move network resources to v1beta1 #182
Conversation
There was a problem hiding this comment.
I've been able to review only internet gateway. Most of the comments probably apply to other resources, too. So, I'd suggest checking others as well during iteration.
In the future, please consider breaking up PRs by resource so that reviews are easier and we can merge the ones that are approved separately, faster.
|
@sahil-lakhwani On another note, please don't hesitate to make changes to the existing logic or decide to take some small divergences to make things simpler as you see fit. |
|
@sahil-lakhwani @muvaf What is the checklist to get this closed out? Can we resolve all conversations that have been addressed please. |
sahil-lakhwani
force-pushed
the
v1b1network
branch
from
ca42cf2
to
55c9952
Compare
|
@muvaf @hasheddan I have addressed your comments, and taken care of them across resources. I have replied to comments which are not marked |
|
This PR needs a rebase due to the work we did to migrate all the controllers to support the |
sahil-lakhwani
force-pushed
the
v1b1network
branch
from
55c9952
to
54a826f
Compare
| runtimev1alpha1 "github.com/crossplane/crossplane-runtime/apis/core/v1alpha1" | ||
| ) | ||
|
|
||
| // Route describes a route in a route table. | ||
| type Route struct { | ||
| // The IPv4 CIDR address block used for the destination match. Routing | ||
| // decisions are based on the most specific match. | ||
| DestinationCIDRBlock string `json:"destinationCidrBlock"` | ||
| DestinationCIDRBlock string `json:"destinationCidrBlock,omitempty"` |
There was a problem hiding this comment.
I notice you added an omitempty tag here. Is this field optional? If so, should it have the optional comment marker and be a pointer?
There was a problem hiding this comment.
Ah - is this to accomodate using Route in both the spec and the status? I suggest we avoid doing this, per my comments below.
| // The state of the association. | ||
| State string `json:"state,omitempty"` | ||
|
|
||
| Association Association `json:",inline"` |
There was a problem hiding this comment.
Similar to my comment about RouteState above, I'd prefer to avoid embedding the Association here and to just include a SubnetID string field in the AssociationState.
| } | ||
| } | ||
|
|
||
| if patch.Ingress != nil { |
There was a problem hiding this comment.
It looks like we create the security group, but never add any ingress or egress rules until update time. Does this mean there will be a brief window in which the security group will appear to be 'ready' but won't actually be allowing the traffic it is configured to allow?
There was a problem hiding this comment.
Have added a check for the ingress/egress rules, and then updating the status.
| return managed.ExternalCreation{}, errors.Wrap(err, errPersistExternalName) | ||
| meta.SetExternalName(cr, aws.StringValue(ig.InternetGateway.InternetGatewayId)) | ||
|
|
||
| return managed.ExternalCreation{}, errors.Wrap(e.kube.Update(ctx, cr), errSpecUpdate) |
There was a problem hiding this comment.
Here and elsewhere in this PR, it seems like we have a call order of:
- Set conditions. (Modifies status)
- Set external name. (Modifies metadata)
- Call
e.kube.Update()
This is all followed by a call to e.kube.Status().Update() made by the managed.Reconciler.
Will calling Update() before we call Status().Update() undo the status conditions that we set? I can never remember whether Update() overwrites status or not.
There was a problem hiding this comment.
Will calling Update() before we call Status().Update() undo the status conditions that we set?
Yes. The operation that undoes the rest of the resource is not Update but the call itself actually. What it does when you call either Status().Update() or Update() is that it issues the respective payload (either only status or metadata+spec) and then deep copies the resulting object into what you have sent. So, the local object is the most up-to-date version that exists in the api-server, which means the payload that you didn't send is overwritten by whatever is in api-server.
We have synced with @sahil-lakhwani about this and it seems calling Status().Update() after the SetConditions makes sense because that way if the CreateInternetGatewayRequest call fails, the condition will reflect that the error arose during creation.
| if !ok { | ||
| return managed.ExternalCreation{}, errors.New(errUnexpectedObject) | ||
| } | ||
|
|
||
| // if VPCID already exists, skip creating the vpc | ||
| // this happens when an error has occurred when modifying vpc attributes |
There was a problem hiding this comment.
After the below comment is addressed, I think this won't be needed.
| attrReq := e.client.ModifyVpcAttributeRequest(input) | ||
|
|
||
| if _, err := attrReq.Send(ctx); err != nil { | ||
| if _, err := e.client.ModifyVpcAttributeRequest(input).Send(ctx); err != nil { | ||
| return managed.ExternalCreation{}, errors.Wrap(err, errModifyVPCAttributes) | ||
| } | ||
| } |
There was a problem hiding this comment.
