Skip to content
This repository has been archived by the owner on Jul 25, 2022. It is now read-only.

non operator able to target and ssh node through bastion host #263

Merged
merged 1 commit into from
Sep 1, 2020
Merged

non operator able to target and ssh node through bastion host #263

merged 1 commit into from
Sep 1, 2020

Conversation

tedteng
Copy link
Contributor

@tedteng tedteng commented Aug 19, 2020
edited
Loading

What this PR does / why we need it:
allow non-operator user use project SA account in garden able to manage the shoots in their project via gardenctl target and gardenctl ssh to list nodes ssh shoot nodes through bastion host.

Which issue(s) this PR fixes:
Fixes #253
Fixes #233

Special notes for your reviewer:
as a request from the end-user currently the ssh only allow access aws provider.

Release note:

Allow `user` role use Project SA account in garden able to manage the shoots from their own project. `gardenctl ssh` shoot node as well.  `aws`,`gcp`,`azure` supported

@tedteng tedteng requested a review from a team as a code owner August 19, 2020 03:22
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 19, 2020
@tedteng
Copy link
Contributor Author

tedteng commented Aug 19, 2020

Testing

gg target -g ttt -p i333xxx -t zegfzwjhzh
Garden:
KUBECONFIG=/Users/i333xxx/gardener_kubeconfig/ttt/kubeconfig

Warning:
You are non-operator! usage are Limited

Shoot:
KUBECONFIG=/Users/i333878/.garden/cache/ttt/projects/i333878/zegfzwjhzh/kubeconfig.yaml

gg ssh list the node as expected.

gg ssh ip-xxxxx.eu-central-1.compute.internal

@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 19, 2020
This was referenced Aug 19, 2020
Closed
Closed
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-2 gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 19, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 20, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 20, 2020
@tedteng tedteng mentioned this pull request Aug 20, 2020
Closed
petersutter
petersutter suggested changes Aug 21, 2020
View reviewed changes
pkg/cmd/operate.go Outdated Show resolved Hide resolved
pkg/cmd/operate.go Outdated Show resolved Hide resolved
pkg/cmd/miscellaneous.go Outdated Show resolved Hide resolved
pkg/cmd/download.go Outdated Show resolved Hide resolved
pkg/cmd/miscellaneous.go Outdated Show resolved Hide resolved
pkg/cmd/ssh_aws.go Show resolved Hide resolved
pkg/cmd/miscellaneous.go Outdated Show resolved Hide resolved
pkg/cmd/miscellaneous.go Outdated Show resolved Hide resolved
pkg/cmd/miscellaneous.go Outdated Show resolved Hide resolved
pkg/cmd/ssh.go Outdated
return nil, err
if checkOperatorRole() == "user" {
KUBECONFIG = getKubeConfigOfClusterType("shoot")
out, err := ExecCmdReturnOutput("bash", "-c", "kubectl --kubeconfig="+KUBECONFIG+" get node")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why haven't you used the go client but instead executed kubectl to fetch the nodes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure I will change it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at least call kubectl directly, no bash please for new code

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 21, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 21, 2020
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 28, 2020
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 28, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 28, 2020
@tedteng
Copy link
Contributor Author

tedteng commented Aug 28, 2020
edited
Loading

Hi let me know is the commit square ok and check it before merge PR . @gardener/gardenctl-maintainers

@neo-liang-sap
Copy link
Contributor

/lgtm
looks good to me but i haven't test it

@neo-liang-sap
Copy link
Contributor

@tedteng could you please squash commits into one?

@tedteng
Copy link
Contributor Author

tedteng commented Aug 31, 2020

you mean all the commits for just two commits from mine?

@neo-liang-sap
Copy link
Contributor

neo-liang-sap commented Aug 31, 2020
edited
Loading

you mean all the commits for just two commits from mine?

why other people's commit exist in your PR? ideally before merge one PR should contains only one commit from your self.
maybe you can try rebase with master branch but i'm not sure whether it helps to tidy your commits.
also i saw one empty commit exist in your PR, 51b6527 not sure how it comes but it shouldn't be there

@tedteng
Copy link
Contributor Author

tedteng commented Aug 31, 2020
edited
Loading

I have no idea either that why I was asking check last week. let me just close and open new PR, I think it will be easier for all.

you mean all the commits for just two commits from mine?

why other people's commit exist in your PR? ideally before merge one PR should contains only one commit from your self.
maybe you can try rebase with master branch but i'm not sure whether it helps to tidy your commits.
also i saw one empty commit exist in your PR, 51b6527 not sure how it comes but it shouldn't be there

it seems not fixed the issue create new one

@tedteng tedteng closed this Aug 31, 2020
@tedteng tedteng reopened this Aug 31, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 31, 2020
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 31, 2020
neo-liang-sap
neo-liang-sap suggested changes Aug 31, 2020
View reviewed changes
Copy link
Contributor

@neo-liang-sap neo-liang-sap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. please resolve conflict with master branch
  2. these 4 commits are already in master branch, should not exist in this PR
    image

@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 31, 2020
@tedteng
non operator able to target and ssh node through bastion host
53544d5 
add temporary solution in targetShoot method
add getTechnicalID
Update pkg/cmd/download.go
remove getShootClusterName method
remove bash -c
Update pkg/cmd/miscellaneous.go
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 31, 2020
neo-liang-sap
neo-liang-sap approved these changes Sep 1, 2020
View reviewed changes
Copy link
Contributor

@neo-liang-sap neo-liang-sap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
however i haven't tested, confirmed with @tedteng he's fully confidence with it

@neo-liang-sap neo-liang-sap merged commit 28a56bf into gardener-attic:master Sep 1, 2020
This was referenced Sep 1, 2020
Closed
Closed
@tedteng tedteng deleted the nonadmin_target_ssh branch September 4, 2020 02:52
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@petersutter petersutter petersutter approved these changes

@neo-liang-sap neo-liang-sap neo-liang-sap approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging
Projects
None yet
Milestone
No milestone
7 participants
@tedteng @petersutter @neo-liang-sap @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot