Able to reference a User from permissions.rabbitmq.com crd #177
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This closes #165
Note to reviewers: remember to look at the commits in this PR and consider if they can be squashed
Note to contributors: remember to re-generate client set if there are any API changes
Summary Of Changes
spec.userReference
(type LocalObjectReference) to permissions.rabbitmq.comspec.user
to minimize disruption to our usersspec.user
is no longer a mandatory field. However, permissions webhook will make sure that one ofspec.userReference
andspec.user
must be provided; webhook also returns an invalid error if both fields are specified.SatisfyAll
where it makes senseWhy reference user in
permissions.rabbitmq.com
but not the other around?To assign permissions for a users, we need to have the username, permissions configurations, and the vhost. Users are not vhost specific and can have different permissions configurations in different vhosts. If we were to add permissions configurations in
users.rabbitmq.com
, updates that revokes permissions in certain vhosts could be hard to perform (operator will need to keep track of the previous list of vhosts and check if there were deletion on every updates).