feat(kubernetes): --disable-utility-network-access to nodegroup (#236)

villevsv-upcloud · web-flow · commit 04413547a9a1 · 2023-07-14T17:39:57.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Added
+- Add `--disable-utility-network-access` for `kubernetes nodegroup create` command
 
 ## [2.9.1] - 2023-07-06
 ### Changed
diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.20
 
 require (
 	github.com/UpCloudLtd/progress v1.0.1
-	github.com/UpCloudLtd/upcloud-go-api/v6 v6.3.2
+	github.com/UpCloudLtd/upcloud-go-api/v6 v6.5.0
 	github.com/adrg/xdg v0.3.2
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/gemalto/flume v0.12.0
@@ -29,7 +29,6 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
diff --git a/go.sum b/go.sum
@@ -40,8 +40,8 @@ github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tN
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
 github.com/UpCloudLtd/progress v1.0.1 h1:e0ptyD2oOGa3udRcLzgRemIN9enGx4Bc9GQ0sZ/1/EY=
 github.com/UpCloudLtd/progress v1.0.1/go.mod h1:hKsRsvlCffcYt/s0krpWvOFozOjpfUYjSkL6CzZztoI=
-github.com/UpCloudLtd/upcloud-go-api/v6 v6.3.2 h1:lxkQfdh+bY6YDwE+Qq3OCAbUhSEcdJiF1Fivmza78xE=
-github.com/UpCloudLtd/upcloud-go-api/v6 v6.3.2/go.mod h1:9y8kZ4o4jCagqLfexcnITY8uc/g4+uc18wbnMsDbQJI=
+github.com/UpCloudLtd/upcloud-go-api/v6 v6.5.0 h1:bOZY2kNRZo7J+9vgG37Z7S36Wb1SSoTNmg+RPaL6eJs=
+github.com/UpCloudLtd/upcloud-go-api/v6 v6.5.0/go.mod h1:I8rWmBBl+OhiY3AGzKbrobiE5TsLCLNYkCQxE4eJcTg=
 github.com/adrg/xdg v0.3.2 h1:GUSGQ5pHdev83AYhDSS1A/CX+0JIsxbiWtow2DSA+RU=
 github.com/adrg/xdg v0.3.2/go.mod h1:7I2hH/IT30IsupOpKZ5ue7/qNi3CoKzD6tL3HwpaRMQ=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -171,7 +171,6 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
diff --git a/internal/commands/database/connection/cancel.go b/internal/commands/database/connection/cancel.go
@@ -50,7 +50,7 @@ func (s *cancelCommand) Execute(exec commands.Executor, uuid string) (output.Out
 	msg := fmt.Sprintf("Cancelling connection %v to database %v", s.pid, uuid)
 	exec.PushProgressStarted(msg)
 
-	if err := svc.CancelManagedDatabaseConnection(exec.Context(), &request.CancelManagedDatabaseConnection{
+	if err := svc.CancelManagedDatabaseConnection(exec.Context(), &request.CancelManagedDatabaseConnection{ //nolint:staticcheck // Deprecated, replace in a feature PR
 		UUID:      uuid,
 		Pid:       s.pid,
 		Terminate: s.terminate.Value(),
diff --git a/internal/commands/database/connection/list.go b/internal/commands/database/connection/list.go
@@ -25,7 +25,7 @@ type listCommand struct {
 // Execute implements commands.MultipleArgumentCommand
 func (s *listCommand) Execute(exec commands.Executor, uuid string) (output.Output, error) {
 	svc := exec.All()
-	connections, err := svc.GetManagedDatabaseConnections(exec.Context(), &request.GetManagedDatabaseConnectionsRequest{UUID: uuid})
+	connections, err := svc.GetManagedDatabaseConnections(exec.Context(), &request.GetManagedDatabaseConnectionsRequest{UUID: uuid}) //nolint:staticcheck // Deprecated, replace in a feature PR
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/commands/kubernetes/create_test.go b/internal/commands/kubernetes/create_test.go
@@ -22,15 +22,16 @@ func TestCreateKubernetes(t *testing.T) {
 	}
 	networks := upcloud.Networks{Networks: []upcloud.Network{network}}
 
