Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARO-9263: Add ACR token issue date and check validity #3778

Merged
merged 17 commits into from
Sep 25, 2024
Merged

ARO-9263: Add ACR token issue date and check validity #3778

merged 17 commits into from
Sep 25, 2024

Conversation

edisonLcardenas
Copy link
Collaborator

@edisonLcardenas edisonLcardenas commented Aug 19, 2024
edited
Loading

Which issue this PR addresses:

Jira https://issues.redhat.com/browse/ARO-8472
https://issues.redhat.com/browse/ARO-9263

What this PR does / why we need it:

  • Add issue date in registry profile for ACR Token.
  • Check the issue date if still valid or needs to be rotated.

Test plan for issue:

Unit tests.
Manual validation.

Is there any documentation that needs to be updated for this PR?

Part of MIMO M1

How do you know this will function as expected in production?

Unit tests.

@edisonLcardenas edisonLcardenas changed the base branch from master to hawkowl/mimo-m1 August 19, 2024 06:45
SudoBrendan
SudoBrendan previously requested changes Sep 5, 2024
View reviewed changes
pkg/util/mocks/env/core.go Outdated Show resolved Hide resolved
@edisonLcardenas
Copy link
Collaborator Author

/azp run ci, e2e

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@edisonLcardenas edisonLcardenas marked this pull request as ready for review September 13, 2024 00:54
@Azure Azure deleted a comment from azure-pipelines bot Sep 13, 2024
@hawkowl hawkowl requested a review from bitoku as a code owner September 16, 2024 04:16
@github-actions github-actions bot added the needs-rebase branch needs a rebase label Sep 16, 2024
@github-actions GitHub Actions
Copy link

Please rebase pull request.

@github-actions github-actions bot removed the needs-rebase branch needs a rebase label Sep 16, 2024
@github-actions GitHub Actions
Copy link

Please rebase pull request.

@github-actions github-actions bot added the needs-rebase branch needs a rebase label Sep 23, 2024
@edisonLcardenas edisonLcardenas force-pushed the ecardena/ARO-9263-mimo-m1-add-acr-token-expiration-checker branch from e22da94 to c80d941 Compare September 23, 2024 05:00
@github-actions github-actions bot removed the needs-rebase branch needs a rebase label Sep 23, 2024
jaitaiwan
jaitaiwan approved these changes Sep 23, 2024
View reviewed changes
Copy link
Contributor

@jaitaiwan jaitaiwan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple things to improve and a couple of nits. Overall good work!

pkg/mimo/tasks/cluster/acrtoken_checker.go Outdated Show resolved Hide resolved
pkg/mimo/tasks/cluster/acrtoken_checker.go Outdated
Comment on lines 46 to 48
if issueDate == nil {
return mimo.TerminalError(errors.New("no issue date detected"))
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we don't have an issue date we've probably got a token that will never expire. Shouldn't we remove it anyway?

pkg/mimo/tasks/cluster/acrtoken_checker.go
return mimo.TerminalError(errors.New("no issue date detected"))
}

daysInterval := int32(now.Sub(issueDate.Time).Hours() / 24)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we should just be making use of golang's inbuilt duration funcs for this. Something like this:

now := time.Now().UTC()
lastValidIssue := now.Sub(daysShouldRotate * time.Day)
lastValidRotation := now.Sub(daysValid * time.Day)

if issueDate.Time.Before(lastValidIssue) {
  return mimo.TerminalError(fmt.Errorf("%d days have passed since azure container registry (acr) token was issued, please rotate the token now", daysInterval))
}

if issueDate.Time.Before(lastValidRotation) {
  return mimo.TerminalError(fmt.Errorf("azure container registry (acr) token is not valid, %d days have passed", daysInterval))
}

pkg/mimo/tasks/cluster/acrtoken_checker.go Show resolved Hide resolved
@github-actions github-actions bot added the needs-rebase branch needs a rebase label Sep 24, 2024
@github-actions GitHub Actions
Copy link

Please rebase pull request.

