From 765c77aeec16615d894bdf5dce523c788ca39a40 Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Fri, 23 Feb 2024 14:26:15 -0300 Subject: [PATCH 1/2] INT-10459: add retry to client get function calls --- src/google-cloud/client.ts | 6 ++- src/steps/api-gateway/client.ts | 17 ++++---- src/steps/app-engine/client.ts | 10 +++-- src/steps/big-query/client.ts | 50 ++++++++++++++---------- src/steps/binary-authorization/client.ts | 10 +++-- src/steps/cloud-build/client.ts | 10 +++-- src/steps/compute/client.ts | 43 +++++++++++--------- src/steps/containers/client.ts | 10 +++-- src/steps/iam/client.ts | 24 +++++++----- src/steps/kms/client.ts | 7 ++-- src/steps/orgpolicy/client.ts | 10 +++-- src/steps/privateca/client.ts | 10 +++-- src/steps/resource-manager/client.ts | 48 +++++++++++++---------- src/steps/spanner/client.ts | 10 +++-- src/steps/storage/client.ts | 10 +++-- 15 files changed, 161 insertions(+), 114 deletions(-) diff --git a/src/google-cloud/client.ts b/src/google-cloud/client.ts index 23f6ec80..8d55a6dc 100644 --- a/src/google-cloud/client.ts +++ b/src/google-cloud/client.ts @@ -77,8 +77,10 @@ export class Client { scopes: ['https://www.googleapis.com/auth/cloud-platform'], }); - const client = (await auth.getClient()) as BaseExternalAccountClient; - await client.getAccessToken(); + const client = (await this.withErrorHandling(() => + auth.getClient(), + )) as BaseExternalAccountClient; + await this.withErrorHandling(() => client.getAccessToken()); return client; } diff --git a/src/steps/api-gateway/client.ts b/src/steps/api-gateway/client.ts index f6263e3c..2f14b602 100644 --- a/src/steps/api-gateway/client.ts +++ b/src/steps/api-gateway/client.ts @@ -23,11 +23,12 @@ export class ApiGatewayClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const result = - await this.client.projects.locations.apis.configs.getIamPolicy({ + const result = await this.withErrorHandling(() => + this.client.projects.locations.apis.configs.getIamPolicy({ resource: `projects/${this.projectId}/locations/global/apis/${apiId}/configs/${configId}`, auth, - }); + }), + ); return result.data; } @@ -37,10 +38,12 @@ export class ApiGatewayClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.projects.locations.gateways.getIamPolicy({ - resource: `projects/${this.projectId}/locations/global/gateways/${gatewayId}`, - auth, - }); + const result = await this.withErrorHandling(() => + this.client.projects.locations.gateways.getIamPolicy({ + resource: `projects/${this.projectId}/locations/global/gateways/${gatewayId}`, + auth, + }), + ); return result.data; } diff --git a/src/steps/app-engine/client.ts b/src/steps/app-engine/client.ts index fd77faa4..e1920bbf 100644 --- a/src/steps/app-engine/client.ts +++ b/src/steps/app-engine/client.ts @@ -7,10 +7,12 @@ export class AppEngineClient extends Client { async getAppEngineApplication() { const auth = await this.getAuthenticatedServiceClient(); - const response = await this.client.apps.get({ - appsId: this.projectId, - auth, - }); + const response = await this.withErrorHandling(() => + this.client.apps.get({ + appsId: this.projectId, + auth, + }), + ); return response.data; } diff --git a/src/steps/big-query/client.ts b/src/steps/big-query/client.ts index 4c0fbba2..f3dd51ec 100644 --- a/src/steps/big-query/client.ts +++ b/src/steps/big-query/client.ts @@ -57,10 +57,12 @@ export class BigQueryClient extends Client { if (!projectId || !datasetId || !tableId) { return undefined; } - const policyResponse = await this.client.tables.getIamPolicy({ - auth, - resource: `projects/${projectId}/datasets/${datasetId}/tables/${tableId}`, - }); + const policyResponse = await this.withErrorHandling(() => + this.client.tables.getIamPolicy({ + auth, + resource: `projects/${projectId}/datasets/${datasetId}/tables/${tableId}`, + }), + ); return policyResponse?.data; } @@ -69,12 +71,14 @@ export class BigQueryClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const resp = await this.client.tables.get({ - auth, - projectId: data.tableReference?.projectId!, - datasetId: data.tableReference?.datasetId!, - tableId: data.tableReference?.tableId!, - }); + const resp = await this.withErrorHandling(() => + this.client.tables.get({ + auth, + projectId: data.tableReference?.projectId!, + datasetId: data.tableReference?.datasetId!, + tableId: data.tableReference?.tableId!, + }), + ); return resp.data; } @@ -95,11 +99,13 @@ export class BigQueryClient extends Client { async (data: bigquery_v2.Schema$DatasetList) => { for (const datasetRef of data.datasets || []) { if (datasetRef?.datasetReference?.datasetId) { - const dataset = await this.client.datasets.get({ - auth, - projectId: this.projectId, - datasetId: datasetRef.datasetReference?.datasetId, - }); + const dataset = await this.withErrorHandling(() => + this.client.datasets.get({ + auth, + projectId: this.projectId, + datasetId: datasetRef.datasetReference?.datasetId as string, + }), + ); await callback(dataset.data); } @@ -126,12 +132,14 @@ export class BigQueryClient extends Client { async (data: bigquery_v2.Schema$ListModelsResponse) => { for (const modelRef of data.models || []) { if (modelRef.modelReference?.modelId) { - const model = await this.client.models.get({ - auth, - projectId: this.projectId, - datasetId, - modelId: modelRef.modelReference.modelId, - }); + const model = await this.withErrorHandling(() => + this.client.models.get({ + auth, + projectId: this.projectId, + datasetId: datasetId, + modelId: modelRef.modelReference?.modelId as string, + }), + ); await callback(model.data); } } diff --git a/src/steps/binary-authorization/client.ts b/src/steps/binary-authorization/client.ts index 2bf9ccca..8609532d 100644 --- a/src/steps/binary-authorization/client.ts +++ b/src/steps/binary-authorization/client.ts @@ -11,10 +11,12 @@ export class BinaryAuthorizationClient extends Client { async fetchPolicy(): Promise { const auth = await this.getAuthenticatedServiceClient(); - const result: PolicyResponse = await this.client.projects.getPolicy({ - auth, - name: `projects/${this.projectId}/policy`, - }); + const result: PolicyResponse = await this.withErrorHandling(() => + this.client.projects.getPolicy({ + auth, + name: `projects/${this.projectId}/policy`, + }), + ); return result.data; } diff --git a/src/steps/cloud-build/client.ts b/src/steps/cloud-build/client.ts index 9420f9a0..af07dfcb 100644 --- a/src/steps/cloud-build/client.ts +++ b/src/steps/cloud-build/client.ts @@ -86,10 +86,12 @@ export class CloudBuildClient extends Client { const auth = await this.getAuthenticatedServiceClient(); try { - const res = await this.client.projects.githubEnterpriseConfigs.list({ - auth, - parent: `projects/${this.projectId}`, - }); + const res = await this.withErrorHandling(() => + this.client.projects.githubEnterpriseConfigs.list({ + auth, + parent: `projects/${this.projectId}`, + }), + ); if (res.data?.configs) { for (const config of res.data.configs) { diff --git a/src/steps/compute/client.ts b/src/steps/compute/client.ts index 9f437742..104aab2c 100644 --- a/src/steps/compute/client.ts +++ b/src/steps/compute/client.ts @@ -141,11 +141,13 @@ export class ComputeClient extends Client { async fetchComputeImagePolicy(name: string) { const auth = await this.getAuthenticatedServiceClient(); - const resp = await this.client.images.getIamPolicy({ - auth, - project: this.projectId, - resource: name, - }); + const resp = await this.withErrorHandling(() => + this.client.images.getIamPolicy({ + auth, + project: this.projectId, + resource: name, + }), + ); return resp.data; } @@ -153,12 +155,14 @@ export class ComputeClient extends Client { async fetchComputeImage(name: string, projectId: string) { const auth = await this.getAuthenticatedServiceClient(); - const resp = await this.client.images.get({ - auth, - image: name, - // allow us to use the same method for both custom and public images - project: projectId, - }); + const resp = await this.withErrorHandling(() => + this.client.images.get({ + auth, + image: name, + // allow us to use the same method for both custom and public images + project: projectId, + }), + ); return resp.data; } @@ -231,10 +235,12 @@ export class ComputeClient extends Client { async fetchComputeProject(): Promise { const auth = await this.getAuthenticatedServiceClient(); - const computeProjectResponse = await this.client.projects.get({ - auth: auth, - project: this.projectId, - }); + const computeProjectResponse = await this.withErrorHandling(() => + this.client.projects.get({ + auth: auth, + project: this.projectId, + }), + ); return computeProjectResponse.data; } @@ -270,11 +276,12 @@ export class ComputeClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const resp = - await this.osConfigClient.projects.locations.instances.inventories.get({ + const resp = await this.withErrorHandling(() => + this.osConfigClient.projects.locations.instances.inventories.get({ auth, name: `projects/${this.projectId}/locations/${location}/instances/${instanceId}/inventory`, - }); + }), + ); return resp.data; } diff --git a/src/steps/containers/client.ts b/src/steps/containers/client.ts index 41f08f9c..24afda75 100644 --- a/src/steps/containers/client.ts +++ b/src/steps/containers/client.ts @@ -9,10 +9,12 @@ export class ContainerClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.projects.locations.clusters.list({ - auth, - parent: `projects/${this.projectId}/locations/-`, - }); + const result = await this.withErrorHandling(() => + this.client.projects.locations.clusters.list({ + auth, + parent: `projects/${this.projectId}/locations/-`, + }), + ); for (const cluster of result.data.clusters || []) { await callback(cluster); diff --git a/src/steps/iam/client.ts b/src/steps/iam/client.ts index dfc03708..8cd9b312 100644 --- a/src/steps/iam/client.ts +++ b/src/steps/iam/client.ts @@ -101,10 +101,12 @@ export class IamClient extends Client { callback: (data: iam_v1.Schema$ServiceAccountKey) => Promise, ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const response = await this.client.projects.serviceAccounts.keys.list({ - auth, - name: serviceAccountName, - }); + const response = await this.withErrorHandling(() => + this.client.projects.serviceAccounts.keys.list({ + auth, + name: serviceAccountName, + }), + ); for (const k of response.data.keys || []) { await callback(k); @@ -116,12 +118,14 @@ export class IamClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const response = await this.client.iamPolicies.queryAuditableServices({ - auth, - requestBody: { - fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${this.projectId}`, - }, - }); + const response = await this.withErrorHandling(() => + this.client.iamPolicies.queryAuditableServices({ + auth, + requestBody: { + fullResourceName: `//cloudresourcemanager.googleapis.com/projects/${this.projectId}`, + }, + }), + ); for (const service of response.data.services || []) { const name = service.name; diff --git a/src/steps/kms/client.ts b/src/steps/kms/client.ts index 49d25683..9f3c5936 100644 --- a/src/steps/kms/client.ts +++ b/src/steps/kms/client.ts @@ -93,11 +93,12 @@ export class CloudKmsClient extends Client { async fetchCryptoKeyPolicy(resource: string) { const auth = await this.getAuthenticatedServiceClient(); - const result = - await this.client.projects.locations.keyRings.cryptoKeys.getIamPolicy({ + const result = await this.withErrorHandling(() => + this.client.projects.locations.keyRings.cryptoKeys.getIamPolicy({ auth, resource, - }); + }), + ); return result.data; } diff --git a/src/steps/orgpolicy/client.ts b/src/steps/orgpolicy/client.ts index 94e65d4f..3f6f0919 100644 --- a/src/steps/orgpolicy/client.ts +++ b/src/steps/orgpolicy/client.ts @@ -8,10 +8,12 @@ export class OrgPolicyClient extends Client { boolean | undefined > { const auth = await this.getAuthenticatedServiceClient(); - const resp = await this.client.projects.policies.getEffectivePolicy({ - name: `projects/${this.projectId}/policies/storage.publicAccessPrevention`, - auth, - }); + const resp = await this.withErrorHandling(() => + this.client.projects.policies.getEffectivePolicy({ + name: `projects/${this.projectId}/policies/storage.publicAccessPrevention`, + auth, + }), + ); if (resp.data && resp.data.spec?.rules) { return resp.data.spec?.rules[0].enforce as boolean; diff --git a/src/steps/privateca/client.ts b/src/steps/privateca/client.ts index 5dae0bf9..0f0d59c8 100644 --- a/src/steps/privateca/client.ts +++ b/src/steps/privateca/client.ts @@ -10,10 +10,12 @@ export class PrivateCaClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.projects.locations.caPools.getIamPolicy({ - resource: `projects/${this.projectId}/locations/${location}/caPools/${caPoolId}`, - auth, - }); + const result = await