Add Proxy to InstallConfig by patrickdillon · Pull Request #1827 · openshift/installer

patrickdillon · 2019-06-06T14:59:17Z

As a step toward cluster proxies, add support for proxies to the InstallConfig. This PR creates the Proxy type struct and adds it to the InstallConfig. It also adds validation and unit tests for the validation.

Jira: CORS-1075
Related PRS: openshift/api#335, openshift/cluster-config-operator#66

This is a work in progress but I am looking for feedback:

I think this is close so I need to know what is missing
Confirm: httpProxy & httpsProxy must include scheme, i.e. start with http:// or https://
Do we need further validation?
Suggestions on how to validate NoProxy. Currently "bad-proxy" receives no error when passed to validate.DomainName

Just realized I also need to fill in the commit messages.

abhinavdahiya · 2019-06-06T19:31:58Z

i would have assumed, atleast one of HTTPProxy and HTTPSProxy; user could have empty no-proxy list.

I am updating the conditional to:

p.HTTPProxy == "" && p.HTTPSProxy == "" && p.NoProxy != "*"

I believe this is a valid edge case, which effectively disables the proxy.

Setting HTTPProxy and HTTPSProxy to empty are sufficient to disable the proxy. Any valid value in NoProxy would be effectively ignored since there is no proxy to bypass. However, the way to disable the proxy is to exclude the Proxy field form the install config. If the Proxy field is present, then at least on of HTTPProxy and HTTPSProxy should be present. The user could still choose to disable the proxy by setting NoProxy to *, but even if this case at least one of HTTPProxy and HTTPSProxy should be set.

I don't think that the installer should support setting * for NoProxy at all. The necessity for supporting that in the API is that it is the way to disable the proxy, where a Proxy resource should exist. In the installer, however, the preferred way to disable the proxy should be to omit Proxy from the install config.

The user could still choose to disable the proxy by setting NoProxy to *, but even if this case at least one of HTTPProxy and HTTPSProxy should be set.

This makes sense.

I don't think that the installer should support setting * for NoProxy at all.

I am inclined to agree, but my reservation is that it was supported in 3.11 and I believe the situation was similar (proxy could just be omitted from the Ansible inventory). So it would be good to know if there was an intention behind the 3.11 design.

@sdodson do you know the intent ^

abhinavdahiya · 2019-06-06T19:35:08Z

maybe add cases like:

noProxy invalid domain

noProxy invalid cidr

noProxy one of many invalid

noProxy two of many invalid

patrickdillon · 2019-06-10T19:38:25Z

I have pushed new commits which I believe address all outstanding comments/concerns. PTAL,

abhinavdahiya · 2019-06-11T00:57:17Z

maybe extend the URI to check the scheme of the URI...?

I created URIWithProtocol to do this. Let me know if that is not what you had in mind or suggestions.

patrickdillon · 2019-06-13T00:28:14Z

Related PRs:

abhinavdahiya · 2019-06-13T00:55:48Z

you can parse to URL and check for scheme.... ? rather than string prefix.

patrickdillon · 2019-06-13T12:45:20Z

/skip

abhinavdahiya · 2019-06-13T12:57:06Z

nit: this else is not required..

from https://golang.org/doc/effective_go.html#if

In the Go libraries, you'll find that when an if statement doesn't flow into the next statement—that is, the body ends in break, continue, goto, or return—the unnecessary else is omitted.

abhinavdahiya · 2019-06-13T12:57:56Z

/approve

one small nit #1827 (comment)

Add Proxy struct from OpenShift API to Install Config so users can specify cluster-wide proxy configuration. Add basic validation to ensure that the proxy configuration being created is sane. Jira: CORS-1075

abhinavdahiya · 2019-06-13T13:34:49Z

/lgtm

openshift-ci-robot · 2019-06-13T13:35:58Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, patrickdillon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [abhinavdahiya]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci-robot · 2019-06-13T14:41:38Z

@patrickdillon: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/prow/e2e-openstack	`08b7bc4`	link	`/test e2e-openstack`
ci/prow/e2e-aws-scaleup-rhel7	`08b7bc4`	link	`/test e2e-aws-scaleup-rhel7`

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

openshift-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 6, 2019

openshift-ci-robot requested review from jstuever and mtnbikenc June 6, 2019 14:59