Internal flag #530

BardOve · 2024-09-05T07:32:49Z

Added flag to enable teams to switch between internal and external ingress without matching the regex that handled this earlier.

Summary by CodeRabbit

New Features
- Enhanced ingress handling with a more flexible structure for detailed ingress information.
- Improved hostname management with internal validation for better categorization of hosts.
- Added functionality to specify whether a hostname is internal or external during addition to collections.
- Introduced configurations for Istio Gateway, VirtualService, and NetworkPolicy to enhance security and traffic management.
- Added a new test configuration for comprehensive testing of internal flags within Kubernetes environments.
Bug Fixes
- Improved error handling for hostname retrieval and ingress rule generation.
Tests
- Added new test configurations to validate internal routing and application specifications, including comprehensive testing for various configurations.

coderabbitai · 2024-09-05T07:33:06Z

Walkthrough

The changes involve substantial modifications to the application specifications, specifically enhancing ingress handling and hostname validation within the Skiperator framework. The Ingresses field has transitioned from a slice of strings to a pointer to a JSON object, allowing for a more complex representation of ingress data. Additionally, the hostname struct has been updated to include an internal validation mechanism, improving the logic for distinguishing between internal and external hosts.

Changes

Files	Change Summary
`api/v1alpha1/application_types.go`, `api/v1alpha1/hosts.go`	Updated structures to include detailed ingress handling with a new JSON format, added internal flags for host validation, and modified methods to accommodate new data types and error handling mechanisms.
`tests/application/internal-flag/*.yaml`	Introduced new YAML configurations for Istio Gateway, VirtualService, and NetworkPolicy, as well as test configurations for internal flags, enhancing the setup and testing of application specifications.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Application
    participant IngressHandler

    User->>Application: Update Application Spec
    Application->>IngressHandler: Process Ingresses
    IngressHandler->>Application: Return Updated Ingresses
    Application-->>User: Application Updated

🐰 In the meadow, I hop with glee,
New changes sprout like flowers, you see!
Ingresses now hold secrets bright,
Internal flags shine with delight.
With YAMLs fresh, we dance and play,
Hooray for updates, hip-hip-hooray! 🌼✨

Possibly related PRs

Add AccessPolicies status #524: This PR modifies the ApplicationList struct in api/v1alpha1/application_types.go to include a new column for "AccessPolicies," which is directly related to the changes in the main PR that enhance the handling of ingress and application specifications.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

api/v1alpha1/application_types.go

coderabbitai

Actionable comments posted: 14

Outside diff range, codebase verification and nitpick comments (4)

tests/routing/internal-flag/routing-internal-flag.yaml (1)

8-15: Routes configuration is well-defined.

The routes section is correctly structured with pathPrefix, targetApp, and rewriteUri for each route. This setup ensures that requests are appropriately routed and handled. Consider adding comments to describe each route's purpose or specific configuration nuances for future maintainability.
pkg/util/helperfunctions.go (1)
20-21: Potential issues with removed function IsInternal.

The function IsInternal is still referenced in several files, which suggests that its removal might have left unresolved dependencies or broken functionality. Please review the following locations to ensure that the necessary changes have been made to accommodate the removal of IsInternal:

api/v1alpha1/hosts.go

api/v1alpha1/application_types.go

Analysis chain

Verify the impact of removed functions.

The removal of functions like IsInternal, GetSecret, GetService, and ErrIsMissingOrNil suggests a significant refactoring. It's crucial to ensure that their functionalities have been replaced or are no longer needed.

Run the following script to check for any remaining references to these functions, which could indicate unresolved dependencies:
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Check for any remaining references to removed functions.

# Test: Search for the removed functions. Expect: No occurrences.
rg --type go -A 5 $'IsInternal|GetSecret|GetService|ErrIsMissingOrNil'
Length of output: 3428
api/v1alpha1/routing_types.go (1)

44-46: Field addition is well-implemented.

The addition of the Internal field to the RoutingSpec struct is implemented correctly with appropriate use of pointer for optional field and JSON serialization tags. However, it would be beneficial to add documentation comments above the field to explain its usage and impact, especially since it influences routing behavior.

