Skip to content

Commit

Permalink
migrate to IdentityRef
Browse files Browse the repository at this point in the history
Signed-off-by: Tobias Giese <[email protected]>
  • Loading branch information
tobiasgiese committed Jul 15, 2021
1 parent d98a2e5 commit 0c6e367
Show file tree
Hide file tree
Showing 22 changed files with 319 additions and 118 deletions.
31 changes: 11 additions & 20 deletions api/v1alpha3/conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,19 +117,22 @@ func Convert_v1alpha3_OpenStackClusterSpec_To_v1alpha4_OpenStackClusterSpec(in *
// Convert_v1alpha4_OpenStackClusterSpec_To_v1alpha3_OpenStackClusterSpec has to be added by us because we have to
// convert the Type of CloudsSecret from SecretReference to string.
func Convert_v1alpha4_OpenStackClusterSpec_To_v1alpha3_OpenStackClusterSpec(in *v1alpha4.OpenStackClusterSpec, out *OpenStackClusterSpec, s conversion.Scope) error {
if err := autoConvert_v1alpha4_OpenStackClusterSpec_To_v1alpha3_OpenStackClusterSpec(in, out, s); err != nil {
return err
}
out.CloudsSecret = new(corev1.SecretReference)
if in.CloudsSecret != nil {
out.CloudsSecret.Name = *in.CloudsSecret
if in.IdentityRef != nil {
out.CloudsSecret = &corev1.SecretReference{
Name: in.IdentityRef.Name,
}
}
return nil
return autoConvert_v1alpha4_OpenStackClusterSpec_To_v1alpha3_OpenStackClusterSpec(in, out, s)
}

// Convert_v1alpha3_OpenStackMachineSpec_To_v1alpha4_OpenStackMachineSpec is an autogenerated conversion function.
// v1alpha4 drops the field .UserDataSecret which is why we reuqire to define the function here.
func Convert_v1alpha3_OpenStackMachineSpec_To_v1alpha4_OpenStackMachineSpec(in *OpenStackMachineSpec, out *v1alpha4.OpenStackMachineSpec, s conversion.Scope) error {
if in.CloudsSecret != nil {
out.IdentityRef = &v1alpha4.OpenStackIdentityReference{
Name: in.CloudsSecret.Name,
}
}
return autoConvert_v1alpha3_OpenStackMachineSpec_To_v1alpha4_OpenStackMachineSpec(in, out, s)
}

Expand All @@ -143,14 +146,7 @@ func Convert_v1alpha4_Network_To_v1alpha3_Network(in *v1alpha4.Network, out *Net
// parameter in v1alpha4. There is no intention to support this parameter in v1alpha3, so the field is just dropped.
// Further, we want to convert the Type of CloudsSecret from SecretReference to string.
func Convert_v1alpha4_OpenStackMachineSpec_To_v1alpha3_OpenStackMachineSpec(in *v1alpha4.OpenStackMachineSpec, out *OpenStackMachineSpec, s conversion.Scope) error {
if err := autoConvert_v1alpha4_OpenStackMachineSpec_To_v1alpha3_OpenStackMachineSpec(in, out, s); err != nil {
return err
}
out.CloudsSecret = new(corev1.SecretReference)
if in.CloudsSecret != nil {
out.CloudsSecret.Name = *in.CloudsSecret
}
return nil
return autoConvert_v1alpha4_OpenStackMachineSpec_To_v1alpha3_OpenStackMachineSpec(in, out, s)
}

// Convert_v1alpha4_OpenStackClusterStatus_To_v1alpha3_OpenStackClusterStatus has to be added
Expand Down Expand Up @@ -182,8 +178,3 @@ func Convert_Slice_v1alpha3_Network_To_Slice_v1alpha4_Network(in *[]Network, out
}
return nil
}

func Convert_v1_SecretReference_To_string(in *corev1.SecretReference, out *string, s conversion.Scope) error {
out = &in.Name
return nil
}
1 change: 1 addition & 0 deletions api/v1alpha3/openstackcluster_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ type OpenStackClusterSpec struct {

// The name of the secret containing the openstack credentials
// +optional
// +k8s:conversion-gen=false
CloudsSecret *corev1.SecretReference `json:"cloudsSecret"`

// The name of the cloud to use from the clouds secret
Expand Down
1 change: 1 addition & 0 deletions api/v1alpha3/openstackmachine_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ type OpenStackMachineSpec struct {

// The name of the secret containing the openstack credentials
// +optional
// +k8s:conversion-gen=false
CloudsSecret *corev1.SecretReference `json:"cloudsSecret"`

// The name of the cloud to use from the clouds secret
Expand Down
29 changes: 4 additions & 25 deletions api/v1alpha3/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 31 additions & 0 deletions api/v1alpha4/identity_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
/*
Copyright 2021 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha4

// OpenStackIdentityReference is a reference to an infrastructure
// provider identity to be used to provision cluster resources.
type OpenStackIdentityReference struct {
// Kind of the identity. Must be supported by the infrastructure
// provider and may be either cluster or namespace-scoped.
// +kubebuilder:validation:MinLength=1
Kind string `json:"kind"`

// Name of the infrastructure identity to be used.
// Must be either a cluster-scoped resource, or namespaced-scoped
// resource the same namespace as the resource(s) being provisioned.
Name string `json:"name"`
}
11 changes: 5 additions & 6 deletions api/v1alpha4/openstackcluster_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,6 @@ const (

// OpenStackClusterSpec defines the desired state of OpenStackCluster.
type OpenStackClusterSpec struct {

