Refactor dynamic validator to be operator compatible #1232
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
Internal methods args now are big hairy but external consumption should be same or easier. |
ihcsim
reviewed
Dec 16, 2020
Contributor
There was a problem hiding this comment.
s/NewOpenShiftClusterlimDynamicValidator/NewOpenShiftClusterSlimDynamicValidator
Contributor
There was a problem hiding this comment.
AFAICT, these two fields aren't needed by the slim validator. They are only used by the full validator at line 178 and 198. If these fields can be moved to the full validator and the full validator can have its own logrus.Entry, then you might not need to embed the slim validator.
Contributor
Author
There was a problem hiding this comment.
Im not sure what you have in mind here.
TenatID is to avoid passing in all subscription documents. Same with subscriptionID.
And envName is to instantiate azureEnvironment.
Or I misunderstood the comment?
Contributor
There was a problem hiding this comment.
I was referring to the spProviders and spVirtualNetworks fields. My thought is to not embed the slim validator in the full validator since the slim validator has other unneeded fields.
Taking it a step further, we might not even need to declare them as fields in the struct. Will something like the following work?
diff --git a/pkg/api/validate/openshiftcluster_validatedynamic.go b/pkg/api/validate/openshiftcluster_validatedynamic.go
index e0ef97e3..1f290fc6 100644
--- a/pkg/api/validate/openshiftcluster_validatedynamic.go
+++ b/pkg/api/validate/openshiftcluster_validatedynamic.go
@@ -48,16 +48,13 @@ type OpenShiftClusterSlimDynamicValidator interface {
// NewOpenShiftClusterFullDynamicValidator creates a new OpenShiftClusterFullDynamicValidator
func NewOpenShiftClusterFullDynamicValidator(log *logrus.Entry, env env.Interface, oc *api.OpenShiftCluster, subscriptionDoc *api.SubscriptionDocument, fpAuthorizer refreshable.Authorizer) OpenShiftClusterFullDynamicValidator {
return &openShiftClusterFullDynamicValidator{
- openShiftClusterSlimDynamicValidator: &openShiftClusterSlimDynamicValidator{
- log: log,
- },
env: env,
oc: oc,
subscriptionDoc: subscriptionDoc,
fpAuthorizer: fpAuthorizer,
- fpPermissions: authorization.NewPermissionsClient(env.Environment(), subscriptionDoc.ID, fpAuthorizer),
+ log: log,
}
}
@@ -80,14 +77,13 @@ func NewOpenShiftClusterSlimDynamicValidator(log *logrus.Entry, clientID string,
// and can operate within cluster and firstParty service principals.
// It includes openShiftClusterSlimDynamicValidator
type openShiftClusterFullDynamicValidator struct {
- *openShiftClusterSlimDynamicValidator
env env.Interface
oc *api.OpenShiftCluster
subscriptionDoc *api.SubscriptionDocument
fpAuthorizer refreshable.Authorizer
- fpPermissions authorization.PermissionsClient
+ log *logrus.Entry
}
// openShiftClusterSlimDynamicValidator is dynamic validator used inside clusters
@@ -100,10 +96,6 @@ type openShiftClusterSlimDynamicValidator struct {
tenantID string
subscriptionID string
environmentName string
-
- spPermissions authorization.PermissionsClient
- spProviders features.ProvidersClient
- spVirtualNetworks network.VirtualNetworksClient
}
// Dynamic validates an OpenShift cluster in the context of cluster
@@ -117,16 +109,14 @@ func (dv *openShiftClusterSlimDynamicValidator) Dynamic(ctx context.Context) err
return err
}
- dv.spPermissions = authorization.NewPermissionsClient(&azureEnv, dv.subscriptionID, spAuthorizer)
- dv.spProviders = features.NewProvidersClient(&azureEnv, dv.subscriptionID, spAuthorizer)
- dv.spVirtualNetworks = network.NewVirtualNetworksClient(&azureEnv, dv.subscriptionID, spAuthorizer)
+ spPermissions := authorization.NewPermissionsClient(&azureEnv, dv.subscriptionID, spAuthorizer)
vnetr, err := azure.ParseResourceID(dv.clusterSpec.VNetID)
if err != nil {
return err
}
- err = validateVnetPermissions(ctx, dv.log, spAuthorizer, dv.spPermissions, dv.clusterSpec.VNetID, &vnetr, api.CloudErrorCodeInvalidServicePrincipalPermissions, "provided service principal")
+ err = validateVnetPermissions(ctx, dv.log, spAuthorizer, spPermissions, dv.clusterSpec.VNetID, &vnetr, api.CloudErrorCodeInvalidServicePrincipalPermissions, "provided service principal")
if err != nil {
return err
}
