mirror of
https://github.com/replicatedhq/troubleshoot.git
synced 2026-02-14 18:29:53 +00:00
35759c47af
* Change workflow branch from 'main' to 'v1beta3' * Auto updater (#1849) * added auto updater * updated docs * commit to trigger actions * Auto-collectors: foundational discovery, image metadata, CLI integrat… (#1845) * Auto-collectors: foundational discovery, image metadata, CLI integration; reset PRD markers * Address PR review feedback - Implement missing namespace exclude patterns functionality - Fix image facts collector to use empty Data field instead of static string - Correct APIVersion to use troubleshoot.sh/v1beta2 consistently * Fix bug bot issues: API parsing, EOF error, and API group corrections - Fix RBAC API parsing errors in rbac_checker.go (getAPIGroup/getAPIVersion functions) - Fix FakeReader EOF error to use standard io.EOF instead of custom error - Fix incorrect API group from troubleshoot.sh to troubleshoot.replicated.com in run.go These changes address the issues identified by the bug bot and ensure proper interface compliance and consistent API group usage. * Fix multiple bug bot issues - Fix RBAC API parsing errors in rbac_checker.go (getAPIGroup/getAPIVersion functions) - Fix FakeReader EOF error to use standard io.EOF instead of custom error - Fix incorrect API group from troubleshoot.sh to troubleshoot.replicated.com in run.go - Fix image facts collector Data field to contain structured JSON instead of static strings These changes address all issues identified by the bug bot and ensure proper interface compliance, consistent API usage, and meaningful data fields. * Update auto_discovery.go * Fix TODO comments in Auto-collector section Fixed 3 of 4 TODOs as requested in PR review: 1. pkg/collect/images/registry_client.go (line 46): - Implement custom CA certificate loading - Add x509 import and certificate parsing logic - Enables image collection from private registries with custom CAs 2. cmd/troubleshoot/cli/diff.go (line 209): - Implement bundle file count functionality - Add tar/gzip imports and getFileCountFromBundle() function - Properly counts files in support bundle archives (.gz/.tgz) 3. cmd/troubleshoot/cli/run.go (line 338): - Replace TODO with clarifying comment about RemoteCollectors usage - Confirmed RemoteCollectors are still actively used in preflights The 4th TODO (diff.go line 196) is left as-is since it's explicitly marked as Phase 4 future work (Support Bundle Differencing implementation). Addresses PR review feedback about unimplemented TODO comments. --------- Co-authored-by: Benjamin Yang <benjaminyang@Benjamins-MacBook-Pro.local> * resetting make targets and github workflows to support v1beta3 releas… (#1853) * resetting make targets and github workflows to support v1beta3 release later * removing generate * remove * removing * removing * Support bundle diff (#1855) implemented support bundle diff command * Preflight docs and template subcommands (#1847) * Added docs and template subcommands with test files * uses helm templating preflight yaml files * merge doc requirements for multiple inputs * Helm aware rendering and markdown output * v1beta3 yaml structure better mirrors beta2 * Update sample-preflight-templated.yaml * Added docs and template subcommands with test files * uses helm templating preflight yaml files * merge doc requirements for multiple inputs * Helm aware rendering and markdown output * v1beta3 yaml structure better mirrors beta2 * Update sample-preflight-templated.yaml * Added/updated documentation on subcommands * Update docs.go * commit to trigger actions * Updated yaml spec (#1851) * v1beta3 spec can be read by preflight * added test files for ease of testing * updated v1beta3 guide doc and added tests * fixed not removing tmp files from v1beta3 processing * created v1beta2 to v1beta3 converter * Updated yaml spec (#1863) * v1beta3 spec can be read by preflight * added test files for ease of testing * v1beta3 renderer fixes * fixed gitignore issue * Auto support bundle upload (#1860) * basic auto uploading support bundles * added upload command * added default vendor endpoint * added auth system from replicated cli * fixed case sensitivity issue in YAML parsing * support bundle uploads for end customers * app slug flag and detection without licenseID * moved v1beta3 examples to proper directory * does not auto update for package managers (#1850) * V1beta3 cleanup (#1869) * moving some files around * more cleanup * removing more unused * update ci for v1beta3 (#1870) * fmt: * removing unused examples * add a v1beta3 fixture * removing coverage reporting * adding brew (#1872) * Fixing testing errors (#1871) fix: resolve failing unit tests and diff consistency in v1beta3 - Fix readLinesFromReader to return lines WITH newlines (like difflib.SplitLines) - Update test expectations to match correct function behavior with newlines - This ensures consistency between streaming and non-streaming diff paths - Fix timeout test by changing from 10ms to 500ms to eliminate flaky failures Fixes TestReadLinesFromReader and Test_loadSupportBundleSpecsFromURIs_TimeoutError Resolves diff output inconsistency between code paths * Fix/exec textanalyze path clean (#1865) * created roadmap and yaml claude agent * Update roadmap.md * Fix textAnalyze analyzer to auto-match exec collector nested paths - Auto-detect exec output files (*-stdout.txt, *-stderr.txt, *-errors.json) - Convert simple filenames to wildcard patterns automatically - Preserve existing wildcard patterns - Fixes 'No matching file' errors for exec + textAnalyze workflows --------- Co-authored-by: Noah Campbell <noah.edward.campbell@gmail.com> * bump goreleaser to v2 * remove collect binary and risc binary * remove this check * add debug logging * larger runner for release * dropping goreleaser * fix syntax * fix syntax * goreleaser * larger * prerelease auto and more * publish to directory: * some more goreleaser/homebrew stuffs * removing risc * bump example * Advanced analysis clean (#1868) * created roadmap and yaml claude agent * Update roadmap.md * feat: Clean advanced analysis implementation - core agents, engine, artifacts * Remove unrelated files - keep only advanced analysis implementation * fix: Fix goroutine leak in hosted agent rate limiter - Added stop channel and stopped flag to RateLimiter struct - Modified replenishTokens to listen for stop signal and exit cleanly - Added Stop() method to gracefully shutdown rate limiter - Added Stop() method to HostedAgent to cleanup rate limiter on shutdown Fixes cursor bot issue: Rate Limiter Goroutine Leak * fix: Fix analyzer config and model validation bugs Bug 1: Analyzer Config Missing File Path - Added filePath to DeploymentStatus analyzer config in convertAnalyzerToSpec - Sets namespace-specific path (cluster-resources/deployments/{namespace}.json) - Falls back to generic path (cluster-resources/deployments.json) if no namespace - Fixes LocalAgent.analyzeDeploymentStatus backward compatibility Bug 2: HealthCheck Fails Model Validation - Changed Ollama model validation from prefix match to exact match - Prevents false positives where llama2:13b would match request for llama2:7b - Ensures agent only reports healthy when exact model is available Both fixes address cursor bot reported issues and maintain backward compatibility. * fixing lint errors * fixing lint errors * adding CLI flags * fix: resolve linting errors for CI - Remove unnecessary nil check in host_kernel_configs.go (len() for nil slices is zero) - Remove unnecessary fmt.Sprintf() calls in ceph.go for static strings - Apply go fmt formatting fixes Fixes failing lint CI check * fix: resolve CI failures in build-test workflow and Ollama tests 1. Fix GitHub Actions workflow logic error: - Replace problematic contains() expression with explicit job result checks - Properly handle failure and cancelled states for each job - Prevents false positive failures in success summary job 2. Fix Ollama agent parseLLMResponse panics: - Add proper error handling for malformed JSON in LLM responses - Return error when JSON is found but invalid (instead of silent fallback) - Add error when no meaningful content can be parsed from response - Prevents nil pointer dereference in test assertions Fixes failing build-test/success and build-test/test CI checks * fix: resolve all CI failures and cursor bot issues 1. Fix disable-ollama flag logic bug: - Remove disable-ollama from advanced analysis trigger condition - Prevents unintended advanced analysis mode when no agents registered - Allows proper fallback to legacy analysis 2. Fix diff test consistency: - Update test expectations to match function behavior (lines with newlines) - Ensures consistency between streaming and non-streaming diff paths 3. Fix Ollama agent error handling: - Add proper error return for malformed JSON in LLM responses - Add meaningful content validation for markdown parsing - Prevents nil pointer panics in test assertions 4. Fix analysis engine mock agent: - Mock agent now processes and returns results for all provided analyzers - Fixes test expectation mismatch (expected 8 results, got 1) Resolves all failing CI checks: lint, test, and success workflow logic --------- Co-authored-by: Noah Campbell <noah.edward.campbell@gmail.com> * Auto-Collect (#1867) * Fix auto-collector missing files issue - Add KOTS-aware detection for diagnostic files - Replace silent RBAC filtering with user warnings - Enhance error file collection for troubleshooting - Achieve parity with traditional support bundles Resolves issue where auto-collector was missing: - KOTS diagnostic files (now 4 vs 3) - ConfigMaps (now 6 vs 6) - Maintains superior log collection (24 vs 0) Final result: [SUCCESS] comprehensive collection achieved * fixing bugbog * fix: resolve production readiness issues in auto-collect branch 1. Fix diff test expectations (lines should have newlines for difflib consistency) 2. Fix preflight tests to use existing v1beta3 example file 3. Fix autodiscovery test context parameter (function signature update) Resolves TestReadLinesFromReader and preflight v1beta3 test failures * fix: resolve autodiscovery tests and cursor bot image matching issues 1. Fix cursor bot image matching bug in isKotsadmImage: - Replace flawed prefix matching with proper image component detection - Handle private registries correctly (registry.company.com/kotsadm/kotsadm:v1.0.0) - Prevent false positives with proper delimiter checking - Add helper functions: containsImageComponent, splitImagePath, removeTagAndDigest 2. Fix autodiscovery test failures: - Add TestMode flag to DiscoveryOptions to control KOTS diagnostic collection - Tests use TestMode=true to get only foundational collectors (no KOTS diagnostics) - Preserves production behavior while enabling clean testing Resolves failing TestDiscoverer_DiscoverFoundational tests and cursor bot issues * Cron job clean (#1862) * created roadmap and yaml claude agent * Update roadmap.md * chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 (#1857) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.2 to 3.10.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump the security group with 2 updates (#1858) Bumps the security group with 2 updates: [github.com/vmware-tanzu/velero](https://github.com/vmware-tanzu/velero) and [helm.sh/helm/v3](https://github.com/helm/helm). Updates `github.com/vmware-tanzu/velero` from 1.16.2 to 1.17.0 - [Release notes](https://github.com/vmware-tanzu/velero/releases) - [Changelog](https://github.com/vmware-tanzu/velero/blob/main/CHANGELOG.md) - [Commits](https://github.com/vmware-tanzu/velero/compare/v1.16.2...v1.17.0) Updates `helm.sh/helm/v3` from 3.18.6 to 3.19.0 - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.18.6...v3.19.0) --- updated-dependencies: - dependency-name: github.com/vmware-tanzu/velero dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security - dependency-name: helm.sh/helm/v3 dependency-version: 3.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump helm.sh/helm/v3 from 3.18.6 to 3.19.0 in /examples/sdk/helm-template in the security group (#1859) chore(deps): bump helm.sh/helm/v3 Bumps the security group in /examples/sdk/helm-template with 1 update: [helm.sh/helm/v3](https://github.com/helm/helm). Updates `helm.sh/helm/v3` from 3.18.6 to 3.19.0 - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.18.6...v3.19.0) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-version: 3.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: security ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add cron job support bundle scheduler Complete implementation with K8s integration: - pkg/schedule/job.go: Job management and persistence - pkg/schedule/daemon.go: Real-time scheduler daemon - pkg/schedule/cli.go: CLI commands (create, list, delete, daemon) - pkg/schedule/schedule_test.go: Comprehensive unit tests - cmd/troubleshoot/cli/root.go: CLI integration * fixing bugbot * Fix all bugbot errors: auto-update stability, job cooldown timing, and daemon execution * Deleting Agent * removed unused flags * fixing auto-upload * fixing markdown files * namespace not required flag for auto collectors to work * loosened cron job validation * writes logs to logfile * fix: resolve autoFromEnv variable scoping issue for CI - Ensure autoFromEnv variable and its usage are in correct scope - Fix build errors: declared and not used / undefined variable - All functionality preserved and tested locally - Force add to override gitignore --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Noah Campbell <noah.edward.campbell@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: clean tokenization system implementation (#1874) Core tokenization functionality with minimal file changes: ✅ Core Features: - Intelligent tokenization engine (tokenizer.go) - Context-aware secret classification (PASSWORD, APIKEY, DATABASE, etc.) - Cross-file correlation with deterministic HMAC-SHA256 tokens - Optional encrypted mapping for token→original value resolution ✅ Integration: - CLI flags: --tokenize, --redaction-map, --encrypt-redaction-map - Updated all redactor types: literal, single-line, multi-line, YAML - Support bundle integration with auto-upload compatibility - Backward compatibility: preserves ***HIDDEN*** when disabled ✅ Production Ready: - Only 11 essential files (vs 31 in original PR) - No excessive test files or documentation - Clean build, all functionality verified - Maintains existing redaction behavior by default Token format: ***TOKEN_<TYPE>_<HASH>*** (e.g., ***TOKEN_PASSWORD_A1B2C3***) * Removes silent failing (#1877) * preserves stdout and stderr from collectors * Delete eliminate-silent-failures.md * Update host_kernel_modules_test.go * added error logs when a collector fails to start * Update host_filesystem_performance_linux.go * fixed error saving logic inconsistency * Update collect.go * Improved error handling for support bundles and redactors for windows (#1878) * improved error handling and window locking * Delete all-windows-collectors.yaml * addressing bugbot concerns * Update host_tcpportstatus.go * Update redact.go * Add regression test suite to github actions * Update regression-test.yaml * Update regression-test.yaml * Update regression-test.yaml * create test/output directory * handle node-specific files and multiple report arguments * simplify comparison to detect code regressions only * handle empty structural_compare rules * removed v1beta3 branch from github workflow * Update Makefile * removed outdated actions * Update Makefile --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Noah Campbell <noah.edward.campbell@gmail.com> Co-authored-by: Benjamin Yang <82779168+bennyyang11@users.noreply.github.com> Co-authored-by: Benjamin Yang <benjaminyang@Benjamins-MacBook-Pro.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
