Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCE: Add 'tf-network' to the list of protected networks #328

Merged
merged 1 commit into from
Dec 4, 2023
Merged

GCE: Add 'tf-network' to the list of protected networks #328

merged 1 commit into from
Dec 4, 2023

Conversation

pdostal
Copy link
Collaborator

@pdostal pdostal commented Nov 30, 2023
edited
Loading

In GCE the networking and security resources don't have tags neither metadata.
Also the delete protection feature isn't available for those. Instead,
all of those resources have link to the 'network' resource, which we
have whitelist for. So I:

  1. Make this whitelist of GCE skip-networks configurable in pcw.ini
  2. Add tf-network to this list (see https://gitlab.suse.de/qac/terraform)

@codecov Codecov
Copy link

codecov bot commented Nov 30, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (061a14a) 79.11% compared to head (775b7be) 79.12%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #328      +/-   ##
==========================================
+ Coverage   79.11%   79.12%   +0.02%     
==========================================
  Files          22       22              
  Lines        1656     1657       +1     
==========================================
+ Hits         1310     1311       +1     
  Misses        346      346

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

m-dati
m-dati approved these changes Nov 30, 2023
View reviewed changes
Copy link
Collaborator

@m-dati m-dati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pdostal pdostal mentioned this pull request Dec 1, 2023
Merged
asmorodskyi
asmorodskyi reviewed Dec 1, 2023
View reviewed changes
ocw/lib/gce.py Outdated
@@ -11,7 +12,11 @@

class GCE(Provider):
__instances = {}
__skip_networks = frozenset({"default"})

if PCWConfig.has('cleanup/gce-skip-networks'):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

__skip_networks = frozenset(ConfigFile().getList('cleanup/gce-skip-networks', "default")) - will replace whole if/else block

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. The .getList() does not have 'default value'.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/SUSE/pcw/blob/master/webui/PCWConfig.py#L47

def getList(self, config_path: str, default: list = None) -> list:
        if default is None:
            default = []
        return [i.strip() for i in self.get(config_path, ','.join(default)).split(',')]

and what about second parameter named default ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so what do you suggest me to do?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace

 if PCWConfig.has('cleanup/gce-skip-networks'):
            __skip_networks = frozenset(ConfigFile().getList('cleanup/gce-skip-networks'))
        else:
            __skip_networks = frozenset({"default"})

with one-liner __skip_networks = frozenset(ConfigFile().getList('cleanup/gce-skip-networks', "default")) unless I am missing something your 4 lines and mine one-liner suppose to do exactly same thing 🤔

asmorodskyi
asmorodskyi reviewed Dec 1, 2023
View reviewed changes
ocw/lib/gce.py Outdated Show resolved Hide resolved
@pdostal pdostal force-pushed the gce_terraform branch 6 times, most recently from 012297e to 386a95c Compare December 4, 2023 10:44
@pdostal
GCE: Make the skip-networks list configurable and add tf-network to it.
775b7be 
In GCE the networking and security resources don't have tags neither metadata.
Also the delete protection feature isn't available for those. Instead,
all of those resources have link to the 'network' resource, which we
have whitelist for. So I:
 1) Make this whitelist of GCE `skip-networks` configurable in `pcw.ini`
 2) Add `tf-network` to this list (see https://gitlab.suse.de/qac/terraform)
asmorodskyi
asmorodskyi approved these changes Dec 4, 2023
View reviewed changes
Copy link
Collaborator

@asmorodskyi asmorodskyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@asmorodskyi asmorodskyi merged commit 58024cd into SUSE:master Dec 4, 2023
9 checks passed
@pdostal
Copy link
Collaborator Author

pdostal commented Dec 7, 2023

Deployed in https://gitlab.suse.de/qac/publiccloud-qa-suse-de/-/merge_requests/132

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m-dati m-dati m-dati approved these changes

@asmorodskyi asmorodskyi asmorodskyi approved these changes

@ricardobranco777 ricardobranco777 ricardobranco777 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pdostal @ricardobranco777 @asmorodskyi @m-dati