpcvolume_test ... +package vpcfilevolume_test + +import ( + "net/http" + "net/url" + "testing" + + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/riaas/test" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/vpcfilevolume" + "github.com/stretchr/testify/assert" + "go.uber.org/zap" +) + +func TestListSubnets(t *testing.T) { + // Setup new style zap logger + logger, _ := GetTestContextLogger() + defer logger.Sync() + + testCases := []struct { + name string + + // Response + status int + content string + + limit int + start string + filters *models.ListSubnetFilters + + // Expected return + expectErr string + verify func(*testing.T) + muxVerify func(*testing.T, *http.Request) + }{ + { + name: "Verify that the correct endpoint is invoked", + status: http.StatusNoContent, + }, { + name: "Verify that a 404 is returned to the caller", + status: http.StatusNotFound, + content: "{\"errors\":[{\"message\":\"testerr\"}]}", + expectErr: "Trace Code:, testerr Please check ", + }, { + name: "Verify that limit is added to the query", + limit: 12, + status: http.StatusNoContent, + muxVerify: func(t *testing.T, r *http.Request) { + expectedValues := url.Values{"limit": []string{"12"}, "version": []string{models.APIVersion}} + actualValues := r.URL.Query() + assert.Equal(t, expectedValues, actualValues) + }, + }, { + name: "Verify that start is added to the query", + start: "x-y-z", + status: http.StatusNoContent, + muxVerify: func(t *testing.T, r *http.Request) { + expectedValues := url.Values{"start": []string{"x-y-z"}, "version": []string{models.APIVersion}} + actualValues := r.URL.Query() + assert.Equal(t, expectedValues, actualValues) + }, + }, { + name: "Verify that resource_group.id, ZoneName and VPCID is added to the query", + filters: &models.ListSubnetFilters{ + ResourceGroupID: "rgid", + ZoneName: "us-south-1", + VPCID: "vpc-1", + }, + status: http.StatusNoContent, + muxVerify: func(t *testing.T, r *http.Request) { + expectedValues := url.Values{"resource_group.id": []string{"rgid"}, "zone.name": []string{"us-south-1"}, "vpc.id": []string{"vpc-1"}, "version": []string{models.APIVersion}} + actualValues := r.URL.Query() + assert.Equal(t, expectedValues, actualValues) + }, + }, + } + + for _, testcase := range testCases { + t.Run(testcase.name, func(t *testing.T) { + mux, client, teardown := test.SetupServer(t) + test.SetupMuxResponse(t, mux, vpcfilevolume.Version+"/subnets", http.MethodGet, nil, testcase.status, testcase.content, nil) + + defer teardown() + + logger.Info("Test case being executed", zap.Reflect("testcase", testcase.name)) + + shareFileService := vpcfilevolume.New(client) + + subnets, err := shareFileService.ListSubnets(testcase.limit, testcase.start, testcase.filters, logger) + logger.Info("subnets", zap.Reflect("subnets", subnets)) + + if testcase.expectErr != "" && assert.Error(t, err) { + assert.Equal(t, testcase.expectErr, err.Error()) + assert.Nil(t, subnets) + } else { + assert.NoError(t, err) + assert.NotNil(t, subnets) + } + + if testcase.verify != nil { + testcase.verify(t) + } + }) + } +} diff --git a/file/provider/create_volume.go b/file/provider/create_volume.go index 1e885a0a..b46e53a7 100644 --- a/file/provider/create_volume.go +++ b/file/provider/create_volume.go @@ -49,11 +49,12 @@ func (vpcs *VPCSession) CreateVolume(volumeRequest provider.Volume) (volumeRespo // Build the share template to send to backend shareTemplate := &models.Share{ - Name: *volumeRequest.Name, - Size: int64(*volumeRequest.Capacity), - InitialOwner: (*models.InitialOwner)(volumeRequest.InitialOwner), - Iops: iops, - ResourceGroup: &resourceGroup, + Name: *volumeRequest.Name, + Size: int64(*volumeRequest.Capacity), + InitialOwner: (*models.InitialOwner)(volumeRequest.InitialOwner), + Iops: iops, + AccessControlMode: volumeRequest.AccessControlMode, + ResourceGroup: &resourceGroup, Profile: &models.Profile{ Name: volumeRequest.VPCVolume.Profile.Name, }, diff --git a/file/provider/create_volume_access_point.go