Neutron: AddressScope controller #693
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| /* | ||
| Copyright The ORC Authors. | ||
|
|
||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||
| you may not use this file except in compliance with the License. | ||
| You may obtain a copy of the License at | ||
|
|
||
| http://www.apache.org/licenses/LICENSE-2.0 | ||
|
|
||
| Unless required by applicable law or agreed to in writing, software | ||
| distributed under the License is distributed on an "AS IS" BASIS, | ||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| See the License for the specific language governing permissions and | ||
| limitations under the License. | ||
| */ | ||
|
|
||
| package v1alpha1 | ||
|
|
||
| // AddressScopeResourceSpec contains the desired state of the resource. | ||
| type AddressScopeResourceSpec struct { | ||
| // name will be the name of the created resource. If not specified, the | ||
| // name of the ORC object will be used. | ||
| // +optional | ||
| Name *OpenStackName `json:"name,omitempty"` | ||
|
|
||
| // projectRef is a reference to the ORC Project which this resource is associated with. | ||
| // +optional | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="projectRef is immutable" | ||
| ProjectRef *KubernetesNameRef `json:"projectRef,omitempty"` | ||
|
|
||
| // ipVersion is the IP protocol version. | ||
| // +required | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ipVersion is immutable" | ||
| IPVersion IPVersion `json:"ipVersion"` | ||
|
|
||
| // shared indicates whether this resource is shared across all | ||
| // projects or not. By default, only admin users can change set | ||
| // this value. We can't unshared a shared address scope; Neutron | ||
| // enforces this. | ||
| // +optional | ||
| // +kubebuilder:validation:XValidation:rule="!(oldSelf && !self)",message="shared address scope can't be unshared" | ||
| Shared *bool `json:"shared,omitempty"` | ||
|
Collaborator
There was a problem hiding this comment.
Is that right? It's both a pointer here and in gophercloud, so we should be able to pass it a value of
Contributor
Author
There was a problem hiding this comment. Yes. The error is with those lines. Looks like something to change in OpenStack (if it really makes sense to change). Taking a quick look at the feature spec[1] and at the first commit review[2] for this feature, I didn't find any rationale to have this as it is. [1] https://specs.openstack.org/openstack/neutron-specs/specs/mitaka/address-scopes.html
Contributor
Author
There was a problem hiding this comment. If you are okay with this, I can bring this discussion to the next neutron meeting and double-check with the maintainers.
Collaborator
There was a problem hiding this comment. Oh ok, thanks for the pointer. It looks intentional. In that case, we should add a comment explaining our choice.
Contributor
Author
There was a problem hiding this comment. Ok. I made the field mutable, but added a validation to prevent unsharing the address scope. I think it is better to comply with the OpenStack behavior and give the operator the ability to share it if they want to. About the Actually, I think it'll be cleaner if we could capture the CEL validation and ensure that it's throwing properly. About this, I thought of capturing the output of the command in
Collaborator
There was a problem hiding this comment. Or we just test CEL validation via I like using |
||
| } | ||
|
|
||
| // AddressScopeFilter defines an existing resource by its properties | ||
| // +kubebuilder:validation:MinProperties:=1 | ||
| type AddressScopeFilter struct { | ||
| // name of the existing resource | ||
| // +optional | ||
| Name *OpenStackName `json:"name,omitempty"` | ||
|
|
||
| // projectRef is a reference to the ORC Project which this resource is associated with. | ||
| // +optional | ||
| ProjectRef *KubernetesNameRef `json:"projectRef,omitempty"` | ||
|
|
||
| // ipVersion is the IP protocol version. | ||
| // +optional | ||
| IPVersion IPVersion `json:"ipVersion,omitempty"` | ||
|
|
||
| // shared indicates whether this resource is shared across all | ||
| // projects or not. By default, only admin users can change set | ||
| // this value. | ||
| // +optional | ||
| Shared *bool `json:"shared,omitempty"` | ||
| } | ||
|
|
||
| // AddressScopeResourceStatus represents the observed state of the resource. | ||
| type AddressScopeResourceStatus struct { | ||
| // name is a Human-readable name for the resource. Might not be unique. | ||
| // +kubebuilder:validation:MaxLength=1024 | ||
| // +optional | ||
| Name string `json:"name,omitempty"` | ||
|
|
||
| // projectID is the ID of the Project to which the resource is associated. | ||
| // +kubebuilder:validation:MaxLength=1024 | ||
| // +optional | ||
| ProjectID string `json:"projectID,omitempty"` | ||
|
|
||
| // ipVersion is the IP protocol version. | ||
| // +optional | ||
| IPVersion int32 `json:"ipVersion,omitempty"` | ||
|
|
||
| // shared indicates whether this resource is shared across all | ||
| // projects or not. By default, only admin users can change set | ||
| // this value. | ||
| // +optional | ||
| Shared *bool `json:"shared,omitempty"` | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We haven't been really good at consistently writing API validation tests for our controller. Ideally we should have one for this field because the CEL validation is getting complex.
(I've just asked claude to write the missing tests, we'll see what it's going to come up with 😅)