Consider adding a documentation comment for the Internal field to enhance code readability and maintainability.

config/crd/skiperator.kartverket.no_applications.yaml (1)

649-649: Consider the implications of allowing unknown fields in the CRD.

The introduction of x-kubernetes-preserve-unknown-fields: true at line 649 allows for greater flexibility by preserving unknown fields. This change aligns with the PR's objective to provide more dynamic ingress configurations. However, it also means that the CRD will no longer strictly validate the fields against its schema, which could lead to potential issues with data integrity and error handling.

It's important to ensure that the applications interacting with this CRD are capable of handling unexpected fields gracefully and that adequate validation is implemented at the application level to maintain data integrity.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f22a24a and dc2d01d.

Files selected for processing (19)

api/v1alpha1/application_types.go (2 hunks)
api/v1alpha1/hosts.go (5 hunks)
api/v1alpha1/routing_types.go (1 hunks)
api/v1alpha1/zz_generated.deepcopy.go (2 hunks)
config/crd/skiperator.kartverket.no_applications.yaml (1 hunks)
config/crd/skiperator.kartverket.no_routings.yaml (1 hunks)
pkg/resourcegenerator/deployment/deployment.go (1 hunks)
pkg/resourcegenerator/istio/gateway/application.go (2 hunks)
pkg/resourcegenerator/istio/gateway/routing.go (2 hunks)
pkg/resourcegenerator/networkpolicy/dynamic/common.go (4 hunks)
pkg/resourcegenerator/networkpolicy/dynamic/routing.go (2 hunks)
pkg/util/helperfunctions.go (3 hunks)
tests/application/ingress/application-is-internal-vanity-assert.yaml (1 hunks)
tests/application/ingress/application-is-internal-vanity.yaml (1 hunks)
tests/application/ingress/chainsaw-test.yaml (1 hunks)
tests/routing/internal-flag/application.yaml (1 hunks)
tests/routing/internal-flag/chainsaw-test.yaml (1 hunks)
tests/routing/internal-flag/routing-internal-flag-assert.yaml (1 hunks)
tests/routing/internal-flag/routing-internal-flag.yaml (1 hunks)

Additional context used

yamllint

tests/application/ingress/application-is-internal-vanity.yaml

[error] 10-10: no new line character at the end of file

(new-line-at-end-of-file)

tests/routing/internal-flag/routing-internal-flag-assert.yaml

[error] 94-94: no new line character at the end of file

(new-line-at-end-of-file)

Additional comments not posted (27)

tests/application/ingress/application-is-internal-vanity.yaml (1)

1-10: Review of New Kubernetes Application Configuration

This new file defines a Kubernetes application named internalvanity with specific ingress settings that include an internal flag set to true. This aligns well with the PR's objective to simplify ingress configuration management. The structure and properties used are consistent with the Skiperator framework's standards.

Correctness: The YAML syntax is correct, and the properties are appropriately defined.

Consistency: The use of internal: true is consistent with the PR's goal to differentiate between internal and external ingress configurations.

Best Practices: It's recommended to add a newline at the end of the file to comply with YAML file standards and to avoid parsing issues with certain tools.

Tools

yamllint

[error] 10-10: no new line character at the end of file

(new-line-at-end-of-file)

tests/routing/internal-flag/routing-internal-flag.yaml (2)

1-5: Overall structure and metadata are correctly defined.

The apiVersion, kind, and metadata sections are appropriately set up for the intended Kubernetes resource configuration.

6-7: Correct implementation of the internal flag.

The addition of the internal flag at line 7 aligns with the PR's objectives to streamline ingress configuration toggling. This is a crucial enhancement for better managing internal vs. external routing.

tests/routing/internal-flag/application.yaml (2)

1-15: YAML structure and definitions are correct.

The YAML structure for defining the applications app-1 and app-2 is correctly formatted according to the Kubernetes and Skiperator framework standards. The use of apiVersion, kind, metadata, and spec is appropriate for the described resources.

1-15: Verify the integration of the new internal flag.

The file defines two applications (app-1 and app-2) with their respective images and ports. However, the PR objectives mention the introduction of a new flag for internal and external ingress configurations, which is not visible in this file. It's crucial to ensure that this flag is integrated correctly elsewhere in the codebase or in the configuration files.

tests/routing/internal-flag/chainsaw-test.yaml (2)

3-9: Metadata and Spec Configuration Approved

The metadata and spec configuration are correctly set up for the test scenario. The use of a specific namespace for the test ensures proper isolation and management of test resources.

10-18: Steps Configuration Approved

The steps for applying configurations and assertions are well-organized and logical. It is important to ensure that the referenced YAML files (application.yaml, routing-internal-flag.yaml, and routing-internal-flag-assert.yaml) are correctly set up to reflect the intended test scenarios.

Please verify the contents of the referenced YAML files to ensure they align with the test objectives.

tests/application/ingress/application-is-internal-vanity-assert.yaml (3)

1-8: Gateway Configuration: Approved

The Gateway configuration is correctly set up for internal ingress management, aligning with the PR's objectives. The naming and selector labels are appropriately configured for internal use.

9-25: NetworkPolicy Configuration: Approved

The NetworkPolicy configuration is correctly set up to manage ingress for internal applications. The use of namespaceSelector and podSelector is consistent with Kubernetes best practices and aligns with the PR's objectives.

26-46: Verify Duplicate Naming in NetworkPolicy

The second NetworkPolicy configuration includes port and protocol specifications, which are correctly set up. However, it shares the same name as the first NetworkPolicy, internalvanity. Please verify if this is intentional to complement different conditions or if it should be renamed to avoid potential conflicts.

tests/application/ingress/chainsaw-test.yaml (1)

58-62: Review of the new test block for internal vanity configurations.

The addition of this new test block is consistent with the rest of the file and follows the established pattern of create and assert actions. This block is designed to test the internal vanity configurations, aligning with the PR's objective to enhance ingress configuration testing.

File References: The files application-is-internal-vanity.yaml and application-is-internal-vanity-assert.yaml are correctly referenced in the create and assert actions respectively. Ensure these files are correctly set up and contain the expected configurations and assertions.

Consistency Check: The naming convention and structure of the new test block are consistent with other blocks in the file, which helps maintain readability and understandability of the test configurations.
pkg/resourcegenerator/istio/gateway/routing.go (1)
50-50: Verify compatibility of the updated argument with GetIstioGatewayLabelSelector.

The argument passed to util.GetIstioGatewayLabelSelector has been changed from h.Hostname to the entire h object. Ensure that GetIstioGatewayLabelSelector is updated to handle this new argument type effectively:

Verification successful

Verified: The argument change to GetIstioGatewayLabelSelector is compatible.

The function GetIstioGatewayLabelSelector is designed to accept a *v1alpha1.Host object, and the logic within the function supports this type. The change from h.Hostname to h is consistent with the function's expected input and behavior. No further issues are found.

Location of function: pkg/util/helperfunctions.go
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implementation of `GetIstioGatewayLabelSelector` to ensure it handles the `h` object.

# Test: Search for the function implementation. Expect: Function should handle properties of `h` object.
ast-grep --lang go --pattern $'func GetIstioGatewayLabelSelector(h $_) {
  $$$
}'
Length of output: 82

Script:
#!/bin/bash
# Description: Search for the `GetIstioGatewayLabelSelector` function by name across the entire codebase.

# Test: Locate the function definition by name.
rg 'func GetIstioGatewayLabelSelector' -A 5
Length of output: 432
tests/routing/internal-flag/routing-internal-flag-assert.yaml (2)

1-24: Verify domain and credential names.

The configuration uses example.com and a specific credentialName. Please confirm:

If example.com is intended as a placeholder or if it should be parameterized.

The validity of the credentialName in the context of your deployment.

26-73: LGTM!

The VirtualService configuration is well-defined and supports the PR's objectives by routing internal applications effectively.
pkg/resourcegenerator/networkpolicy/dynamic/routing.go (1)
59-59: Review the dynamic handling of MatchLabels.

The code now uses the h variable to dynamically set the MatchLabels for the PodSelector. This change likely improves the flexibility of the network policy generation by allowing dynamic host information to influence the policy configuration.

