New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oc: add create route subcommands #6819
oc: add create route subcommands #6819
Conversation
Do we really want structured generators? I didn't see a lot of value to having them. |
We don't necessarily need them here but we had a long discussion about generators in general and I suppose we want to switch to using structured. |
I'd like to leave them out until we need them or until someone here can present a strong use-case for them. |
ok, I will switch to the already existing generator interface |
} | ||
|
||
// CreateEdgeRoute implements the behavior to run the create edge route command. | ||
func CreateEdgeRoute(f *clientcmd.Factory, cmdOut io.Writer, cmd *cobra.Command, args []string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would have expected a helper to get the certs in the correct format and a straight assignments, so something more like:
route := routeapi.Route{}
route.Name = args[0]
route.TLS.Termination = edge
route.TLS.CertFile = readCert(cert flag)
routeClient.Namespace(ns).Create(route)
[test] |
@Kargakis there's an "add global flag" or some such, right? |
} | ||
|
||
// LoadCert reads the specified certificate file and returns it as a bytes array. | ||
func LoadCert(file string) ([]byte, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you plan to add any logic specific to loading cert and key files here, like structure validation or something similar? Otherwise I don't see the valid in this being specific, should just use a generic loader like LoadData
or LoadFileData
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/valid/value
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you plan to add any logic specific to loading cert and key files here, like structure validation or something similar? Otherwise I don't see the valid in this being specific, should just use a generic loader like LoadData or LoadFileData.
Nope, this is just a refactor of the oadm registry router code so that I won't duplicate logic. I will rename to LoadData
all comments addressed, ptal |
cmd.Flags().String("cert-file", "", "Provide certificate contents.") | ||
cmd.Flags().String("key-file", "", "Provide key contents.") | ||
cmd.Flags().String("ca-cert-file", "", "Provide cert authority certificate contents.") | ||
cmd.Flags().String("dest-ca-cert", "", "Provide the contents of the ca certificate of the final destination.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that this is --dest-ca-cert
and not --dest-ca-cert-file
. I think we can use --cert
, --key
, and ca-cert
for the rest of the flags. @fabianofranz @deads2k @liggitt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that this is --dest-ca-cert and not --dest-ca-cert-file. I think we can use --cert, --key, and ca-cert for the rest of the flags. @fabianofranz @deads2k @liggitt
Is the help correct? Looks like its pointing at a file? I don't mind dropping the -file
suffix, but I would like to have the help be a little more specific about exactly what kind of a file we need and a followup issue to actually parse the certs and keys.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the help correct? Looks like its pointing at a file?
Yes, its' correct. How about --dest-ca-cert=CERTIFICATE
? Or CERT
, CERTIFICATE_LOCATION
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm also ok with dropping the -file
suffix, but the flag description must be clear about what it expects, like "Path to a certificate file for TLS..." or something similar. You could also add them to the usage, where we use FILENAME
when flags are expected to get the path to a file. Example: ... [--dest-ca-cert=FILENAME]
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fabianofranz square brackets mean the flag is optional, right? --dest-ca-cert
is required for reencrypt routes so I didn't include them in the usage message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it required?
We require destination certificates in reencrypt routes
origin/pkg/route/api/validation/validation.go
Line 118 in a1c70de
result = append(result, fielderrors.NewFieldInvalid("destinationCACertificate", tls.DestinationCACertificate, "edge termination does not support destination certificates")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrong link
this is it
result = append(result, fielderrors.NewFieldRequired("destinationCACertificate")) |
adding tests |
if err != nil { | ||
return err | ||
} | ||
mapper, typer := f.Object() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From here down this method is icky. We should make this easier to use, but I don't see it as a need for this pull.
// unsecuredRoute will return a route with enough info so that it can direct traffic to | ||
// the service provided by --expose. Callers of this helper are responsible for providing | ||
// tls configuration, path, and the hostname of the route. | ||
func unsecuredRoute(kc *kclient.Client, namespace, routeName, serviceName, portString string) (*api.Route, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
much more readable, thanks.
Minor comments. I'd like to get someone on the UI team to declare |
+1 for |
changed to --service and made --port mandatory in case of exposing a non-existent service Any other comments? |
Add three subcommands under `oc create route` that create secure routes. `oc expose` will continue creating unsecured routes as it already does but we will not enhance it further.
one clean run, one new-app flake [test] |
--service, not --expose. The create commands are about creating the On Sun, Jan 31, 2016 at 9:32 AM, Michail Kargakis notifications@github.com
|
Evaluated for origin test up to a555a35 |
continuous-integration/openshift-jenkins/test FAILURE (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/630/) |
LGTM |
[merge] |
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/4826/) (Image: devenv-rhel7_3311) |
Evaluated for origin merge up to a555a35 |
Add three subcommands under
oc create route
that create secureroutes.
oc expose
will continue creating unsecured routes as it alreadydoes but we will not enhance it further.
@deads2k @liggitt @pweil- @ramr @smarterclayton @jwforres @fabianofranz
Fixes #6094