-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use discovery based version gating for policy commands #16219
Use discovery based version gating for policy commands #16219
Conversation
@openshift/cli-review |
The mechanism looks good, however it is too hardcoded as built. |
pkg/cmd/util/clientcmd/gating.go
Outdated
if len(minServerVersion) == 0 && len(maxServerVersion) == 0 { | ||
return fmt.Errorf("No version info passed to gate command") | ||
// Do a discovery to see if the legacy policy resources are supported. If they are, return nil, otherwise return err. | ||
func ResourceGate(ocClient *client.Client) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add input parameters for group version and resource nmes here
002f4dc
to
87cc26a
Compare
@simo5 updated. |
pkg/cmd/util/clientcmd/gating.go
Outdated
} | ||
|
||
// Do a discovery for server resources of the provided groupVersion, returning nil if any one of resourceNames is supported | ||
// by the server. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would think that we should check if all of the resources are availble, not any, as in most case API are not actually interchangable. Otherwise we force callers to only pass one resource at a time and make multiple calls to make sure all the resources they need are available.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bonus points would be if we return the list of unavailable ones with the error code, when some are unavailable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose it could do []GVR, err
where err != nil
is always fatal, and then LegacyPolicyResourceGate
could wrap that with and extra error on a non-empty []GVR
.
pkg/cmd/util/clientcmd/gating.go
Outdated
|
||
// Do a discovery for server resources of the provided groupVersion, returning nil if any one of resourceNames is supported | ||
// by the server. | ||
func ResourceGate(ocClient *client.Client, groupVersion string, resourceNames []string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should take a variatric list of GVR structs, not []string and a separate GV.
pkg/cmd/util/clientcmd/gating.go
Outdated
}) | ||
} | ||
|
||
// Do a discovery for server resources of the provided groupVersion, returning nil if any one of resourceNames is supported |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs to start with ResourceGate
pkg/cmd/util/clientcmd/gating.go
Outdated
if len(minServerVersion) == 0 && len(maxServerVersion) == 0 { | ||
return fmt.Errorf("No version info passed to gate command") | ||
// Return err if the server does not support any of the legacy policy objects (< 3.7) | ||
func LegacyPolicyResourceGate(ocClient *client.Client) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs to start with LegacyPolicyResourceGate
. Turn on the inspection in Gogland.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this be changed to take the client.Interface
instead? Then you can actually add some unit tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You may be able to take just the discovery interface, which would be preferred.
pkg/cmd/util/clientcmd/gating.go
Outdated
return fmt.Errorf("No version info passed to gate command") | ||
// Return err if the server does not support any of the legacy policy objects (< 3.7) | ||
func LegacyPolicyResourceGate(ocClient *client.Client) error { | ||
return ResourceGate(ocClient, "authorization.openshift.io/v1", []string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need both "" and "authorization.openshift.io" so 8 GVR items in the list total.
pkg/cmd/util/clientcmd/gating.go
Outdated
} | ||
|
||
ocVersionBody, err := ocClient.Get().AbsPath("/version/openshift").Do().Raw() | ||
serverVersion, err := ocClient.Discovery().ServerVersion() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not really useful.
pkg/cmd/util/clientcmd/gating.go
Outdated
} | ||
|
||
// Do a discovery for server resources of the provided groupVersion, returning nil if any one of resourceNames is supported | ||
// by the server. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose it could do []GVR, err
where err != nil
is always fatal, and then LegacyPolicyResourceGate
could wrap that with and extra error on a non-empty []GVR
.
87cc26a
to
5480b39
Compare
a7064b7
to
e085cbc
Compare
Updated with a bunch of changes from irl feedback from @enj. The gating is split into generic discovery and legacy gating functions, with added cmd and unit tests. |
e085cbc
to
000f60f
Compare
/unassign |
/retest |
flake #16144 |
000f60f
to
546fe74
Compare
Updated from the last bit of @enj feedback (added tests for the DiscoverGroupVersionResources() GroupVersion caching) |
/retest |
addressed changes from in-person feedback
/retest |
/lgtm |
/lgtm 👍 for adding another extremely well tested command. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: enj, mrogers950, simo5 Assign the PR to them by writing The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Approving since @juanvallejo said he was happy earlier and we need this ASAP. |
flake: #16369 /test extended_conformance_install_update |
…stage Use discovery based version gating for policy commands #16219
Automatic merge from submit-queue (batch tested with PRs 16089, 16305, 16219, 15934, 16366) |
This PR switches from the policy command version gating with hard-coded 3.7 versions to a solution based on the discovery of supported server resources.
Fixes #15831