feat: Logic to apply AuthProxyWorkload spec to workload containers #26
Conversation
Updates the containers on a workload to properly implement the AuthProxyWorkload specs that apply to that workload.
internal/workload_test.go
Outdated
| ) | ||
|
|
||
| func TestMain(m *testing.M) { | ||
| // Log is the test logger used by the integration tests and server. |
internal/podspec_updates_test.go
Outdated
| }, | ||
| Instances: instances, | ||
| }, | ||
| Status: cloudsqlapi.AuthProxyWorkloadStatus{}, |
There was a problem hiding this comment.
here's another case where you don't need to do this and can just rely on the zero value
internal/podspec_updates_test.go
Outdated
| } | ||
| } | ||
|
|
||
| func proxies(wl *internal.DeploymentWorkload, proxies ...*cloudsqlapi.AuthProxyWorkload) []*cloudsqlapi.AuthProxyWorkload { |
There was a problem hiding this comment.
A comment above this function would help me. I see what the code is doing, but I'd still appreciate some context. Maybe a better function name would help? markProxiesForUpdate?
There was a problem hiding this comment.
Fixed. I renamed this function and added a comment to explain why this is needed.
internal/podspec_updates.go
Outdated
|
|
||
| func (state *updateState) addHealthCheck(csqlWorkload *cloudsqlapi.AuthProxyWorkload) int32 { | ||
| var port int32 | ||
| if csqlWorkload.Spec.AuthProxyContainer != nil && |
There was a problem hiding this comment.
port := DefaultHealthCheckPort
healthCheckEnabled := func() bool {
return csqlWorkload.Spec.AuthProxyContainer != nil &&
csqlWorkload.Spec.AuthProxyContainer.Telemetry != nil &&
csqlWorkload.Spec.AuthProxyContainer.Telemetry.HTTPPort != nil
}
if !heathCheckEnabled() {
for state.isPortInUse(port) {
port++
}
return port
}
port = *csqlWorkload.Spec.AuthProxyContainer.Telemetry.HTTPPort
if state.isPortInUse(port) {
state.addError(ErrorCodePortConflict,
fmt.Sprintf("telemetry httpPort %d is already in use", port), csqlWorkload)
}
return portI prefer early returns here. But else would be fine as well.
There was a problem hiding this comment.
The healthcheck is always enabled. However, the customer may override the default port when they want to use their own port so that they can use Prometheus too.
There was a problem hiding this comment.
My point is this code is hard to read. You could move the various boolean checks behind a function that describes what the checks are doing.
Also, you have an empty else block below.
There was a problem hiding this comment.
This if statement doesn't indicate an error or exception state. There are really two possibilities, and there is no judgement about which is "default" or "error". I rewrote it to make the code more terse, and added a few comments for clarity. I can't figure out a way to make this simpler. I think factoring this check into a separate function is more complex.
| } | ||
|
|
||
| func (state *updateState) applyAuthenticationSpec(proxy *cloudsqlapi.AuthProxyWorkload, container *corev1.Container, args []string) []string { | ||
| if proxy.Spec.Authentication == nil { |
There was a problem hiding this comment.
Is there some code missing here? Should it wait until the next PR?
There was a problem hiding this comment.
There is missing code, but it should wait for another PR. We need E2e tests in place before we can check if authentication is implemented correctly.
internal/podspec_updates.go
Outdated
|
|
||
| func (state *updateState) addHealthCheck(csqlWorkload *cloudsqlapi.AuthProxyWorkload) int32 { | ||
| var port int32 | ||
| if csqlWorkload.Spec.AuthProxyContainer != nil && |
There was a problem hiding this comment.
My point is this code is hard to read. You could move the various boolean checks behind a function that describes what the checks are doing.
Also, you have an empty else block below.
internal/podspec_updates_test.go
Outdated
| Instances: instances, | ||
| }) | ||
| } | ||
| func basicProxy(name string, spec cloudsqlapi.AuthProxyWorkloadSpec) *cloudsqlapi.AuthProxyWorkload { |
There was a problem hiding this comment.
What's the difference between basicProxy and simpleAuthProxy? What are better names for these functions?
There was a problem hiding this comment.
renamed authProxyWorkloadFromSpec.
Updates the containers on a workload to properly implement the AuthProxyWorkload specs that apply to that workload.