Add backplane subcommand to do health check of VPN and proxy connectivity

Fixing golang-lint issue

Refactor the HealthCheckCmd to move the logic in the Run to a separate func

Revert and keep proxyURL field only

Refactored code based on the review feedback

Added test cases

Added some more test cases to improve the coverage

Move the main logic to pkg and generate mock files via mockgen

Removed the default value of backplane configuration and added debug log

Add debug log for cloud console

Updated README.md with the healthcheck usage

Add utun as for checking VPN connectivity in MacOS

Author: xiaoyu74

Makefile

@@ -116,6 +116,8 @@ mock-gen:
 	mockgen -destination=./pkg/utils/mocks/shellCheckerMock.go -package=mocks github.com/openshift/backplane-cli/pkg/utils ShellCheckerInterface
 	mockgen -destination=./pkg/pagerduty/mocks/clientMock.go -package=mocks github.com/openshift/backplane-cli/pkg/pagerduty PagerDutyClient
 	mockgen -destination=./pkg/jira/mocks/jiraMock.go -package=mocks github.com/openshift/backplane-cli/pkg/jira IssueServiceInterface
+	mockgen -destination=./pkg/healthcheck/mocks/networkMock.go -package=mocks github.com/openshift/backplane-cli/pkg/healthcheck NetworkInterface
+	mockgen -destination=./pkg/healthcheck/mocks/httpClientMock.go -package=mocks github.com/openshift/backplane-cli/pkg/healthcheck HTTPClient
 
 .PHONY: build-image
 build-image:

README.md

@@ -65,7 +65,7 @@ To setup the PS1(prompt) for bash/zsh, please follow [these instructions](https:
 | `ocm backplane cloud console`                                               | Launch the current logged in cluster's cloud provider console                            |
 | `ocm backplane cloud credentials [flags]`                                   | Retrieve a set of temporary cloud credentials for the cluster's cloud provider           |
 | `ocm backplane elevate <reason> -- <command>`                               | Elevate privileges to backplane-cluster-admin and add a reason to the api request, this reason will be stored for 20min for future usage        |
-| `ocm backplane monitoring <prometheus/alertmanager/thanos/grafana> [flags]` | Launch the specified monitoring UI (Deprecated following v4.11 for cluster monitoring stack)                          |
+| `ocm backplane monitoring <prometheus/alertmanager/thanos/grafana> [flags]` | Launch the specified monitoring UI (Deprecated following v4.11 for cluster monitoring stack)|
 | `ocm backplane script describe <script> [flags]`                            | Describe the given backplane script                                                      |
 | `ocm backplane script list [flags]`                                         | List available backplane scripts |
 | `ocm backplane session [flags]`                                             | Create a new session and log into the cluster                                            |
@@ -81,6 +81,7 @@ To setup the PS1(prompt) for bash/zsh, please follow [these instructions](https:
 | `ocm backplane testJob logs <job_name> [flags]`                             | Retrieve logs of the specified test job resource                                         |
 | `ocm backplane upgrade`                                                     | Upgrade backplane-cli to the latest version                                              |
 | `ocm backplane version`                                                     | Display the installed backplane-cli version                                              |
+| `ocm backplane healthcheck`                                                 | Check the VPN and Proxy connectivity on the host network when experiencing isssues accessing the backplane API|
 