It seems like this PR mostly has a pattern of creating a resource in Create, then waiting until Update time to set any fields that are modifiable. Should we follow that pattern for VPCs?
There was a problem hiding this comment.
I have left some comments but they should be easy to fix. Let's wrap up this PR, merge and revisit later for more.
A general comment, +immutable tag is not used in many of the resources. Even though it's not functional yet, it shows up in docs and serves a nice informational purpose. Also it seems the PR needs to be rebased.
| } | ||
|
|
||
| meta.SetExternalName(cr, aws.StringValue(result.Vpc.VpcId)) |
There was a problem hiding this comment.
Right after setting the external name, we should call e.kube.Update() so that the annotation is not lost if the next steps fail for some reason.
| current := cr.Spec.ForProvider.DeepCopy() | ||
| ec2.LateInitializeVPC(&cr.Spec.ForProvider, &observed) | ||
| if !cmp.Equal(current, &cr.Spec.ForProvider) { | ||
| if err := e.kube.Update(ctx, cr); err != nil { |
There was a problem hiding this comment.
Once you call e.kube.Update(), the cr object will be populated with whatever the resulting object is in the api-server and that doesn't include status, i.e. all changes you make on status before this line gets lost. It's probably called only once or twice as late-init frequency is low but would be better if you just moved the SetConditions calls below e.kube.Update.
| @@ -142,99 +158,134 @@ func (e *external) Observe(ctx context.Context, mgd resource.Managed) (managed.E | |||
| cr.SetConditions(runtimev1alpha1.Available()) | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Why don't we need a late-init for this resource?
| if len(in.Tags) == 0 && len(rt.Tags) != 0 { | ||
| in.Tags = v1beta1.BuildFromEC2Tags(rt.Tags) | ||
| } | ||
| } |
There was a problem hiding this comment.
Ideally, there should be a field of the struct and we should late-init only the elements that we don't have locally. But that doesn't handle the fact that user might have wanted to delete that entry. Lately, I've been thinking that maybe we'd require user to prefix - in the key field value to let us know that this entry should be removed, similar to kubectl unlabel notation.
The late-init only in case the array is empty is the safe solution but there are cases where there is a constant default entry even if you didn't create it, so, we'd be missing that. But I think skipping if the spec array is not empty should be fine for this PR
| if len(in.Tags) == 0 && len(rt.Tags) != 0 { | ||
| in.Tags = v1beta1.BuildFromEC2Tags(rt.Tags) | ||
| } | ||
| } |
There was a problem hiding this comment.
FWIW, this function is not used in Observe. Only in UpToDate check as far as I can see.
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
sahil-lakhwani
force-pushed
the
v1b1network
branch
from
54a826f
to
18b01c9
Compare
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
|
@hasheddan Is the current group OK for these resources or should it be |
apis/network/v1beta1/vpc_types.go
Outdated
| // +kubebuilder:object:root=true | ||
|
|
||
| // A VPC is a managed resource that represents an AWS Virtual Private Cloud. | ||
| // +kubebuilder:printcolumn:name="VPCID",type="string",JSONPath=".status.atProvider.vpcId" |
There was a problem hiding this comment.
| // +kubebuilder:printcolumn:name="VPCID",type="string",JSONPath=".status.atProvider.vpcId" | |
| // +kubebuilder:printcolumn:name="VPCID",type="string",JSONPath=".metadata.annotations['crossplane.io/external-name']" |
I believe this should work but didn't test manually.
There was a problem hiding this comment.
I checked this, it doesn't work and I have removed that printcolumn annotation for now.
There was a problem hiding this comment.
Here is the working form:
// +kubebuilder:printcolumn:name="VPCID",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
There was a problem hiding this comment.
Thanks @muvaf. Added this in a new commit.
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
|
@hasheddan we need your approval because of your request for changes. |
Signed-off-by: sahil-lakhwani <sahilakhwani@gmail.com>
|
Tested with Wordpress and it's working as expected. Merging this and I will open a follow-up PR to move these network CRDs to |
|
@muvaf nice, thanks! |
…work move network resources to v1beta1
…work move network resources to v1beta1
Signed-off-by: sahil-lakhwani sahilakhwani@gmail.com
Description of your changes
This PR moves all existing network resources to v1beta1
Tested examples in
examples/network.Checklist
I have:
make reviewableto ensure this PR is ready for review.app.yamlto include any new role permissions.