From 445d223552133d949ccdded4b391793322687bbf Mon Sep 17 00:00:00 2001 From: hkepley Date: Tue, 19 Mar 2024 15:36:14 -0400 Subject: [PATCH] OCM-5718 | feat: Display login error if --govcloud supplied with commercial region --- cmd/login/cmd.go | 49 ++++++++++++++++-------- cmd/login/cmd_test.go | 71 +++++++++++++++++++++++++++++++++++ cmd/login/login_suite_test.go | 13 +++++++ 3 files changed, 117 insertions(+), 16 deletions(-) create mode 100644 cmd/login/cmd_test.go create mode 100644 cmd/login/login_suite_test.go diff --git a/cmd/login/cmd.go b/cmd/login/cmd.go index cf2b9107b2..d4dc7a7a44 100644 --- a/cmd/login/cmd.go +++ b/cmd/login/cmd.go @@ -28,6 +28,7 @@ import ( sdk "github.com/openshift-online/ocm-sdk-go" "github.com/openshift-online/ocm-sdk-go/authentication" "github.com/spf13/cobra" + errors "github.com/zgalor/weberr" "github.com/openshift/rosa/cmd/logout" "github.com/openshift/rosa/pkg/arguments" @@ -232,22 +233,10 @@ func run(cmd *cobra.Command, argv []string) { token := args.token // Determine if we should be using the FedRAMP environment: - if fedramp.HasFlag(cmd) || - (cfg.FedRAMP && token == "") || - fedramp.IsGovRegion(arguments.GetRegion()) || - config.IsEncryptedToken(token) { - fedramp.Enable() - // Always default to prod - if env == sdk.DefaultURL { - env = "production" - } - if fedramp.HasAdminFlag(cmd) { - uiTokenPage = fedramp.AdminLoginURLs[env] - } else { - uiTokenPage = fedramp.LoginURLs[env] - } - } else { - fedramp.Disable() + err = CheckAndLogIntoFedramp(fedramp.HasFlag(cmd), fedramp.HasAdminFlag(cmd), cfg, token, env, r) + if err != nil { + r.Reporter.Errorf("%s", err.Error()) + os.Exit(1) } haveReqs := token != "" @@ -511,3 +500,31 @@ func Call(cmd *cobra.Command, argv []string, reporter *rprtr.Object) error { run(cmd, argv) return nil } + +func CheckAndLogIntoFedramp(hasFlag, hasAdminFlag bool, cfg *config.Config, token string, env string, + runtime *rosa.Runtime) error { + if hasFlag || + (cfg.FedRAMP && token == "") || + fedramp.IsGovRegion(arguments.GetRegion()) || + config.IsEncryptedToken(token) { + // Display error to user if they attempt to log into govcloud without a region specified (fixes OCM-5718) + if !fedramp.IsGovRegion(arguments.GetRegion()) { + return errors.Errorf("When logging into the FedRAMP environment, a recognized us-gov region needs " + + "to be specified. Example: --region us-gov-west-1") + } + + fedramp.Enable() + // Always default to prod + if env == sdk.DefaultURL { + env = "production" + } + if hasAdminFlag { + uiTokenPage = fedramp.AdminLoginURLs[env] + } else { + uiTokenPage = fedramp.LoginURLs[env] + } + } else { + fedramp.Disable() + } + return nil +} diff --git a/cmd/login/cmd_test.go b/cmd/login/cmd_test.go new file mode 100644 index 0000000000..6c6861db8c --- /dev/null +++ b/cmd/login/cmd_test.go @@ -0,0 +1,71 @@ +package login_test + +import ( + "os" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "github.com/openshift/rosa/cmd/login" + "github.com/openshift/rosa/pkg/config" + "github.com/openshift/rosa/pkg/fedramp" + "github.com/openshift/rosa/pkg/rosa" +) + +var _ = Describe("Validate login command", func() { + + AfterEach(func() { + fedramp.Disable() + os.Setenv("AWS_REGION", "") + }) + + Context("login command", func() { + When("logging into FedRAMP", func() { + It("only 'region' is FedRAMP", func() { + os.Setenv("AWS_REGION", "us-gov-west-1") + // Load the configuration file: + cfg, err := config.Load() + Expect(err).ToNot(HaveOccurred()) + if cfg == nil { + cfg = new(config.Config) + } + err = login.CheckAndLogIntoFedramp(false, false, cfg, "", "staging", rosa.NewRuntime()) + Expect(err).ToNot(HaveOccurred()) + }) + It("only 'govcloud' flag is true", func() { + os.Setenv("AWS_REGION", "us-east-1") + // Load the configuration file: + cfg, err := config.Load() + Expect(err).ToNot(HaveOccurred()) + if cfg == nil { + cfg = new(config.Config) + } + err = login.CheckAndLogIntoFedramp(true, false, cfg, "", "staging", rosa.NewRuntime()) + Expect(err).To(HaveOccurred()) + }) + It("only 'cfg' has FedRAMP", func() { + os.Setenv("AWS_REGION", "us-east-1") + // Load the configuration file: + cfg, err := config.Load() + Expect(err).ToNot(HaveOccurred()) + if cfg == nil { + cfg = new(config.Config) + } + cfg.FedRAMP = true + err = login.CheckAndLogIntoFedramp(false, false, cfg, "", "staging", rosa.NewRuntime()) + Expect(err).To(HaveOccurred()) + }) + It("'cfg' has FedRAMP and region is govcloud", func() { + os.Setenv("AWS_REGION", "us-gov-east-1") + // Load the configuration file: + cfg, err := config.Load() + Expect(err).ToNot(HaveOccurred()) + if cfg == nil { + cfg = new(config.Config) + } + cfg.FedRAMP = true + err = login.CheckAndLogIntoFedramp(false, false, cfg, "", "staging", rosa.NewRuntime()) + Expect(err).ToNot(HaveOccurred()) + }) + }) + }) +}) diff --git a/cmd/login/login_suite_test.go b/cmd/login/login_suite_test.go new file mode 100644 index 0000000000..f0e58908a2 --- /dev/null +++ b/cmd/login/login_suite_test.go @@ -0,0 +1,13 @@ +package login_test + +import ( + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +func TestCluster(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Login Suite") +}