OCM-5718 | feat: Display login error if --govcloud supplied with comm…

…ercial region
openshift · Mar 19, 2024 · 445d223 · 445d223
1 parent 4b55e57
commit 445d223
Show file tree

Hide file tree

Showing 3 changed files with 117 additions and 16 deletions.
diff --git a/cmd/login/cmd.go b/cmd/login/cmd.go
@@ -28,6 +28,7 @@ import (
 	sdk "github.com/openshift-online/ocm-sdk-go"
 	"github.com/openshift-online/ocm-sdk-go/authentication"
 	"github.com/spf13/cobra"
+	errors "github.com/zgalor/weberr"
 
 	"github.com/openshift/rosa/cmd/logout"
 	"github.com/openshift/rosa/pkg/arguments"
@@ -232,22 +233,10 @@ func run(cmd *cobra.Command, argv []string) {
 	token := args.token
 
 	// Determine if we should be using the FedRAMP environment:
-	if fedramp.HasFlag(cmd) ||
-		(cfg.FedRAMP && token == "") ||
-		fedramp.IsGovRegion(arguments.GetRegion()) ||
-		config.IsEncryptedToken(token) {
-		fedramp.Enable()
-		// Always default to prod
-		if env == sdk.DefaultURL {
-			env = "production"
-		}
-		if fedramp.HasAdminFlag(cmd) {
-			uiTokenPage = fedramp.AdminLoginURLs[env]
-		} else {
-			uiTokenPage = fedramp.LoginURLs[env]
-		}
-	} else {
-		fedramp.Disable()
+	err = CheckAndLogIntoFedramp(fedramp.HasFlag(cmd), fedramp.HasAdminFlag(cmd), cfg, token, env, r)
+	if err != nil {
+		r.Reporter.Errorf("%s", err.Error())
+		os.Exit(1)
 	}
 
 	haveReqs := token != ""
@@ -511,3 +500,31 @@ func Call(cmd *cobra.Command, argv []string, reporter *rprtr.Object) error {
 	run(cmd, argv)
 	return nil
 }
+
+func CheckAndLogIntoFedramp(hasFlag, hasAdminFlag bool, cfg *config.Config, token string, env string,
+	runtime *rosa.Runtime) error {
+	if hasFlag ||
+		(cfg.FedRAMP && token == "") ||
+		fedramp.IsGovRegion(arguments.GetRegion()) ||
+		config.IsEncryptedToken(token) {
+		// Display error to user if they attempt to log into govcloud without a region specified (fixes OCM-5718)
+		if !fedramp.IsGovRegion(arguments.GetRegion()) {
+			return errors.Errorf("When logging into the FedRAMP environment, a recognized us-gov region needs " +
+				"to be specified. Example: --region us-gov-west-1")
+		}
+
+		fedramp.Enable()
+		// Always default to prod
+		if env == sdk.DefaultURL {
+			env = "production"
+		}
+		if hasAdminFlag {
+			uiTokenPage = fedramp.AdminLoginURLs[env]
+		} else {
+			uiTokenPage = fedramp.LoginURLs[env]
+		}
+	} else {
+		fedramp.Disable()
+	}
+	return nil
+}
diff --git a/cmd/login/cmd_test.go b/cmd/login/cmd_test.go
@@ -0,0 +1,71 @@
+package login_test
+
+import (
+	"os"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/openshift/rosa/cmd/login"
+	"github.com/openshift/rosa/pkg/config"
+	"github.com/openshift/rosa/pkg/fedramp"
+	"github.com/openshift/rosa/pkg/rosa"
+)
+
+var _ = Describe("Validate login command", func() {
+
+	AfterEach(func() {
+		fedramp.Disable()
+		os.Setenv("AWS_REGION", "")
+	})
+
+	Context("login command", func() {
+		When("logging into FedRAMP", func() {
+			It("only 'region' is FedRAMP", func() {
+				os.Setenv("AWS_REGION", "us-gov-west-1")
+				// Load the configuration file:
+				cfg, err := config.Load()
+				Expect(err).ToNot(HaveOccurred())
+				if cfg == nil {
+					cfg = new(config.Config)
+				}
+				err = login.CheckAndLogIntoFedramp(false, false, cfg, "", "staging", rosa.NewRuntime())
+				Expect(err).ToNot(HaveOccurred())
+			})
+			It("only 'govcloud' flag is true", func() {
+				os.Setenv("AWS_REGION", "us-east-1")
+				// Load the configuration file:
+				cfg, err := config.Load()
+				Expect(err).ToNot(HaveOccurred())
+				if cfg == nil {
+					cfg = new(config.Config)
+				}
+				err = login.CheckAndLogIntoFedramp(true, false, cfg, "", "staging", rosa.NewRuntime())
+				Expect(err).To(HaveOccurred())
+			})
+			It("only 'cfg' has FedRAMP", func() {
+				os.Setenv("AWS_REGION", "us-east-1")
+				// Load the configuration file:
+				cfg, err := config.Load()
+				Expect(err).ToNot(HaveOccurred())
+				if cfg == nil {
+					cfg = new(config.Config)
+				}
+				cfg.FedRAMP = true
+				err = login.CheckAndLogIntoFedramp(false, false, cfg, "", "staging", rosa.NewRuntime())
+				Expect(err).To(HaveOccurred())
+			})
+			It("'cfg' has FedRAMP and region is govcloud", func() {
+				os.Setenv("AWS_REGION", "us-gov-east-1")
+				// Load the configuration file:
+				cfg, err := config.Load()
+				Expect(err).ToNot(HaveOccurred())
+				if cfg == nil {
+					cfg = new(config.Config)
+				}
+				cfg.FedRAMP = true
+				err = login.CheckAndLogIntoFedramp(false, false, cfg, "", "staging", rosa.NewRuntime())
+				Expect(err).ToNot(HaveOccurred())
+			})
+		})
+	})
+})
diff --git a/cmd/login/login_suite_test.go b/cmd/login/login_suite_test.go
@@ -0,0 +1,13 @@
+package login_test
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestCluster(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Login Suite")
+}