this.withErrorHandling(() => + this.client.projects.locations.caPools.getIamPolicy({ + resource: `projects/${this.projectId}/locations/${location}/caPools/${caPoolId}`, + auth, + }), + ); return result.data; } diff --git a/src/steps/resource-manager/client.ts b/src/steps/resource-manager/client.ts index 757fa171..9fb57f01 100644 --- a/src/steps/resource-manager/client.ts +++ b/src/steps/resource-manager/client.ts @@ -16,10 +16,12 @@ export class ResourceManagerClient extends Client { async getProject() { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.projects.get({ - auth, - name: `projects/${this.projectId}`, - }); + const result = await this.withErrorHandling(() => + this.client.projects.get({ + auth, + name: `projects/${this.projectId}`, + }), + ); return result.data; } @@ -27,10 +29,12 @@ export class ResourceManagerClient extends Client { async getOrganization() { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.organizations.get({ - auth, - name: `organizations/${this.organizationId}`, - }); + const result = await this.withErrorHandling(() => + this.client.organizations.get({ + auth, + name: `organizations/${this.organizationId}`, + }), + ); return result.data; } @@ -86,20 +90,22 @@ export class ResourceManagerClient extends Client { async getServiceAccountPolicy() { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.projects.getIamPolicy({ - auth, - resource: `projects/${this.projectId}`, - requestBody: { - options: { - // Policies are versioned and specifying this version will return - // different data. The only way to fetch `conditions` on the - // policies is to specify "3". - // - // See: https://cloud.google.com/iam/docs/reference/rest/v1/Policy - requestedPolicyVersion: 3, + const result = await this.withErrorHandling(() => + this.client.projects.getIamPolicy({ + auth, + resource: `projects/${this.projectId}`, + requestBody: { + options: { + // Policies are versioned and specifying this version will return + // different data. The only way to fetch `conditions` on the + // policies is to specify "3". + // + // See: https://cloud.google.com/iam/docs/reference/rest/v1/Policy + requestedPolicyVersion: 3, + }, }, - }, - }); + }), + ); return result.data; } diff --git a/src/steps/spanner/client.ts b/src/steps/spanner/client.ts index aa1aa446..f6645d1a 100644 --- a/src/steps/spanner/client.ts +++ b/src/steps/spanner/client.ts @@ -23,10 +23,12 @@ export class SpannerClient extends Client { ): Promise { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.projects.instances.databases.getIamPolicy({ - resource: `projects/${this.projectId}/instances/${instanceId}/databases/${databaseId}`, - auth, - }); + const result = await this.withErrorHandling(() => + this.client.projects.instances.databases.getIamPolicy({ + resource: `projects/${this.projectId}/instances/${instanceId}/databases/${databaseId}`, + auth, + }), + ); return result.data; } diff --git a/src/steps/storage/client.ts b/src/steps/storage/client.ts index 45f3906d..5656782e 100644 --- a/src/steps/storage/client.ts +++ b/src/steps/storage/client.ts @@ -26,10 +26,12 @@ export class CloudStorageClient extends Client { async getPolicy(bucket: string): Promise { const auth = await this.getAuthenticatedServiceClient(); - const result = await this.client.buckets.getIamPolicy({ - auth, - bucket, - }); + const result = await this.withErrorHandling(() => + this.client.buckets.getIamPolicy({ + auth, + bucket, + }), + ); return result.data; } From d460f6144f4f46994a3ec7bf93661df6fd5b6191 Mon Sep 17 00:00:00 2001 From: Gaston Yelmini Date: Fri, 23 Feb 2024 14:30:24 -0300 Subject: [PATCH 2/2] Update status code check --- src/steps/compute/steps/fetch-compute-instances.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/steps/compute/steps/fetch-compute-instances.ts b/src/steps/compute/steps/fetch-compute-instances.ts index 78504c4e..f237e3f9 100644 --- a/src/steps/compute/steps/fetch-compute-instances.ts +++ b/src/steps/compute/steps/fetch-compute-instances.ts @@ -134,7 +134,7 @@ export async function fetchComputeInstances( } } catch (e) { // Do not make this inventory call if api is disabled and customer is not using this feature. - if (e.response.status === 403) { + if (e.code === 403) { inventoryApiDisabled = true; } }