Update allowedNamespaces type in AzureClusterIdentity #1331
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
the
size/XL
| // Namespaces can be selected either using an array of namespaces or with label selector. | ||
| // An empty allowedNamespaces object indicates that AzureClusters can use this identity from any namespace. | ||
| // If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) | ||
| // A namespace should be either in the NamespaceList or match with Selector to use the identity. |
There was a problem hiding this comment.
If both namespaceList and selectors are specified, which one takes precedence?
There was a problem hiding this comment.
I see that namespaceList takes precedence. Maybe worth pointing this out somewhere?
There was a problem hiding this comment.
good point, will add in desc here and docs
| return err | ||
| } | ||
|
|
||
| if len(src.Spec.AllowedNamespaces) > 0 { |
There was a problem hiding this comment.
Shouldn't this conversion be from the restored spec?
There was a problem hiding this comment.
restored is the v1alpha4 type
There was a problem hiding this comment.
IIUC, we must restore the extra fields (selector in this case) that will get lost in down conversion here, right?
There was a problem hiding this comment.
you mean in an annotation? doesn't it get saved automatically?
There was a problem hiding this comment.
yeah from the data annotation, something like this:
?There was a problem hiding this comment.
oh i get it now, my bad, just fixed it
nader-ziada
force-pushed
the
allowednamespaces
branch
from
6029f04
to
b3b822f
Compare
|
@shysank please take another look |
|
lgtm with one clarification on the conversion logic. |
nader-ziada
force-pushed
the
allowednamespaces
branch
from
b3b822f
to
0c29ef4
Compare
| @@ -161,3 +163,45 @@ func getAzureIdentityType(identity *infrav1.AzureClusterIdentity) (aadpodv1.Iden | |||
| return 0, errors.New("AzureIdentity does not have a vaild type") | |||
|
|
|||
| } | |||
|
|
|||
| // IsClusterNamespaceAllowed indicates if the cluster namespace is allowed | |||
| func IsClusterNamespaceAllowed(ctx context.Context, k8sClient client.Client, allowedNamespaces *infrav1.AllowedNamespaces, namespace string) bool { | |||
There was a problem hiding this comment.
@devigned can you take a look at this and see if it makes sense based on all the previous conversations?
k8s-ci-robot
added
the
lgtm
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: devigned The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/retest |
nader-ziada
force-pushed
the
allowednamespaces
branch
from
0c29ef4
to
24c352a
Compare
k8s-ci-robot
removed
the
lgtm
|
did a rebase because the check jobs were stuck, will need a new lgtm :) |
|
@nader-ziada: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/test pull-cluster-api-provider-azure-e2e |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
What type of PR is this?
/kind feature
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #1288
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
Release note: