Rename --mode to --runner, and update the README

geropl · geropl · commit 772d51a280f7 · 2025-04-07T17:04:37.000Z
Tool: gitpod/catfood.gitpod.cloud
diff --git a/gitpod-network-check/README.md b/gitpod-network-check/README.md
@@ -55,17 +55,17 @@ A CLI to check if your network setup is suitable for the installation of Gitpod.
 
 2. Run the network diagnosis
 
-   The tool supports different modes for running the checks, specified by the `--mode` flag (`ec2`, `lambda`, `local`).
+   The tool supports different runners for executing the checks, specified by the `--runner` flag (`ec2`, `lambda`, `local`).
 
-   **Using EC2 Mode (Default):**
+   **Using EC2 Runner (Default):**
 
    This mode launches temporary EC2 instances in your specified subnets to perform the network checks. This most closely simulates the environment where Gitpod components will run.
 
-   To start the diagnosis using EC2 mode: `./gitpod-network-check diagnose --mode ec2` (or simply `./gitpod-network-check diagnose` as EC2 is the default).
+   To start the diagnosis using the EC2 runner: `./gitpod-network-check diagnose --runner ec2` (or simply `./gitpod-network-check diagnose` as EC2 is the default).
 
    ```console
-   # Example output for EC2 mode
-   ./gitpod-network-check diagnose --mode ec2
+   # Example output for EC2 runner
+   ./gitpod-network-check diagnose --runner ec2
    INFO[0000] ℹ️  Running with region `eu-central-1`, main subnet `[subnet-0ed211f14362b224f  subnet-041703e62a05d2024]`, pod subnet `[subnet-075c44edead3b062f  subnet-06eb311c6b92e0f29]`, hosts `[accounts.google.com  https://github.com]`, ami ``, and API endpoint `` 
    INFO[0000] ✅ Main Subnets are valid                     
    INFO[0000] ✅ Pod Subnets are valid                      
@@ -127,47 +127,47 @@ A CLI to check if your network setup is suitable for the installation of Gitpod.
    INFO[0306] ✅ Security group 'sg-00d4a66a7840ebd67' deleted 
    ```
 
-   **Using Lambda Mode:**
+   **Using Lambda Runner:**
 
    This mode uses AWS Lambda functions deployed into your specified subnets to perform the network checks. It avoids the need to launch full EC2 instances but has its own prerequisites.
 
    *   **Prerequisites for Lambda Mode:**
        *   **IAM Permissions:** The AWS credentials used to run `gitpod-network-check` need permissions to manage Lambda functions, IAM roles, security groups, and CloudWatch Logs. Specifically, it needs to perform actions like: `lambda:CreateFunction`, `lambda:GetFunction`, `lambda:DeleteFunction`, `lambda:InvokeFunction`, `iam:CreateRole`, `iam:GetRole`, `iam:DeleteRole`, `iam:AttachRolePolicy`, `iam:DetachRolePolicy`, `ec2:CreateSecurityGroup`, `ec2:DescribeSecurityGroups`, `ec2:DeleteSecurityGroup`, `ec2:AuthorizeSecurityGroupEgress`, `ec2:DescribeSubnets`, `logs:DeleteLogGroup`.
        *   **Network Connectivity:** Lambda functions running within a VPC need a route to the internet or required AWS service endpoints. This typically requires a **NAT Gateway** in your VPC or **VPC Endpoints** for all necessary services (e.g., STS, CloudWatch Logs, ECR, S3, DynamoDB, and any target HTTPS hosts). Without proper outbound connectivity, the Lambda checks will fail.
 
