feat: add types and mapping functions for IAPSettings #2785
Conversation
jingyih
force-pushed
the
IAPSettings
branch
5 times, most recently
from
c258e5e to
798ec69
Compare
jingyih
changed the title
| // IAPSettingsSpec defines the desired state of IAPSettings | ||
| // +kcc:proto=google.cloud.iap.v1.IapSettings | ||
| type IAPSettingsSpec struct { | ||
| // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable" |
There was a problem hiding this comment.
Suggest not using immutable check for resourceID (maybe we can specifically call it out in the scifi guide, here)
There was a problem hiding this comment.
I ended up regenerating the types and mappings from scratch using the updated templates, this immutable check is no longer present.
apis/iap/v1alpha1/types.generated.go
Outdated
| // +kcc:proto=google.cloud.iap.v1.AccessDeniedPageSettings | ||
| type AccessDeniedPageSettings struct { | ||
| // The URI to be redirected to when access is denied. | ||
| AccessDeniedPageUri *string `json:"accessDeniedPageUri,omitempty"` |
There was a problem hiding this comment.
nit: uri --> URI. Could you also add it to the TestCRDsAcronyms test
There was a problem hiding this comment.
This is fixed by 19657bd
dev/tasks/generate-crds
Outdated
| @@ -55,7 +55,7 @@ go run ./scripts/crd-tools reflow-descriptions --dir apis/config/crd/ | |||
|
|
|||
| # excluded_resources are resources that are under development for a direct conversion | |||
| # we don't modify the CRD just yet for those but will in the future | |||
| excluded_resources=("securesourcemanagerinstance") | |||
| excluded_resources=("securesourcemanagerinstance" "iapsettings") | |||
There was a problem hiding this comment.
Is there a reason on adding this alpha resource here?
There was a problem hiding this comment.
This ensures that we don't generate the CRD for IAPSettings before the direct controller is added.
pkg/controller/direct/maputils.go
Outdated
| @@ -26,6 +26,7 @@ import ( | |||
| "google.golang.org/protobuf/reflect/protoreflect" | |||
| "google.golang.org/protobuf/types/known/durationpb" | |||
| "google.golang.org/protobuf/types/known/timestamppb" | |||
| "google.golang.org/protobuf/types/known/wrapperspb" | |||
There was a problem hiding this comment.
So this library is already deprecated, I was not sure if we should support it or not. Now it is more obvious that we do want to support it. Could you add the other wrapperspb functions in this lib or improve the mapper generator to consider the types from wrapperspb (as a bonus)?
There was a problem hiding this comment.
Sure, do you mean 427d4b1?
|
|
||
| // IAPSettingsSpec defines the desired state of IAPSettings | ||
| // +kcc:proto=google.cloud.iap.v1.IapSettings | ||
| type IAPSettingsObservedState struct { |
There was a problem hiding this comment.
Suggest adding the configurable fields here as well (does IapSettings has any output-only field?)
There was a problem hiding this comment.
There is currently no output only field in the proto. So I commented out the ObservedState for now.
jingyih
force-pushed
the
IAPSettings
branch
2 times, most recently
from
37d57a0 to
427d4b1
Compare
| "sigs.k8s.io/controller-runtime/pkg/client" | ||
| ) | ||
|
|
||
| // IAPSettingsIdentity defines the resource reference to IAPSettings. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: yuwenma The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Rebased PR to resolve merge conflict. |
|
/lgtm |
|
/hold cancel |
google-oss-prow
bot
merged commit 2baa6c5
into
GoogleCloudPlatform:master
Generate types and mapping functions for
IAPSettings.This PR also includes tooling enhancements for handling the protobuf wrapperspb types.
For the resource, the most controversial part is the “name” field, which has different formats depending on the resource type that the IAPSettings are associated with. The current implementation requires users to manually form the string for the name field. Alternatively, we could introduce virtual fields like
organizationRef,folderRef,projectRef,computeBackendServiceRef, etc., to help construct the name string. However, my preference is to keep the resource simple and recommend that users leverage KCC composition.