Conversation
dlaw4608
force-pushed
the
keystone_user
branch
2 times, most recently
from
23295c5 to
dcfe645
Compare
dlaw4608
force-pushed
the
keystone_user
branch
from
dcfe645 to
0f90e6a
Compare
winiciusallan
left a comment
winiciusallan
left a comment
There was a problem hiding this comment.
Hi, @dlaw4608, that was a great job!
Left a few comments about using a Project object instead of the ID directly, LMK what you think.
api/v1alpha1/user_types.go
Outdated
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=255 | ||
| // +optional | ||
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` |
There was a problem hiding this comment.
Isn't it better to use a ProjectRef here so we can better control the resource?
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` | |
| DefaultProjectID *ProjectRef `json:"defaultProjectID,omitempty"` |
There was a problem hiding this comment.
It should indeed be a reference, but would rather be in the form:
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` | |
| DefaultProjectRef *KubernetesNameRef `json:"defaultProjectRef,omitempty"` |
See https://k-orc.cloud/development/architecture/#api-design-philosophy.
I'd like to add a lint rule to flag these.
Also, since this is an optional dependency for your controller, you should have run the scaffolding tool with -optional-create-dependency Project.
There was a problem hiding this comment.
Agreed, went back and recreated the user controller this time with Project included as an optional dependency
go run ./cmd/scaffold-controller -interactive=false \ -kind User \ -gophercloud-client NewIdentityV3 \ -gophercloud-module github.com/gophercloud/gophercloud/v2/openstack/identity/v3/users \ -import-dependency Domain \ -optional-create-dependency Domain \ -optional-create-dependency Project
Changed ProjectRef to DefaultProjectRef to match the OpenStack field naming. The spec only references other ORC objects (like Project) by K8s name, never OpenStack UUIDs. The controller resolves the reference to get the Project's UUID and waits for the Project to be Available before creating the User with its DefaultProjectID.
| } | ||
| } | ||
|
|
||
| func handleDefaultProjectIDUpdate(updateOpts *users.UpdateOpts, resource *resourceSpecT, osResource *osResourceT) { |
There was a problem hiding this comment.
Possibly change this to use a reference instead of an ID as suggested above.
|
|
||
|
|
||
|
|
||
|
|
||
|
|
There was a problem hiding this comment.
Blank lines at the end. I would remove them to make it cleaner.
| resource: | ||
| name: user-create-minimal |
There was a problem hiding this comment.
I would also add enabled: true here.
There was a problem hiding this comment.
thanks for the review @winiciusallan, changes made
api/v1alpha1/user_types.go
Outdated
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=255 | ||
| // +optional | ||
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` |
There was a problem hiding this comment.
It should indeed be a reference, but would rather be in the form:
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` | |
| DefaultProjectRef *KubernetesNameRef `json:"defaultProjectRef,omitempty"` |
See https://k-orc.cloud/development/architecture/#api-design-philosophy.
I'd like to add a lint rule to flag these.
Also, since this is an optional dependency for your controller, you should have run the scaffolding tool with -optional-create-dependency Project.
api/v1alpha1/user_types.go
Outdated
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=255 | ||
| // +optional | ||
| Password *string `json:"password,omitempty"` |
There was a problem hiding this comment.
This must be stored in a secret. See how we do it for user data in the server controller.
There was a problem hiding this comment.
Followed the same structure as user data in the server controller, the user_types api uses a SecretRef field to reference a secret containing the password of a user in a secret, thanks for the help!!
go run ./cmd/scaffold-controller -interactive=false \ -kind User \ -gophercloud-client NewIdentityV3 \ -gophercloud-module github.com/gophercloud/gophercloud/v2/openstack/identity/v3/users \ -import-dependency Domain \ -optional-create-dependency Domain \ -optional-create-dependency Project Signed-off-by: Daniel Lawton <dlawton@redhat.com>
dlaw4608
force-pushed
the
keystone_user
branch
3 times, most recently
from
9e7925e to
c2ebe4c
Compare
- E2E tests included - API configured - Controller Signed-off-by: Daniel Lawton <dlawton@redhat.com>
dlaw4608
force-pushed
the
keystone_user
branch
from
c2ebe4c to
cfe154f
Compare
mandre
left a comment
mandre
left a comment
There was a problem hiding this comment.
Could you also add the User resource to the README ?
| projectRef: user-create-full | ||
| # TODO(scaffolding): Add all fields the resource supports | ||
| defaultProjectRef: user-create-full | ||
| enabled: true No newline at end of file |
There was a problem hiding this comment.
Can we also try to set a password?
There was a problem hiding this comment.
Why is this test placed in the volume controller? This should be removed (I assume this is a result of local tests?).
| // Until you have implemented mutability for the field, you must add a CEL validation | ||
| // preventing the field being modified: | ||
| // `// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="<fieldname> is immutable"` | ||
| SecretRef *KubernetesNameRef `json:"secretRef,omitempty"` |
There was a problem hiding this comment.
We should add a dependency on this ref in the controller.
Also, we don't use the password at all in the controller. If it's not going to be implemented in this PR, I suggest to drop it from the PR and handle password management (create/update) it in a subsequent PR.
There was a problem hiding this comment.
nit: small typo in the file name.
3 participants
Fixes #583
Add Support for the Identity service's User resource in ORC