Add CLI command for binding a catalog entry to a workspace #6
Conversation
dinhxuanvu
changed the title
dinhxuanvu
force-pushed
the
bind-cli
branch
from
f4bbb00 to
1e58855
Compare
varshaprasad96
force-pushed
the
bind-cli
branch
from
2a3c049 to
e6615c7
Compare
varshaprasad96
changed the title
varshaprasad96
force-pushed
the
bind-cli
branch
from
3079485 to
d5a8f6a
Compare
|
|
||
| func bindReady(bindings []apisv1alpha1.APIBinding) bool { | ||
| for _, binding := range bindings { | ||
| if binding.Status.Phase != apisv1alpha1.APIBindingPhaseBound { |
There was a problem hiding this comment.
(no action required) I would probably check for the InitialBindingCompleted or BindingUpToDate condition, but this works too
varshaprasad96
force-pushed
the
bind-cli
branch
3 times, most recently
from
cde1c4f to
828688e
Compare
| for _, binding := range apiBindings { | ||
| err := kcpClient.Create(ctx, &binding) | ||
| if err != nil { | ||
| // If an APIBinding already exists, intentionally not updating it since we would not like reset AcceptablePermissionClaims. |
There was a problem hiding this comment.
Now that you're using a partially random name, you won't get an "already exists" error. The binding creation should succeed, but when the controllers reconcile it, they may find conflicts (you'll see them in status.conditions).
There was a problem hiding this comment.
I wonder if we should check the existing APIBindings in the workspace and see if any of them carry the same ExportReferences. If that is the case, then simply not creating a new APIBinding for that particular ExportReference.
There was a problem hiding this comment.
@dinhxuanvu I intentionally didn't add that check because the permission claims in the already created binding might be different. I'm not sure if just updating permission claims of an existing claim is something which we should do. There are chances wherein the permission claims in exports ref could be different than the one existing in apibinidng present in cluster. For now, I'm just overwriting the permission claims in the existing apibinding and doing an update. Not sure if that is the approach we want. cc: @ncdc
There was a problem hiding this comment.
I think given the fact the new APIBinding will fail due to what Andy said early, it is not a good UX to create a binding that won't even do anything but getting into a failed state. If the existing binding is missing some permissions, that can be resolved without having to delete the extra binding that we shouldn't create in the first place. Either way, would like to hear what Andy thinks about this.
There was a problem hiding this comment.
I would recommend something like this:
$ k catalog bind catalogentry root:catalog:awesomeness
Binding for "awesomeness" already exists but permission claims are different:
<show differences>
Rerun with --update to update the existing binding's permission claims.
But that can be in a follow-up.
varshaprasad96
force-pushed
the
bind-cli
branch
from
828688e to
4d857df
Compare
| for _, binding := range apiBindings { | ||
| err := kcpClient.Create(ctx, &binding) | ||
| if err != nil { | ||
| // If an APIBinding already exists, intentionally not updating it since we would not like reset AcceptablePermissionClaims. |
There was a problem hiding this comment.
I would recommend something like this:
$ k catalog bind catalogentry root:catalog:awesomeness
Binding for "awesomeness" already exists but permission claims are different:
<show differences>
Rerun with --update to update the existing binding's permission claims.
But that can be in a follow-up.
varshaprasad96
force-pushed
the
bind-cli
branch
from
dd95891 to
47e223b
Compare
varshaprasad96
force-pushed
the
bind-cli
branch
2 times, most recently
from
48be110 to
a09ffc2
Compare
|
@varshaprasad96 got this error with your PR: |
varshaprasad96
force-pushed
the
bind-cli
branch
from
a09ffc2 to
dbfa3b6
Compare
|
@ncdc Adding snippets of the command after creating it locally: When catalog entry is created successfully: When binding already exists on cluster: When there is an error while creating a binding (intentionally): I have a follow up PR that have tests for these. After #5 gets merged, will open it. |
|
/test |
|
@ncdc: The
Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test all |
openshift-ci
bot
added
the
approved
The error above and in CI was because controller-gen was not accepting files under cmd/ which had deps with build dependencies like (openapi). I have modified the controller-gen args in the makefile target to accept what we want. Now the following works - |
|
@varshaprasad96 great, thanks! Would you be able to squash the commits down (e.g. to get rid of ones named |
The kcp-catalog bind command will bind a catalog entry to a workspace by creating a singular or multiple APIBinding using ExportReference listed in spec.Exports in the catalog entry. For example, consider the command: kcp-catalog bind catalogentry root:catalog:catalogentry-sample
varshaprasad96
force-pushed
the
bind-cli
branch
from
3723960 to
d0ff6ee
Compare
|
@ncdc need a lgtm again to continue merging. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dinhxuanvu, ncdc The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
4 participants
The kcp-catalog bind command will bind a catalog entry to a workspace
by creating a singular or multiple APIBinding using ExportReference
listed in spec.Exports in the catalog entry.
For example, consider the command:
kcp-catalog bind catalogentry root:catalog:catalogentry-sampleEvery export referenced in
catalog entry-sampleinroot:catalogworkspace will have an APIBinding created referencing it.Design doc: https://docs.google.com/document/d/1J31wXY1-2aCyyGFjUlusKoHDzV-zktAmRdIMjMf4OR0/edit