-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 do not propagate the cloud field to clientconfig.AuthOptions #829
🐛 do not propagate the cloud field to clientconfig.AuthOptions #829
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sbueringer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@sbueringer: GitHub didn't allow me to assign the following users: blencoff. Note that only kubernetes-sigs members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@@ -80,7 +80,6 @@ func NewClient(cloud clientconfig.Cloud, caCert []byte) (*gophercloud.ProviderCl | |||
if cloud.AuthInfo != nil { | |||
clientOpts.AuthInfo = cloud.AuthInfo | |||
clientOpts.AuthType = cloud.AuthType | |||
clientOpts.Cloud = cloud.Cloud |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about a clouds.yaml contains multiple cloud ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume this does not matter. This is already handled in: https://github.com/kubernetes-sigs/cluster-api-provider-openstack/pull/829/files#diff-dbf706fca1006fa16e85a98f355508c0891e685f846ff079d5ac1d6e6b308148L155
We're only passing one cloud (clientconfig.Cloud) into the NewClient func.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also the code path in AuthOptions never works when we set the cloud to a non empty string, because it always searches for a cloud.yaml file at the default locations which we don't have (and we don't need because clientconfig.Cloud is already one parsed cloud of a cloud.yaml).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jichenjc wdyt, okay to merge?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
give me another day, I want to read it more (run out of time today)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we have a set of logics at line 52 / 70 above , such as
cloud, caCert, err = getCloudFromSecret(ctrlClient, namespace, openStackCluster.Spec.CloudsSecret.Name, openStackCluster.Spec.CloudName)
so basically, we are providing info based on cluster.Spec.CloudName
if we don't want to honor this field, should we consider remove
https://github.com/kubernetes-sigs/cluster-api-provider-openstack/blob/master/api/v1alpha3/openstackcluster_types.go#L38?
actually we created a secret and this secret is a clouds.yaml and it might contains multiple clouds
I also think we don't want to (technically ?) support 1 CAPI + multiple openstack solution ?
if that's the case, maybe we need reconsider adjust the whole Cloud
related items and manage expecations of users
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm we are using the CloudName here:
We are even checking that it's not empty here:
So in my opinion we need the property and it does exactly what we want. It picks the right cloud if we have multiple in the cloud.yaml. The only problem is that we don't need it in clientconfig.AuthOptions
. clientconfig.AuthOptions
is not the func which parses the cloud.yaml so it doesn't need the cloud.
In fact the AuthOptions
func searches for some other cloud.yaml at some default location when we hand it over a cloud
I don\t really understand what you mean, but we cannot drop the property. We need it, just not here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Also cloud.Cloud is not the same as the cloudName in our spec)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, you are right, I was confused by cloud and cloudName variable at first then I misunderstand the logic
after further read I think you are right , sorry for the confusion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem, it's confusing :). I also would like to use not that much of the AuthOptions func unfortunately the only way to do this is to copy it :/
/lgtm |
What this PR does / why we need it:
This PR stops propagating the
cloud
field toclientconfig.AuthOptions
. If this field is actually set, we hit a branch inAuthOptions
which always fails: (I don't think we have to validate that the field is not set, when we can just change the code that it doesn't matter if it is set or not)cluster-api-provider-openstack/pkg/cloud/services/provider/provider.go
Lines 80 to 91 in 31df024
https://github.com/gophercloud/utils/blob/7b186010c04f90ca48b5ce471a222911ff076e00/openstack/clientconfig/requests.go#L352-L370
https://github.com/gophercloud/utils/blob/7b186010c04f90ca48b5ce471a222911ff076e00/openstack/clientconfig/requests.go#L192
https://github.com/gophercloud/utils/blob/7b186010c04f90ca48b5ce471a222911ff076e00/openstack/clientconfig/requests.go#L119
there's not cloud.yaml there which could be found...
Alternative would be to duplicate the code from
AuthOptions
we actually want, but I wouldn't like to maintain that much code on our side:https://github.com/gophercloud/utils/blob/7b186010c04f90ca48b5ce471a222911ff076e00/openstack/clientconfig/requests.go#L390-L396
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #825
Special notes for your reviewer:
TODOs:
/hold