OSD-24268: Determine backplane elevate reason automatically when login via pagerduty incidents (#441)

* Refactor elevate command and move kubeconfig func to kubeconfig module

* refactor login command to seperate login types

* OSD-22250: Added backplane elevate reason when login via pagerduty

* remove unwanted config params

* fixed lint

* add elevate reason to config file

Author: samanthajayasinghe

cmd/ocm-backplane/login/login.go

@@ -31,7 +31,12 @@ import (
 )
 
 // Environment variable that for setting PS1
-const EnvPs1 = "KUBE_PS1_CLUSTER_FUNCTION"
+const (
+	EnvPs1                      = "KUBE_PS1_CLUSTER_FUNCTION"
+	LoginTypeClusterID          = "cluster-id"
+	LoginTypeExistingKubeConfig = "kube-config"
+	LoginTypePagerduty          = "pagerduty"
+)
 
 var (
 	args struct {
@@ -41,6 +46,10 @@ var (
 		defaultNamespace string
 	}
 
+	// loginType derive the login type based on flags and args
+	// set default login type as cluster-id
+	loginType = LoginTypeClusterID
+
 	globalOpts = &globalflags.GlobalOptions{}
 
 	// LoginCmd represents the login command
@@ -64,6 +73,7 @@ var (
 			}
 			return nil
 		},
+		PreRunE:      preLogin,
 		RunE:         runLogin,
 		SilenceUsage: true,
 	}
@@ -93,7 +103,7 @@ func init() {
 		&args.pd,
 		"pd",
 		"",
-		"Login using PagerDuty incident id or html_url.",
+		"Login using PagerDuty incident id or pagerduty url.",
 	)
 	flags.StringVarP(
 		&args.defaultNamespace,
@@ -107,6 +117,7 @@ func init() {
 
 func runLogin(cmd *cobra.Command, argv []string) (err error) {
 	var clusterKey string
+	var elevateReason string
 	logger.Debugf("Running Login Command ...")
 	logger.Debugf("Checking Backplane Version")
 	utils.CheckBackplaneVersion(cmd)
@@ -119,47 +130,29 @@ func runLogin(cmd *cobra.Command, argv []string) (err error) {
 	}
 	logger.Debugf("Backplane Config File Contains: %v \n", bpConfig)
 
+	// login to the cluster based on login type
 	logger.Debugf("Extracting Backplane Cluster ID")
-	// Currently go-pagerduty pkg does not include incident id validation.
-	if args.pd != "" {
-		if bpConfig.PagerDutyAPIKey == "" {
-			return fmt.Errorf("please make sure the PD API Key is configured correctly in the config file")
-		}
-		pdClient, err := pagerduty.NewWithToken(bpConfig.PagerDutyAPIKey)
+	switch loginType {
+	case LoginTypePagerduty:
+		info, err := getClusterInfoFromPagerduty(bpConfig)
 		if err != nil {
-			return fmt.Errorf("could not initialize the client: %w", err)
-		}
-		if strings.Contains(args.pd, "/incidents/") {
-			incidentID := args.pd[strings.LastIndex(args.pd, "/")+1:]
-			clusterKey, err = pdClient.GetClusterIDFromIncident(incidentID)
-			if err != nil {
-				return err
-			}
-		} else {
-			clusterKey, err = pdClient.GetClusterIDFromIncident(args.pd)
-			if err != nil {
-				return err
-			}
+			return err
 		}
-	}
+		clusterKey = info.ClusterID
+		elevateReason = info.WebURL
 
-	// Get the cluster ID only if it hasn't been populated by PagerDuty.
-	if len(argv) == 1 {
-		// if explicitly one cluster key given, use it to log in.
+	case LoginTypeClusterID:
 		logger.Debugf("Cluster Key is given in argument")
 		clusterKey = argv[0]
-		logger.WithField("Search Key", clusterKey).Debugln("Finding target cluster")
-
-	} else if len(argv) == 0 && args.pd == "" {
-		// if no args given, try to log into the cluster that the user is logged into
-		logger.Debugf("Finding Clustrer Key from current cluster")
-		clusterInfo, err := utils.DefaultClusterUtils.GetBackplaneClusterFromConfig()
+	case LoginTypeExistingKubeConfig:
+		clusterKey, err = getClusterIDFromExistingKubeConfig()
 		if err != nil {
 			return err
 		}
-		clusterKey = clusterInfo.ClusterID
-		logger.Debugf("Backplane Cluster Infromation data extracted: %+v\n", clusterInfo)
+	default:
+		return fmt.Errorf("login type cannot be detected")
 	}
+
 	logger.Debugf("Backplane Cluster Key is: %v \n", clusterKey)
 
 	logger.Debugln("Setting Proxy URL from global options")
@@ -353,11 +346,22 @@ func runLogin(cmd *cobra.Command, argv []string) (err error) {
 	rc.Contexts[targetContextNickName] = targetContext
 	rc.CurrentContext = targetContextNickName
 