607 lines
20 KiB
Go
607 lines
20 KiB
Go
package cli
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"path/filepath"
|
|
"reflect"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
cursor "github.com/ahmetalpbalkan/go-cursor"
|
|
"github.com/fatih/color"
|
|
"github.com/mattn/go-isatty"
|
|
"github.com/pkg/errors"
|
|
"github.com/replicatedhq/troubleshoot/internal/specs"
|
|
"github.com/replicatedhq/troubleshoot/internal/util"
|
|
analyzer "github.com/replicatedhq/troubleshoot/pkg/analyze"
|
|
troubleshootv1beta2 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
|
|
"github.com/replicatedhq/troubleshoot/pkg/collect"
|
|
"github.com/replicatedhq/troubleshoot/pkg/constants"
|
|
"github.com/replicatedhq/troubleshoot/pkg/convert"
|
|
"github.com/replicatedhq/troubleshoot/pkg/httputil"
|
|
"github.com/replicatedhq/troubleshoot/pkg/k8sutil"
|
|
"github.com/replicatedhq/troubleshoot/pkg/loader"
|
|
"github.com/replicatedhq/troubleshoot/pkg/redact"
|
|
"github.com/replicatedhq/troubleshoot/pkg/supportbundle"
|
|
"github.com/replicatedhq/troubleshoot/pkg/types"
|
|
"github.com/spf13/viper"
|
|
spin "github.com/tj/go-spin"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/client-go/kubernetes"
|
|
"k8s.io/client-go/rest"
|
|
"k8s.io/klog/v2"
|
|
)
|
|
|
|
func runTroubleshoot(v *viper.Viper, args []string) error {
|
|
ctx := context.Background()
|
|
|
|
restConfig, err := k8sutil.GetRESTConfig()
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed to convert kube flags to rest config")
|
|
}
|
|
|
|
client, err := kubernetes.NewForConfig(restConfig)
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed to create kubernetes client")
|
|
}
|
|
|
|
mainBundle, additionalRedactors, err := loadSpecs(ctx, args, client)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Validate auto-discovery flags
|
|
if err := ValidateAutoDiscoveryFlags(v); err != nil {
|
|
return errors.Wrap(err, "invalid auto-discovery configuration")
|
|
}
|
|
|
|
// Validate tokenization flags
|
|
if err := ValidateTokenizationFlags(v); err != nil {
|
|
return errors.Wrap(err, "invalid tokenization configuration")
|
|
}
|
|
// Apply auto-discovery if enabled
|
|
autoConfig := GetAutoDiscoveryConfig(v)
|
|
if autoConfig.Enabled {
|
|
mode := GetAutoDiscoveryMode(args, autoConfig.Enabled)
|
|
if !v.GetBool("quiet") {
|
|
PrintAutoDiscoveryInfo(autoConfig, mode)
|
|
}
|
|
|
|
// Apply auto-discovery to the main bundle
|
|
namespace := v.GetString("namespace")
|
|
if err := ApplyAutoDiscovery(ctx, client, restConfig, mainBundle, autoConfig, namespace); err != nil {
|
|
return errors.Wrap(err, "auto-discovery failed")
|
|
}
|
|
}
|
|
|
|
// For --dry-run, we want to print the yaml and exit
|
|
if v.GetBool("dry-run") {
|
|
k := loader.TroubleshootKinds{
|
|
SupportBundlesV1Beta2: []troubleshootv1beta2.SupportBundle{*mainBundle},
|
|
}
|
|
// If we have redactors, add them to the temp kinds object
|
|
if len(additionalRedactors.Spec.Redactors) > 0 {
|
|
k.RedactorsV1Beta2 = []troubleshootv1beta2.Redactor{*additionalRedactors}
|
|
}
|
|
|
|
out, err := k.ToYaml()
|
|
if err != nil {
|
|
return types.NewExitCodeError(constants.EXIT_CODE_CATCH_ALL, errors.Wrap(err, "failed to convert specs to yaml"))
|
|
}
|
|
fmt.Printf("%s", out)
|
|
return nil
|
|
}
|
|
|
|
interactive := v.GetBool("interactive") && isatty.IsTerminal(os.Stdout.Fd())
|
|
|
|
if interactive {
|
|
fmt.Print(cursor.Hide())
|
|
defer fmt.Print(cursor.Show())
|
|
}
|
|
|
|
go func() {
|
|
signalChan := make(chan os.Signal, 1)
|
|
signal.Notify(signalChan, os.Interrupt)
|
|
<-signalChan
|
|
if interactive {
|
|
fmt.Print(cursor.Show())
|
|
}
|
|
os.Exit(0)
|
|
}()
|
|
|
|
var sinceTime *time.Time
|
|
if v.GetString("since-time") != "" || v.GetString("since") != "" {
|
|
sinceTime, err = parseTimeFlags(v)
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed parse since time")
|
|
}
|
|
}
|
|
|
|
if v.GetBool("allow-insecure-connections") || v.GetBool("insecure-skip-tls-verify") {
|
|
httputil.AddTransport(&http.Transport{
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
|
})
|
|
}
|
|
|
|
if interactive {
|
|
c := color.New()
|
|
c.Println(fmt.Sprintf("\r%s\r", cursor.ClearEntireLine()))
|
|
}
|
|
|
|
if interactive {
|
|
if len(mainBundle.Spec.HostCollectors) > 0 && !util.IsRunningAsRoot() && !mainBundle.Spec.RunHostCollectorsInPod {
|
|
fmt.Print(cursor.Show())
|
|
if util.PromptYesNo(util.HOST_COLLECTORS_RUN_AS_ROOT_PROMPT) {
|
|
fmt.Println("Exiting...")
|
|
return nil
|
|
}
|
|
fmt.Print(cursor.Hide())
|
|
}
|
|
}
|
|
|
|
var wg sync.WaitGroup
|
|
collectorCB := func(c chan interface{}, msg string) { c <- msg }
|
|
progressChan := make(chan interface{})
|
|
isProgressChanClosed := false
|
|
defer func() {
|
|
if !isProgressChanClosed {
|
|
close(progressChan)
|
|
}
|
|
wg.Wait()
|
|
}()
|
|
|
|
if !interactive {
|
|
// TODO (dans): custom warning handler to capture warning in `analysisOutput`
|
|
restConfig.WarningHandler = rest.NoWarnings{}
|
|
|
|
// TODO (dans): maybe log to file
|
|
wg.Add(1)
|
|
go func() {
|
|
defer wg.Done()
|
|
for msg := range progressChan {
|
|
klog.Infof("Collecting support bundle: %v", msg)
|
|
}
|
|
}()
|
|
} else {
|
|
s := spin.New()
|
|
wg.Add(1)
|
|
go func() {
|
|
defer wg.Done()
|
|
currentDir := ""
|
|
for {
|
|
select {
|
|
case msg, ok := <-progressChan:
|
|
if !ok {
|
|
fmt.Printf("\r%s\r", cursor.ClearEntireLine())
|
|
return
|
|
}
|
|
switch msg := msg.(type) {
|
|
case error:
|
|
c := color.New(color.FgHiRed)
|
|
c.Println(fmt.Sprintf("%s\r * %v", cursor.ClearEntireLine(), msg))
|
|
case string:
|
|
currentDir = filepath.Base(msg)
|
|
}
|
|
case <-time.After(time.Millisecond * 100):
|
|
if currentDir == "" {
|
|
fmt.Printf("\r%s \033[36mCollecting support bundle\033[m %s", cursor.ClearEntireLine(), s.Next())
|
|
} else {
|
|
fmt.Printf("\r%s \033[36mCollecting support bundle\033[m %s %s", cursor.ClearEntireLine(), s.Next(), currentDir)
|
|
}
|
|
}
|
|
}
|
|
}()
|
|
}
|
|
|
|
createOpts := supportbundle.SupportBundleCreateOpts{
|
|
CollectorProgressCallback: collectorCB,
|
|
CollectWithoutPermissions: v.GetBool("collect-without-permissions"),
|
|
KubernetesRestConfig: restConfig,
|
|
Namespace: v.GetString("namespace"),
|
|
ProgressChan: progressChan,
|
|
SinceTime: sinceTime,
|
|
OutputPath: v.GetString("output"),
|
|
Redact: v.GetBool("redact"),
|
|
FromCLI: true,
|
|
RunHostCollectorsInPod: mainBundle.Spec.RunHostCollectorsInPod,
|
|
|
|
// Phase 4: Tokenization options
|
|
Tokenize: v.GetBool("tokenize"),
|
|
RedactionMapPath: v.GetString("redaction-map"),
|
|
EncryptRedactionMap: v.GetBool("encrypt-redaction-map"),
|
|
TokenPrefix: v.GetString("token-prefix"),
|
|
VerifyTokenization: v.GetBool("verify-tokenization"),
|
|
BundleID: v.GetString("bundle-id"),
|
|
TokenizationStats: v.GetBool("tokenization-stats"),
|
|
}
|
|
|
|
nonInteractiveOutput := analysisOutput{}
|
|
|
|
response, err := supportbundle.CollectSupportBundleFromSpec(&mainBundle.Spec, additionalRedactors, createOpts)
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed to run collect and analyze process")
|
|
}
|
|
|
|
close(progressChan) // this removes the spinner in interactive mode
|
|
isProgressChanClosed = true
|
|
|
|
if len(response.AnalyzerResults) > 0 {
|
|
if interactive {
|
|
if err := showInteractiveResults(mainBundle.Name, response.AnalyzerResults, response.ArchivePath); err != nil {
|
|
interactive = false
|
|
}
|
|
} else {
|
|
nonInteractiveOutput.Analysis = response.AnalyzerResults
|
|
}
|
|
}
|
|
|
|
if !response.FileUploaded {
|
|
if appName := mainBundle.Labels["applicationName"]; appName != "" {
|
|
f := `A support bundle for %s has been created in this directory
|
|
named %s. Please upload it on the Troubleshoot page of
|
|
the %s Admin Console to begin analysis.`
|
|
fmt.Printf(f, appName, response.ArchivePath, appName)
|
|
return nil
|
|
}
|
|
|
|
if !interactive {
|
|
nonInteractiveOutput.ArchivePath = response.ArchivePath
|
|
output, err := nonInteractiveOutput.FormattedAnalysisOutput()
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed to format non-interactive output")
|
|
}
|
|
fmt.Println(output)
|
|
return nil
|
|
}
|
|
|
|
fmt.Printf("\nA support bundle was generated and saved at %s. Please send this file to your software vendor for support.\n", response.ArchivePath)
|
|
return nil
|
|
}
|
|
|
|
if interactive {
|
|
fmt.Printf("\r%s\r", cursor.ClearEntireLine())
|
|
}
|
|
if response.FileUploaded {
|
|
fmt.Printf("A support bundle has been created and uploaded to your cluster for analysis. Please visit the Troubleshoot page to continue.\n")
|
|
fmt.Printf("A copy of this support bundle was written to the current directory, named %q\n", response.ArchivePath)
|
|
} else {
|
|
fmt.Printf("A support bundle has been created in the current directory named %q\n", response.ArchivePath)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// loadSupportBundleSpecsFromURIs loads support bundle specs from URIs
|
|
func loadSupportBundleSpecsFromURIs(ctx context.Context, kinds *loader.TroubleshootKinds) error {
|
|
moreKinds := loader.NewTroubleshootKinds()
|
|
|
|
// iterate through original kinds and replace any support bundle spec with provided uri spec
|
|
for _, s := range kinds.SupportBundlesV1Beta2 {
|
|
if s.Spec.Uri == "" || !util.IsURL(s.Spec.Uri) {
|
|
moreKinds.SupportBundlesV1Beta2 = append(moreKinds.SupportBundlesV1Beta2, s)
|
|
continue
|
|
}
|
|
|
|
// We are using LoadSupportBundleSpec function here since it handles prompting
|
|
// users to accept insecure connections
|
|
// There is an opportunity to refactor this code in favour of the Loader APIs
|
|
// TODO: Pass ctx to LoadSupportBundleSpec
|
|
rawSpec, err := supportbundle.LoadSupportBundleSpec(s.Spec.Uri)
|
|
if err != nil {
|
|
// add back original spec
|
|
moreKinds.SupportBundlesV1Beta2 = append(moreKinds.SupportBundlesV1Beta2, s)
|
|
// In the event a spec can't be loaded, we'll just skip it and print a warning
|
|
klog.Warningf("unable to load support bundle from URI: %q: %v", s.Spec.Uri, err)
|
|
continue
|
|
}
|
|
k, err := loader.LoadSpecs(ctx, loader.LoadOptions{RawSpec: string(rawSpec)})
|
|
if err != nil {
|
|
// add back original spec
|
|
moreKinds.SupportBundlesV1Beta2 = append(moreKinds.SupportBundlesV1Beta2, s)
|
|
klog.Warningf("unable to load spec: %v", err)
|
|
continue
|
|
}
|
|
|
|
if len(k.SupportBundlesV1Beta2) == 0 {
|
|
// add back original spec
|
|
moreKinds.SupportBundlesV1Beta2 = append(moreKinds.SupportBundlesV1Beta2, s)
|
|
klog.Warningf("no support bundle spec found in URI: %s", s.Spec.Uri)
|
|
continue
|
|
}
|
|
|
|
// finally append the uri spec
|
|
moreKinds.SupportBundlesV1Beta2 = append(moreKinds.SupportBundlesV1Beta2, k.SupportBundlesV1Beta2...)
|
|
|
|
}
|
|
|
|
kinds.SupportBundlesV1Beta2 = moreKinds.SupportBundlesV1Beta2
|
|
|
|
return nil
|
|
}
|
|
|
|
func loadSpecs(ctx context.Context, args []string, client kubernetes.Interface) (*troubleshootv1beta2.SupportBundle, *troubleshootv1beta2.Redactor, error) {
|
|
var (
|
|
kinds = loader.NewTroubleshootKinds()
|
|
vp = viper.GetViper()
|
|
redactors = vp.GetStringSlice("redactors")
|
|
allArgs = append(args, redactors...)
|
|
err error
|
|
)
|
|
|
|
kinds, err = specs.LoadFromCLIArgs(ctx, client, allArgs, vp)
|
|
if err != nil {
|
|
return nil, nil, errors.Wrap(err, "failed to load specs from CLI args")
|
|
}
|
|
|
|
// Load additional specs from support bundle URIs
|
|
// only when no-uri flag is not set and no URLs are provided in the args
|
|
if !viper.GetBool("no-uri") {
|
|
err := loadSupportBundleSpecsFromURIs(ctx, kinds)
|
|
if err != nil {
|
|
klog.Warningf("unable to load support bundles from URIs: %v", err)
|
|
}
|
|
}
|
|
|
|
// Check if we have any collectors to run in the troubleshoot specs
|
|
// Skip this check if auto-discovery is enabled, as collectors will be added later
|
|
// Note: RemoteCollectors are still actively used in preflights and host preflights
|
|
if len(kinds.CollectorsV1Beta2) == 0 &&
|
|
len(kinds.HostCollectorsV1Beta2) == 0 &&
|
|
len(kinds.SupportBundlesV1Beta2) == 0 &&
|
|
!vp.GetBool("auto") {
|
|
return nil, nil, types.NewExitCodeError(
|
|
constants.EXIT_CODE_CATCH_ALL,
|
|
errors.New("no collectors specified to run. Use --debug and/or -v=2 to see more information"),
|
|
)
|
|
}
|
|
|
|
// Merge specs
|
|
// We need to add the default type information to the support bundle spec
|
|
// since by default these fields would be empty
|
|
mainBundle := &troubleshootv1beta2.SupportBundle{
|
|
TypeMeta: metav1.TypeMeta{
|
|
APIVersion: "troubleshoot.sh/v1beta2",
|
|
Kind: "SupportBundle",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "merged-support-bundle-spec",
|
|
},
|
|
}
|
|
|
|
// If auto-discovery is enabled and no support bundle specs were loaded,
|
|
// create a minimal default support bundle spec for auto-discovery to work with
|
|
if vp.GetBool("auto") && len(kinds.SupportBundlesV1Beta2) == 0 {
|
|
defaultSupportBundle := troubleshootv1beta2.SupportBundle{
|
|
TypeMeta: metav1.TypeMeta{
|
|
APIVersion: "troubleshoot.replicated.com/v1beta2",
|
|
Kind: "SupportBundle",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "auto-discovery-default",
|
|
},
|
|
Spec: troubleshootv1beta2.SupportBundleSpec{
|
|
Collectors: []*troubleshootv1beta2.Collect{}, // Empty collectors - will be populated by auto-discovery
|
|
},
|
|
}
|
|
kinds.SupportBundlesV1Beta2 = append(kinds.SupportBundlesV1Beta2, defaultSupportBundle)
|
|
klog.V(2).Info("Created default support bundle spec for auto-discovery")
|
|
}
|
|
|
|
var enableRunHostCollectorsInPod bool
|
|
|
|
for _, sb := range kinds.SupportBundlesV1Beta2 {
|
|
sb := sb
|
|
mainBundle = supportbundle.ConcatSpec(mainBundle, &sb)
|
|
//check if sb has metadata and if it has RunHostCollectorsInPod set to true
|
|
if !reflect.DeepEqual(sb.ObjectMeta, metav1.ObjectMeta{}) && sb.Spec.RunHostCollectorsInPod {
|
|
enableRunHostCollectorsInPod = sb.Spec.RunHostCollectorsInPod
|
|
}
|
|
}
|
|
mainBundle.Spec.RunHostCollectorsInPod = enableRunHostCollectorsInPod
|
|
|
|
for _, c := range kinds.CollectorsV1Beta2 {
|
|
mainBundle.Spec.Collectors = util.Append(mainBundle.Spec.Collectors, c.Spec.Collectors)
|
|
}
|
|
|
|
for _, hc := range kinds.HostCollectorsV1Beta2 {
|
|
mainBundle.Spec.HostCollectors = util.Append(mainBundle.Spec.HostCollectors, hc.Spec.Collectors)
|
|
}
|
|
|
|
// Don't add default collectors if auto-discovery is enabled, as auto-discovery will add them
|
|
if !(len(mainBundle.Spec.HostCollectors) > 0 && len(mainBundle.Spec.Collectors) == 0) && !vp.GetBool("auto") {
|
|
// Always add default collectors unless we only have host collectors or auto-discovery is enabled
|
|
// We need to add them here so when we --dry-run, these collectors
|
|
// are included. supportbundle.runCollectors duplicates this bit.
|
|
// We'll need to refactor it out later when its clearer what other
|
|
// code depends on this logic e.g KOTS
|
|
mainBundle.Spec.Collectors = collect.EnsureCollectorInList(
|
|
mainBundle.Spec.Collectors,
|
|
troubleshootv1beta2.Collect{ClusterInfo: &troubleshootv1beta2.ClusterInfo{}},
|
|
)
|
|
mainBundle.Spec.Collectors = collect.EnsureCollectorInList(
|
|
mainBundle.Spec.Collectors,
|
|
troubleshootv1beta2.Collect{ClusterResources: &troubleshootv1beta2.ClusterResources{}},
|
|
)
|
|
}
|
|
|
|
additionalRedactors := &troubleshootv1beta2.Redactor{
|
|
TypeMeta: metav1.TypeMeta{
|
|
APIVersion: "troubleshoot.replicated.com/v1beta2",
|
|
Kind: "Redactor",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "merged-redactors-spec",
|
|
},
|
|
}
|
|
for _, r := range kinds.RedactorsV1Beta2 {
|
|
additionalRedactors.Spec.Redactors = util.Append(additionalRedactors.Spec.Redactors, r.Spec.Redactors)
|
|
}
|
|
|
|
// dedupe specs
|
|
mainBundle.Spec.Collectors = util.Dedup(mainBundle.Spec.Collectors)
|
|
mainBundle.Spec.Analyzers = util.Dedup(mainBundle.Spec.Analyzers)
|
|
mainBundle.Spec.HostCollectors = util.Dedup(mainBundle.Spec.HostCollectors)
|
|
mainBundle.Spec.HostAnalyzers = util.Dedup(mainBundle.Spec.HostAnalyzers)
|
|
|
|
return mainBundle, additionalRedactors, nil
|
|
}
|
|
|
|
func parseTimeFlags(v *viper.Viper) (*time.Time, error) {
|
|
var (
|
|
sinceTime time.Time
|
|
err error
|
|
)
|
|
if v.GetString("since-time") != "" {
|
|
if v.GetString("since") != "" {
|
|
return nil, errors.Errorf("at most one of `sinceTime` or `since` may be specified")
|
|
}
|
|
sinceTime, err = time.Parse(time.RFC3339, v.GetString("since-time"))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "unable to parse --since-time flag")
|
|
}
|
|
} else {
|
|
parsedDuration, err := time.ParseDuration(v.GetString("since"))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "unable to parse --since flag")
|
|
}
|
|
now := time.Now()
|
|
sinceTime = now.Add(0 - parsedDuration)
|
|
}
|
|
|
|
return &sinceTime, nil
|
|
}
|
|
|
|
type analysisOutput struct {
|
|
Analysis []*analyzer.AnalyzeResult
|
|
ArchivePath string
|
|
}
|
|
|
|
func (a *analysisOutput) FormattedAnalysisOutput() (outputJson string, err error) {
|
|
type convertedOutput struct {
|
|
ConvertedAnalysis []*convert.Result `json:"analyzerResults"`
|
|
ArchivePath string `json:"archivePath"`
