OSD-26330: Refactor and add tests for egress_lists package

[joshbranham]

What does this PR do? / Related Issues / Jira

When working on a bugfix in #282, I wanted to consolidate duplicate code and clean up the control flow further for generating egress lists. This PR does just that, by first extracting the existing behavior into a common type, and adding tests for the various scenarios. A couple of notes:

• I did not add validation for invalid PlatformType as was setup before, since the caller should be using the various exported vars for PlatformType and not manually constructing there own alias type with custom name values.
• Opted for a small interface to abstract the GitHub API call to fetch contents
• Moved the various Getters in egress_lists to function receivers on the Generator struct. These functions are not used anywhere in the openshift organization outside of this project.
• Cleaned up some variables and comments

See below for output of running for both AWS and GCP:

AWS

> ./osd-network-verifier egress --profile devaccount --subnet-id subnet-0bab965a3722b750d --region us-west-2        
Using region: us-west-2
Using egress URL list from https://api.github.com/repos/openshift/osd-network-verifier/contents/pkg/data/egress_lists/aws-classic.yaml?ref=main at SHA c31b52add1381fa61e5c0446370c608e68feeb58
Created security group with ID: sg-03f26bb00f4a69df7
Created instance with ID: i-0e1d53172c1849c21
Deleting instance with ID: i-0e1d53172c1849c21
Deleting security group with ID: sg-03f26bb00f4a69df7
Summary:
All tests passed!
Success

GCP

Note: The GCP failure is expected as the egress list is still being validated

> GCP_PROJECT_ID=jbranham ./osd-network-verifier egress --platform gcp --vpc-name verifier-test-sg5b9-network --subnet-id verifier-test-sg5b9-worker-subnet        
Using Project ID jbranham
Using egress URL list from https://api.github.com/repos/openshift/osd-network-verifier/contents/pkg/data/egress_lists/gcp-classic.yaml?ref=main at SHA 92b7c45af595e5a23006d560222a57a83a0e61e3
Created instance with ID: verifier-1263
Applying labels
Successfully applied labels 
ComputeService Instance: verifier-1263 RUNNING
Gathering and parsing console log output...
Summary:
printing out failures:
 - egressURL error: https://events.amazonaws.com:443 (Could not resolve host: events.amazonaws.com)

printing out exceptions preventing the verifier from running the specific test:
printing out errors faced during the execution:
Failure!

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have tested the functionality against gcp / aws, it doesn't cause any regression
• I have added execution results to the PR's readme

Reviewer's Checklist

• (This needs to be done after technical review) I've run the branch on my local, verified that the functionality is ok

How to test this PR locally / Special Instructions

You can perform a basic test locally by running the verifier and passing a custom list via the CLI

Logs

[joshbranham]

This ticket was closed a while ago, this comment is no longer valid.

[joshbranham]

The extraction of the fetching logic into egress_lists essentially allows us to have this common call flow across AWS + GCP, and reads more cleanly in the scope of this already large function.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 33.33333% with 34 lines in your changes missing coverage. Please review.

Project coverage is 26.39%. Comparing base (2b1f351) to head (47250ab).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/data/egress_lists/egress_lists.go	58.62%	10 Missing and 2 partials ⚠️
pkg/verifier/gcp/gcp_verifier.go	0.00%	9 Missing ⚠️
pkg/verifier/aws/entry_point.go	0.00%	8 Missing ⚠️
pkg/verifier/gcp/entry_point.go	0.00%	4 Missing ⚠️
pkg/verifier/aws/aws_verifier.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #284      +/-   ##
==========================================
+ Coverage   25.81%   26.39%   +0.58%     
==========================================
  Files          26       26              
  Lines        1844     1970     +126     
==========================================
+ Hits          476      520      +44     
- Misses       1340     1419      +79     
- Partials       28       31       +3     

Files with missing lines	Coverage Δ
pkg/verifier/aws/aws_verifier.go	35.94% <0.00%> (ø)
pkg/verifier/gcp/entry_point.go	0.00% <0.00%> (ø)
pkg/verifier/aws/entry_point.go	0.00% <0.00%> (ø)
pkg/verifier/gcp/gcp_verifier.go	0.00% <0.00%> (ø)
pkg/data/egress_lists/egress_lists.go	59.45% <58.62%> (+59.45%)	⬆️

... and 1 file with indirect coverage changes

[openshift-ci-robot]

@joshbranham: This pull request references OSD-26330 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

