From 1fdfb2ed7c072e59994cf9d49a3b14c9ff1b3ade Mon Sep 17 00:00:00 2001
From: Aayush Chouhan <achouhan@redhat.com>
Date: Mon, 14 Oct 2024 17:00:45 +0530
Subject: [PATCH] Added ARN checks in the diagnostics report

Signed-off-by: Aayush Chouhan <achouhan@redhat.com>
---
 pkg/diagnostics/report.go | 71 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/pkg/diagnostics/report.go b/pkg/diagnostics/report.go
index b49e6fb11..4ad775fb6 100644
--- a/pkg/diagnostics/report.go
+++ b/pkg/diagnostics/report.go
@@ -4,12 +4,14 @@ import (
 	"fmt"
 	"strings"
 
+	nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1"
 	"github.com/noobaa/noobaa-operator/v5/pkg/bundle"
 	"github.com/noobaa/noobaa-operator/v5/pkg/options"
 	"github.com/noobaa/noobaa-operator/v5/pkg/util"
 	"github.com/spf13/cobra"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
@@ -36,6 +38,16 @@ func RunReport(cmd *cobra.Command, args []string) {
 		log.Fatalf(`❌ Could not get endpoint Deployment %q in Namespace %q`,
 			endpointApp.Name, endpointApp.Namespace)
 	}
+
+	// Fetching all Backingstores
+	bsList := &nbv1.BackingStoreList{
+		TypeMeta: metav1.TypeMeta{Kind: "BackingStoreList"},
+	}
+
+	// Fetching all Namespacestores
+	nsList := &nbv1.NamespaceStoreList{
+		TypeMeta: metav1.TypeMeta{Kind: "NamespaceStoreList"},
+	}
 	fmt.Println("")
 
 	// retrieving the status of proxy environment variables
@@ -44,6 +56,9 @@ func RunReport(cmd *cobra.Command, args []string) {
 	// retrieving the overridden env variables using `CONFIG_JS_` prefix
 	overriddenEnvVar(coreApp, endpointApp)
 
+	// validating ARNs for backingstore and namespacestore
+	arnValidationCheck(bsList, nsList)
+
 	// TODO: Add support for additional features
 }
 
@@ -73,6 +88,57 @@ func overriddenEnvVar(coreApp *appsv1.StatefulSet, endpointApp *appsv1.Deploymen
 	fmt.Println("")
 }
 
+// arnValidationCheck validates the ARNs for backingstores and namespacestores
+func arnValidationCheck(bsList *nbv1.BackingStoreList, nsList *nbv1.NamespaceStoreList) {
+	log := util.Logger()
+
+	log.Print("⏳ Validation check for ARNs...\n")
+	foundARNString := false
+
+	// Validate ARNs for backingstores
+	fmt.Print("ARN Validation Check (BACKINGSTORES):\n----------------------------------\n")
+	for _, bs := range bsList.Items {
+		// skipping if AWS STS ARN string is not present
+		if bs.Spec.AWSS3.AWSSTSRoleARN == nil {
+			continue
+		}
+
+		if !isValidArn(bs.Spec.AWSS3.AWSSTSRoleARN) {
+			fmt.Printf("	❌ Invalid ARN in Backingstore %s: %s\n", bs.Name, *bs.Spec.AWSS3.AWSSTSRoleARN)
+		} else {
+			fmt.Printf("	✅ Valid ARN in Backingstore %s: %s\n", bs.Name, *bs.Spec.AWSS3.AWSSTSRoleARN)
+		}
+		foundARNString = true
+	}
+
+	if !foundARNString {
+		fmt.Print("	❌ No aws sts arn string found.\n")
+	}
+
+	foundARNString = false
+	// Validate ARNs for namespacestores
+	fmt.Print("ARN Validation Check (NAMESPACESTORES):\n----------------------------------\n")
+	for _, ns := range nsList.Items {
+		// skipping if AWS STS ARN string is not present
+		if ns.Spec.AWSS3.AWSSTSRoleARN == nil {
+			continue
+		}
+
+		if !isValidArn(ns.Spec.AWSS3.AWSSTSRoleARN) {
+			fmt.Printf("	❌ Invalid ARN in Namespacestore %s: %s\n", ns.Name, *ns.Spec.AWSS3.AWSSTSRoleARN)
+		} else {
+			fmt.Printf("	✅ Valid ARN in Namespacestore %s: %s\n", ns.Name, *ns.Spec.AWSS3.AWSSTSRoleARN)
+		}
+		foundARNString = true
+	}
+
+	if !foundARNString {
+		fmt.Print("	❌ No aws sts arn string found.\n")
+	}
+
+	fmt.Println("")
+}
+
 // printProxyStatus prints the proxy status
 func printProxyStatus(appName string, envVars []corev1.EnvVar) {
 	fmt.Printf("Proxy Environment Variables Check (%s):\n----------------------------------\n", appName)
@@ -102,3 +168,8 @@ func printOverriddenEnvVar(appName string, envVars []corev1.EnvVar) {
 	}
 	fmt.Println("")
 }
+
+// isValidArn is a function to validate the ARN format
+func isValidArn(arn *string) bool {
+	return strings.HasPrefix(*arn, "arn:aws:s3:::") && len(*arn) > len("arn:aws:s3:::")
+}