Ensure that the GetIstioGatewayLabelSelector function is robust and can handle any potential edge cases or errors that might arise from using dynamic host information. Consider adding unit tests to verify the behavior of this function when h is in various states (e.g., null, missing fields, etc.).
+// Ensure robustness in dynamic label selection
+if h == nil {
+    return fmt.Errorf("host information is missing")
+}
This additional error check can prevent runtime errors if h is not properly initialized.
pkg/resourcegenerator/istio/gateway/application.go (2)
Line range hint 9-39: Good practices in error handling and logging.

The function uses fmt.Errorf with %w to wrap errors, which is a best practice in Go for error handling. This allows errors to be unwrapped later if needed. Additionally, the use of structured logging with ctxLog.Debug helps in debugging and maintaining the code.

40-40: Verify the impact of the change on label selector determination.

The change from passing h.Hostname to passing the entire h object to GetIstioGatewayLabelSelector could potentially alter the behavior of the function, depending on how it processes the input. This needs to be verified to ensure that the label selectors are being determined correctly and that this change aligns with the intended functionality.

Run the following script to verify the function usage:

Verification successful

Verification successful: Change to GetIstioGatewayLabelSelector is consistent and correct.

The modification to pass the entire h object to GetIstioGatewayLabelSelector aligns with the function's signature and logic, which relies solely on the Internal field of the Host object. This change is consistent across the codebase and does not affect the function's behavior. No further action is required.

The function GetIstioGatewayLabelSelector is correctly used with the expected input type.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the behavior of `GetIstioGatewayLabelSelector` with the new input.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type go -A 5 $'GetIstioGatewayLabelSelector'
Length of output: 1923
api/v1alpha1/hosts.go (4)
19-19: Approval of the new Internal field in the Host struct.

The addition of the Internal boolean field to the Host struct is a clear and straightforward way to mark hosts as internal or external based on the new validation logic. This change aligns with the PR's objectives to streamline ingress configuration management.

57-57: Ensure Internal field is set correctly in NewHost.

The Internal field is set based on the IsInternal function directly within the NewHost function. This is a good use of encapsulation, ensuring that every new host is immediately classified upon creation.

114-116: Approval of the IsInternal function implementation.

The IsInternal function is implemented correctly to utilize the internalPattern for matching hostnames. This function is crucial for the new functionality introduced in this PR.

71-77: Review changes to AddObject method in HostCollection.

The method AddObject now explicitly requires the internal parameter to set the Internal field of a Host instance. This change enhances the control over host categorization but introduces redundancy since the Internal field is already set within the NewHost function.

Consider removing the redundant setting of the Internal field in the AddObject method to avoid potential inconsistencies:
-func (hs *HostCollection) AddObject(hostname string, internal bool) error {
+func (hs *HostCollection) AddObject(hostname string) error {
	h, err := NewHost(hostname)
	if err != nil {
		return err
	}

-	h.Internal = internal
	existingValue, alreadyPresent := hs.hosts[h.Hostname]
	switch alreadyPresent {
	case true:
		if existingValue.UsesCustomCert() {
			return fmt.Errorf("host '%s' is already defined and using a custom certificate", existingValue.Hostname)
		}
		fallthrough
	case false:
		fallthrough
	default:
		hs.hosts[h.Hostname] = h
	}

	return nil
}
Likely invalid or redundant comment.
pkg/util/helperfunctions.go (1)
20-21: Approved: Updated function signature and logic.

The changes to GetIstioGatewayLabelSelector improve the function's clarity and maintainability by directly using the Host struct. This approach is more robust as it leverages the structured data.

Ensure that all references to this function have been updated to pass the Host struct instead of a string. This can be verified by searching the codebase for old function calls.

Verification successful

Verified: Function usage is consistent with the new signature.

The variable h in all instances is derived from methods that return a type compatible with *v1alpha1.Host, ensuring that the updated function signature is correctly implemented across the codebase. No further changes are necessary.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify all function calls to `GetIstioGatewayLabelSelector` match the new signature.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type go -A 5 $'GetIstioGatewayLabelSelector'
Length of output: 1923

Script:
#!/bin/bash
# Description: Verify the type of variable `h` in the files where `GetIstioGatewayLabelSelector` is called.

