Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impersonation client #39

Merged
merged 2 commits into from
Jun 29, 2023
Merged

Impersonation client #39

merged 2 commits into from
Jun 29, 2023
+1,234 −241

Conversation

KevinJoiner
Copy link
Contributor

@KevinJoiner KevinJoiner commented Mar 1, 2023
edited
Loading

Add a WithImpersonation option for clients that allows users to get a client set up for impersonation.

Notable Changes

  • I added the concept of client Mutators to reduce duplicate code for controllers and factories.
    • the user_agent test code was not deleted but moved into mutator_test.go
  • WithAgent and WithImpersonation now update the returned config so that both options can be used together.
  • SharedControllerWithMutator mutates the client once on construction and returns the stored client with every call to Client() instead of generating a new client everytime to mimick the same behavior of SharedController.

@KevinJoiner
Add Client comments and test. Removed unused timeout.
b389753 
This commit contains simple code clean up. By Adding comments to
the Client struct. As well as basic unit test to verify REST API
calls.

This commit also removed the timeout parameter from the private function setupCtx(...)
since all callers of the function passed in the same '0 argument.
@KevinJoiner KevinJoiner changed the title Impersonation client WIP Impersonation client Mar 1, 2023
@KevinJoiner KevinJoiner force-pushed the impersonation-client branch 3 times, most recently from 3ef6054 to e392bf3 Compare March 3, 2023 17:05
@KevinJoiner KevinJoiner changed the title WIP Impersonation client Impersonation client Mar 3, 2023
@KevinJoiner KevinJoiner requested review from MbolotSuse and rmweir and removed request for rmweir and MbolotSuse March 3, 2023 17:06
MbolotSuse
MbolotSuse reviewed Mar 6, 2023
View reviewed changes
Copy link
Contributor

@MbolotSuse MbolotSuse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the general pattern, and think that making this more generic was a smart move. Good job on that.

Thank you for adding comments as well.

Two overall suggestions:

  • I'd recommend for allowing for more than one mutator. I've left a comment on the client about this (would also apply to the controllers) and what it would look like. It does change the exported functions here, so I'm open to discussion on if that is useful or not.
  • In the future (probably not part of this PR), we should consider using code-gen/generics so that each new mutator doesn't result in changes to clientMutator and controllerMutator to expose the new NewSharedFactoryWithMutator option. We don't have to do this here, but it's something to think about.

@KevinJoiner KevinJoiner force-pushed the impersonation-client branch from e392bf3 to 07398ea Compare March 6, 2023 16:41
@KevinJoiner KevinJoiner requested a review from MbolotSuse March 6, 2023 17:10
MbolotSuse
MbolotSuse reviewed Mar 6, 2023
View reviewed changes
Copy link
Contributor

@MbolotSuse MbolotSuse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actual code LGTM. Have a couple of comments (mostly nits) on the tests.

Non-nit test comments:

  • We should probably test WithAgent and WithImpersonation on the client directly, particularly since we can access the config and need to assert that it's not overwriting the previously-set options afterwards
  • The tests for Watch ignore the watch.Interface return. Since this is the part that is actually returning objects to us, I think we should make some type of test/assertion which accounts for it.

@KevinJoiner KevinJoiner force-pushed the impersonation-client branch from 07398ea to 9641c92 Compare March 7, 2023 13:55
@KevinJoiner KevinJoiner force-pushed the impersonation-client branch 2 times, most recently from fe359d7 to f04e680 Compare March 7, 2023 14:53
@KevinJoiner KevinJoiner requested a review from MbolotSuse March 7, 2023 15:04
@KevinJoiner KevinJoiner force-pushed the impersonation-client branch from f04e680 to 693b2d0 Compare March 7, 2023 15:41
rmweir
rmweir suggested changes Mar 23, 2023
View reviewed changes
Copy link
Contributor

@rmweir rmweir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember you mentioning this idea:
SharedControllerWithMutator mutates the client once on construction and returns the stored client with every call to Client() instead of generating a new client everytime to mimick the same behavior of SharedController.

but I don't think I see it implemented anywhere, am I missing something?

pkg/client/clientMutator.go Outdated
"k8s.io/client-go/rest"
)

// Mutator is function that takes in a client and returns an new mutated client.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Mutator is function that takes in a client and returns an new mutated client.
// Mutator is function that takes in a client and returns a new mutated client.

@KevinJoiner
Copy link
Contributor Author

@rmweir Originally, I had added mutators and impersonation to the SharedControllerFactory but ultimately decided against it, so I left the code that creates a new client as is.

I decided not to add impersonation to the Controllers because in practice we would not want an end user to create a ControllerFactory with impersonation. Instead, we would want to keep it scoped to the client level for one-off situations.

@KevinJoiner
Adds the ability to create clients with impersonation.
f9f8599 
This commit allows users to create a client with a
impersonation config which then is applied to all request
sent from that client. Users can also create a new
controller and controllerFactory to use impersonation as well.
@KevinJoiner KevinJoiner force-pushed the impersonation-client branch from 693b2d0 to f9f8599 Compare March 24, 2023 13:14
@KevinJoiner KevinJoiner requested a review from rmweir March 24, 2023 13:14
@KevinJoiner KevinJoiner mentioned this pull request Jun 12, 2023
Merged
@KevinJoiner KevinJoiner mentioned this pull request Jun 12, 2023
Merged
@cmurphy cmurphy merged commit 8a54b32 into rancher:master Jun 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmweir rmweir

@MbolotSuse MbolotSuse

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@KevinJoiner @rmweir @MbolotSuse @cmurphy