 ## Login
 
@@ -325,6 +326,58 @@ No issue if only stdout is redirected.
 $ ocm-backplane elevate -n -- get secret xxx | grep xxx
 Please enter a reason for elevation, it will be stored in current context for 20 minutes : <here you can enter your reason>
 ```
+## Backplane healthcheck
+The backplane health check can be used to verify VPN and proxy connectivity on the host network as a troubleshooting approach when experiencing issues accessing the backplane API.
+
+### Pre-settings
+The end-user needs to set the VPN and Proxy check-endpoints in the local backplane configuration first:
+```
+cat ~/.config/backplane/config.json 
+{
+    "proxy-url": ["http://proxy1.example.com:3128", "http://proxy2.example.com:3128"],
+    "vpn-check-endpoint": "http://your-vpn-endpoint.example.com",
+    "proxy-check-endpoint": "http://your-proxy-endpoint.example.com"
+}
+```
+- `vpn-check-endpoint:` To specify this test endpoint to check if it can be accessed with the currently connected VPN.
+- `proxy-check-endpoint:` To specify this test endpoint to check if it can be accssed with the currently working proxy.
+
+**NOTE:** The `vpn-check-endpoint` and `proxy-check-endpoint` mentioned above are just examples, the end-user can customize them as needed.
+
+### How to use it
+- Running healthcheck by default
+```
+./ocm-backplane healthcheck
+Checking VPN connectivity...
+VPN connectivity check passed!
+
+Checking proxy connectivity...
+Getting the working proxy URL ['http://proxy1.example.com:3128'] from local backplane configuration.
+Testing connectivity to the pre-defined test endpoint ['https://your-proxy-endpoint.example.com'] with the proxy.
+Proxy connectivity check passed!
+
+Checking backplane API connectivity...
+Successfully connected to the backplane API!
+Backplane API connectivity check passed!
+```
+- Specify the healthcheck flags to run `vpn` or `proxy` check only
+```
+./ocm-backplane healthcheck --vpn
+Checking VPN connectivity...
+VPN connectivity check passed!
+
+./ocm-backplane healthcheck --proxy
+Checking proxy connectivity...
+Proxy connectivity check passed!
+```
+
+**Note:** VPN connection check is a pre-requisite (The example below demonstrates checking proxy connectivity with VPN disconnected.)
+```
+./ocm-backplane healthcheck --proxy
+WARN[0000] No VPN interfaces found: [tun tap ppp wg]    
+VPN connectivity check failed: No VPN interfaces found: [tun tap ppp wg]
+Note: Proxy connectivity check requires VPN to be connected. Please ensure VPN is connected and try again.
+```
 
 ## Promotion/Release cycle of backplane CLI
 Backplane CLI has a default release cycle of every 2 weeks 

cmd/ocm-backplane/cloud/console.go

@@ -143,6 +143,13 @@ func runConsole(cmd *cobra.Command, argv []string) (err error) {
 	// ======== Get cloud console from backplane API ============
 	consoleResponse, err := queryConfig.GetCloudConsole()
 	if err != nil {
+		// Check API connection with configured proxy
+		if connErr := backplaneConfiguration.CheckAPIConnection(); connErr != nil {
+			logger.Error("Cannot connect to backplane API URL, check if you need to use a proxy/VPN to access backplane:")
+			logger.Errorf("Error: %v", connErr)
+			logger.Info("To troubleshoot connectivity issues, please run the following command:")
+			logger.Info("ocm-backplane health-check")
+		}
 		return fmt.Errorf("failed to get cloud console for cluster %v: %w", clusterID, err)
 	}
 

cmd/ocm-backplane/healthcheck/health_check.go

@@ -0,0 +1,26 @@
+package healthcheck
+
+import (
+	"github.com/openshift/backplane-cli/pkg/healthcheck"
+	"github.com/spf13/cobra"
+)
+
+var (
+	checkVPN   bool
+	checkProxy bool
+)
+
+// HealthCheckCmd is the command for performing health checks