+	// Add elevate reason to kubeconfig context
+	if elevateReason != "" {
+		elevationReasons, err := login.SaveElevateContextReasons(rc, elevateReason)
+		if err != nil {
+			return err
+		}
+		logger.Infof("save elevate reason: %s\n", elevationReasons)
+	}
+
 	logger.Debugln("Saving new API config")
 	// Save the config
-	err = login.SaveKubeConfig(clusterID, rc, args.multiCluster, args.kubeConfigPath)
+	if err = login.SaveKubeConfig(clusterID, rc, args.multiCluster, args.kubeConfigPath); err != nil {
+		return err
+	}
 
-	return err
+	return nil
 }
 
 // GetRestConfig returns a client-go *rest.Config which can be used to programmatically interact with the
@@ -558,3 +562,59 @@ func isValidKubernetesNamespace(namespace string) bool {
 	pattern := `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`
 	return regexp.MustCompile(pattern).MatchString(namespace)
 }
+
+// preLogin will execute before the command
+func preLogin(cmd *cobra.Command, argv []string) (err error) {
+
+	switch len(argv) {
+	case 1:
+		loginType = LoginTypeClusterID
+
+	case 0:
+		if args.pd == "" {
+			loginType = LoginTypeExistingKubeConfig
+		} else {
+			loginType = LoginTypePagerduty
+		}
+	}
+
+	return nil
+}
+
+// getClusterInfoFromPagerduty returns a pagerduty.Alert from Pagerduty incident,
+// which contains alert info including the cluster id.
+func getClusterInfoFromPagerduty(bpConfig config.BackplaneConfiguration) (alert pagerduty.Alert, err error) {
+	if bpConfig.PagerDutyAPIKey == "" {
+		return alert, fmt.Errorf("please make sure the PD API Key is configured correctly in the config file")
+	}
+	pdClient, err := pagerduty.NewWithToken(bpConfig.PagerDutyAPIKey)
+	if err != nil {
+		return alert, fmt.Errorf("could not initialize the client: %w", err)
+	}
+	if strings.Contains(args.pd, "/incidents/") {
+		incidentID := args.pd[strings.LastIndex(args.pd, "/")+1:]
+		alert, err = pdClient.GetClusterInfoFromIncident(incidentID)
+		if err != nil {
+			return alert, err
+		}
+	} else {
+		alert, err = pdClient.GetClusterInfoFromIncident(args.pd)
+		if err != nil {
+			return alert, err
+		}
+	}
+	return alert, nil
+}
+
+// getClusterIDFromExistingKubeConfig returns clusterId from kubeconfig
+func getClusterIDFromExistingKubeConfig() (string, error) {
+	var clusterKey string
+	logger.Debugf("Finding Clustrer Key from current cluster")
+	clusterInfo, err := utils.DefaultClusterUtils.GetBackplaneClusterFromConfig()
+	if err != nil {
+		return "", err
+	}
+	clusterKey = clusterInfo.ClusterID
+	logger.Debugf("Backplane Cluster Infromation data extracted: %+v\n", clusterInfo)
+	return clusterKey, nil
+}

cmd/ocm-backplane/login/login_test.go

@@ -105,6 +105,8 @@ var _ = Describe("Login command", func() {
 		mockCluster = &cmv1.Cluster{}
 
 		backplaneConfiguration = config.BackplaneConfiguration{URL: backplaneAPIURI}
+
+		loginType = LoginTypeClusterID
 	})
 
 	AfterEach(func() {
@@ -184,6 +186,7 @@ var _ = Describe("Login command", func() {
 			err := utils.CreateTempKubeConfig(nil)
 			Expect(err).To(BeNil())
 			globalOpts.ProxyURL = "https://squid.myproxy.com"
+			os.Setenv("HTTPS_PROXY", "https://squid.myproxy.com")
 			mockOcmInterface.EXPECT().GetOCMEnvironment().Return(ocmEnv, nil).AnyTimes()
 			mockClientUtil.EXPECT().SetClientProxyURL(globalOpts.ProxyURL).Return(nil)
 			mockOcmInterface.EXPECT().GetTargetCluster(testClusterID).Return(trueClusterID, testClusterID, nil)
@@ -345,6 +348,7 @@ var _ = Describe("Login command", func() {
 		})
 
 		It("should login to current cluster if cluster id not provided", func() {
+			loginType = LoginTypeExistingKubeConfig
 			err := utils.CreateTempKubeConfig(nil)
 			Expect(err).To(BeNil())
 			globalOpts.ProxyURL = "https://squid.myproxy.com"
@@ -431,6 +435,7 @@ var _ = Describe("Login command", func() {
 		})
 
