Add Firewall resource #333
Conversation
psinghal20
force-pushed
the
firewall-resource
branch
2 times, most recently
from
e10a836
to
c6ce334
Compare
There was a problem hiding this comment.
This is looking really great @psinghal20! A few comments below and it would be great to also add some unit tests for the firewall client :)
pkg/controller/gcp.go
Outdated
| container.SetupCluster, | ||
| container.SetupGKECluster, |
There was a problem hiding this comment.
I believe this may have been inadvertently added during rebase.
There was a problem hiding this comment.
Oh, I think I messed up while rebasing the master to fix the conflicts, I will fix this up, and I think ideally it should just be container.SetupCluster. My bad, I will fix this up.
| type FirewallLogConfig struct { | ||
| // Enable: This field denotes whether to enable logging for a particular | ||
| // firewall rule. | ||
| Enable bool `json:"enable,omitempty"` |
There was a problem hiding this comment.
If this is optional it should be *bool and marked with + optional. However, sometimes when there is a single field in an embedded struct I will opt for making it required since the embedded struct really shouldn't be provided if the only field it supports is not set.
There was a problem hiding this comment.
Right, I agree with that. I have made FirewallLogConfig an optional object but made Enable as required and removed omitempty for it.
|
Hi @hasheddan, I have resolved all the above comments and added some small unit tests for firewall client code which helped uncover an issue in the |
There was a problem hiding this comment.
@psinghal20 was revisiting this PR and I noticed this resource is being introduced at v1beta1, but we typically introduced new resources at v1alpha1, would you mind updating?
psinghal20
force-pushed
the
firewall-resource
branch
from
d86e460
to
0cb4503
Compare
There was a problem hiding this comment.
@psinghal20, first of all, sorry for the long review process but I hope there will be some improvement in the near future.
Your PR looking very good and thanks a lot for your contribution 💪
While testing on my side, I observed some missing pieces which I added as comments.
@psinghal20 was revisiting this PR and I noticed this resource is being introduced at
v1beta1, but we typically introduced new resources atv1alpha1, would you mind updating?
I also noticed you already moved to v1alpha1 but didn't register to schema which causes controller to fail at startup. Basically, we just need the following patch:
diff --git a/apis/gcp.go b/apis/gcp.go
index 14c59b3..269efbe 100644
--- a/apis/gcp.go
+++ b/apis/gcp.go
@@ -21,6 +21,7 @@ import (
"k8s.io/apimachinery/pkg/runtime"
cachev1beta1 "github.com/crossplane/provider-gcp/apis/cache/v1beta1"
+ computev1alpha1 "github.com/crossplane/provider-gcp/apis/compute/v1alpha1"
computev1beta1 "github.com/crossplane/provider-gcp/apis/compute/v1beta1"
containerv1beta1 "github.com/crossplane/provider-gcp/apis/container/v1beta1"
containerv1beta2 "github.com/crossplane/provider-gcp/apis/container/v1beta2"
@@ -41,6 +42,7 @@ func init() {
gcpv1alpha3.SchemeBuilder.AddToScheme,
gcpv1beta1.SchemeBuilder.AddToScheme,
cachev1beta1.SchemeBuilder.AddToScheme,
+ computev1alpha1.SchemeBuilder.AddToScheme,
computev1beta1.SchemeBuilder.AddToScheme,
containerv1beta2.SchemeBuilder.AddToScheme,
containerv1beta1.SchemeBuilder.AddToScheme,
|
Hi @turkenh, I have resolved the above-mentioned comments. Please take a look, thanks! |
|
@psinghal20 thanks, looking good but there seem to be some linter errors. |
|
Hi teams, thank you for your work @psinghal20 . @hasheddan @turkenh we really need this feature, any idea in which release it will land? |
This commit adds the types and generated files for the Firewall managed resource. Signed-off-by: Pratyush Singhal <[email protected]>
managed resource. Signed-off-by: Pratyush Singhal <[email protected]>
…resource Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
…nd denied rules Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
refactor for firewall resource Signed-off-by: Pratyush Singhal <[email protected]>
Signed-off-by: Pratyush Singhal <[email protected]>
psinghal20
force-pushed
the
firewall-resource
branch
from
ea7f030
to
83637f3
Compare
Description of your changes
Fixes a part of #329
Some of the things I have assumed while defining types and controller that can be incorrect and would require a look:
OUTPUT_ONLYare to be treated as observations.ForceSendFields,NullFieldsandServerResponsein google API types can be ignored for our use case.I have:
make reviewable testto ensure this PR is ready for review.How has this code been tested
This code has primarily been tested locally using the example file attached with this change. I have also added unit tests similar to what we have for other compute resources.