@edisonLcardenas
ARO-9263: Add ACR Token expiry
22fd8ef
@edisonLcardenas
ARO-9263: Add ACR Token Expiry Checker
dd0b3e2
@edisonLcardenas
ARO-9263: Add unit test for checker
1d5d19d
@edisonLcardenas
ARE-9263: Rename function
c405bd7
@edisonLcardenas
ARO-9263: Restore missing "ProvisioningStateMaintenance"
dcb8c6a
@edisonLcardenas
ARO-9263: Fix import CI check failures
8d2efc3
@edisonLcardenas
ARO-9263: Refactoring tests and revising logic to check expiry date.
3e78da2
@edisonLcardenas
ARO-9263: Add another condition to check if expiry date is nil
4ee9d98
@edisonLcardenas
refactor: update package groupings and error messages to resolve issu…
e1b4539 
…es detected by automated checks
@edisonLcardenas
ARO-9263: Change expiry to the date the token was issued.
450c7a2
@edisonLcardenas
ARO-9263: Revise logic to check issue date instead of expiry
faa2408
@edisonLcardenas
ARO-9263: Add constants to reduce redunant values
2cd67bc
@edisonLcardenas
ARO-9263: Update test to check issue date in constant time to avoid f…
a3020e2 
…ailure
@edisonLcardenas
ARO-9263: Change or remove any references about expiry to issue date.
bc363c7
@edisonLcardenas
ARO-9263: Fix lint issues
0487872
@edisonLcardenas
ARO-9263: Revise error message and reorder return statement
8476e51
@edisonLcardenas
ARO-9263: Fix unit test
9a51858
@edisonLcardenas edisonLcardenas force-pushed the ecardena/ARO-9263-mimo-m1-add-acr-token-expiration-checker branch from 1546e57 to 9a51858 Compare September 24, 2024 06:13
@github-actions github-actions bot removed the needs-rebase branch needs a rebase label Sep 24, 2024
@hawkowl hawkowl merged commit f19a2ca into hawkowl/mimo-m1 Sep 25, 2024
16 checks passed
@hawkowl hawkowl deleted the ecardena/ARO-9263-mimo-m1-add-acr-token-expiration-checker branch September 25, 2024 00:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaitaiwan jaitaiwan jaitaiwan approved these changes

@SudoBrendan SudoBrendan SudoBrendan left review comments

@jewzaam jewzaam Awaiting requested review from jewzaam jewzaam is a code owner

@bennerv bennerv Awaiting requested review from bennerv bennerv is a code owner

@hawkowl hawkowl Awaiting requested review from hawkowl hawkowl is a code owner

@rogbas rogbas Awaiting requested review from rogbas rogbas is a code owner

@petrkotas petrkotas Awaiting requested review from petrkotas petrkotas is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@cblecker cblecker Awaiting requested review from cblecker cblecker is a code owner

@cadenmarchese cadenmarchese Awaiting requested review from cadenmarchese cadenmarchese is a code owner

@UlrichSchlueter UlrichSchlueter Awaiting requested review from UlrichSchlueter UlrichSchlueter is a code owner

@yjst2012 yjst2012 Awaiting requested review from yjst2012 yjst2012 is a code owner

@anshulvermapatel anshulvermapatel Awaiting requested review from anshulvermapatel anshulvermapatel is a code owner

@hlipsig hlipsig Awaiting requested review from hlipsig hlipsig is a code owner

@tiguelu tiguelu Awaiting requested review from tiguelu tiguelu is a code owner

@SrinivasAtmakuri SrinivasAtmakuri Awaiting requested review from SrinivasAtmakuri

@mociarain mociarain Awaiting requested review from mociarain mociarain is a code owner

@kimorris27 kimorris27 Awaiting requested review from kimorris27 kimorris27 is a code owner

@tsatam tsatam Awaiting requested review from tsatam tsatam is a code owner

@bitoku bitoku Awaiting requested review from bitoku bitoku is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@edisonLcardenas @jaitaiwan @SudoBrendan @hawkowl