Add warning to network verification that HCPs are unsupported. (#579)

* Add warning to network verification that HCPs are unsupported. Its not widely know, that network verifier is unable to run against HCPs. This can lead to red herring situations and a warning is needed. * add prompt to network verifier hcp warning * add explanation about inability to verify egress for HCP
openshift · Jun 3, 2024 · d58ed21 · d58ed21
1 parent 87fd275
commit d58ed21
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/cmd/network/verification.go b/cmd/network/verification.go
@@ -3,6 +3,7 @@ package network
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"log"
 	"os"
@@ -218,6 +219,16 @@ func (e *EgressVerification) setup(ctx context.Context) (*aws.Config, error) {
 		e.log.Debug(ctx, "cluster %s found from OCM: %s", e.ClusterId, cluster.ID())
 		e.cluster = cluster
 
+		// We currently have insufficient permissions to run network verifier on ROSA HCP
+		// We can update or, if applicable, remove this warning after https://issues.redhat.com/browse/XCMSTRAT-245
+		if e.cluster.Hypershift().Enabled() {
+			e.log.Warn(ctx, "Generally, SRE has insufficient AWS permissions"+
+				" to run network verifier on hosted control plane clusters. Run anyway?")
+			if !utils.ConfirmPrompt() {
+				return nil, errors.New("You can try the network verifier script in ops-sop/hypershift/utils/verify-egress.sh")
+			}
+		}
+
 		e.log.Info(ctx, "getting AWS credentials from backplane-api")
 		cfg, err := osdCloud.CreateAWSV2Config(ocmClient, cluster)
 		if err != nil {