What does this PR do? / Related Issues / Jira

When working on a bugfix in #282, I wanted to consolidate duplicate code and clean up the control flow further for generating egress lists. This PR does just that, by first extracting the existing behavior into a common type, and adding tests for the various scenarios. A couple of notes:

• I did not add validation for invalid PlatformType as was setup before, since the caller should be using the various exported vars for PlatformType and not manually constructing there own alias type with custom name values.
• Opted for a small interface to abstract the GitHub API call to fetch contents
• Moved the various Getters in egress_lists to function receivers on the Generator struct. These functions are not used anywhere in the openshift organization outside of this project.
• Cleaned up some variables and comments

See below for output of running for both AWS and GCP:

AWS

> ./osd-network-verifier egress --profile devaccount --subnet-id subnet-0bab965a3722b750d --region us-west-2        
Using region: us-west-2
Using egress URL list from https://api.github.com/repos/openshift/osd-network-verifier/contents/pkg/data/egress_lists/aws-classic.yaml?ref=main at SHA c31b52add1381fa61e5c0446370c608e68feeb58
Created security group with ID: sg-03f26bb00f4a69df7
Created instance with ID: i-0e1d53172c1849c21
Deleting instance with ID: i-0e1d53172c1849c21
Deleting security group with ID: sg-03f26bb00f4a69df7
Summary:
All tests passed!
Success

GCP

Note: The GCP failure is expected as the egress list is still being validated

> GCP_PROJECT_ID=jbranham ./osd-network-verifier egress --platform gcp --vpc-name verifier-test-sg5b9-network --subnet-id verifier-test-sg5b9-worker-subnet        
Using Project ID jbranham
Using egress URL list from https://api.github.com/repos/openshift/osd-network-verifier/contents/pkg/data/egress_lists/gcp-classic.yaml?ref=main at SHA 92b7c45af595e5a23006d560222a57a83a0e61e3
Created instance with ID: verifier-1263
Applying labels
Successfully applied labels 
ComputeService Instance: verifier-1263 RUNNING
Gathering and parsing console log output...
Summary:
printing out failures:
- egressURL error: https://events.amazonaws.com:443 (Could not resolve host: events.amazonaws.com)

printing out exceptions preventing the verifier from running the specific test:
printing out errors faced during the execution:
Failure!

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have tested the functionality against gcp / aws, it doesn't cause any regression
• I have added execution results to the PR's readme

Reviewer's Checklist

• (This needs to be done after technical review) I've run the branch on my local, verified that the functionality is ok

How to test this PR locally / Special Instructions

You can perform a basic test locally by running the verifier and passing a custom list via the CLI

Logs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[joshbranham]

As described in the PR body, I removed this check, which was only printing the invalid platform and then continuing execution.

[dakotalongRH]

Do we want to change this to short circuit the execution at this point if the platform type is invalid? Worth noting there may be earlier checks before it gets this far that would short circuit already

[joshbranham]

We provide the valid platform types as global variables, and the method ByName(name string) (string, error), so it feels unnecessary to also then later validate a Platform is valid since callers should be utilizing the variables or ByName... to construct the type. This is further evident by the names field of the struct being private so it wouldn't be possible to construct an invalid one anyways afaict.

[abyrne55]

it wouldn't be possible to construct an invalid one anyways afaict

There are several points in the codebase where we return an empty (and therefore invalid) Platform{}

[joshbranham]

it wouldn't be possible to construct an invalid one anyways afaict

There are several points in the codebase where we return an empty (and therefore invalid) Platform{}

Based on my searching, this is only happening under error cases inside other functions and in tests. If an upstream caller is not handling that error, and then using the Platform{} then that is a bug that should be fixed. Was there another example you had of this (outside of tests and errors)?

[dakotalongRH]

Correct, there are currently no other cases currently where Platform{} is used in network-verifier directly but it is possible to return an invalid type (with error) through platform.ByName() or platform.IsValid(). As long as upstream callers handle that error I'm fine conceding the point and don't think the check is necessary here. As far as I can tell the ValidateEgress func handles that beforehand.

[joshbranham]

Correct, there are currently no other cases currently where Platform{} is used in network-verifier directly but it is possible to return an invalid type (with error) through platform.ByName() or platform.IsValid(). As long as upstream callers handle that error I'm fine conceding the point and don't think the check is necessary here. As far as I can tell the ValidateEgress func handles that beforehand.

Totally, and yup we handle the error validation already here in ValidateEgress (for AWS as an example)

[abyrne55]

Successfully tested locally. Good stuff @joshbranham

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abyrne55

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [abyrne55]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dakotalongRH]

/lgtm

[openshift-ci]

@joshbranham: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.