Conversation
dlaw4608
force-pushed
the
keystone_user
branch
2 times, most recently
from
23295c5 to
dcfe645
Compare
dlaw4608
force-pushed
the
keystone_user
branch
from
dcfe645 to
0f90e6a
Compare
winiciusallan
left a comment
winiciusallan
left a comment
There was a problem hiding this comment.
Hi, @dlaw4608, that was a great job!
Left a few comments about using a Project object instead of the ID directly, LMK what you think.
api/v1alpha1/user_types.go
Outdated
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=255 | ||
| // +optional | ||
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` |
There was a problem hiding this comment.
Isn't it better to use a ProjectRef here so we can better control the resource?
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` | |
| DefaultProjectID *ProjectRef `json:"defaultProjectID,omitempty"` |
There was a problem hiding this comment.
It should indeed be a reference, but would rather be in the form:
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` | |
| DefaultProjectRef *KubernetesNameRef `json:"defaultProjectRef,omitempty"` |
See https://k-orc.cloud/development/architecture/#api-design-philosophy.
I'd like to add a lint rule to flag these.
Also, since this is an optional dependency for your controller, you should have run the scaffolding tool with -optional-create-dependency Project.
There was a problem hiding this comment.
Agreed, went back and recreated the user controller this time with Project included as an optional dependency
go run ./cmd/scaffold-controller -interactive=false \ -kind User \ -gophercloud-client NewIdentityV3 \ -gophercloud-module github.com/gophercloud/gophercloud/v2/openstack/identity/v3/users \ -import-dependency Domain \ -optional-create-dependency Domain \ -optional-create-dependency Project
Changed ProjectRef to DefaultProjectRef to match the OpenStack field naming. The spec only references other ORC objects (like Project) by K8s name, never OpenStack UUIDs. The controller resolves the reference to get the Project's UUID and waits for the Project to be Available before creating the User with its DefaultProjectID.
| } | ||
| } | ||
|
|
||
| func handleDefaultProjectIDUpdate(updateOpts *users.UpdateOpts, resource *resourceSpecT, osResource *osResourceT) { |
There was a problem hiding this comment.
Possibly change this to use a reference instead of an ID as suggested above.
|
|
||
|
|
||
|
|
||
|
|
||
|
|
There was a problem hiding this comment.
Blank lines at the end. I would remove them to make it cleaner.
api/v1alpha1/user_types.go
Outdated
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=255 | ||
| // +optional | ||
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` |
There was a problem hiding this comment.
It should indeed be a reference, but would rather be in the form:
| DefaultProjectID *string `json:"defaultProjectID,omitempty"` | |
| DefaultProjectRef *KubernetesNameRef `json:"defaultProjectRef,omitempty"` |
See https://k-orc.cloud/development/architecture/#api-design-philosophy.
I'd like to add a lint rule to flag these.
Also, since this is an optional dependency for your controller, you should have run the scaffolding tool with -optional-create-dependency Project.
api/v1alpha1/user_types.go
Outdated
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=255 | ||
| // +optional | ||
| Password *string `json:"password,omitempty"` |
There was a problem hiding this comment.
This must be stored in a secret. See how we do it for user data in the server controller.
There was a problem hiding this comment.
Followed the same structure as user data in the server controller, the user_types api uses a SecretRef field to reference a secret containing the password of a user in a secret, thanks for the help!!
dlaw4608
force-pushed
the
keystone_user
branch
4 times, most recently
from
c2ebe4c to
cfe154f
Compare
mandre
left a comment
mandre
left a comment
There was a problem hiding this comment.
Could you also add the User resource to the README ?
internal/controllers/user/tests/user-create-full/00-create-resource.yaml
Show resolved
Hide resolved
internal/controllers/volume/user-import-error/00-create-resources.yaml
Outdated
Show resolved
Hide resolved
go run ./cmd/scaffold-controller -interactive=false \ -kind User \ -gophercloud-client NewIdentityV3 \ -gophercloud-module github.com/gophercloud/gophercloud/v2/openstack/identity/v3/users \ -import-dependency Domain \ -optional-create-dependency Domain \ -optional-create-dependency Project Signed-off-by: Daniel Lawton <dlawton@redhat.com>
- E2E tests included - API configured - Controller Note: Password functionality will be implemented in a future PR. Users can still be created and managed, just without password support. Signed-off-by: Daniel Lawton <dlawton@redhat.com>
mandre
left a comment
mandre
left a comment
There was a problem hiding this comment.
Great, let's get this merged.
Keystone: User Controller
github-merge-queue
bot
removed this pull request from the merge queue due to no response for status checks
3 participants
Fixes #583
Add Support for the Identity service's User resource in ORC