 		It("should fail to create PD API client and return HTTP status code 401 when unauthorized", func() {
+			loginType = LoginTypePagerduty
 			args.pd = truePagerDutyIncidentID
 
 			err := utils.CreateTempKubeConfig(nil)
@@ -466,6 +471,7 @@ var _ = Describe("Login command", func() {
 		})
 
 		It("should return error when trying to login via PD but the PD API Key is not configured", func() {
+			loginType = LoginTypePagerduty
 			args.pd = truePagerDutyIncidentID
 
 			err := utils.CreateTempKubeConfig(nil)
@@ -480,11 +486,9 @@ var _ = Describe("Login command", func() {
 			Expect(err).To(BeNil())
 
 			testData := config.BackplaneConfiguration{
-				URL:              backplaneAPIURI,
-				ProxyURL:         new(string),
-				SessionDirectory: "",
-				AssumeInitialArn: "",
-				PagerDutyAPIKey:  falsePagerDutyAPITkn,
+				URL:             backplaneAPIURI,
+				ProxyURL:        new(string),
+				PagerDutyAPIKey: falsePagerDutyAPITkn,
 			}
 
 			// Marshal the testData into JSON format and write it to tempFile.
@@ -503,6 +507,7 @@ var _ = Describe("Login command", func() {
 		})
 
 		It("should fail to find a non existent PD Incident and return HTTP status code 404 when the requested resource is not found", func() {
+			loginType = LoginTypePagerduty
 			args.pd = falsePagerDutyIncidentID
 
 			err := utils.CreateTempKubeConfig(nil)
@@ -517,11 +522,9 @@ var _ = Describe("Login command", func() {
 			Expect(err).To(BeNil())
 
 			testData := config.BackplaneConfiguration{
-				URL:              backplaneAPIURI,
-				ProxyURL:         new(string),
-				SessionDirectory: "",
-				AssumeInitialArn: "",
-				PagerDutyAPIKey:  truePagerDutyAPITkn,
+				URL:             backplaneAPIURI,
+				ProxyURL:        new(string),
+				PagerDutyAPIKey: truePagerDutyAPITkn,
 			}
 
 			// Marshal the testData into JSON format and write it to tempFile.

pkg/elevate/elevate.go

@@ -1,14 +1,13 @@
 package elevate
 
 import (
-	"errors"
 	"fmt"
 	"os"
 	"os/exec"
 
 	logger "github.com/sirupsen/logrus"
-	"k8s.io/client-go/tools/clientcmd/api"
 
+	"github.com/openshift/backplane-cli/pkg/login"
 	"github.com/openshift/backplane-cli/pkg/utils"
 )
 
@@ -19,32 +18,6 @@ var (
 	WriteKubeconfigToFile = utils.CreateTempKubeConfig
 )
 
-func AddElevationReasonToRawKubeconfig(config api.Config, elevationReason string) error {
-	return AddElevationReasonsToRawKubeconfig(config, []string{elevationReason})
-}
-
-func AddElevationReasonsToRawKubeconfig(config api.Config, elevationReasons []string) error {
-	logger.Debugln("Adding reason for backplane-cluster-admin elevation")
-	if config.Contexts[config.CurrentContext] == nil {
-		return errors.New("no current kubeconfig context")
-	}
-
-	currentCtxUsername := config.Contexts[config.CurrentContext].AuthInfo
-
-	if config.AuthInfos[currentCtxUsername] == nil {
-		return errors.New("no current user information")
-	}
-
-	if config.AuthInfos[currentCtxUsername].ImpersonateUserExtra == nil {
-		config.AuthInfos[currentCtxUsername].ImpersonateUserExtra = make(map[string][]string)
-	}
-
-	config.AuthInfos[currentCtxUsername].ImpersonateUserExtra["reason"] = elevationReasons
-	config.AuthInfos[currentCtxUsername].Impersonate = "backplane-cluster-admin"
-
-	return nil
-}
-
 func RunElevate(argv []string) error {
 	logger.Debugln("Finding target cluster from kubeconfig")
 	config, err := ReadKubeConfigRaw()
@@ -59,7 +32,7 @@ func RunElevate(argv []string) error {
 	} else {
 		elevateReason = argv[0]
 	}
-	elevationReasons, err := ComputeElevateContextAndStoreToKubeConfigFileAndGetReasons(config, elevateReason)
+	elevationReasons, err := login.SaveElevateContextReasons(config, elevateReason)
 	if err != nil {
 		return err
 	}
@@ -70,7 +43,7 @@ func RunElevate(argv []string) error {
 	}
 
 	logger.Debug("Adding impersonation RBAC allow permissions to kubeconfig")
-	err = AddElevationReasonsToRawKubeconfig(config, elevationReasons)
+	err = login.AddElevationReasonsToRawKubeconfig(config, elevationReasons)
 	if err != nil {
 		return err
 	}