b/file/provider/create_volume_access_point.go index b60d2408..4c1ae3a7 100644 --- a/file/provider/create_volume_access_point.go +++ b/file/provider/create_volume_access_point.go @@ -64,6 +64,25 @@ func (vpcs *VPCSession) CreateVolumeAccessPoint(volumeAccessPointRequest provide return nil, true // stop retry volume accessPoint already created } + // If ENI/VNI is enabled + if volumeAccessPointRequest.AccessControlMode == SecurityGroup { + volumeAccessPoint.VPC = nil // We can either pass VPC or VNI + volumeAccessPoint.VirtualNetworkInterface = &models.VirtualNetworkInterface{ + SecurityGroups: volumeAccessPointRequest.SecurityGroups, + ResourceGroup: volumeAccessPointRequest.ResourceGroup, + } + + if len(volumeAccessPointRequest.SubnetID) != 0 { + volumeAccessPoint.VirtualNetworkInterface.Subnet = &models.SubnetRef{ + ID: volumeAccessPointRequest.SubnetID, + } + } + + if volumeAccessPointRequest.PrimaryIP != nil { + volumeAccessPoint.VirtualNetworkInterface.PrimaryIP = volumeAccessPointRequest.PrimaryIP + } + } + //Try creating volume accessPoint if it's not already created or there is error in getting current volume accessPoint vpcs.Logger.Info("Creating volume accessPoint from VPC provider...") volumeAccessPointResult, err = vpcs.Apiclient.FileShareService().CreateFileShareTarget(&volumeAccessPoint, vpcs.Logger) @@ -94,11 +113,13 @@ func (vpcs *VPCSession) validateVolumeAccessPointRequest(volumeAccessPointReques vpcs.Logger.Error("volumeAccessPointRequest.VolumeID is required", zap.Error(err)) return err } - // Check for VPC ID - required validation + + // Check for VPC ID, SubnetID or AccessPointID - required validation if len(volumeAccessPointRequest.VPCID) == 0 && len(volumeAccessPointRequest.SubnetID) == 0 && len(volumeAccessPointRequest.AccessPointID) == 0 { - err = userError.GetUserError(string(reasoncode.ErrorRequiredFieldMissing), nil, "VPCID") + err = userError.GetUserError(string(reasoncode.ErrorRequiredFieldMissing), nil, "VPCID or SubnetID or AccessPointID") vpcs.Logger.Error("One of volumeAccessPointRequest.VPCID, volumeAccessPointRequest.SubnetID and volumeAccessPointRequest.AccessPoint is required", zap.Error(err)) return err } + return nil } diff --git a/file/provider/create_volume_access_point_test.go b/file/provider/create_volume_access_point_test.go index d3a1ba6f..b846aff9 100644 --- a/file/provider/create_volume_access_point_test.go +++ b/file/provider/create_volume_access_point_test.go @@ -77,8 +77,9 @@ func TestCreateVolumeAccessPoint(t *testing.T) { { testCaseName: "Volume Access Point already exist for the VPCID and VolumeID", providerVolumeAccessPointRequest: provider.VolumeAccessPointRequest{ - VolumeID: "volume-id1", - VPCID: "VPC-id1", + VolumeID: "volume-id1", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ID: "default resource group id", Name: "default resource group"}, }, baseVolumeAccessPointResponse: &models.ShareTarget{ @@ -116,8 +117,9 @@ func TestCreateVolumeAccessPoint(t *testing.T) { { testCaseName: "Volume creation failure", providerVolumeAccessPointRequest: provider.VolumeAccessPointRequest{ - VolumeID: "volume-id1", - VPCID: "VPC-id1", + VolumeID: "volume-id1", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ID: "default resource group id", Name: "default resource group"}, }, baseVolumeAccessPointResponse: nil, @@ -132,10 +134,51 @@ func TestCreateVolumeAccessPoint(t *testing.T) { }, }, { - testCaseName: "Success Case", + testCaseName: "Success Case VPC Mode", providerVolumeAccessPointRequest: provider.VolumeAccessPointRequest{ - VolumeID: "volume-id1", - VPCID: "VPC-id1", + VolumeID: "volume-id1", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ID: "default resource group id", Name: "default resource group"}, + }, + + baseVolumeAccessPointResponse: &models.ShareTarget{ + ID: "16f293bf-test-4bff-816f-e199c0c65db5", + MountPath: "abac:/asdsads/asdsad", + Name: "test volume name", + Status: "stable", + VPC: &provider.VPC{ID: "VPC-id1"}, + ShareID: "", + Zone: &models.Zone{Name: "test-zone"}, + }, + + volumeTargetList: nil, + + verify: func(t *testing.T, volumeAccessPointResponse *provider.VolumeAccessPointResponse, err error) { + assert.NotNil(t, volumeAccessPointResponse) + assert.Nil(t, err) + }, + }, + { + testCaseName: "Success Case SecurityGroup Mode", + providerVolumeAccessPointRequest: provider.VolumeAccessPointRequest{ + AccessControlMode: "security_group", + VolumeID: "volume-id1", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ID: "default resource group id", Name: "default resource group"}, + SecurityGroups: &[]provider.SecurityGroup{ + { + ID: "securityGroup-1", + }, + { + ID: "securityGroup-2", + }, + }, + PrimaryIP: &provider.PrimaryIP{ + PrimaryIPID: provider.PrimaryIPID{ + ID: "primary-ip-id-1", + }, + }, + SubnetID: "subnetID-1", }, baseVolumeAccessPointResponse: &models.ShareTarget{ diff --git a/file/provider/get_security_group.go b/file/provider/get_security_group.go new file mode 100644 index 00000000..b5b061ec --- /dev/null +++ b/file/provider/get_security_group.go @@ -0,0 +1,99 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package provider ... +package provider + +import ( + "errors" + userError "github.com/IBM/ibmcloud-volume-file-vpc/common/messages" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + "github.com/IBM/ibmcloud-volume-interface/lib/provider" + "go.uber.org/zap" + "net/url" + "strings" +) + +// GetSecurityGroupForVolumeAccessPoint get the SecurityGroup based on the request +func (vpcs *VPCSession) GetSecurityGroupForVolumeAccessPoint(securityGroupRequest provider.SecurityGroupRequest) (string, error) { + vpcs.Logger.Info("Entry of GetSecurityGroupForVolumeAccessPoint method...", zap.Reflect("securityGroupRequest", securityGroupRequest)) + defer vpcs.Logger.Info("Exit from GetSecurityGroupForVolumeAccessPoint method...") + + // Get SecurityGroup by VPC and name. This is inefficient operation which requires iteration over SecurityGroup list + securityGroup, err := vpcs.getSecurityGroupByVPCAndSecurityGroupName(securityGroupRequest) + vpcs.Logger.Info("getSecurityGroupByVPCAndSecurityGroupName response", zap.Reflect("securityGroup", securityGroup), zap.Error(err)) + return securityGroup, err +} + +func (vpcs *VPCSession) getSecurityGroupByVPCAndSecurityGroupName(securityGroupRequest provider.SecurityGroupRequest) (string, error) { + vpcs.Logger.Debug("Entry of getSecurityGroupByVPCAndSecurityGroupName()") + defer vpcs.Logger.Debug("Exit from getSecurityGroupByVPCAndSecurityGroupName()") + vpcs.Logger.Info("Getting getSecurityGroupByVPCAndSecurityGroupName from VPC provider...") + var err error + var start = "" + + filters := &models.ListSecurityGroupFilters{ + ResourceGroupID: securityGroupRequest.ResourceGroup.ID, + VPCID: securityGroupRequest.VPCID, + } + + for { + + securityGroups, err := vpcs.Apiclient.FileShareService().ListSecurityGroups(pageSize, start, filters, vpcs.Logger) + + if err != nil { + // API call is failed + return "", userError.GetUserError("ListSecurityGroupsFailed", err) + } + + // Iterate over the SecurityGroup list for given volume + if securityGroups != nil { + for _, securityGroupItem := range securityGroups.SecurityGroups { + // Check if securityGroup is matching with requested input securityGroup name + if strings.EqualFold(securityGroupRequest.Name, securityGroupItem.Name) { + vpcs.Logger.Info("Successfully found securityGroup", zap.Reflect("securityGroupItem", securityGroupItem)) + return securityGroupItem.ID, nil + } + } + + if securityGroups.Next == nil { + break // No more pages, exit the loop + } + + // Fetch the start of next page + startUrl, err := url.Parse(securityGroups.Next.Href) + if err != nil { + // API call is failed + vpcs.Logger.Warn("The next parameter of the securityGroup list could not be parsed.", zap.Reflect("Next", securityGroups.Next.Href), zap.Error(err)) + return "", userError.GetUserError(string("SecurityGroupFindFailedWithVPCAndSecurityGroupName"), err, securityGroupRequest.Name) + } + + vpcs.Logger.Info("startUrl", zap.Reflect("startUrl", startUrl)) + start = startUrl.Query().Get("start") //parse query param into map + if start == "" { + // API call is failed + vpcs.Logger.Warn("The start specified in the next parameter of the securityGroup list is empty.", zap.Reflect("startUrl", startUrl)) + return "", userError.GetUserError(string("SecurityGroupFindFailedWithVPCAndSecurityGroupName"), errors.New("no securityGroup found"), securityGroupRequest.Name) + } + } else { + return "", userError.GetUserError(string("ListSecurityGroupsFailed"), errors.New("SecurityGroup list is empty")) + } + } + + // No volume SecurityGroup found in the list. So return error + vpcs.Logger.Error("SecurityGroup not found", zap.Error(err)) + return "", userError.GetUserError(string("SecurityGroupFindFailedWithVPCAndSecurityGroupName"), errors.New("no securityGroup found"), securityGroupRequest.Name) +} diff --git a/file/provider/get_security_group_test.go b/file/provider/get_security_group_test.go new file mode 100644 index 00000000..daf3425e --- /dev/null +++ b/file/provider/get_security_group_test.go @@ -0,0 +1,164 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package provider ... +package provider + +import ( + "errors" + "testing" + + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + fileShareServiceFakes "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/vpcfilevolume/fakes" + "github.com/IBM/ibmcloud-volume-interface/lib/provider" + util "github.com/IBM/ibmcloud-volume-interface/lib/utils" + "github.com/IBM/ibmcloud-volume-interface/lib/utils/reasoncode" + "github.com/stretchr/testify/assert" + "go.uber.org/zap" +) + +func TestGetSecurityGroup(t *testing.T) { + //var err error + logger, teardown := GetTestLogger(t) + defer teardown() + + var ( + volumeService *fileShareServiceFakes.FileShareService + ) + + testCases := []struct { + testCaseName string + securityGroupReq provider.SecurityGroupRequest + securityGroupList *models.SecurityGroupList + + setup func() + + skipErrTest bool + expectedErr string + expectedReasonCode string + + verify func(t *testing.T, securityGroup string, err error) + }{ + { + testCaseName: "OK", + securityGroupReq: provider.SecurityGroupRequest{ + Name: "kube-cluster-1", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ + ID: "16f293bf-test-4bff-816f-e199c0wdwd5db5", + }, + }, + + securityGroupList: &models.SecurityGroupList{ + Limit: 50, + SecurityGroups: []models.SecurityGroup{ + { + ID: "kube-cluster-1", + VPC: &provider.VPC{ID: "VPC-id1"}, + Name: "kube-cluster-1", + }, + }, + }, + verify: func(t *testing.T, securityGroup string, err error) { + assert.Equal(t, "kube-cluster-1", securityGroup) + assert.Nil(t, err) + }, + }, { + testCaseName: "Wrong securityGroupName", + securityGroupReq: provider.SecurityGroupRequest{ + Name: "kube-cluster-2", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ + ID: "16f293bf-test-4bff-816f-e199c0wdwd5db5", + }, + }, + securityGroupList: &models.SecurityGroupList{ + Limit: 50, + SecurityGroups: []models.SecurityGroup{ + { + ID: "kube-cluster-1", + VPC: &provider.VPC{ID: "VPC-id1"}, + Name: "kube-cluster-1", + }, + }, + }, + expectedErr: "{Code:ErrorUnclassified, Type:InvalidRequest, Description:'A securityGroup with the specified zone test-zone and available cluster securityGroup list {16f293bf-test-4bff-816f-e199c0c65db5ss,16f293bf-test-4bff-816f-e199c0c65db2} could not be found.", + expectedReasonCode: "ErrorUnclassified", + verify: func(t *testing.T, securityGroup string, err error) { + assert.Equal(t, "", securityGroup) + assert.NotNil(t, err) + }, + }, + { + testCaseName: "Wrong VPC", + securityGroupReq: provider.SecurityGroupRequest{ + Name: "kube-cluster-1", + VPCID: "VPC-id2", + ResourceGroup: &provider.ResourceGroup{ + ID: "16f293bf-test-4bff-816f-e199c0wdwd5db5", + }, + }, + securityGroupList: &models.SecurityGroupList{ + Limit: 50, + SecurityGroups: []models.SecurityGroup{ + { + ID: "kube-cluster-1", + VPC: &provider.VPC{ID: "VPC-id1"}, + Name: "kube-cluster-1", + }, + }, + }, + expectedErr: "{Code:ErrorUnclassified, Type:InvalidRequest, Description:'A securityGroup with the specified zone test-zone and available cluster securityGroup list {16f293bf-test-4bff-816f-e199c0c65db5ss,16f293bf-test-4bff-816f-e199c0c65db2} could not be found.", + expectedReasonCode: "ErrorUnclassified", + verify: func(t *testing.T, securityGroup string, err error) { + assert.Equal(t, "", securityGroup) + assert.NotNil(t, err) + }, + }, + } + + for _, testcase := range testCases { + t.Run(testcase.testCaseName, func(t *testing.T) { + vpcs, uc, sc, err := GetTestOpenSession(t, logger) + assert.NotNil(t, vpcs) + assert.NotNil(t, uc) + assert.NotNil(t, sc) + assert.Nil(t, err) + + volumeService = &fileShareServiceFakes.FileShareService{} + assert.NotNil(t, volumeService) + uc.FileShareServiceReturns(volumeService) + + if testcase.expectedErr != "" { + volumeService.ListSecurityGroupsReturns(testcase.securityGroupList, errors.New(testcase.expectedReasonCode)) + } else { + volumeService.ListSecurityGroupsReturns(testcase.securityGroupList, nil) + } + securityGroup, err := vpcs.GetSecurityGroupForVolumeAccessPoint(testcase.securityGroupReq) + logger.Info("SecurityGroup details", zap.Reflect("securityGroup", securityGroup)) + + if testcase.expectedErr != "" { + assert.NotNil(t, err) + logger.Info("Error details", zap.Reflect("Error details", err.Error())) + assert.Equal(t, reasoncode.ReasonCode(testcase.expectedReasonCode), util.ErrorReasonCode(err)) + } + + if testcase.verify != nil { + testcase.verify(t, securityGroup, err) + } + }) + } +} diff --git a/file/provider/get_subnet.go b/file/provider/get_subnet.go new file mode 100644 index 00000000..17c43654 --- /dev/null +++ b/file/provider/get_subnet.go @@ -0,0 +1,100 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package provider ... +package provider + +import ( + "errors" + userError "github.com/IBM/ibmcloud-volume-file-vpc/common/messages" + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + "github.com/IBM/ibmcloud-volume-interface/lib/provider" + "go.uber.org/zap" + "net/url" + "strings" +) + +// / GetSubnet get the subnet based on the request +func (vpcs *VPCSession) GetSubnetForVolumeAccessPoint(subnetRequest provider.SubnetRequest) (string, error) { + vpcs.Logger.Info("Entry of GetSubnetForVolumeAccessPoint method...", zap.Reflect("subnetRequest", subnetRequest)) + defer vpcs.Logger.Info("Exit from GetSubnetForVolumeAccessPoint method...") + + // Get Subnet by zone and cluster subnet list. This is inefficient operation which requires iteration over subnet list + subnet, err := vpcs.getSubnetByZoneAndSubnetID(subnetRequest) + vpcs.Logger.Info("getSubnetByVPCIDAndZone response", zap.Reflect("subnet", subnet), zap.Error(err)) + return subnet, err +} + +func (vpcs *VPCSession) getSubnetByZoneAndSubnetID(subnetRequest provider.SubnetRequest) (string, error) { + vpcs.Logger.Debug("Entry of getSubnetByVPCIDAndZone()") + defer vpcs.Logger.Debug("Exit from getSubnetByVPCIDAndZone()") + vpcs.Logger.Info("Getting getSubnetByVPCIDAndZone from VPC provider...") + var err error + var start = "" + + filters := &models.ListSubnetFilters{ + ResourceGroupID: subnetRequest.ResourceGroup.ID, + VPCID: subnetRequest.VPCID, + ZoneName: subnetRequest.ZoneName, + } + + for { + + subnets, err := vpcs.Apiclient.FileShareService().ListSubnets(pageSize, start, filters, vpcs.Logger) + + if err != nil { + // API call is failed + return "", userError.GetUserError("ListSubnetsFailed", err) + } + + // Iterate over the subnet list for given volume + if subnets != nil { + for _, subnetItem := range subnets.Subnets { + // Check if subnet is matching with requested input subnet-list + if strings.Contains(subnetRequest.SubnetIDList, subnetItem.ID) { + vpcs.Logger.Info("Successfully found