Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add issuer override #202

Merged
merged 9 commits into from
Mar 10, 2023
Merged

Add issuer override #202

merged 9 commits into from
Mar 10, 2023

Conversation

herodes1991
Copy link
Contributor

@herodes1991 herodes1991 commented Feb 17, 2023
edited
Loading

PR to include the override of the issuer name as we already do with the issuer type

We have the need to have different certificate_issuers per ingress in the same application and the current FIAAS spec does not allow us to do it

Also fixed an error that appeared with python3 version

@herodes1991 herodes1991 requested a review from a team as a code owner February 17, 2023 15:34
@herodes1991
Copy link
Contributor Author

@oyvindio, can you take a look? 😄

@j18e
Copy link
Contributor

j18e commented Feb 21, 2023

@oyvindio is on vacation until next week, and I don't understand the feature well enough (or the codebase, for that matter) to be the sole approver. So this will have to wait until he's back, unfortunately.

@herodes1991
Copy link
Contributor Author

herodes1991 commented Feb 23, 2023
edited
Loading

@j18e no problem at all. I will create my own image with this change meanwhile 😄

I will add some fixes about python3 I'm just discovering while testing this image

@oyvindio
Copy link
Member

Thanks for the PR! I will try to make some time to take a closer look at this later this week

@herodes1991
Copy link
Contributor Author

Thank you @oyvindio! Were you able to take a quick look? 😄

oyvindio
oyvindio requested changes Mar 7, 2023
View reviewed changes
Copy link
Member

@oyvindio oyvindio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Functionally, this looks good to me.

Before merging, please update the operator guide with documentation describing how to use the new configuration flag. (I'm setting request changes mainly for this).

IngressDeployer is already a bit complicated, so while it looks like this should work, I don't think it is ideal that more TLS related functionality is "leaking" into this class. Some ideas to refactor this might be;

  • Wrap the _tls_issuer_* instance variables and _get_issuer_* methods in a separate class (TLSIssuerConfiguration?, TLSIssuers?) and use that in IngressDeployer. That seems relatively straightforward to do and could make the separation of concerns a bit clearer.
  • Make AnnotatedIngress a proper (data?)class, move more of the of the logic around issuer types and issuer names into it (maybe combine this with using the class to encapsulate issuer name/type logic suggested above in AnnotatedIngress?). AnnotatedIngress could be passed to IngressTLSDeployer for setting the TLS annotations. I think this could leave only the ingress item grouping related logic related to TLS issuers in IngressDeployer. This probably requires moving a bit more code around than the previous point.

What do you think? Refactoring could potentially be handled in a followup PR.

fiaas_deploy_daemon/deployer/kubernetes/ingress.py Outdated Show resolved Hide resolved
fiaas_deploy_daemon/deployer/kubernetes/ingress.py Outdated Show resolved Hide resolved
fiaas_deploy_daemon/usage_reporting/dev_hose_auth.py Show resolved Hide resolved
@herodes1991
Copy link
Contributor Author

Hello Oyvindio, I will try to check the comments, but for the refactor I will not be able to work on it until April, Is it okay to merge this PR and, in April, I refactor the TLS code?

@herodes1991 herodes1991 force-pushed the Add-issuer-override branch from d82fb33 to f81f046 Compare March 9, 2023 14:47
@oyvindio
Copy link
Member

Hello Oyvindio, I will try to check the comments, but for the refactor I will not be able to work on it until April, Is it okay to merge this PR and, in April, I refactor the TLS code?

Yes, I think it is okay to do refactoring in a followup PR.
Please add documentation in the operator guide for the new config flag added in this PR though.

oyvindio
oyvindio approved these changes Mar 10, 2023
View reviewed changes
Copy link
Member

@oyvindio oyvindio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@herodes1991 herodes1991 merged commit 408daa2 into master Mar 10, 2023
@herodes1991 herodes1991 deleted the Add-issuer-override branch March 10, 2023 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oyvindio oyvindio oyvindio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@herodes1991 @j18e @oyvindio @Fsero