-   *   **Running Lambda Mode:**
-       To start the diagnosis using Lambda mode:
+   *   **Running Lambda Runner:**
+       To start the diagnosis using the Lambda runner:
        ```bash
-       ./gitpod-network-check diagnose --mode lambda
+       ./gitpod-network-check diagnose --runner lambda
        ```
 
-   *   **Using Existing Resources (Lambda Mode):**
+   *   **Using Existing Resources (Lambda Runner):**
        If you have pre-existing IAM roles or Security Groups you want the Lambda functions to use, you can specify them using flags. This will prevent the tool from creating or deleting these specific resources.
        ```bash
-       ./gitpod-network-check diagnose --mode lambda \
+       ./gitpod-network-check diagnose --runner lambda \
          --lambda-role-arn arn:aws:iam::123456789012:role/MyExistingLambdaRole \
          --lambda-sg-id sg-0123456789abcdef0 
        ```
 
-   *   **Example Output (Lambda Mode):**
-       The output will be similar to EC2 mode but will show Lambda function creation/invocation instead of EC2 instance management.
+   *   **Example Output (Lambda Runner):**
+       The output will be similar to EC2 runner but will show Lambda function creation/invocation instead of EC2 instance management.
 
-   **Using Local Mode:**
+   **Using Local Runner:**
 
    This mode runs the checks directly from the machine where you execute the CLI. It's useful for basic outbound connectivity tests but **does not** accurately reflect the network environment within your AWS subnets.
 
-   To start the diagnosis using local mode: `./gitpod-network-check diagnose --mode local`
+   To start the diagnosis using the local runner: `./gitpod-network-check diagnose --runner local`
 
 3. Clean up after network diagnosis
 
-   The `diagnose` command is designed to clean up the AWS resources it creates (EC2 instances, Lambda functions, IAM roles, Security Groups, CloudWatch Log groups) before it finishes. However, if the process terminates unexpectedly, you can manually trigger cleanup using the `clean` command. This command respects the `--mode` flag to clean up resources specific to that mode.
+   The `diagnose` command is designed to clean up the AWS resources it creates (EC2 instances, Lambda functions, IAM roles, Security Groups, CloudWatch Log groups) before it finishes. However, if the process terminates unexpectedly, you can manually trigger cleanup using the `clean` command. This command respects the `--runner` flag to clean up resources specific to that runner.
 
    ```bash
-   # Clean up resources potentially left by EC2 mode
-   ./gitpod-network-check clean --mode ec2 
+   # Clean up resources potentially left by the EC2 runner
+   ./gitpod-network-check clean --runner ec2 
 
-   # Clean up resources potentially left by Lambda mode
-   ./gitpod-network-check clean --mode lambda
+   # Clean up resources potentially left by the Lambda runner
+   ./gitpod-network-check clean --runner lambda
    ```
 
    **Note:** The `clean` command will *not* delete IAM roles or Security Groups if they were provided using the `--lambda-role-arn` or `--lambda-sg-id` flags during the `diagnose` run.
diff --git a/gitpod-network-check/cmd/root.go b/gitpod-network-check/cmd/root.go
@@ -24,10 +24,10 @@ var Flags = struct {
 	// Variable to store the testsets flag value
 	SelectedTestsets []string
 
-	// Variable to store the mode flag value
-	ModeVar string
+	// Variable to store the runner flag value
+	RunnerTypeStr string
 
-	Mode runner.Mode
+	RunnerType runner.RunnerType
 }{}
 
 // NetworkCheckCmd is the root command for the application
@@ -52,20 +52,20 @@ func preRunE(cmd *cobra.Command, args []string) error {
 	log.Infof("ℹ️  Running with region `%s`, main subnet `%v`, pod subnet `%v`, hosts `%v`, ami `%v`, and API endpoint `%v`", NetworkConfig.AwsRegion, NetworkConfig.MainSubnets, NetworkConfig.PodSubnets, NetworkConfig.HttpsHosts, NetworkConfig.InstanceAMI, NetworkConfig.ApiEndpoint)
 
 	// validate the config
-	err = validateSubnets(cmd, args)
+	err = validateSubnetsConfig(cmd, args)
 	if err != nil {
 		return fmt.Errorf("❌  incorrect subnets: %v", err)
 	}
 