+var HealthCheckCmd = &cobra.Command{
+	Use:     "healthcheck",
+	Aliases: []string{"healthCheck", "health-check", "healthchecks"},
+	Short:   "Check VPN and Proxy connectivity on the localhost",
+	Run: func(cmd *cobra.Command, args []string) {
+		healthcheck.RunHealthCheck(checkVPN, checkProxy)(cmd, args)
+	},
+}
+
+func init() {
+	HealthCheckCmd.Flags().BoolVar(&checkVPN, "vpn", false, "Check only VPN connectivity")
+	HealthCheckCmd.Flags().BoolVar(&checkProxy, "proxy", false, "Check only Proxy connectivity")
+}

cmd/ocm-backplane/login/login.go

@@ -305,14 +305,18 @@ func runLogin(cmd *cobra.Command, argv []string) (err error) {
 			// Hibernating, print an error
 			return fmt.Errorf("cluster %s is hibernating, login failed", clusterKey)
 		}
+
 		// Check API connection with configured proxy
 		if connErr := bpConfig.CheckAPIConnection(); connErr != nil {
-			return fmt.Errorf("cannot connect to backplane API URL, check if you need to use a proxy/VPN to access backplane: %v", connErr)
+			logger.Errorf("Cannot connect to backplane API URL, check if you need to use a proxy/VPN to access backplane: %v. To troubleshoot connectivity issues, please run the following command: ocm-backplane health-check", connErr)
+			return fmt.Errorf("cannot connect to backplane API URL: %v", connErr)
 		}
 
-		// Otherwise, return the failure
-		return fmt.Errorf("can't login to cluster: %v", err)
+		// Log suggestion to run connectivity health check if login fails
+		logger.Errorf("Login failed: %v. To troubleshoot connectivity issues, please run the following command: ocm-backplane health-check", err)
+		return fmt.Errorf("login failed: %v", err)
 	}
+
 	logger.WithField("URL", bpAPIClusterURL).Debugln("Proxy")
 
 	logger.Debugln("Generating a new K8s cluster config file")

cmd/ocm-backplane/root.go

@@ -27,6 +27,7 @@ import (
 	"github.com/openshift/backplane-cli/cmd/ocm-backplane/config"
 	"github.com/openshift/backplane-cli/cmd/ocm-backplane/console"
 	"github.com/openshift/backplane-cli/cmd/ocm-backplane/elevate"
+	healthcheck "github.com/openshift/backplane-cli/cmd/ocm-backplane/healthcheck"
 	"github.com/openshift/backplane-cli/cmd/ocm-backplane/login"
 	"github.com/openshift/backplane-cli/cmd/ocm-backplane/logout"
 	managedjob "github.com/openshift/backplane-cli/cmd/ocm-backplane/managedJob"
@@ -80,4 +81,5 @@ func init() {
 	rootCmd.AddCommand(upgrade.UpgradeCmd)
 	rootCmd.AddCommand(version.VersionCmd)
 	rootCmd.AddCommand(monitoring.MonitoringCmd)
+	rootCmd.AddCommand(healthcheck.HealthCheckCmd)
 }

go.mod

@@ -25,6 +25,7 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.19.0
+	github.com/trivago/tgo v1.0.7
 	golang.org/x/term v0.22.0
 	gopkg.in/AlecAivazis/survey.v1 v1.8.8
 	k8s.io/api v0.28.3
@@ -123,7 +124,6 @@ require (
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/trivago/tgo v1.0.7 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	github.com/zalando/go-keyring v0.2.3 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect

pkg/cli/config/config.go

@@ -40,6 +40,8 @@ type BackplaneConfiguration struct {
 	JiraBaseURL                 string                          `json:"jira-base-url"`
 	JiraToken                   string                          `json:"jira-token"`
 	JiraConfigForAccessRequests AccessRequestsJiraConfiguration `json:"jira-config-for-access-requests"`
+	VPNCheckEndpoint            string                          `json:"vpn-check-endpoint"`
+	ProxyCheckEndpoint          string                          `json:"proxy-check-endpoint"`
 }
 
 const (
@@ -57,12 +59,12 @@ var JiraConfigForAccessRequestsDefaultValue = AccessRequestsJiraConfiguration{
 	ProdProject:      "OHSS",
 	ProdIssueType:    "Incident",
