MIWI API endpoints #3608
MIWI API endpoints #3608
Conversation
kimorris27
added
ready-for-review
chainsaw
kimorris27
requested review from
jewzaam,
bennerv,
hawkowl,
rogbas,
petrkotas,
jharrington22,
cblecker,
cadenmarchese,
UlrichSchlueter,
SudoBrendan,
Shivkumar13,
yjst2012,
jaitaiwan,
anshulvermapatel,
hlipsig and
tiguelu
as code owners
pkg/api/admin/platformworkloadidentityroleset_validatestatic.go
Outdated
Show resolved
Hide resolved
| out.Properties.PlatformWorkloadIdentityRoles[i].ServiceAccounts = make([]string, 0, len(r.ServiceAccounts)) | ||
| out.Properties.PlatformWorkloadIdentityRoles[i].ServiceAccounts = append(out.Properties.PlatformWorkloadIdentityRoles[i].ServiceAccounts, r.ServiceAccounts...) | ||
| for _, r := range s.Properties.PlatformWorkloadIdentityRoles { | ||
| role := PlatformWorkloadIdentityRole{ |
There was a problem hiding this comment.
Nit: space between PlatformWorkloadIdentityRole and {
There was a problem hiding this comment.
I'd put a space before the curly brace if for example this were line 23 and I had left out the space after the range expression, but I think it's normal Go style to avoid leaving blank space in that spot in a struct literal, and that's what's done throughout the codebase.
| for i, r := range new.Properties.PlatformWorkloadIdentityRoles { | ||
| if r.OperatorName == "" { | ||
| errs = append(errs, api.NewCloudError(http.StatusBadRequest, api.CloudErrorCodeInvalidParameter, fmt.Sprintf("properties.platformWorkloadIdentityRoles[%d].operatorName", i), "Must be provided")) |
There was a problem hiding this comment.
Instead of comparing struct fields individually, consider using this: https://github.com/go-playground/validator
There was a problem hiding this comment.
I played around with it, but I don't think it's good for our static validators simply because it doesn't give the user friendly error messages that we want going to those making API requests. For example:
Key: 'PlatformWorkloadIdentityRole.OperatorName' Error:Field validation for 'OperatorName' failed on the 'required' tag
This error message would be perfectly fine for me as a regular developer of the RP, but it doesn't even include the fully qualified path of the API field presenting the issue, which won't be great for external users. (Well, I say "external users", but this is the admin API... 🙂)
I think adding it in just for this PR would create an inconsistency with respect to our error messaging and that with that in mind it would be best considered as a future refactor that we do across all of the static validators. Your thoughts?
|
I agree that patch seems unnecessary. This PR is already large, if we decide we need patch after a while then let's do it in its own PR. Still reviewing code may have more comments later. |
kimorris27
force-pushed
the
kimorris27/ARO-6448-api-endpoints
branch
from
a6c513a
to
9607267
Compare
pkg/frontend/admin_platformworkloadidentityroleset_list_test.go
Outdated
Show resolved
Hide resolved
|
/azp run e2e |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run ci |
I originally wrote the code the way I did so that we could aggregate errors so that we could provide a better UX in cases where there are multiple similar errors in the request content. I found while writing unit tests that aggregating the errors in this way and not wrapping them in a CloudError causes the RP to return an internal server error instead of a 400 bad request. Is there a way we can aggregate the errors and still wrap them in a CloudError? I'm not sure of the formatting requirements for the text of CloudErrors.
…ame time where applicable for better UX
… minor version more readable
kimorris27
force-pushed
the
kimorris27/ARO-6448-api-endpoints
branch
from
bae3131
to
d7e58e2
Compare
|
/azp run ci, e2e |
|
Azure Pipelines successfully started running 2 pipeline(s). |
| if err != nil { | ||
| t.Fatal(err) | ||
| } | ||
| oc := tt.preflightRequest() | ||
|
|
||
| go f.Run(ctx, nil, nil) | ||
| f.mu.Lock() | ||
| f.ocpVersionsMu.Lock() |
There was a problem hiding this comment.
correct - I'm just trying to wrap my head around concurrent writes to different tables. I understand that from a Cosmos perspective, we should be able to write to both containers at the same time, but my question is, can the RP handle that? Would it be safer code-wise to keep all locks as the same thing, even if it is inefficient, so we don't risk a future change mistakingly using the wrong lock, because the RP doesn't write enough to Cosmos for us to care? ... Maybe I'm over-thinking this. 😅
Which issue this PR addresses:
https://issues.redhat.com/browse/ARO-6448
What this PR does / why we need it:
This PR introduces the API endpoints for the
PlatformWorkloadIdentityRoleSetproxy resources as discussed in MIWI design documents. The only deviation from the design docs is that I did not implement an adminPATCH- it's extra work, and we are hardly if ever going to use it (refer toupdate_ocp_versions.goto see how we doOpenShiftVersionstoday and talk directly to Cosmos DB without even using thePUTAPI endpoint). But if the team reviews and thinks aPATCHis worth adding, we can add it.The three new endpoints are:
GET(list)GET(list)PUTTest plan for issue:
Is there any documentation that needs to be updated for this PR?
No (I think?)
How do you know this will function as expected in production?
Tested the endpoints with a full service RP, reused existing battle-tested frontend code, and was thorough in writing unit test cases.