Fix perpetual diff in claim_ref #1227
Conversation
The claim_ref attribute would perpetually show a diff if the PV was created without a claim_ref specified. This is because all PVs gain a claimRef once a PVC binds to it. (This creates the bi-directional link between PV and PVC, and it's done on the Kubernetes API side). To support this, `claim_ref` is now a Computed attribute, and it will update to show the claimRef once a PVC has bound to the PV, (only now it will do so without creating a diff in terraform). Also added extra tests to catch this case and moved claim_ref's flatteners/expanders/tests into the correct files.
| Elem: schema.TypeString, | ||
| Required: true, | ||
| Optional: true, | ||
| Default: "default", | ||
| }, |
There was a problem hiding this comment.
Since all PVCs are namespaced, I figured we should put some guardrails in here to catch cases where users accidentally leave it blank. In my testing, the Kubernetes API allows the ClaimRef to be blank, but it will never bind until the correct namespace is specified.
There was a problem hiding this comment.
I think that's a good reasoning.
I wasn't sure if namespace is actually required in the Kubernetes schema or not, so I checked in the schema reference docs. It's indeed not required. However, I noticed that claimRef is actually defined as type ObjectReference. That type has a bunch of other attributes that are missing in our schema (were also missing in the original PR).
I wonder if we should take this opportunity to backfill those as well so that claimRef actually follows the official API schema.
I also missed them when reviewing the original PR.
Complete set of attributes of claimRef described here: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectreference-v1-core
There was a problem hiding this comment.
Yeah, I noticed all those extra attributes coming up inside the PV during testing, and in the API docs. However, we only need name and namespace for this feature. If there is a need for the other attributes later, like if users need to use an ObjectReference outside of a PV, I think it makes sense to add these things as people ask for it. Then we can evaluate the usefulness of each feature that users are asking for, and prioritize accordingly. So far it seems we've implemented all the useful types without creating an ObjectReference (we have Secret, CronJob, ServiceAccount). I imagine it would involve some refactoring to go back and change how those work.
There was a problem hiding this comment.
Sounds good then. I'll document the missing ObjectReference fields in a separate issue and we can get back to them when there is demand.
| ignore_changes = [ | ||
| spec[0].claim_ref, | ||
| ] | ||
| } | ||
| } |
There was a problem hiding this comment.
This section was causing the test to pass, when it shouldn't have. It masked the perpetual diff.
| } | ||
| o := v[0].(map[string]interface{}) | ||
| o := l[0].(map[string]interface{}) | ||
| return &v1.ObjectReference{ |
There was a problem hiding this comment.
I just changed the variable name here to be consistent with the rest of the file.
| att["namespace"] = in.Namespace | ||
| } | ||
| return []interface{}{att} | ||
| } |
There was a problem hiding this comment.
This was moved because it's only used in the volume schema.
There was a problem hiding this comment.
Technically v1.ObjectReference is used in a bunch of other resources (listed here: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectreference-v1-core).
We might want to keep this and think about consolidating all those use-cases to re-use the same schema snippet and flatten / expand code (not in this PR, of course).
There was a problem hiding this comment.
Yeah, I did see that in the API docs, but in our codebase it's only used for the persistent volume schema, so I thought it made sense to keep it in that file until it's used more broadly. We may never use it outside of the persistent volume schema. But even if we do, the containers schema isn't quite the right place for it either, since it wouldn't be used in containers.
| @@ -16,6 +16,29 @@ import ( | |||
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | |||
| ) | |||
|
|
|||
| func TestAccKubernetesPersistentVolume_minimal(t *testing.T) { | |||
| var conf api.PersistentVolume | |||
There was a problem hiding this comment.
_minimal tests are a type I started adding a few months back. The goal with these is just to provision the bare minimum amount of infrastructure, with as few options set as possible, which should work in local testing and on cloud environments. These kinds of tests will tell you if the basic resource provisioning is working properly, and if the default values for the resource are working properly.
There was a problem hiding this comment.
Thanks for the nice resolution here, @dak1n1 !
I left some thoughts here and there, but most importantly I realised that the current schema for claimRef seems to be incomplete.
I think this might be a good opportunity to fix that too, before users start pointing it out.
| Elem: schema.TypeString, | ||
| Required: true, | ||
| Optional: true, | ||
| Default: "default", | ||
| }, |
There was a problem hiding this comment.
I think that's a good reasoning.
I wasn't sure if namespace is actually required in the Kubernetes schema or not, so I checked in the schema reference docs. It's indeed not required. However, I noticed that claimRef is actually defined as type ObjectReference. That type has a bunch of other attributes that are missing in our schema (were also missing in the original PR).
I wonder if we should take this opportunity to backfill those as well so that claimRef actually follows the official API schema.
I also missed them when reviewing the original PR.
Complete set of attributes of claimRef described here: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectreference-v1-core
| att["namespace"] = in.Namespace | ||
| } | ||
| return []interface{}{att} | ||
| } |
There was a problem hiding this comment.
Technically v1.ObjectReference is used in a bunch of other resources (listed here: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectreference-v1-core).
We might want to keep this and think about consolidating all those use-cases to re-use the same schema snippet and flatten / expand code (not in this PR, of course).
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
The
claim_refattribute would perpetually show a diff if the PV was created without aclaim_refspecified.This is because all PVs gain a claimRef once a PVC binds to it. (This creates the bi-directional link between PV and PVC,
and it's done on the Kubernetes API side).
To support this,
claim_refis now a Computed attribute, and it will update to show the claimRef once a PVC has bound to the PV,(only now it will do so without creating a diff in terraform).
Also added extra tests to catch this case and moved claim_ref's flatteners/expanders/tests into the correct files.
Description
Acceptance tests
Output from acceptance testing:
Release Note
Release note for CHANGELOG:
References
Community Note