-	oneNodeGroupArgs := func(network string) []string {
+	nodeGroupArgs := func(network string) []string {
 		return []string{
 			"--name", "my-cluster",
 			"--network", network,
 			"--node-group", "count=2,kubelet-arg=log-flush-frequency=5s,label=owner=devteam,label=env=dev,name=my-node-group,plan=2xCPU-4GB,ssh-key=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWq/xsiYPgA/HLsaWHcjAGnwU+pJy9BUmvIlMBpkdn2 admin@user.com,storage=01000000-0000-4000-8000-000160010100,taint=env=dev:NoSchedule,taint=env=dev2:NoSchedule",
+			"--node-group", "count=1,name=my-node-group2,plan=2xCPU-4GB,ssh-key=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWq/xsiYPgA/HLsaWHcjAGnwU+pJy9BUmvIlMBpkdn2 admin@user.com,disable-utility-network-access",
 			"--zone", "de-fra1",
 		}
 	}
-	oneNodeGroupRequest := request.CreateKubernetesClusterRequest{
+	nodeGroupRequest := request.CreateKubernetesClusterRequest{
 		Name:        "my-cluster",
 		Network:     "aa39e313-d908-418a-a959-459699bdc83a",
 		NetworkCIDR: "172.16.1.0/24",
@@ -71,18 +72,31 @@ func TestCreateKubernetes(t *testing.T) {
 						Value:  "dev2",
 					},
 				},
+				UtilityNetworkAccess: upcloud.BoolPtr(true),
+			},
+			{
+				Count:       1,
+				KubeletArgs: []upcloud.KubernetesKubeletArg{},
+				Labels:      []upcloud.Label{},
+				Name:        "my-node-group2",
+				Plan:        "2xCPU-4GB",
+				SSHKeys: []string{
+					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWq/xsiYPgA/HLsaWHcjAGnwU+pJy9BUmvIlMBpkdn2 admin@user.com",
+				},
+				Taints:               []upcloud.KubernetesTaint{},
+				UtilityNetworkAccess: upcloud.BoolPtr(false),
 			},
 		},
 		Plan: "development",
 		Zone: "de-fra1",
 	}
 
 	prodArg := []string{"--plan", "production-small"}
-	prodPlanRequest := oneNodeGroupRequest
+	prodPlanRequest := nodeGroupRequest
 	prodPlanRequest.Plan = "production-small"
 
 	privateNodeGroupsArg := []string{"--private-node-groups"}
-	privateNodeGroupsRequest := oneNodeGroupRequest
+	privateNodeGroupsRequest := nodeGroupRequest
 	privateNodeGroupsRequest.PrivateNodeGroups = true
 
 	for _, test := range []struct {
@@ -92,26 +106,26 @@ func TestCreateKubernetes(t *testing.T) {
 		wantErr bool
 	}{
 		{
-			name:    "1 node group",
-			args:    oneNodeGroupArgs(network.UUID),
-			request: oneNodeGroupRequest,
+			name:    "2 node groups",
+			args:    nodeGroupArgs(network.UUID),
+			request: nodeGroupRequest,
 			wantErr: false,
 		},
 		{
 			name:    "resolve network from name",
-			args:    oneNodeGroupArgs(network.Name),
-			request: oneNodeGroupRequest,
+			args:    nodeGroupArgs(network.Name),
+			request: nodeGroupRequest,
 			wantErr: false,
 		},
 		{
 			name:    "use productions-small plan",
-			args:    append(oneNodeGroupArgs(network.Name), prodArg...),
+			args:    append(nodeGroupArgs(network.Name), prodArg...),
 			request: prodPlanRequest,
 			wantErr: false,
 		},
 		{
 			name:    "with private node groups",
-			args:    append(oneNodeGroupArgs(network.Name), privateNodeGroupsArg...),
+			args:    append(nodeGroupArgs(network.Name), privateNodeGroupsArg...),
 			request: privateNodeGroupsRequest,
 			wantErr: false,
 		},
diff --git a/internal/commands/kubernetes/nodegroup/create.go b/internal/commands/kubernetes/nodegroup/create.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/UpCloudLtd/upcloud-cli/v2/internal/commands"
 	"github.com/UpCloudLtd/upcloud-cli/v2/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v2/internal/config"
 	"github.com/UpCloudLtd/upcloud-cli/v2/internal/labels"
 	"github.com/UpCloudLtd/upcloud-cli/v2/internal/output"
 	"github.com/UpCloudLtd/upcloud-cli/v2/internal/resolver"
@@ -17,14 +18,15 @@ import (
 )
 
