ROX-12151: cloud accounts endpoint

[ivan-degtiarenko]

Description

Introduces the call to AMS client as well as new endpoint. The organization ID is taken from the caller's claims.

Checklist (Definition of Done)

• Unit and integration tests added
• Added test description under Test manual
• Documentation added if necessary (i.e. changes to dev setup, test execution, ...)
• CI and all relevant tests are passing
• Add the ticket number to the PR title if available, i.e. ROX-12345: ...
• Discussed security and business related topics privately. Will move any security and business related topics that arise to private communication channel.

Test manual

TODO: Add manual testing efforts

1. ./fleet-manager serve --ocm-base-url=https://api.openshift.com --ocm-client-id-file=secrets/ocm-service.clientId --ocm-client-secret-file=secrets/ocm-service.clientSecret
2. GET http://localhost:8000/api/rhacs/v1/cloud_accounts with rhacs-test-customer Bearer token
3. Returned result:

{
    "cloudAccounts": [
        {
            "cloudAccountId": "<redacted>",
            "cloudProviderId": "aws"
        }
    ]
}

[stehessel]

This will list all cloud accounts, right? We should filter here on the cloud accounts that are attached to our marketplace SKU, i.e. "quota_id": "cluster|rhinfra|rhacs|marketplace". Otherwise we'll also return cloud accounts that have purchased different products.

[stehessel]

Can you add a unit test for this function using the generated mocks?

[ivan-degtiarenko]

Do you mean cloud_accounts_test.go for the endpoint handler? There's no way to mock sdkClient.Connection used in client.go

[stehessel]

Hm yes. I think you could write a unit test with the cloud_accounts_test.mock, and you could also take a look at https://github.com/stackrox/acs-fleet-manager/blob/main/internal/dinosaur/pkg/services/quota/ams_quota_service_test.go for how to mock the OCM client. With the latter you could test the SKU filter logic.

[sachaudh]

The endpoint looks good to me. The only thing I'm wondering about is this operationId. @stehessel mentioned in his comment how to access the organization.id using ocm command. Is operationId supposed to be that? Also, accessing that id using the ocm command is helpful, but I can't do that through the browser so I'll need to find another way to do that. If you or @stehessel might know how that's possible, let me know. I am searching through https://api.openshift.com/ to see if there might be some API endpoint that might give me that information

[sachaudh]

Is /api/accounts_mgmt/v1/organizations the API i'm looking for? Looks like that gives me a list of organizations (there seems to be just one though). I see fields like id and external_id which seem relevant

[ivan-degtiarenko]

@sachaudh organization.id will be extracted by fleet-manager from AMS using orgId provided in the Bearer token. The endpoint doesn't take any parameters.

operationId is swagger parameter that is used to uniquely identify the operation within the API spec:
https://swagger.io/docs/specification/paths-and-operations/

[sachaudh]

Ok, then I think that's fine with me. Thanks for adding the endpoint @ivan-degtiarenko 👍🏼

[stehessel]

There is already GetQuotaCostsForProduct - seems like it's what we want, it's only missing a fetchCloudAccounts=true flag. Maybe we could reuse this here?

[ivan-degtiarenko]

Not really - GetQuotaCostsForProduct does filtration by resourceName and product

[stehessel]

In principle that is what we also want. But I think you are right, we would want to filter for billing_model==marketplace as well. Easier to go the quota_id route then.

[stehessel]

It would be good to test GetCustomerCloudAccounts as well, in particular testing that the filtering by resource id works. I think this is possible by mocking the other OCM client methods like QuotaCost (or GetQuotaCostsForProduct).

[ivan-degtiarenko]

GetQuotaCostsForProduct can't be reused for the reasons mentioned above. I'm not sure how one can mock QuotaCost method on the organizationClient - it is created by Connection:
https://github.com/stackrox/acs-fleet-manager/blob/ivan%2FROX-12151-aws-accounts-endpoint/pkg/client/ocm/client.go#L608-L608

[stehessel]

Hm yes that is impractical, I thought I saw it in the method list of the client, but you are right it's not. That would leave us with mocks on http level, which maybe are supported via the "mock modes" (https://github.com/stackrox/acs-fleet-manager/blob/ivan/ROX-12151-aws-accounts-endpoint/pkg/client/ocm/config.go#L12). But probably a lot of effort for a simple feature...

[stehessel]

If you extract inside of this function (func() (i interface{}, serviceError *errors.ServiceError) { ... }, you could test it separately from the http related parts of Get. This would save you some http setup in the cloud_accounts_test.go.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ivan-degtiarenko, stehessel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ivan-degtiarenko]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

New changes are detected. LGTM label has been removed.