Test https-hosts as part of diagnose (#7)

* Test `https-hosts` as part of `diagnose`

This helps customers test outbound HTTPS connectivity from the main subnet.

This helps assert connectivity (or not) for SSO and VCS integration

* update docs

gitpod-network-check/README.md

@@ -42,6 +42,7 @@ A CLI to check if your network setup is suitable for the installation of Gitpod.
    region: eu-central-1
    main-subnets: subnet-0554e84f033a64c56, subnet-08584621e7754e505, subnet-094c6fd68aea493b7
    pod-subnets: subnet-028d11dce93b8eefc, subnet-04ec8257d95c434b7,subnet-00a83550ce709f39c
+   https-hosts: accounts.google.com, github.com
    ```
 
 2. Run the network diagnosis
@@ -79,6 +80,9 @@ A CLI to check if your network setup is suitable for the installation of Gitpod.
    INFO[0190] ✅ Sts is available
    INFO[0190] ✅ DynamoDB is available
    INFO[0191] ✅ S3 is available
+   INFO[0194] ✅ accounts.google.com is available
+   INFO[0194] ✅ github.com is available
+   INFO[0194] ✅ Instances terminated
    ```
 
 3. Clean up after network diagnosis

gitpod-network-check/cmd/checks.go

@@ -69,13 +69,15 @@ var checkCommand = &cobra.Command{ // nolint:gochecknoglobals
 		if err != nil {
 			return err
 		}
+		log.Infof("ℹ️  Main EC2 instances: %v", mainInstanceIds)
 		InstanceIds = append(InstanceIds, mainInstanceIds...)
 
 		log.Infof("ℹ️  Launching EC2 instances in a Pod subnets")
 		podInstanceIds, err := launchInstances(cmd.Context(), ec2Client, networkConfig.PodSubnets, instanceProfile.Arn)
 		if err != nil {
 			return err
 		}
+		log.Infof("ℹ️  Pod EC2 instances: %v", podInstanceIds)
 		InstanceIds = append(InstanceIds, podInstanceIds...)
 
 		log.Infof("ℹ️  Waiting for EC2 instances to become ready (can take up to 2 minutes)")
@@ -117,12 +119,23 @@ var checkCommand = &cobra.Command{ // nolint:gochecknoglobals
 		}
 		checkServicesAvailability(cmd.Context(), ssmClient, InstanceIds, serviceEndpoints)
 
+		log.Infof("ℹ️  Checking if certain AWS Services can be reached from ec2 instances in the main subnet")
 		serviceEndpointsForMain := map[string]string{
 			"S3":       fmt.Sprintf("https://s3.%s.amazonaws.com", networkConfig.AwsRegion),
 			"DynamoDB": fmt.Sprintf("https://dynamodb.%s.amazonaws.com", networkConfig.AwsRegion),
 		}
 		checkServicesAvailability(cmd.Context(), ssmClient, mainInstanceIds, serviceEndpointsForMain)
 
+		httpHosts := map[string]string{}
+		for _, v := range networkConfig.HttpsHosts {
+			host := strings.TrimSpace(v)
+			httpHosts[host] = fmt.Sprintf("https://%s", host)
+		}
+		if len(httpHosts) > 0 {
+			log.Infof("ℹ️  Checking if hosts can be reached with HTTPS from ec2 instances in the main subnets")
+		}
+		checkServicesAvailability(cmd.Context(), ssmClient, mainInstanceIds, httpHosts)
+
 		return nil
 	},
 }

gitpod-network-check/cmd/root.go

@@ -22,6 +22,7 @@ type NetworkConfig struct {
 
 	MainSubnets []string
 	PodSubnets  []string
+	HttpsHosts  []string
 }
 
 var networkConfig = NetworkConfig{LogLevel: "INFO"}
@@ -86,6 +87,7 @@ func init() {
 	networkCheckCmd.PersistentFlags().StringVar(&networkConfig.AwsRegion, "region", "eu-central-1", "AWS Region to create the cell in")
 	networkCheckCmd.PersistentFlags().StringSliceVar(&networkConfig.MainSubnets, "main-subnets", []string{}, "List of main subnets")
 	networkCheckCmd.PersistentFlags().StringSliceVar(&networkConfig.PodSubnets, "pod-subnets", []string{}, "List of pod subnets")
+	networkCheckCmd.PersistentFlags().StringSliceVar(&networkConfig.HttpsHosts, "https-hosts", []string{}, "Hosts to test for outbound HTTPS connectivity")
 	bindFlags(networkCheckCmd, v)
 }
 

gitpod-network-check/gitpod-network-check.yaml

@@ -1,4 +1,5 @@
 log-level: debug # Options: debug, info, warning, error
 region: eu-central-1
-main-subnets: subnet-066f10c3118b91fbf, subnet-01354c88639f6ab5b, subnet-09a1e3e52d326a98c
-pod-subnets: subnet-0ee87ba9eb4eb392b, subnet-0ddc62bfffe224a43, subnet-090c0ae61faad3588
+main-subnets: subnet-0a195092eb78c7674, subnet-05db6651c2ef39639
+pod-subnets: subnet-00a5f0d10253fb33c, subnet-09f658fd789fc9b84
+https-hosts: accounts.google.com, github.com