subnet", zap.Reflect("subnetItem", subnetItem)) + return subnetItem.ID, nil + } + } + + if subnets.Next == nil { + break // No more pages, exit the loop + } + + // Fetch the start of next page + startUrl, err := url.Parse(subnets.Next.Href) + if err != nil { + // API call is failed + vpcs.Logger.Warn("The next parameter of the subnet list could not be parsed.", zap.Reflect("Next", subnets.Next.Href), zap.Error(err)) + return "", userError.GetUserError(string("SubnetFindFailedWithZoneAndSubnetID"), err, subnetRequest.ZoneName, subnetRequest.SubnetIDList) + } + + vpcs.Logger.Info("startUrl", zap.Reflect("startUrl", startUrl)) + start = startUrl.Query().Get("start") //parse query param into map + if start == "" { + // API call is failed + vpcs.Logger.Warn("The start specified in the next parameter of the subnet list is empty.", zap.Reflect("start", startUrl)) + return "", userError.GetUserError(string("SubnetFindFailedWithZoneAndSubnetID"), errors.New("no subnet found"), subnetRequest.ZoneName, subnetRequest.SubnetIDList) + } + } else { + return "", userError.GetUserError(string("ListSubnetsFailed"), errors.New("Subnet list is empty")) + } + } + + // No volume Subnet found in the list. So return error + vpcs.Logger.Error("Subnet not found", zap.Error(err)) + return "", userError.GetUserError(string("SubnetFindFailedWithZoneAndSubnetID"), errors.New("no subnet found"), subnetRequest.ZoneName, subnetRequest.SubnetIDList) +} diff --git a/file/provider/get_subnet_test.go b/file/provider/get_subnet_test.go new file mode 100644 index 00000000..5c51883c --- /dev/null +++ b/file/provider/get_subnet_test.go @@ -0,0 +1,194 @@ +/** + * Copyright 2023 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package provider ... +package provider + +import ( + "errors" + "testing" + + "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/models" + fileShareServiceFakes "github.com/IBM/ibmcloud-volume-file-vpc/common/vpcclient/vpcfilevolume/fakes" + "github.com/IBM/ibmcloud-volume-interface/lib/provider" + util "github.com/IBM/ibmcloud-volume-interface/lib/utils" + "github.com/IBM/ibmcloud-volume-interface/lib/utils/reasoncode" + "github.com/stretchr/testify/assert" + "go.uber.org/zap" +) + +func TestGetSubnet(t *testing.T) { + //var err error + logger, teardown := GetTestLogger(t) + defer teardown() + + var ( + volumeService *fileShareServiceFakes.FileShareService + ) + + testCases := []struct { + testCaseName string + subnetReq provider.SubnetRequest + subnetList *models.SubnetList + + setup func() + + skipErrTest bool + expectedErr string + expectedReasonCode string + + verify func(t *testing.T, subnet string, err error) + }{ + { + testCaseName: "OK", + subnetReq: provider.SubnetRequest{ + SubnetIDList: "16f293bf-test-4bff-816f-e199c0c65db5,16f293bf-test-4bff-816f-e199c0c65db2", + ZoneName: "test-zone", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ + ID: "16f293bf-test-4bff-816f-e199c0wdwd5db5", + }, + }, + + subnetList: &models.SubnetList{ + Limit: 50, + Subnets: []models.Subnet{ + { + ID: "16f293bf-test-4bff-816f-e199c0c65db5", + VPC: &provider.VPC{ID: "VPC-id1"}, + Zone: &models.Zone{Name: "test-zone"}, + }, + }, + }, + verify: func(t *testing.T, subnet string, err error) { + assert.Equal(t, "16f293bf-test-4bff-816f-e199c0c65db5", subnet) + assert.Nil(t, err) + }, + }, { + testCaseName: "Wrong subnetIDList", + subnetReq: provider.SubnetRequest{ + SubnetIDList: "16f293bf-test-4bff-816f-e199c0c65db5ss,16f293bf-test-4bff-816f-e199c0c65db2", + ZoneName: "test-zone", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ + ID: "16f293bf-test-4bff-816f-e199c0wdwd5db5", + }, + }, + subnetList: &models.SubnetList{ + Limit: 50, + Subnets: []models.Subnet{ + { + ID: "16f293bf-test-4bff-816f-e199c0c65db5", + VPC: &provider.VPC{ID: "VPC-id1"}, + Zone: &models.Zone{Name: "test-zone"}, + }, + }, + }, + expectedErr: "{Code:ErrorUnclassified, Type:InvalidRequest, Description:'A subnet with the specified zone test-zone and available cluster