# Check the type of `h` in `pkg/resourcegenerator/networkpolicy/dynamic/routing.go`
rg --type go -A 10 'GetIstioGatewayLabelSelector' pkg/resourcegenerator/networkpolicy/dynamic/routing.go

# Check the type of `h` in `pkg/resourcegenerator/istio/gateway/routing.go`
rg --type go -A 10 'GetIstioGatewayLabelSelector' pkg/resourcegenerator/istio/gateway/routing.go

# Check the type of `h` in `pkg/resourcegenerator/istio/gateway/application.go`
rg --type go -A 10 'GetIstioGatewayLabelSelector' pkg/resourcegenerator/istio/gateway/application.go
Length of output: 1114

Script:
#!/bin/bash
# Description: Trace the declaration or initialization of `h` to confirm its type.

# Search for the declaration or initialization of `h` in `pkg/resourcegenerator/networkpolicy/dynamic/routing.go`
rg --type go -B 10 'h' pkg/resourcegenerator/networkpolicy/dynamic/routing.go

# Search for the declaration or initialization of `h` in `pkg/resourcegenerator/istio/gateway/routing.go`
rg --type go -B 10 'h' pkg/resourcegenerator/istio/gateway/routing.go

# Search for the declaration or initialization of `h` in `pkg/resourcegenerator/istio/gateway/application.go`
rg --type go -B 10 'h' pkg/resourcegenerator/istio/gateway/application.go
Length of output: 6839
config/crd/skiperator.kartverket.no_routings.yaml (1)

48-49: Addition of internal property to CRD schema.

The addition of the internal boolean property is correctly implemented within the spec schema. This property allows for toggling between internal and external ingress configurations, aligning with the PR's objectives to streamline ingress settings management.

Correct Placement: The property is appropriately placed within the spec properties, alongside hostname and redirectToHTTPS, which are related to ingress configurations.

Correct Type: The property type is correctly set as boolean, which is suitable for a flag that toggles between two states.
pkg/resourcegenerator/deployment/deployment.go (1)
207-216: Verify the integration of new hostname fetching logic.

The integration of the new method for fetching hostnames (application.Spec.Hosts()) and setting deployment annotations based on these hostnames (ingresses[0]) is crucial. It's important to verify that this new logic integrates well with the rest of the system, especially considering the changes in how hostnames are retrieved and used.

Run the following script to verify the integration of the new hostname fetching logic:

Verification successful

Integration of New Hostname Fetching Logic Verified

The integration of the new hostname fetching logic using application.Spec.Hosts() has been verified. The logic correctly sets deployment annotations based on the fetched hostnames. Specifically, the first hostname is used to set the AnnotationKeyLinkPrefix annotation if available. No issues were found with this integration.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the integration of the new hostname fetching logic.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type go -A 5 $'application.Spec.Hosts()'
Length of output: 3237

Script:
#!/bin/bash
# Search for the usage of `ingresses` in the deployment.go file to verify how it is used.
rg --type go -A 5 'ingresses' pkg/resourcegenerator/deployment/deployment.go
Length of output: 361
api/v1alpha1/application_types.go (1)

435-438: Introduction of the Ingresses struct.

The new Ingresses struct, which includes Hostname and Internal fields, provides a structured way to represent ingress entries. This is a positive change as it enhances the clarity and expressiveness of the ingress data.

This struct effectively encapsulates the necessary details for ingress configurations, making the data easier to manage and use within the system.

api/v1alpha1/zz_generated.deepcopy.go (2)

80-81: Review of ApplicationSpec.DeepCopyInto changes: Correct handling of v1.JSON type.

The modification to handle the Ingresses field as a v1.JSON type is correctly implemented. The new instance is properly created, and the DeepCopyInto method is invoked to ensure a deep copy of the JSON data. This change aligns with the PR's goal to handle more complex ingress configurations.

498-502: Review of RoutingSpec.DeepCopyInto changes: Proper management of Internal field.