@@ -145,14 +135,15 @@ func (dv *openShiftClusterFullDynamicValidator) Dynamic(ctx context.Context) err
return err
}
+ fpPermissions := authorization.NewPermissionsClient(dv.env.Environment(), dv.subscriptionDoc.ID, dv.fpAuthorizer)
spAuthorizer, err := validateServicePrincipalProfile(ctx, dv.log, &dv.oc.Properties.ServicePrincipalProfile, dv.subscriptionDoc.Subscription.Properties.TenantID, dv.env.Environment().ResourceManagerEndpoint)
if err != nil {
return err
}
- dv.spPermissions = authorization.NewPermissionsClient(dv.env.Environment(), r.SubscriptionID, spAuthorizer)
- dv.spProviders = features.NewProvidersClient(dv.env.Environment(), r.SubscriptionID, spAuthorizer)
- dv.spVirtualNetworks = network.NewVirtualNetworksClient(dv.env.Environment(), r.SubscriptionID, spAuthorizer)
+ spPermissions := authorization.NewPermissionsClient(dv.env.Environment(), r.SubscriptionID, spAuthorizer)
+ spProviders := features.NewProvidersClient(dv.env.Environment(), r.SubscriptionID, spAuthorizer)
+ spVirtualNetworks := network.NewVirtualNetworksClient(dv.env.Environment(), r.SubscriptionID, spAuthorizer)
vnetID, _, err := subnet.Split(dv.oc.Properties.MasterProfile.SubnetID)
if err != nil {
@@ -164,28 +155,28 @@ func (dv *openShiftClusterFullDynamicValidator) Dynamic(ctx context.Context) err
return err
}
- err = validateVnetPermissions(ctx, dv.log, spAuthorizer, dv.spPermissions, vnetID, &vnetr, api.CloudErrorCodeInvalidServicePrincipalPermissions, "provided service principal")
+ err = validateVnetPermissions(ctx, dv.log, spAuthorizer, spPermissions, vnetID, &vnetr, api.CloudErrorCodeInvalidServicePrincipalPermissions, "provided service principal")
if err != nil {
return err
}
- err = validateVnetPermissions(ctx, dv.log, dv.fpAuthorizer, dv.fpPermissions, vnetID, &vnetr, api.CloudErrorCodeInvalidResourceProviderPermissions, "resource provider")
+ err = validateVnetPermissions(ctx, dv.log, dv.fpAuthorizer, fpPermissions, vnetID, &vnetr, api.CloudErrorCodeInvalidResourceProviderPermissions, "resource provider")
if err != nil {
return err
}
// Get after validating permissions
- vnet, err := dv.spVirtualNetworks.Get(ctx, vnetr.ResourceGroup, vnetr.ResourceName, "")
+ vnet, err := spVirtualNetworks.Get(ctx, vnetr.ResourceGroup, vnetr.ResourceName, "")
if err != nil {
return err
}
- err = validateRouteTablePermissions(ctx, dv.log, dv.oc, spAuthorizer, dv.spPermissions, &vnet, api.CloudErrorCodeInvalidServicePrincipalPermissions, "provided service principal")
+ err = validateRouteTablePermissions(ctx, dv.log, dv.oc, spAuthorizer, spPermissions, &vnet, api.CloudErrorCodeInvalidServicePrincipalPermissions, "provided service principal")
if err != nil {
return err
}
- err = validateRouteTablePermissions(ctx, dv.log, dv.oc, dv.fpAuthorizer, dv.fpPermissions, &vnet, api.CloudErrorCodeInvalidResourceProviderPermissions, "resource provider")
+ err = validateRouteTablePermissions(ctx, dv.log, dv.oc, dv.fpAuthorizer, fpPermissions, &vnet, api.CloudErrorCodeInvalidResourceProviderPermissions, "resource provider")
if err != nil {
return err
}
@@ -195,7 +186,7 @@ func (dv *openShiftClusterFullDynamicValidator) Dynamic(ctx context.Context) err
return err
}
- err = validateProviders(ctx, dv.log, dv.spProviders)
+ err = validateProviders(ctx, dv.log, spProviders)
if err != nil {
return err
}
Contributor
Author
There was a problem hiding this comment.
@bennerv I tempted to merge this and leave this change for you to do in your PR? Sounds good?
mjudeikis
force-pushed
the
validator.split
branch
from
63f4ea0 to
9d22704
Compare
Contributor
Author
|
/azp run e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
olga-mir
reviewed
Dec 17, 2020
|
/lgtm |
olga-mir
approved these changes
Dec 18, 2020
|
Please rebase pull request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which issue this PR addresses:
Fixes our ability to consume dynamic validation in context of Cluster/Operator.
Suggestion for #1230
What this PR does / why we need it:
Introduced 2 flavors of dynamic validator:
Full - all validators. Intended to run in the context of RP.
Slim - Validators intended to be running in the context of Operator.
It would need more refactoring so could consume the data from the validator. But might be good start.
Test plan for issue:
unit tests
Is there any documentation that needs to be updated for this PR?
no