 type CreateNodeGroupParams struct {
-	Count       int
-	Name        string
-	Plan        string
-	SSHKeys     []string
-	Storage     string
-	KubeletArgs []string
-	Labels      []string
-	Taints      []string
+	Count                int
+	Name                 string
+	Plan                 string
+	SSHKeys              []string
+	Storage              string
+	KubeletArgs          []string
+	Labels               []string
+	Taints               []string
+	UtilityNetworkAccess config.OptionalBoolean
 }
 
 func GetCreateNodeGroupFlagSet(p *CreateNodeGroupParams) *pflag.FlagSet {
@@ -38,6 +40,7 @@ func GetCreateNodeGroupFlagSet(p *CreateNodeGroupParams) *pflag.FlagSet {
 	fs.StringArrayVar(&p.SSHKeys, "ssh-key", []string{}, "SSH keys to be configured as authorized keys to the nodes.")
 	fs.StringVar(&p.Storage, "storage", "", "Storage template to use when creating the nodes. Defaults to `UpCloud K8s` public template.")
 	fs.StringArrayVar(&p.Taints, "taint", []string{}, "Taints to be configured to the nodes in `key=value:effect` format")
+	config.AddEnableOrDisableFlag(fs, &p.UtilityNetworkAccess, true, "utility-network-access", "utility network access. If disabled, nodes in this group will not have access to utility network")
 
 	return fs
 }
@@ -102,14 +105,15 @@ func ProcessNodeGroupParams(p CreateNodeGroupParams) (request.KubernetesNodeGrou
 	}
 
 	ng = request.KubernetesNodeGroup{
-		Count:       p.Count,
-		Labels:      labelSlice,
-		Name:        p.Name,
-		Plan:        p.Plan,
-		SSHKeys:     sshKeys,
-		Storage:     p.Storage,
-		KubeletArgs: kubeletArgs,
-		Taints:      taints,
+		Count:                p.Count,
+		Labels:               labelSlice,
+		Name:                 p.Name,
+		Plan:                 p.Plan,
+		SSHKeys:              sshKeys,
+		Storage:              p.Storage,
+		KubeletArgs:          kubeletArgs,
+		Taints:               taints,
+		UtilityNetworkAccess: upcloud.BoolPtr(p.UtilityNetworkAccess.Value()),
 	}
 
