marking crd fields as required #345
Conversation
api/src/main/java/org/bf2/operator/resources/v1alpha1/ObservabilityConfiguration.java
Show resolved
Hide resolved
|
Does it make sense to use |
It could from an api standpoint, but it will have no effect on the generated crd nor the json/yaml parsing I believe. |
api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAgentSpec.java
Show resolved
Hide resolved
|
Keep in mind that if we mark a field as required and a cr already exists that does not have that field, it won't update properly - as it will fail validation. |
api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAuthenticationOAuth.java
Outdated
Show resolved
Hide resolved
|
This next commit has a refinement of the spec and spec capacity handling - where not null is enforced in the api, rather than the crd. This requires no changes in changes in our existing logic which is not appropriately checking for null. That is another route to consider - but without additional logic it does mean some oddities in how things would look when created via the api: ManagedKafka mk = new ... // without a spec that would actually serialize to Rather than omitting it. |
|
This next commit further refines things - it removes the not null from most of the oauth fields and converts the config kafkacluster config properties to be based upon the cr instead. |
api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAuthenticationOAuth.java
Show resolved
Hide resolved
api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAuthenticationOAuth.java
Outdated
Show resolved
Hide resolved
api/src/main/java/org/bf2/operator/resources/v1alpha1/ManagedKafkaAuthenticationOAuth.java
Show resolved
Hide resolved
Since that now has potential conflicts are you suggesting that we continue to wait on this pr until after you merge. Or can this be merged and then we fix up everything in your pr?
I'm fine with any resolution... |
|
where do you see conflicts with my PR? I see just a "logical" one about tls trusted cert that is NOT required. |
|
There is a conflict with SecretSecurityManager. |
No you can merge after approvals, I can fix conflicts on my side but my point was about removing the |
I'm not trying to be difficult, but I would leave this pr as self-consistent. If I remove the NotNull from tls, that's based upon a change that has not been merged. If this pr is merged first, you can remove the NotNull. If yours is merged first, I'll remove the NotNull here. There's no need to proactively intermingle the changes even more. |
Same here :-) ... but why adding a NotNull that hasn't been there since today and that we already know will be removed tomorrow? |
|
@shawkins I have just merged my PR, I think we now agree we need to remove |
In general we need to make sure that we don't let prs sit like this - it's bad for productivity. I think in the future if concerns aren't actionable within a couple of days, we should assume that we can move forward based upon 2 other approvals. |
|
I agree, but we spent more time waiting for the people knowing the oauth business more than us, even if in the end the information wasn't so useful :-( |
operator/src/main/java/org/bf2/operator/secrets/SecuritySecretManager.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
LGTM. Let's just wait for my doubt/question for @tomncooper
generally this guards against unexpected npes due to a fabric8 bug, we can't mark the specs as requires, so they will always be there based upon the api switching kafka.authentication.enabled and kafka.external.certificate.enabled to be based upon the cr, rather than the config
| @ConfigProperty(name = "kafka.authentication.enabled", defaultValue = "false") | ||
| private boolean isKafkaAuthenticationEnabled; | ||
| public static boolean isKafkaAuthenticationEnabled(ManagedKafka managedKafka) { | ||
| return managedKafka.getSpec().getOauth() != null; | ||
| } | ||
|
|
||
| @ConfigProperty(name = "kafka.external.certificate.enabled", defaultValue = "false") | ||
| private boolean isKafkaExternalCertificateEnabled; | ||
| public static boolean isKafkaExternalCertificateEnabled(ManagedKafka managedKafka) { | ||
| return managedKafka.getSpec().getEndpoint().getTls() != null; | ||
| } |
There was a problem hiding this comment.
This is for https://issues.redhat.com/browse/MGDSTRM-3288
Based upon our usage, this appears the set of fields / objects that are required. In some cases not having the field will produce NPEs - such as when the spec is missing. In other cases there's just no explicit null check and a null value could be used directly, like in the oauth properties.
Please review this so that we can identify which fields should have default handling and/or aren't actually required.
Note that due to fabric8io/kubernetes-client#3096 we can't yet mark the spec as required.
cc @rareddy @ppatierno @k-wall