|
|
}
|
|
|
|
converted := convert.FromAnalyzerResult(a.Analysis)
|
|
|
|
o := convertedOutput{
|
|
ConvertedAnalysis: converted,
|
|
ArchivePath: a.ArchivePath,
|
|
}
|
|
|
|
formatted, err := json.MarshalIndent(o, "", " ")
|
|
if err != nil {
|
|
return "", fmt.Errorf("\r * Failed to format analysis: %v\n", err)
|
|
}
|
|
return string(formatted), nil
|
|
}
|
|
|
|
// ValidateTokenizationFlags validates tokenization flag combinations
|
|
func ValidateTokenizationFlags(v *viper.Viper) error {
|
|
// Verify tokenization mode early (before collection starts)
|
|
if v.GetBool("verify-tokenization") {
|
|
if err := VerifyTokenizationSetup(v); err != nil {
|
|
return errors.Wrap(err, "tokenization verification failed")
|
|
}
|
|
fmt.Println("✅ Tokenization verification passed")
|
|
os.Exit(0) // Exit after verification
|
|
}
|
|
|
|
// Encryption requires redaction map
|
|
if v.GetBool("encrypt-redaction-map") && v.GetString("redaction-map") == "" {
|
|
return errors.New("--encrypt-redaction-map requires --redaction-map to be specified")
|
|
}
|
|
|
|
// Redaction map requires tokenization or redaction to be enabled
|
|
if v.GetString("redaction-map") != "" {
|
|
if !v.GetBool("tokenize") && !v.GetBool("redact") {
|
|
return errors.New("--redaction-map requires either --tokenize or --redact to be enabled")
|
|
}
|
|
}
|
|
|
|
// Custom token prefix requires tokenization
|
|
if v.GetString("token-prefix") != "" && !v.GetBool("tokenize") {
|
|
return errors.New("--token-prefix requires --tokenize to be enabled")
|
|
}
|
|
|
|
// Bundle ID requires tokenization
|
|
if v.GetString("bundle-id") != "" && !v.GetBool("tokenize") {
|
|
return errors.New("--bundle-id requires --tokenize to be enabled")
|
|
}
|
|
|
|
// Tokenization stats requires tokenization
|
|
if v.GetBool("tokenization-stats") && !v.GetBool("tokenize") {
|
|
return errors.New("--tokenization-stats requires --tokenize to be enabled")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// VerifyTokenizationSetup verifies tokenization configuration without collecting data
|
|
func VerifyTokenizationSetup(v *viper.Viper) error {
|
|
fmt.Println("🔍 Verifying tokenization setup...")
|
|
|
|
// Test 1: Environment variable check
|
|
if v.GetBool("tokenize") {
|
|
os.Setenv("TROUBLESHOOT_TOKENIZATION", "true")
|
|
defer os.Unsetenv("TROUBLESHOOT_TOKENIZATION")
|
|
}
|
|
|
|
// Test 2: Tokenizer initialization
|
|
redact.ResetGlobalTokenizer()
|
|
tokenizer := redact.GetGlobalTokenizer()
|
|
|
|
if v.GetBool("tokenize") && !tokenizer.IsEnabled() {
|
|
return errors.New("tokenizer is not enabled despite --tokenize flag")
|
|
}
|
|
|
|
if !v.GetBool("tokenize") && tokenizer.IsEnabled() {
|
|
return errors.New("tokenizer is enabled despite --tokenize flag being false")
|
|
}
|
|
|
|
fmt.Printf(" ✅ Tokenizer state: %v\n", tokenizer.IsEnabled())
|
|
|
|
// Test 3: Token generation
|
|
if tokenizer.IsEnabled() {
|
|
testToken := tokenizer.TokenizeValue("test-secret", "verification")
|
|
if !tokenizer.ValidateToken(testToken) {
|
|
return errors.Errorf("generated test token is invalid: %s", testToken)
|
|
}
|
|
fmt.Printf(" ✅ Test token generated: %s\n", testToken)
|
|
}
|
|
|
|
// Test 4: Custom token prefix validation
|
|
if customPrefix := v.GetString("token-prefix"); customPrefix != "" {
|
|
if !strings.Contains(customPrefix, "%s") {
|
|
return errors.Errorf("custom token prefix must contain %%s placeholders: %s", customPrefix)
|
|
}
|
|
fmt.Printf(" ✅ Custom token prefix validated: %s\n", customPrefix)
|
|
}
|
|
|
|
// Test 5: Redaction map path validation
|
|
if mapPath := v.GetString("redaction-map"); mapPath != "" {
|
|
// Check if directory exists
|
|
dir := filepath.Dir(mapPath)
|
|
if _, err := os.Stat(dir); os.IsNotExist(err) {
|
|
return errors.Errorf("redaction map directory does not exist: %s", dir)
|
|
}
|
|
fmt.Printf(" ✅ Redaction map path validated: %s\n", mapPath)
|
|
|
|
// Test file creation (and cleanup)
|
|
testFile := mapPath + ".test"
|
|
if err := os.WriteFile(testFile, []byte("test"), 0600); err != nil {
|
|
return errors.Errorf("cannot create redaction map file: %v", err)
|
|
}
|
|
os.Remove(testFile)
|
|
fmt.Printf(" ✅ File creation permissions verified\n")
|
|
}
|
|
|
|
return nil
|
|
}
|