Skip to content

CORS-4055: migrate Route53 API calls to AWS SDK v2 #10265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tthvo wants to merge 3 commits into
base: main
Choose a base branch
from
Open

CORS-4055: migrate Route53 API calls to AWS SDK v2 #10265

tthvo wants to merge 3 commits into from
+469 −22,570

Conversation

@tthvo
Copy link
Member

@tthvo tthvo commented Jan 28, 2026

The PR is an incremental step to migrate AWS API calls to AWS SDK v2. This only focuses on Route 53 clients in the pkg/asset and dependent pkg(s).

This PR contains quite a lot refactoring in order to follow the AWS SDK v2 client pattern.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jan 28, 2026
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 28, 2026
edited by openshift-ci bot
Loading

@tthvo: This pull request references CORS-4055 which is a valid jira issue.

Details

In response to this:

The PR is an incremental step to migrate AWS API calls to AWS SDK v2. This only focuses on Route 53 clients in the pkg/asset and dependent pkg(s).

This PR contains quite a lot refactoring in order to follow the AWS SDK v2 client pattern.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@tthvo
Copy link
Member Author

tthvo commented Jan 28, 2026

/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 28, 2026

@tthvo: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4a5f5af0-fc03-11f0-867f-09e93b4dd687-0

@tthvo
Copy link
Member Author

tthvo commented Jan 28, 2026

/label tide/merge-method-squash

@openshift-ci openshift-ci bot added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Jan 28, 2026
@tthvo
Copy link
Member Author

tthvo commented Jan 28, 2026

/label platform/aws

/cc @barbacbd @yunjiang29

@openshift-ci openshift-ci bot requested review from barbacbd and yunjiang29 January 28, 2026 04:40
@tthvo tthvo force-pushed the CORS-4055-route53 branch from 2d3d52e to dcdd3d7 Compare January 28, 2026 14:54
@tthvo
Copy link
Member Author

tthvo commented Jan 28, 2026

/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 28, 2026

@tthvo: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4a588710-fc59-11f0-99ed-1e5f7c9cd027-0

@tthvo
Copy link
Member Author

tthvo commented Jan 28, 2026

/test golint

@tthvo
Copy link
Member Author

tthvo commented Jan 28, 2026

/test golint

flakes?

@tthvo tthvo force-pushed the CORS-4055-route53 branch from dcdd3d7 to 64a0786 Compare January 28, 2026 19:18
@tthvo
Copy link
Member Author

tthvo commented Jan 28, 2026

/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 28, 2026

@tthvo: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/d6b3fa80-fc83-11f0-8ca4-51e4c7d2cbe0-0

barbacbd
barbacbd reviewed Jan 29, 2026
View reviewed changes
pkg/asset/installconfig/platformprovisioncheck.go
return awsconfig.ValidateForProvisioning(client, ic.Config, ic.AWS)

privHzClient := publicHzClient
if len(ic.Config.AWS.HostedZoneRole) > 0 {
Copy link
Contributor

@barbacbd barbacbd Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we not add assumed roles in the previous version for this call? Was that a mistake or is this new behavior? It looks like this is the only behavior that is or can be different than the previous version.

Copy link
Member Author

@tthvo tthvo Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, this change do preserve the behaviour 👇

IIUC, the following is true:

  • If platform.aws.hostedZoneRole is set, platform.aws.hostedZone must also be set. See here.
  • ValidateForProvisioning behaves like below:
    • Validates private hosted zone and existing records in that private zone when platform.aws.hostedZone is specified.
    • Otherwise, validates base domain (i.e. public zone) and existing records in that public zone.

With that, we can look at the previous ValidateForProvisioning code. The route53 client indeed assumed role (if any) for private zone calls only. The code was not so clear to express it, but it does.

We can double-confirm with payload testing for byo hosted zone: https://pr-payload-tests.ci.openshift.org/runs/ci/d6b3fa80-fc83-11f0-8ca4-51e4c7d2cbe0-0. The install completes successfully with the new change.

tthvo added 3 commits January 29, 2026 13:43
@tthvo
CORS-4055: migrate Route53 API calls to AWS SDK v2
2aa60fc 
The commit is an incremental step to migrate AWS API calls to AWS SDK v2.
This only focuses on Route53 clients in the pkg/asset and dependent pkg(s).
@tthvo
tests: regenerate asset test mocks
feecc43
@tthvo
vendor: update vendor
f39a9fe
@tthvo tthvo force-pushed the CORS-4055-route53 branch from 64a0786 to f39a9fe Compare January 29, 2026 21:43
@tthvo
Copy link
Member Author

tthvo commented Jan 29, 2026

/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 29, 2026

@tthvo: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

  • periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-shared-vpc-phz-sts-fips-openldap-mini-perm-f7

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/96b32720-fd5b-11f0-9d65-0f8c8c4b3605-0

barbacbd
barbacbd reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

@barbacbd barbacbd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 30, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: barbacbd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtulio mtulio Awaiting requested review from mtulio

@patrickdillon patrickdillon Awaiting requested review from patrickdillon

@yunjiang29 yunjiang29 Awaiting requested review from yunjiang29

1 more reviewer

@barbacbd barbacbd barbacbd left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. platform/aws tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tthvo @openshift-ci-robot @barbacbd