Skip to content

openshift-online/managed-openshift-static-validator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Managed OpenShift Static Validator (mosv)

A Go CLI tool for validating static configuration of OpenShift clusters, particularly focused on AWS networking and DNS setup for BYOVPC (Bring Your Own VPC) deployments.

This tool is a port of the original Rust-based byovpc-checker with a modular architecture designed to support additional static validation checks in the future.

Features

  • Network Validation: Validates VPC networking configuration including:

    • Subnet count per Availability Zone
    • Subnet tagging for cluster ownership and ELB usage
    • Load balancer subnet associations
    • Network interface (ENI) validation
  • DNS Validation: Validates Route53 hosted zone configuration including:

    • Expected number of hosted zones
    • Load balancer DNS usage validation
    • Verification that only cluster load balancers are referenced
  • Multiple Output Formats:

    • checks - Show all check results (default)
    • failures - Show only failed checks
    • debug - Show raw AWS data in JSON format

Installation

Prerequisites

  • Go 1.22+ for building from source
  • AWS CLI configured with appropriate credentials
  • ocm CLI tool for cluster information retrieval

Build from Source

git clone <repository-url>
cd managed-openshift-static-validator
make build

The binary will be available at bin/mosv.

Cross-Platform Builds

make build-all

This creates binaries for Linux, macOS (Intel & Apple Silicon), and Windows.

Usage

Basic Validation

# Validate all checks for a cluster
mosv validate <cluster-id>

# Run only network checks
mosv validate <cluster-id> --checks network

# Run only DNS checks
mosv validate <cluster-id> --checks dns

# Show only failures
mosv validate <cluster-id> --format failures

# Debug mode (show raw AWS data)
mosv validate <cluster-id> --format debug

Command Line Options

mosv validate [cluster-id] [flags]

Flags:
      --checks CheckTypes     Checks to run (network, dns) (default network,dns)
  -f, --format OutputFormat   Output format (checks, failures, debug) (default checks)
  -h, --help                  help for validate
  -q, --quiet                 Quiet mode
  -v, --verbose count         Increase verbosity

Examples

# Validate networking and DNS for cluster
mosv validate my-cluster-id

# Only show problems
mosv validate my-cluster-id -f failures

# Verbose output with only network checks
mosv validate my-cluster-id --checks network -vv

# Quiet mode (errors only)
mosv validate my-cluster-id -q

How It Works

  1. Cluster Discovery: Uses the ocm CLI to retrieve cluster metadata including:

    • Cluster ID and infrastructure name
    • Configured subnet IDs
    • Cloud provider information
    • Base domain
  2. AWS Data Gathering: Concurrently collects AWS resource information:

    • EC2 subnets, route tables, instances, and ENIs
    • ELB Classic and Application/Network Load Balancers
    • Route53 hosted zones and resource record sets
  3. Validation: Runs configured checks against the gathered data:

    • Network checks validate VPC configuration
    • DNS checks validate Route53 configuration
  4. Reporting: Outputs results in the requested format with appropriate severity levels

Architecture

The tool follows a modular architecture with clear separation of concerns:

├── cmd/mosv/              # CLI entry point
├── internal/
│   ├── types.go           # Core validation types (Verifier, Result, Severity)
│   ├── cli/               # Cobra-based CLI commands
│   ├── gatherers/         # Data collection framework
│   │   ├── gatherer.go    # Generic Gatherer[T] interface
│   │   ├── cluster.go     # Cluster info gathering via OCM
│   │   └── aws/           # AWS resource gathering (multiple files)
│   └── checks/            # Validation implementations
│       ├── network.go     # Network validation checks
│       └── dns.go         # DNS validation checks

Key Components

  • internal.Verifier: Core interface for validation checks
  • internal.Result: Validation result with severity levels
  • gatherers.Info: Cluster metadata from OCM
  • gatherers.Gatherer[T]: Generic interface for collecting resources
  • Concurrent Data Collection: Worker pools for efficient AWS API usage
  • Flat Structure: Single files for each validation domain

Supported Cluster Types

  • OSD (OpenShift Dedicated): Full support
  • ROSA (Red Hat OpenShift Service on AWS): Full support
  • HyperShift: Full support with specialized resource filtering

AWS Permissions

The tool requires AWS credentials with permissions to describe:

  • EC2: subnets, route tables, instances, network interfaces, security groups
  • ELB: load balancers (both classic and v2), tags
  • Route53: hosted zones, resource record sets

Development

Setup

make dev-setup

Running Tests

make test

# With coverage
make test-coverage

Linting

make lint

Building

make build        # Single platform
make build-all    # Cross-platform

Migration from byovpc-checker

This tool provides identical functionality to the original Rust byovpc-checker with the same CLI interface:

  • Same command structure and flags
  • Same validation logic and checks
  • Same integration with ocm CLI
  • Compatible output format and messaging

The main differences:

  • Written in Go instead of Rust
  • Modular architecture for extensibility
  • Enhanced error handling and logging
  • Cross-platform binary distribution

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Run tests and linting: make test lint
  4. Submit a pull request

License

[Add license information]

Support

For issues and questions, please use the GitHub issue tracker.

About

Managed Openshift Static Validator

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors