restore DeepCopy generation #204
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
the
approved
joelddiaz
force-pushed
the
rawextension-aws-conditions
branch
from
78a3ce7
to
32b61a8
Compare
|
/test e2e-aws |
pkg/aws/actuator/actuator.go
Outdated
| } | ||
| statement.Condition = out | ||
| } | ||
| policyDoc.Statement = append(policyDoc.Statement, statement) |
There was a problem hiding this comment.
Were you able to manually test with this PolicyCondition actually in use?
There was a problem hiding this comment.
Yes, with and without it. That's how I figured that I needed to annotate the StatementEntry struct to put the 'omitempty' (otherwise the JSON sent to AWS when there was no policy always included "Condition": null which would cause the AWS API calls to fail).
FWIW, this is a simple example:
spec:
secretRef:
name: my-cred-request-secret
namespace: openshift-cloud-credential-operator
providerSpec:
apiVersion: cloudcredential.openshift.io/v1
kind: AWSProviderSpec
statementEntries:
- effect: Allow
action:
- s3:CreateBucket
- s3:DeleteBucket
resource: "*"
policyCondition:
StringEquals:
aws:userid: "testuser"
|
Here's a summary of where we stand with runtime.RawExtension being a pointer or not-a-pointer and comparing that to what the object definition is today. Today, the object definition has the PolicyCondition field as a Given that, I have created a new field ( Changing the Changing it to a non-pointer It is not obvious to me that there is a benefit (or even a change) in choosing between Do we have any API experts who can review/comment on this proposed change? |
|
@joelddiaz fwiw the machine-api also uses a pointer to runtime.RawExtension (so I was wrong thinking it wasn't): |
|
/test e2e-aws-upgrade |
|
@deads2k as one our resident "API people", can you PTAL and see if there are any concerns with this migration from a field which is presently listed as type Our primary concern here is that we don't make any breaking API changes here (specifically the change to |
joelddiaz
force-pushed
the
rawextension-aws-conditions
branch
3 times, most recently
from
7251f45
to
41f208c
Compare
joelddiaz
changed the title
joelddiaz
force-pushed
the
rawextension-aws-conditions
branch
2 times, most recently
from
89d95b9
to
13ff01c
Compare
|
Good solve. Looks good to me, but will let @csrwng do the honors once he's had a chance to look. |
| verify="${VERIFY:-}" | ||
|
|
||
| valid_gopath=$(realpath $REPO_FULL_PATH/../../../..) | ||
| if [[ "$(realpath ${valid_gopath}/src/github.com/openshift/cloud-credential-operator)" == "${REPO_FULL_PATH}" ]]; then |
There was a problem hiding this comment.
is there a reason you don't just always do the fake go path? It seems to me that there's less chance to have issues with other things in the real gopath if you do have one.
There was a problem hiding this comment.
It was an optimization suggested by @staebler so that we wouldn't have to wait for the various pieces to be downloaded to the GOPATH if your usable GOPATH already had them in there. Works out that the TMP_DIR holds around 174MB of data on disk.
I'll un-WIP and squash some things up and reduce the verbosity of the deepcopy generation in a moment.
Turns out that converting to rawExtension can be considered an API-breaking change if we were to really use the full flexibility of the rawExtension. So preserve the map[string]map[string]interface{} fields.
New Makefile targets for generating deepcopy.
Scripts for generating/verifying deepcopy.
Mark fields so that we don't try to generate deepcopy methods for those that cannot be generated.
Create manual deepcopy methods for the fields that need it.
Test cases for the manual deep copy implementations.
Didn't previously have test coverage for CredentialsRequests that defined the PolicyConditions to be applied. Write up some test cases to validate the behavior.
As far as the deepcopy scripts:
Rather than always setting up a temp dir so that deepcopy-gen can run in there, see if the repo's directory tree looks like:
src/github.com/openshift/cloud-credential-operator
If the tree looks that way, then just use that as the GOPATH when generating the deepcopy files.
If the tree doesn't look that way, then set up a temp GOPATH directory setup and symlink back to the current repo w/o copying it to the temp dir.
joelddiaz
force-pushed
the
rawextension-aws-conditions
branch
from
13ff01c
to
88b8dc7
Compare
joelddiaz
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: csrwng, joelddiaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Bring back hooks to update/verify our generated DeepCopy files.
The DeepCopy generator does not work with the current AWSProviderSpec.StatementEntries[].PolicyCondition field being a map[string]map[string]interface{}. Annotate those fields so that there is no attempt to generate the DeepCopy methods, and provide custom DeepCopy methods where needed.