-	err = validateMode(cmd, args)
+	err = validateRunnerFlag(cmd, args)
 	if err != nil {
-		return fmt.Errorf("❌  incorrect mode: %v", err)
+		return fmt.Errorf("❌  incorrect runner: %v", err) // Update error message context
 	}
 
 	return nil
 }
 
-func validateSubnets(cmd *cobra.Command, args []string) error {
+func validateSubnetsConfig(cmd *cobra.Command, args []string) error {
 	if len(NetworkConfig.MainSubnets) < 1 {
 		return fmt.Errorf("At least one Main subnet needs to be specified: %v", NetworkConfig.MainSubnets)
 	}
@@ -78,13 +78,13 @@ func validateSubnets(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
-func validateMode(cmd *cobra.Command, args []string) error {
-	// Validate mode
-	mode, err := runner.VaildateMode(Flags.ModeVar)
+func validateRunnerFlag(cmd *cobra.Command, args []string) error {
+	// Validate runnerType
+	runnerType, err := runner.ValidateRunnerType(Flags.RunnerTypeStr)
 	if err != nil {
 		return err
 	}
-	Flags.Mode = mode
+	Flags.RunnerType = runnerType
 
 	return nil
 }
@@ -132,15 +132,15 @@ func init() {
 	NetworkCheckCmd.PersistentFlags().StringVar(&NetworkConfig.InstanceAMI, "instance-ami", "", "Custom ec2 instance AMI id, if not set will use latest ubuntu")
 	NetworkCheckCmd.PersistentFlags().StringVar(&NetworkConfig.ApiEndpoint, "api-endpoint", "", "The Gitpod Enterprise control plane's regional API endpoint subdomain")
 	NetworkCheckCmd.PersistentFlags().StringSliceVar(&Flags.SelectedTestsets, "testsets", []string{"aws-services-pod-subnet", "aws-services-main-subnet", "https-hosts-main-subnet"}, "List of testsets to run (options: aws-services-pod-subnet, aws-services-main-subnet, https-hosts-main-subnet)")
-	NetworkCheckCmd.PersistentFlags().StringVar(&Flags.ModeVar, "mode", string(runner.ModeEC2), fmt.Sprintf("How to run the tests (default: %s, options: %s, %s, %s)", runner.ModeEC2, runner.ModeEC2, runner.ModeLambda, runner.ModeLocal))
+	// Rename flag, variable, and update help text
+	NetworkCheckCmd.PersistentFlags().StringVar(&Flags.RunnerTypeStr, "runner", string(runner.RunnerTypeEC2), fmt.Sprintf("Specify the runner for executing tests (default: %s, options: %s, %s, %s)", runner.RunnerTypeEC2, runner.RunnerTypeEC2, runner.RunnerTypeLambda, runner.RunnerTypeLocal))
 	// Lambda-specific flags
 	NetworkCheckCmd.PersistentFlags().StringVar(&NetworkConfig.LambdaRoleArn, "lambda-role-arn", "", "ARN of an existing IAM role to use for Lambda execution (overrides automatic creation/deletion)")
 	NetworkCheckCmd.PersistentFlags().StringVar(&NetworkConfig.LambdaSecurityGroupID, "lambda-sg-id", "", "ID of an existing Security Group to use for Lambda execution (overrides automatic creation/deletion)")
 
 	bindFlags(NetworkCheckCmd, v)
 }
 
-
 func readConfigFile() *viper.Viper {
 	v := viper.New()
 	if NetworkConfig.CfgFile != "" {
diff --git a/gitpod-network-check/pkg/runner/common.go b/gitpod-network-check/pkg/runner/common.go
@@ -14,25 +14,25 @@ import (
 	"github.com/gitpod-io/enterprise-deployment-toolkit/gitpod-network-check/pkg/checks"
 )
 
