2. Plumb LogicalCluster type through and generalize lcluster logic #744
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
9 times, most recently
from
f680a35
to
ea3dfd2
Compare
Any pointers to the why and how of this deprecation? This is the first I'm hearing of it, and the existing code seems to heavily depend on the existing field. |
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
from
ea3dfd2
to
fdae37f
Compare
|
Would it be possible to break this into smaller pieces to make detailed review a possibility? |
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
3 times, most recently
from
94273bf
to
dfa03d6
Compare
This was referenced Mar 25, 2022
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
from
dfa03d6
to
a2d4e97
Compare
sttts
changed the title
sttts
changed the title
s-urbaniak
reviewed
Mar 25, 2022
| } else if decision != authorizer.DecisionAllow { | ||
| return kerrors.NewForbidden(tenancyv1beta1.Resource("workspaces"), "", fmt.Errorf("user %q lacks %s permission to workspace %q", user.GetName(), verb, orgClusterName)) | ||
| klog.Errorf("user %q lacks (%s) clusterworkspaces/content %q permission for %q in %s: %s", user.GetName(), decisions[decision], verb, orgName, parent, reason) |
There was a problem hiding this comment.
general thought: does this already land in audit?
There was a problem hiding this comment.
good question. I don't know how it could. We cannot return a detailed error object. Is there some way to give annotations to the audit layer?
There was a problem hiding this comment.
yes, i believe so 🤔 let me look at that.
s-urbaniak
reviewed
Mar 25, 2022
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
3 times, most recently
from
e2ebac3
to
ec8a094
Compare
s-urbaniak
reviewed
Mar 25, 2022
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
3 times, most recently
from
f57494b
to
5034d72
Compare
marun
reviewed
Mar 26, 2022
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
2 times, most recently
from
d3d6027
to
468b1d5
Compare
sttts
changed the title
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
4 times, most recently
from
f605594
to
a74ceff
Compare
This reverts commit 034f5c4.
sttts
force-pushed
the
sttts-kcp-logicalcluster
branch
from
210db16
to
1163457
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on https://github.com/kcp-dev/apimachinery/blob/main/pkg/logicalcluster/logicalcluster.go.
clusterNames aka logical clusters akalogicalcluster.LogicalClusterlogicalcluster.From(obj) LogicalCluster(to prepare for deprecation ofmetadata.clusterName)implemented path semantics on the higher layers (i.e. this opens the door for multiple levels for orgs, but generally greatly clarifies code).Moved to 3. virtual: implement full generalized logical cluster support and prepare for sharding #780.removed duality between v1beta1Moved to 5. kubectl-kcp: get rid of workspace duality and implement logical cluster path semantics #778.Workspacesin some virtual workspace path and theClusterWorkspacesin an org. Now you can dokubectl get workspacesin an orggeneralized the authentication cache inMoved to 3. virtual: implement full generalized logical cluster support and prepare for sharding #780.pkg/virtual/workspacesto beClusterWorkspaces-driven on the level of the workspaces the user does requests against, and not depending on the parent. This prepares us for sharding.simplified and complete kubectl plugin to implement the second section in https://docs.google.com/document/d/1XJJCr16bg22QuJnQB2W98A-djRTtrLr2JE2IWZUHzJU/edit#heading=h.nn8danthd1ys.Moved to 5. kubectl-kcp: get rid of workspace duality and implement logical cluster path semantics #778.In general, this PR implements the ideas of https://docs.google.com/document/d/1XJJCr16bg22QuJnQB2W98A-djRTtrLr2JE2IWZUHzJU/edit#heading=h.nn8danthd1ys.
Depends on kcp-dev/kubernetes#53.