Skip to content

pkg/ansible,pkg/helm: import client-go auth plugins #1199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Mar 18, 2019
Merged

pkg/ansible,pkg/helm: import client-go auth plugins #1199

merged 9 commits into from
Mar 18, 2019

Conversation

joelanford
Copy link
Member

Description of the change:
Imports all known Kubernetes client-go auth plugins in the Helm and Ansible operators

Motivation for the change:
For Go operators, we plan to add documentation about how users can add auth plugins to their cmd/manager/main.go file.

However, users of the Ansible and Helm operators don't have that option unless the convert their operator to a hybrid operator using operator-sdk migrate.

This closes #1178 and closes #1196

@openshift-ci-robot openshift-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Mar 12, 2019
@AlexNPavel
Copy link
Contributor

Why don't we add all the auth providers to the go cmd.go scaffold as well? We currently add the gcp auth provider by default: https://github.com/operator-framework/operator-sdk/blob/master/pkg/scaffold/cmd.go#L55

Is there a reason to include just the gcp provider by default in the go operators? Or should that be removed and instead be left to the users to handle for go based operators?

/cc @hasbro17

@joelanford
Copy link
Member Author

@AlexNPavel Nice, I didn't realize we were doing that. I'll update the PR to include that.

Based on this comment, I'll also move the import closer to the top in a separate section, so we don't accidentally break things if we change imports later.

@hasbro17
Copy link
Contributor

@AlexNPavel I think originally we thought it's an unnecessary dependency to include auth plugins that you won't use so we were initially intending for users to include them in their Go based operators as needed.

However since more and more users were running into issues on running the operator locally outside GKE we just added the gcp plugin by default.

To be more consistent we can either remove all plugins for Go operators and document clearly what users need to add. Or just add everything for them. I'm leaning towards the latter since it works out of the box.

And for Helm/Ansible operators we'll definitely need them by default since users can't add the imports themselves.

hasbro17
hasbro17 reviewed Mar 12, 2019
View reviewed changes
@joelanford
Copy link
Member Author

I'm now debating where the imports for the Ansible and Helm operators should go.

In this PR, they're currently in both pkg/ansible/run.go and pkg/helm/run.go, but I'm now considering if it would be better to have the imports appear only in main functions in:

go-lint warns that blank imports should only be in main functions (or have a comment to justify placement elsewhere). Also, putting them in the main functions of hybrid operators would line up more with the go operator and give developers of hybrid operators a hint that auth plugin imports can be tweaked.

Thoughts?

@hasbro17
Copy link
Contributor

@joelanford That seems reasonable to me.
So long as we have up local and run covered by having the imports defined in cmd/operator-sdk/main.go

@joelanford
Copy link
Member Author

@hasbro17 @AlexNPavel PTAL

shawn-hurley
shawn-hurley approved these changes Mar 15, 2019
View reviewed changes
Copy link
Member

@shawn-hurley shawn-hurley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I don't like having to have all of these imported but don't see another way.

@openshift-ci-robot openshift-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 18, 2019
@openshift-ci-robot openshift-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 18, 2019
AlexNPavel
AlexNPavel approved these changes Mar 18, 2019
View reviewed changes
Copy link
Contributor

@AlexNPavel AlexNPavel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@joelanford joelanford merged commit f0d8d96 into operator-framework:master Mar 18, 2019
@joelanford joelanford deleted the auth-plugins branch March 18, 2019 19:45
@joelanford joelanford mentioned this pull request Apr 2, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shawn-hurley shawn-hurley shawn-hurley approved these changes

@AlexNPavel AlexNPavel AlexNPavel approved these changes

@hasbro17 hasbro17 Awaiting requested review from hasbro17

Assignees
No one assigned
Labels
size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

No Auth provider found for name "azure" panic: No Auth Provider found for name "oidc" when --type helm
5 participants
@joelanford @AlexNPavel @hasbro17 @shawn-hurley @openshift-ci-robot