// The name of the secret containing the openstack credentials
// +optional
// +k8s:conversion-gen=false
CloudsSecret *string `json:"cloudsSecret,omitempty"`

// The name of the cloud to use from the clouds secret
// +optional
CloudName string `json:"cloudName"`
Expand Down Expand Up @@ -106,6 +100,11 @@ type OpenStackClusterSpec struct {
// Bastion is the OpenStack instance to login the nodes
//+optional
Bastion *Bastion `json:"bastion,omitempty"`

// IdentityRef is a reference to a identity to be used when reconciling this cluster
// +optional
// +k8s:conversion-gen=false
IdentityRef *OpenStackIdentityReference `json:"identityRef,omitempty"`
}

// OpenStackClusterStatus defines the observed state of OpenStackCluster.
Expand Down
48 changes: 48 additions & 0 deletions api/v1alpha4/openstackcluster_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,64 @@ limitations under the License.
package v1alpha4

import (
"reflect"

"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/validation/field"
"sigs.k8s.io/controller-runtime/pkg/builder"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/manager"
"sigs.k8s.io/controller-runtime/pkg/webhook"
)

// log is for logging in this package.
var _ = logf.Log.WithName("openstackcluster-resource")

// OpenStackClusterSpecIdentityRefKindImmutableMsg is immutable.
const OpenStackClusterSpecIdentityRefKindImmutableMsg = "OpenStackCluster spec.IdentityRef.kind field is immutable. Please create a new resource instead."

func (r *OpenStackCluster) SetupWebhookWithManager(mgr manager.Manager) error {
return builder.WebhookManagedBy(mgr).
For(r).
Complete()
}

// +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1alpha4-openstackcluster,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=openstackcluster,versions=v1alpha4,name=validation.openstackcluster.infrastructure.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1

var _ webhook.Validator = &OpenStackCluster{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (r *OpenStackCluster) ValidateCreate() error {
var allErrs field.ErrorList

if r.Spec.IdentityRef != nil {
if r.Spec.IdentityRef.Kind != "Secret" {
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "identityRef", "kind"), "must be a Secret"))
}
}

return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
func (r *OpenStackCluster) ValidateUpdate(old runtime.Object) error {
var allErrs field.ErrorList
oldOpenStackCluster := old.(*OpenStackCluster)

if !reflect.DeepEqual(r.Spec.IdentityRef.Kind, oldOpenStackCluster.Spec.IdentityRef.Kind) {
allErrs = append(allErrs,
field.Invalid(field.NewPath("spec", "identityRef", "kind"), r, OpenStackClusterSpecIdentityRefKindImmutableMsg),
)
}

if len(allErrs) != 0 {
return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
}

return nil
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (r *OpenStackCluster) ValidateDelete() error {
return nil
}
10 changes: 5 additions & 5 deletions api/v1alpha4/openstackmachine_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,6 @@ type OpenStackMachineSpec struct {
// InstanceID is the OpenStack instance ID for this machine.
InstanceID *string `json:"instanceID,omitempty"`

// The name of the secret containing the openstack credentials
// +optional
// +k8s:conversion-gen=false
CloudsSecret *string `json:"cloudsSecret,omitempty"`

// The name of the cloud to use from the clouds secret
// +optional
CloudName string `json:"cloudName"`
Expand Down Expand Up @@ -91,6 +86,11 @@ type OpenStackMachineSpec struct {

// The server group to assign the machine to
ServerGroupID string `json:"serverGroupID,omitempty"`

// IdentityRef is a reference to a identity to be used when reconciling this cluster
// +optional
// +k8s:conversion-gen=false
IdentityRef *OpenStackIdentityReference `json:"identityRef,omitempty"`
}

// OpenStackMachineStatus defines the observed state of OpenStackMachine.
Expand Down
15 changes: 15 additions & 0 deletions api/v1alpha4/openstackmachine_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ import (
// log is for logging in this package.
var _ = logf.Log.WithName("openstackmachine-resource")

// OpenStackMachineSpecIdentityRefKindImmutableMsg is immutable.
const OpenStackMachineSpecIdentityRefKindImmutableMsg = "OpenStackMachine spec.IdentityRef.kind field is immutable. Please create a new resource instead."

func (r *OpenStackMachine) SetupWebhookWithManager(mgr manager.Manager) error {
return builder.WebhookManagedBy(mgr).
For(r).
Expand All @@ -46,6 +49,12 @@ var _ webhook.Validator = &OpenStackMachine{}
func (r *OpenStackMachine) ValidateCreate() error {
var allErrs field.ErrorList

if r.Spec.IdentityRef != nil {
if r.Spec.IdentityRef.Kind != "Secret" {
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "identityRef", "kind"), "must be a Secret"))
}
}

return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
}

Expand All @@ -66,6 +75,12 @@ func (r *OpenStackMachine) ValidateUpdate(old runtime.Object) error {

var allErrs field.ErrorList

if !reflect.DeepEqual(r.Spec.IdentityRef.Kind, old.(*OpenStackMachine).Spec.IdentityRef.Kind) {
allErrs = append(allErrs,
field.Invalid(field.NewPath("spec", "identityRef", "kind"), r, OpenStackMachineSpecIdentityRefKindImmutableMsg),
)
}

newOpenStackMachineSpec := newOpenStackMachine["spec"].(map[string]interface{})
oldOpenStackMachineSpec := oldOpenStackMachine["spec"].(map[string]interface{})

Expand Down
Loading

0 comments on commit 0c6e367

Please sign in to comment.