-type Mode string
+type RunnerType string
 
 const (
-	ModeEC2    Mode = "ec2"
-	ModeLambda Mode = "lambda"
-	ModeLocal  Mode = "local"
+	RunnerTypeEC2    RunnerType = "ec2"
+	RunnerTypeLambda RunnerType = "lambda"
+	RunnerTypeLocal  RunnerType = "local"
 )
 
-var validModes = map[string]bool{
-	string(ModeLambda): true,
-	string(ModeEC2):    true,
-	string(ModeLocal):  true,
+var validRunnerType = map[string]bool{
+	string(RunnerTypeLambda): true,
+	string(RunnerTypeEC2):    true,
+	string(RunnerTypeLocal):  true,
 }
 
-func VaildateMode(modeStr string) (Mode, error) {
-	if _, ok := validModes[modeStr]; ok {
-		return Mode(modeStr), nil
+func ValidateRunnerType(runnerStr string) (RunnerType, error) {
+	if _, ok := validRunnerType[runnerStr]; ok {
+		return RunnerType(runnerStr), nil
 	}
-	return "", fmt.Errorf("invalid mode: %s, must be one of: %v", modeStr, slices.Collect(maps.Keys(validModes)))
+	return "", fmt.Errorf("invalid runner: %s, must be one of: %v", runnerStr, slices.Collect(maps.Keys(validRunnerType)))
 }
 
 type TestRunner interface {
@@ -41,32 +41,34 @@ type TestRunner interface {
 	Cleanup(ctx context.Context) error
 }
 
-func NewRunner(ctx context.Context, mode Mode, config *checks.NetworkConfig) (TestRunner, error) {
+func NewRunner(ctx context.Context, mode RunnerType, config *checks.NetworkConfig) (TestRunner, error) {
 	switch mode {
-	case ModeEC2:
+	case RunnerTypeEC2:
 		return NewEC2TestRunner(context.Background(), config)
-	case ModeLocal:
+	case RunnerTypeLocal:
 		return NewLocalTestRunner(), nil
-	case ModeLambda:
+	case RunnerTypeLambda:
 		return NewLambdaTestRunner(ctx, config)
 	default:
-		return nil, fmt.Errorf("invalid mode: %s, must be one of: %v", mode, slices.Collect(maps.Keys(validModes)))
+		// Update error message
+		return nil, fmt.Errorf("invalid runner: %s, must be one of: %v", mode, slices.Collect(maps.Keys(validRunnerType)))
 	}
 }
 
 // Creates a new TestRunner instance, loading existing resources from the AWS account by known name/tags.
 // This is useful for cleaning up left-over resources from previous runs.
-func LoadRunnerFromTags(ctx context.Context, mode Mode, networkConfig *checks.NetworkConfig) (TestRunner, error) {
+func LoadRunnerFromTags(ctx context.Context, mode RunnerType, networkConfig *checks.NetworkConfig) (TestRunner, error) {
 	switch mode {
-	case ModeEC2:
+	case RunnerTypeEC2:
 		return LoadEC2RunnerFromTags(ctx, networkConfig)
-	case ModeLambda:
+	case RunnerTypeLambda:
 		return LoadLambdaRunnerFromTags(ctx, networkConfig) // Call the new function
-	case ModeLocal:
+	case RunnerTypeLocal:
 		// Local mode does not require any AWS resources, so we can just return a new instance.
 		return NewLocalTestRunner(), nil
 	default:
-		return nil, fmt.Errorf("invalid mode: %s, must be one of: %v", mode, slices.Collect(maps.Keys(validModes)))
+		// Update error message
+		return nil, fmt.Errorf("invalid runner: %s, must be one of: %v", mode, slices.Collect(maps.Keys(validRunnerType)))
 	}
 }
 
diff --git a/gitpod-network-check/pkg/runner/lambda-runner.go b/gitpod-network-check/pkg/runner/lambda-runner.go
