From c34e339f2df529e55e917a7c8863d11cc4a9c77f Mon Sep 17 00:00:00 2001
From: Aayush Chouhan <achouhan@redhat.com>
Date: Mon, 14 Oct 2024 17:00:45 +0530
Subject: [PATCH] Added ARN checks in the diagnostics report

Signed-off-by: Aayush Chouhan <achouhan@redhat.com>
---
 pkg/diagnostics/report.go | 89 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)

diff --git a/pkg/diagnostics/report.go b/pkg/diagnostics/report.go
index b49e6fb11..a0fe210a2 100644
--- a/pkg/diagnostics/report.go
+++ b/pkg/diagnostics/report.go
@@ -4,12 +4,16 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/aws/aws-sdk-go/aws/arn"
+	nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1"
 	"github.com/noobaa/noobaa-operator/v5/pkg/bundle"
 	"github.com/noobaa/noobaa-operator/v5/pkg/options"
 	"github.com/noobaa/noobaa-operator/v5/pkg/util"
 	"github.com/spf13/cobra"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 const (
@@ -36,6 +40,22 @@ func RunReport(cmd *cobra.Command, args []string) {
 		log.Fatalf(`❌ Could not get endpoint Deployment %q in Namespace %q`,
 			endpointApp.Name, endpointApp.Namespace)
 	}
+
+	// Fetching all Backingstores
+	bsList := &nbv1.BackingStoreList{
+		TypeMeta: metav1.TypeMeta{Kind: "BackingStoreList"},
+	}
+	if !util.KubeList(bsList, &client.ListOptions{Namespace: options.Namespace}) {
+		log.Fatalf(`❌ No backingstores were found in the %q namespace`, options.Namespace)
+	}
+
+	// Fetching all Namespacestores
+	nsList := &nbv1.NamespaceStoreList{
+		TypeMeta: metav1.TypeMeta{Kind: "NamespaceStoreList"},
+	}
+	if !util.KubeList(nsList, &client.ListOptions{Namespace: options.Namespace}) {
+		log.Fatalf(`❌ No namespacestores were found in the %q namespace`, options.Namespace)
+	}
 	fmt.Println("")
 
 	// retrieving the status of proxy environment variables
@@ -44,6 +64,9 @@ func RunReport(cmd *cobra.Command, args []string) {
 	// retrieving the overridden env variables using `CONFIG_JS_` prefix
 	overriddenEnvVar(coreApp, endpointApp)
 
+	// validating ARNs for backingstores and namespacestores
+	arnValidationCheck(bsList, nsList)
+
 	// TODO: Add support for additional features
 }
 
@@ -73,6 +96,33 @@ func overriddenEnvVar(coreApp *appsv1.StatefulSet, endpointApp *appsv1.Deploymen
 	fmt.Println("")
 }
 
+// arnValidationCheck validates the ARNs for backingstores and namespacestores
+func arnValidationCheck(bsList *nbv1.BackingStoreList, nsList *nbv1.NamespaceStoreList) {
+	log := util.Logger()
+
+	log.Print("⏳ Validating store ARNs...\n")
+
+	// Validate ARNs for backingstores
+	bsArnList := make(map[string]string)
+	for _, bs := range bsList.Items {
+		if bs.Spec.AWSS3 != nil && bs.Spec.AWSS3.AWSSTSRoleARN != nil {
+			bsArnList[bs.Name] = *bs.Spec.AWSS3.AWSSTSRoleARN
+		}
+	}
+	printARNStatus("BACKINGSTORE", bsArnList)
+
+	// Validate ARNs for namespacestores
+	nsArnList := make(map[string]string)
+	for _, ns := range nsList.Items {
+		if ns.Spec.AWSS3 != nil && ns.Spec.AWSS3.AWSSTSRoleARN != nil {
+			nsArnList[ns.Name] = *ns.Spec.AWSS3.AWSSTSRoleARN
+		}
+	}
+	printARNStatus("NAMESPACESTORE", nsArnList)
+
+	fmt.Println("")
+}
+
 // printProxyStatus prints the proxy status
 func printProxyStatus(appName string, envVars []corev1.EnvVar) {
 	fmt.Printf("Proxy Environment Variables Check (%s):\n----------------------------------\n", appName)
@@ -102,3 +152,42 @@ func printOverriddenEnvVar(appName string, envVars []corev1.EnvVar) {
 	}
 	fmt.Println("")
 }
+
+// isValidSTSArn is a function to validate the STS ARN format
+func isValidSTSArn(arnStr *string) bool {
+	if arnStr == nil {
+		return false
+	}
+
+	parsedArn, err := arn.Parse(*arnStr)
+	if err != nil {
+		return false
+	}
+
+	if parsedArn.Service == "sts" {
+		return true
+	}
+	return false
+}
+
+// printARNStatus is a function to print ARN validation status
+func printARNStatus(listType string, arnList map[string]string) {
+	foundARNString := false
+	fmt.Printf("%s ARNs:\n----------------------------------\n", listType)
+	for name, arn := range arnList {
+		fmt.Printf("\t%s \"%s\":\n\t	ARN: %s\n\t", listType, name, arn)
+		// currently validating only for AWS STS ARN, can be changed accordingly for other formats and validation
+		if isValidSTSArn(&arn) {
+			fmt.Printf("	Status: ✅ Valid STS ARN\n")
+		} else {
+			fmt.Printf("	Status: ⚠️ Invalid (Not an STS ARN)\n")
+		}
+		foundARNString = true
+		fmt.Println("")
+	}
+
+	if !foundARNString {
+		fmt.Print("	❌ No AWS ARN string found.\n")
+	}
+	fmt.Println("")
+}