subnet list {16f293bf-test-4bff-816f-e199c0c65db5ss,16f293bf-test-4bff-816f-e199c0c65db2} could not be found.", + expectedReasonCode: "ErrorUnclassified", + verify: func(t *testing.T, subnet string, err error) { + assert.Equal(t, "", subnet) + assert.NotNil(t, err) + }, + }, + { + testCaseName: "Wrong zone", + subnetReq: provider.SubnetRequest{ + SubnetIDList: "16f293bf-test-4bff-816f-e199c0c65db5,16f293bf-test-4bff-816f-e199c0c65db2", + ZoneName: "test-zone-1", + VPCID: "VPC-id1", + ResourceGroup: &provider.ResourceGroup{ + ID: "16f293bf-test-4bff-816f-e199c0wdwd5db5", + }, + }, + subnetList: &models.SubnetList{ + Limit: 50, + Subnets: []models.Subnet{ + { + ID: "16f293bf-test-4bff-816f-e199c0c65db5", + VPC: &provider.VPC{ID: "VPC-id1"}, + Zone: &models.Zone{Name: "test-zone"}, + }, + }, + }, + expectedErr: "{Code:ErrorUnclassified, Type:InvalidRequest, Description:'A subnet with the specified zone test-zone and available cluster subnet list {16f293bf-test-4bff-816f-e199c0c65db5ss,16f293bf-test-4bff-816f-e199c0c65db2} could not be found.", + expectedReasonCode: "ErrorUnclassified", + verify: func(t *testing.T, subnet string, err error) { + assert.Equal(t, "", subnet) + assert.NotNil(t, err) + }, + }, + { + testCaseName: "Wrong VPC", + subnetReq: provider.SubnetRequest{ + SubnetIDList: "16f293bf-test-4bff-816f-e199c0c65db5,16f293bf-test-4bff-816f-e199c0c65db2", + ZoneName: "test-zone", + VPCID: "VPC-id2", + ResourceGroup: &provider.ResourceGroup{ + ID: "16f293bf-test-4bff-816f-e199c0wdwd5db5", + }, + }, + subnetList: &models.SubnetList{ + Limit: 50, + Subnets: []models.Subnet{ + { + ID: "16f293bf-test-4bff-816f-e199c0c65db5", + VPC: &provider.VPC{ID: "VPC-id1"}, + Zone: &models.Zone{Name: "test-zone"}, + }, + }, + }, + expectedErr: "{Code:ErrorUnclassified, Type:InvalidRequest, Description:'A subnet with the specified zone test-zone and available cluster subnet list {16f293bf-test-4bff-816f-e199c0c65db5ss,16f293bf-test-4bff-816f-e199c0c65db2} could not be found.", + expectedReasonCode: "ErrorUnclassified", + verify: func(t *testing.T, subnet string, err error) { + assert.Equal(t, "", subnet) + assert.NotNil(t, err) + }, + }, + } + + for _, testcase := range testCases { + t.Run(testcase.testCaseName, func(t *testing.T) { + vpcs, uc, sc, err := GetTestOpenSession(t, logger) + assert.NotNil(t, vpcs) + assert.NotNil(t, uc) + assert.NotNil(t, sc) + assert.Nil(t, err) + + volumeService = &fileShareServiceFakes.FileShareService{} + assert.NotNil(t, volumeService) + uc.FileShareServiceReturns(volumeService) + + if testcase.expectedErr != "" { + volumeService.ListSubnetsReturns(testcase.subnetList, errors.New(testcase.expectedReasonCode)) + } else { + volumeService.ListSubnetsReturns(testcase.subnetList, nil) + } + subnet, err := vpcs.GetSubnetForVolumeAccessPoint(testcase.subnetReq) + logger.Info("Subnet details", zap.Reflect("subnet", subnet)) + + if testcase.expectedErr != "" { + assert.NotNil(t, err) + logger.Info("Error details", zap.Reflect("Error details", err.Error())) + assert.Equal(t, reasoncode.ReasonCode(testcase.expectedReasonCode), util.ErrorReasonCode(err)) + } + + if testcase.verify != nil { + testcase.verify(t, subnet, err) + } + }) + } +} diff --git a/file/provider/util.go b/file/provider/util.go index 3918f874..a54d8b6a 100644 --- a/file/provider/util.go +++ b/file/provider/util.go @@ -39,26 +39,39 @@ var retryGap = 10 // ConstantRetryGap ... const ( ConstantRetryGap = 10 // seconds + SecurityGroup = "security_group" + pageSize = 50 ) var volumeIDPartsCount = 5 // TODO need to introduce file share related to error codes var skipErrorCodes = map[string]bool{ - "shares_profile_iops_not_allowed": true, - "shares_profile_capacity_invalid": true, - "shares_zone_not_found": true, - "shares_bad_request": true, - "shares_resource_group_bad_request": true, - "shares_vpc_not_found": true, - "shares_not_found": true, - "shares_target_not_found": true, - "bad_field": true, - "shares_name_duplicate": true, - "shares_status_pending": false, - "internal_error": false, - "invalid_route": false, - "service_error": false, + "shares_profile_iops_not_allowed": true, + "shares_profile_capacity_invalid": true, + "shares_zone_not_found": true, + "shares_bad_request": true, + "shares_resource_group_bad_request": true, + "shares_vpc_not_found": true, + "shares_not_found": true, + "shares_target_not_found": true, + "shares_target_one_per_vpc": true, + "bad_field": true, + "shares_name_duplicate": true, + "shares_subnet_zone_mismatch": true, + "targets_primary_ip_id_required": true, + "targets_subnet_and_primary_ip_missing": true, + "targets_primary_ip_not_related_to_subnet": true, + "shares_target_vpc_and_network_interface": true, + "shares_security_group_id_invalid": true, + "targets_primary_ip_address_already_in_use": true, + "reserved_ip_not_found": true, + "shares_subnet_not_found": true, + "InvalidArgument": true, + "shares_status_pending": false, + "internal_error": false, + "invalid_route": true, + "service_error": false, } // retry ... diff --git a/go.mod b/go.mod index 988c079a..e4a0e88a 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,9 @@ go 1.19 require ( github.com/IBM-Cloud/ibm-cloud-cli-sdk v0.6.7 github.com/IBM/ibm-csi-common v1.1.6 - github.com/IBM/ibmcloud-volume-interface v1.1.3 - github.com/IBM/secret-common-lib v1.1.3 - github.com/IBM/secret-utils-lib v1.1.3 + github.com/IBM/ibmcloud-volume-interface v1.2.0 + github.com/IBM/secret-common-lib v1.1.4 + github.com/IBM/secret-utils-lib v1.1.4 github.com/fatih/structs v1.1.0 github.com/gofrs/uuid v4.2.0+incompatible github.com/golang-jwt/jwt/v4 v4.2.0 diff --git a/go.sum b/go.sum index 209a3546..d90653df 100644 --- a/go.sum +++ b/go.sum @@ -41,12 +41,12 @@ github.com/IBM/go-sdk-core/v5 v5.9.1 h1:06pXbD9Rgmqqe2HA5YAeQbB4eYRRFgIoOT+Kh3cp github.com/IBM/go-sdk-core/v5 v5.9.1/go.mod h1:axE2JrRq79gIJTjKPBwV6gWHswvVptBjbcvvCPIxARM= github.com/IBM/ibm-csi-common v1.1.6 h1:fduMnvAGftkt21k4eXfwxg8ELj0FeaycDDSskqvUOQM= github.com/IBM/ibm-csi-common v1.1.6/go.mod h1:qZ2vJUM8/X5rFIBwpjPxV12y7ThUDObAcjjBHYwfFf4= -github.com/IBM/ibmcloud-volume-interface v1.1.3 h1:6WAfh2usexqDE4sS01M0nRnR2neGj+7Q2HKcJeS7Ctk= -github.com/IBM/ibmcloud-volume-interface v1.1.3/go.mod h1:lmG/CJL3kPUzi5RQm+OK5c3RGIbX4mOmobx36t6RLHQ= -github.com/IBM/secret-common-lib v1.1.3 h1:+xFX4Cuj/DdkDCOIz7t9KcLflwT5Qx+igiHkJWnMUsA= -github.com/IBM/secret-common-lib v1.1.3/go.mod h1:YrsFXeShU2e7yUaXGF/QUMckvFHMEcsa+uh2gSXhiuU= -github.com/IBM/secret-utils-lib v1.1.3 h1:KQpf3aIQJ95Cgxs43gcDXYvCDtXNBIJ6ErUX9dFNzk8= -github.com/IBM/secret-utils-lib v1.1.3/go.mod h1:RuD7z7GrfI/RS5UmQTfY51qWTgscMy06zbQi7i433TY= +github.com/IBM/ibmcloud-volume-interface v1.2.0 h1:9SqCaC0H6nhiXZL57FsR0n1B7rQ7CVW86kjVKqGmMck= +github.com/IBM/ibmcloud-volume-interface v1.2.0/go.mod h1:646HOeq8dAKbgpr7jRehGKckhgduJyII2uN5T6RDLww= +github.com/IBM/secret-common-lib v1.1.4 h1:gKpKnaP45Y6u7VpSlFfXjjTAHpu4bz9Ofy+aR0t2RcI= +github.com/IBM/secret-common-lib v1.1.4/go.mod h1:0L/lLfwi5jwTTmNYE2246HzBIdGz0m6wu/5tXoRp/Lc= +github.com/IBM/secret-utils-lib v1.1.4 h1:8WPG9KBrLLRhGbQn34NWzrFKlyfIIaUfLeDg+iRJkes= +github.com/IBM/secret-utils-lib v1.1.4/go.mod h1:RuD7z7GrfI/RS5UmQTfY51qWTgscMy06zbQi7i433TY= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= diff --git a/pkg/ibmcloudprovider/volume_provider.go b/pkg/ibmcloudprovider/volume_provider.go index 6094cecc..0b6d8667 100644 --- a/pkg/ibmcloudprovider/volume_provider.go +++ b/pkg/ibmcloudprovider/volume_provider.go @@ -58,7 +58,7 @@ func NewIBMCloudStorageProvider(clusterVolumeLabel string, k8sClient *k8s_utils. conf.VPC.APIVersion = fmt.Sprintf("%d-%02d-%02d", dateTime.Year(), dateTime.Month(), dateTime.Day()) } else { logger.Warn("Failed to parse VPC_API_VERSION, setting default value") - conf.VPC.APIVersion = "2023-05-30" // setting default values + conf.VPC.APIVersion = "2023-07-11" // setting default values } var clusterInfo utilsConfig.ClusterConfig