 	return ng, nil
diff --git a/internal/commands/kubernetes/nodegroup/create_test.go b/internal/commands/kubernetes/nodegroup/create_test.go
@@ -40,12 +40,13 @@ func TestCreateKubernetesNodeGroup(t *testing.T) {
 			expected: request.CreateKubernetesNodeGroupRequest{
 				ClusterUUID: clusterUUID,
 				NodeGroup: request.KubernetesNodeGroup{
-					Count:       2,
-					Name:        "my-node-group",
-					Plan:        "2xCPU-4GB",
-					Labels:      []upcloud.Label{},
-					KubeletArgs: []upcloud.KubernetesKubeletArg{},
-					Taints:      []upcloud.KubernetesTaint{},
+					Count:                2,
+					Name:                 "my-node-group",
+					Plan:                 "2xCPU-4GB",
+					Labels:               []upcloud.Label{},
+					KubeletArgs:          []upcloud.KubernetesKubeletArg{},
+					Taints:               []upcloud.KubernetesTaint{},
+					UtilityNetworkAccess: upcloud.BoolPtr(true),
 				},
 			},
 		},
@@ -62,8 +63,9 @@ func TestCreateKubernetesNodeGroup(t *testing.T) {
 						{Key: "key", Value: "value"},
 						{Key: "key-without-value", Value: ""},
 					},
-					KubeletArgs: []upcloud.KubernetesKubeletArg{},
-					Taints:      []upcloud.KubernetesTaint{},
+					KubeletArgs:          []upcloud.KubernetesKubeletArg{},
+					Taints:               []upcloud.KubernetesTaint{},
+					UtilityNetworkAccess: upcloud.BoolPtr(true),
 				},
 			},
 		},
@@ -81,6 +83,7 @@ func TestCreateKubernetesNodeGroup(t *testing.T) {
 				"--storage=01000000-0000-4000-8000-000160010100",
 				"--taint=env=dev:NoSchedule",
 				"--taint=env=dev2:NoSchedule",
+				"--disable-utility-network-access",
 			},
 			expected: request.CreateKubernetesNodeGroupRequest{
 				ClusterUUID: clusterUUID,
@@ -120,6 +123,7 @@ func TestCreateKubernetesNodeGroup(t *testing.T) {
 							Value:  "dev2",
 						},
 					},
+					UtilityNetworkAccess: upcloud.BoolPtr(false),
 				},
 			},
 		},
diff --git a/internal/commands/kubernetes/show.go b/internal/commands/kubernetes/show.go
@@ -96,6 +96,7 @@ func (s *showCommand) Execute(exec commands.Executor, uuid string) (output.Outpu
 									{Title: "Kubelet args:", Value: kubeletArgs.String()},
 									{Title: "Labels:", Value: labels.String()},
 									{Title: "Taints:", Value: taints.String()},
+									{Title: "Utility network access:", Value: nodeGroup.UtilityNetworkAccess, Format: format.Boolean},
 								},
 							},
 						},
diff --git a/internal/commands/kubernetes/show_test.go b/internal/commands/kubernetes/show_test.go
@@ -60,8 +60,9 @@ func TestShowCommand(t *testing.T) {
 						Value:  "sometaintvalue",
 					},
 				},
-				Storage: "storage-uuid",
-				SSHKeys: []string{"somekey"},
+				Storage:              "storage-uuid",
+				SSHKeys:              []string{"somekey"},
+				UtilityNetworkAccess: true,
 			}, {
 				Count: 8,
 				Labels: []upcloud.Label{
@@ -90,8 +91,9 @@ func TestShowCommand(t *testing.T) {
 						Value:  "sometaintvalue2",
 					},
 				},
-				Storage: "storage-uuid-2",
-				SSHKeys: []string{"somekey2"},
+				Storage:              "storage-uuid-2",
+				SSHKeys:              []string{"somekey2"},
+				UtilityNetworkAccess: false,
 			},
 		},
 		State: upcloud.KubernetesClusterStateRunning,
@@ -112,31 +114,33 @@ func TestShowCommand(t *testing.T) {
 
   
   Node group 1 (upcloud-go-sdk-unit-test):
-    Name:         upcloud-go-sdk-unit-test              
-    Count:        4                                     
-    Plan:         2xCPU-4GB                             
-    State:        running                               
-    Storage UUID: storage-uuid                          
-    Storage name: Test storage                          
-    Kubelet args: somekubeletkey=somekubeletvalue       
-    Labels:       managedBy=upcloud-go-sdk-unit-test    
-                  another=label-thing                   
-    Taints:       sometaintkey=sometaintvalue:NoExecute 
-                  sometaintkey=sometaintvalue:NoExecute 
-                  sometaintkey=sometaintvalue:NoExecute 
+    Name:                   upcloud-go-sdk-unit-test              
+    Count:                  4                                     
+    Plan:                   2xCPU-4GB                             
+    State:                  running                               
+    Storage UUID:           storage-uuid                          
+    Storage name:           Test storage                          
+    Kubelet args:           somekubeletkey=somekubeletvalue       
+    Labels:                 managedBy=upcloud-go-sdk-unit-test    
+                            another=label-thing                   
+    Taints:                 sometaintkey=sometaintvalue:NoExecute 
+                            sometaintkey=sometaintvalue:NoExecute 
+                            sometaintkey=sometaintvalue:NoExecute 
+    Utility network access: yes                                   
 