 	ProjectToTransitionsNames: map[string]JiraTransitionsNamesForAccessRequests{
-		"SDAINT": JiraTransitionsNamesForAccessRequests{
+		"SDAINT": {
 			OnCreation: "In Progress",
 			OnApproval: "In Progress",
 			OnError:    "Closed",
 		},
-		"OHSS": JiraTransitionsNamesForAccessRequests{
+		"OHSS": {
 			OnCreation: "Pending Customer",
 			OnApproval: "New",
 			OnError:    "Cancelled",
@@ -113,7 +115,6 @@ func GetBackplaneConfiguration() (bpConfig BackplaneConfiguration, err error) {
 	}
 
 	if err = validateConfig(); err != nil {
-		// FIXME: we should return instead of warning here, after the tests do not require external network access
 		logger.Warn(err)
 	}
 
@@ -131,7 +132,7 @@ func GetBackplaneConfiguration() (bpConfig BackplaneConfiguration, err error) {
 	// Warn if user has explicitly defined backplane URL via env
 	url, ok := getBackplaneEnv(info.BackplaneURLEnvName)
 	if ok {
-		logger.Warn(fmt.Printf("Manual URL configuration is deprecated, please unset the environment %s", info.BackplaneURLEnvName))
+		logger.Warn(fmt.Sprintf("Manual URL configuration is deprecated, please unset the environment %s", info.BackplaneURLEnvName))
 		bpConfig.URL = url
 	} else {
 		// Fetch backplane URL from ocm env
@@ -180,6 +181,10 @@ func GetBackplaneConfiguration() (bpConfig BackplaneConfiguration, err error) {
 		}
 	}
 
+	// Load VPN and Proxy check endpoints from the local backplane configuration file
+	bpConfig.VPNCheckEndpoint = viper.GetString("vpn-check-endpoint")
+	bpConfig.ProxyCheckEndpoint = viper.GetString("proxy-check-endpoint")
+
 	return bpConfig, nil
 }
 

pkg/healthcheck/check_proxy.go

@@ -0,0 +1,70 @@
+package healthcheck
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+
+	logger "github.com/sirupsen/logrus"
+)
+
+// CheckProxyConnectivity checks the proxy connectivity
+func CheckProxyConnectivity(client HTTPClient) (string, error) {
+	bpConfig, err := getConfigFunc()
+	if err != nil {
+		logger.Errorf("Failed to get backplane configuration: %v", err)
+		return "", fmt.Errorf("failed to get backplane configuration: %v", err)
+	}
+
+	proxyURL := bpConfig.ProxyURL
+	if proxyURL == nil || *proxyURL == "" {
+		errMsg := "no proxy URL configured in backplane configuration"
+		logger.Warn(errMsg)
+		return "", fmt.Errorf(errMsg)
+	}
+
+	logger.Infof("Getting the working proxy URL ['%s'] from local backplane configuration.", *proxyURL)
+
+	proxy, err := url.Parse(*proxyURL)
+	if err != nil {
+		logger.Errorf("Invalid proxy URL: %v", err)
+		return "", fmt.Errorf("invalid proxy URL: %v", err)
+	}
+
+	httpClientWithProxy := &DefaultHTTPClient{
+		Client: &http.Client{
+			Transport: &http.Transport{
+				Proxy: http.ProxyURL(proxy),
+			},
+		},
+	}
+
+	proxyTestEndpoint, err := GetProxyTestEndpointFunc()
+	if err != nil {
+		logger.Errorf("Failed to get proxy test endpoint: %v", err)
+		return "", err
+	}
+
+	logger.Infof("Testing connectivity to the pre-defined test endpoint ['%s'] with the proxy.", proxyTestEndpoint)
+	if err := testEndPointConnectivity(proxyTestEndpoint, httpClientWithProxy); err != nil {
+		errMsg := fmt.Sprintf("Failed to access target endpoint ['%s'] with the proxy: %v", proxyTestEndpoint, err)
+		logger.Errorf(errMsg)
+		return "", fmt.Errorf(errMsg)
+	}
+
+	return *proxyURL, nil
+}
+
+func GetProxyTestEndpoint() (string, error) {
+	bpConfig, err := getConfigFunc()
+	if err != nil {
+		logger.Errorf("Failed to get backplane configuration: %v", err)
+		return "", fmt.Errorf("failed to get backplane configuration: %v", err)
+	}
+	if bpConfig.ProxyCheckEndpoint == "" {
+		errMsg := "proxy test endpoint not configured"
+		logger.Warn(errMsg)
+		return "", fmt.Errorf(errMsg)
+	}
+	return bpConfig.ProxyCheckEndpoint, nil
+}