-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Firewall resource #333
Add Firewall resource #333
Conversation
e10a836
to
c6ce334
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking really great @psinghal20! A few comments below and it would be great to also add some unit tests for the firewall client :)
pkg/controller/gcp.go
Outdated
container.SetupCluster, | ||
container.SetupGKECluster, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this may have been inadvertently added during rebase.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I think I messed up while rebasing the master to fix the conflicts, I will fix this up, and I think ideally it should just be container.SetupCluster
. My bad, I will fix this up.
type FirewallLogConfig struct { | ||
// Enable: This field denotes whether to enable logging for a particular | ||
// firewall rule. | ||
Enable bool `json:"enable,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is optional it should be *bool
and marked with + optional
. However, sometimes when there is a single field in an embedded struct I will opt for making it required since the embedded struct really shouldn't be provided if the only field it supports is not set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, I agree with that. I have made FirewallLogConfig
an optional object but made Enable
as required and removed omitempty
for it.
Hi @hasheddan, I have resolved all the above comments and added some small unit tests for firewall client code which helped uncover an issue in the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@psinghal20 was revisiting this PR and I noticed this resource is being introduced at v1beta1
, but we typically introduced new resources at v1alpha1
, would you mind updating?
d86e460
to
0cb4503
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@psinghal20, first of all, sorry for the long review process but I hope there will be some improvement in the near future.
Your PR looking very good and thanks a lot for your contribution 💪
While testing on my side, I observed some missing pieces which I added as comments.
@psinghal20 was revisiting this PR and I noticed this resource is being introduced at
v1beta1
, but we typically introduced new resources atv1alpha1
, would you mind updating?
I also noticed you already moved to v1alpha1 but didn't register to schema which causes controller to fail at startup. Basically, we just need the following patch:
diff --git a/apis/gcp.go b/apis/gcp.go
index 14c59b3..269efbe 100644
--- a/apis/gcp.go
+++ b/apis/gcp.go
@@ -21,6 +21,7 @@ import (
"k8s.io/apimachinery/pkg/runtime"
cachev1beta1 "github.com/crossplane/provider-gcp/apis/cache/v1beta1"
+ computev1alpha1 "github.com/crossplane/provider-gcp/apis/compute/v1alpha1"
computev1beta1 "github.com/crossplane/provider-gcp/apis/compute/v1beta1"
containerv1beta1 "github.com/crossplane/provider-gcp/apis/container/v1beta1"
containerv1beta2 "github.com/crossplane/provider-gcp/apis/container/v1beta2"
@@ -41,6 +42,7 @@ func init() {
gcpv1alpha3.SchemeBuilder.AddToScheme,
gcpv1beta1.SchemeBuilder.AddToScheme,
cachev1beta1.SchemeBuilder.AddToScheme,
+ computev1alpha1.SchemeBuilder.AddToScheme,
computev1beta1.SchemeBuilder.AddToScheme,
containerv1beta2.SchemeBuilder.AddToScheme,
containerv1beta1.SchemeBuilder.AddToScheme,
Hi @turkenh, I have resolved the above-mentioned comments. Please take a look, thanks! |
@psinghal20 thanks, looking good but there seem to be some linter errors. |
Hi teams, thank you for your work @psinghal20 . @hasheddan @turkenh we really need this feature, any idea in which release it will land? |
This commit adds the types and generated files for the Firewall managed resource. Signed-off-by: Pratyush Singhal <[email protected]>
managed resource. Signed-off-by: Pratyush Singhal <[email protected]>
…resource Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
…nd denied rules Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
refactor for firewall resource Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
ea7f030
to
83637f3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work @psinghal20, thanks!
Description of your changes
Fixes a part of #329
Some of the things I have assumed while defining types and controller that can be incorrect and would require a look:
OUTPUT_ONLY
are to be treated as observations.ForceSendFields
,NullFields
andServerResponse
in google API types can be ignored for our use case.I have:
make reviewable test
to ensure this PR is ready for review.How has this code been tested
This code has primarily been tested locally using the example file attached with this change. I have also added unit tests similar to what we have for other compute resources.