   
   Node group 2 (upcloud-go-sdk-unit-test-2):
-    Name:         upcloud-go-sdk-unit-test-2               
-    Count:        8                                        
-    Plan:         4xCPU-8GB                                
-    State:        pending                                  
-    Storage UUID: storage-uuid-2                           
-    Storage name: Test storage                             
-    Kubelet args: somekubeletkey2=somekubeletvalue2        
-    Labels:       managedBy=upcloud-go-sdk-unit-test-2     
-                  another2=label-thing-2                   
-    Taints:       sometaintkey2=sometaintvalue2:NoSchedule 
+    Name:                   upcloud-go-sdk-unit-test-2               
+    Count:                  8                                        
+    Plan:                   4xCPU-8GB                                
+    State:                  pending                                  
+    Storage UUID:           storage-uuid-2                           
+    Storage name:           Test storage                             
+    Kubelet args:           somekubeletkey2=somekubeletvalue2        
+    Labels:                 managedBy=upcloud-go-sdk-unit-test-2     
+                            another2=label-thing-2                   
+    Taints:                 sometaintkey2=sometaintvalue2:NoSchedule 
+    Utility network access: no                                       
 
 `
 
diff --git a/internal/mock/mock.go b/internal/mock/mock.go
@@ -584,6 +584,14 @@ func (m *Service) CancelManagedDatabaseConnection(_ context.Context, r *request.
 	return nil
 }
 
+func (m *Service) CancelManagedDatabaseSession(_ context.Context, r *request.CancelManagedDatabaseSession) error {
+	args := m.Called(r)
+	if args[0] != nil {
+		return args.Error(0)
+	}
+	return nil
+}
+
 func (m *Service) CloneManagedDatabase(_ context.Context, r *request.CloneManagedDatabaseRequest) (*upcloud.ManagedDatabase, error) {
 	return nil, nil
 }
@@ -620,6 +628,10 @@ func (m *Service) GetManagedDatabaseConnections(_ context.Context, r *request.Ge
 	return nil, nil
 }
 
+func (m *Service) GetManagedDatabaseSessions(_ context.Context, r *request.GetManagedDatabaseSessionsRequest) (upcloud.ManagedDatabaseSessions, error) {
+	return upcloud.ManagedDatabaseSessions{}, nil
+}
+
 func (m *Service) GetManagedDatabaseIndices(_ context.Context, r *request.GetManagedDatabaseIndicesRequest) ([]upcloud.ManagedDatabaseIndex, error) {
 	return nil, nil
 }
@@ -923,7 +935,7 @@ func (m *Service) GetKubernetesNodeGroups(ctx context.Context, r *request.GetKub
 	return nil, nil
 }
 
-func (m *Service) GetKubernetesNodeGroup(ctx context.Context, r *request.GetKubernetesNodeGroupRequest) (*upcloud.KubernetesNodeGroup, error) {
+func (m *Service) GetKubernetesNodeGroup(ctx context.Context, r *request.GetKubernetesNodeGroupRequest) (*upcloud.KubernetesNodeGroupDetails, error) {
 	return nil, nil
 }
 
@@ -951,6 +963,14 @@ func (m *Service) DeleteKubernetesNodeGroup(ctx context.Context, r *request.Dele
 	return nil
 }
 
+func (m *Service) DeleteKubernetesNodeGroupNode(ctx context.Context, r *request.DeleteKubernetesNodeGroupNodeRequest) error {
+	args := m.Called(r)
+	if args[0] == nil {
+		return args.Error(0)
+	}
+	return nil
+}
+
 func (m *Service) GetKubernetesPlans(ctx context.Context, r *request.GetKubernetesPlansRequest) ([]upcloud.KubernetesPlan, error) {
 	args := m.Called(r)
 	if args[0] == nil {

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ type listCommand struct {`
`25`	`25`	`// Execute implements commands.MultipleArgumentCommand`
`26`	`26`	`func (s *listCommand) Execute(exec commands.Executor, uuid string) (output.Output, error) {`
`27`	`27`	`svc := exec.All()`
`28`		`- connections, err := svc.GetManagedDatabaseConnections(exec.Context(), &request.GetManagedDatabaseConnectionsRequest{UUID: uuid})`
	`28`	`+ connections, err := svc.GetManagedDatabaseConnections(exec.Context(), &request.GetManagedDatabaseConnectionsRequest{UUID: uuid}) //nolint:staticcheck // Deprecated, replace in a feature PR`
`29`	`29`	`if err != nil {`
`30`	`30`	`return nil, err`
`31`	`31`	`}`