The addition of handling for the Internal field as a pointer to a boolean is correctly implemented. The new boolean pointer is properly created, and its value is correctly duplicated. This enhancement ensures that the Internal flag's state is accurately maintained during deep copy operations, supporting the PR's objectives to manage internal and external ingress configurations more effectively.

tests/application/ingress/application-is-internal-vanity.yaml

pkg/resourcegenerator/istio/gateway/routing.go

tests/routing/internal-flag/routing-internal-flag-assert.yaml

pkg/resourcegenerator/networkpolicy/dynamic/routing.go

api/v1alpha1/hosts.go

pkg/resourcegenerator/networkpolicy/dynamic/common.go

pkg/resourcegenerator/deployment/deployment.go

api/v1alpha1/application_types.go

api/v1alpha1/hosts.go

pkg/resourcegenerator/deployment/deployment.go

pkg/util/helperfunctions.go

tests/application/ingress/application-is-internal-vanity.yaml

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (1)

api/v1alpha1/application_types.go (1)
440-450: LGTM, but consider improving the function signature and error handling.

The MarshalledIngresses function is a utility function that marshals the provided ingresses parameter into JSON format. It is used in the Hosts method to handle the marshaling of ingress configurations.

Consider the following improvements:

Use a more specific type instead of interface{} for the ingresses parameter to improve type safety and clarity.

Return the error to the caller to enable better error handling and logging.

For example:
func MarshalledIngresses(ingresses Ingresses) (*apiextensionsv1.JSON, error) {
    ingressesJSON := &apiextensionsv1.JSON{}
    ingressesJSON.Raw, err := json.Marshal(ingresses)
    if err != nil {
        return nil, err
    }
    return ingressesJSON, nil
}

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between dc2d01d and 49d30c1.

Files selected for processing (10)

api/v1alpha1/application_types.go (3 hunks)
api/v1alpha1/hosts.go (5 hunks)
pkg/resourcegenerator/deployment/deployment.go (1 hunks)
pkg/resourcegenerator/istio/gateway/application.go (2 hunks)
pkg/resourcegenerator/istio/gateway/routing.go (3 hunks)
pkg/resourcegenerator/networkpolicy/dynamic/routing.go (3 hunks)
pkg/resourcegenerator/resourceutils/helpers.go (2 hunks)
pkg/util/helperfunctions.go (3 hunks)
tests/routing/internal-flag/routing-internal-flag-assert.yaml (1 hunks)
tests/routing/internal-flag/routing-internal-flag.yaml (1 hunks)

Files skipped from review as they are similar to previous changes (6)

api/v1alpha1/hosts.go
pkg/resourcegenerator/deployment/deployment.go
pkg/resourcegenerator/istio/gateway/routing.go
pkg/resourcegenerator/networkpolicy/dynamic/routing.go
tests/routing/internal-flag/routing-internal-flag-assert.yaml
tests/routing/internal-flag/routing-internal-flag.yaml

Additional comments not posted (6)

pkg/resourcegenerator/resourceutils/helpers.go (1)

21-26: LGTM!

The code changes are approved.

pkg/resourcegenerator/istio/gateway/application.go (1)

41-41: LGTM!

The code changes are approved.

pkg/util/helperfunctions.go (1)

17-17: Reminder: Address TODO comment.

The TODO comment is still present, indicating that the cleanup task is pending.
api/v1alpha1/application_types.go (3)
329-332: LGTM!

The new Ingresses struct provides a structured format for representing ingress configurations, with fields for specifying the hostname and whether it is internal. This struct is used in conjunction with the change in the ApplicationSpec struct to enable the new ingress configuration format.

453-479: LGTM!

The modifications to the Hosts method enable it to handle both the old string format and the new object format for ingress configurations. The method first attempts to unmarshal the Ingresses JSON into a slice of strings, and if that fails, it tries to unmarshal into a slice of Ingresses structs. This dual approach ensures backward compatibility with the previous string format while supporting the new structured format.

The method also includes improved error handling by collecting and returning any errors encountered during the unmarshaling process.

70-70: LGTM, but verify the impact on existing deployments and configurations.

The change in the Ingresses field type from []string to *apiextensionsv1.JSON allows for a more flexible representation of ingress configurations, enabling the use of both string and object formats. This aligns with the PR objectives.

Ensure that this change is thoroughly tested and validated:

Confirm that it behaves as expected.

Verify that all existing deployments and configurations are properly migrated or remain compatible.

Consider running the following script to identify any occurrences of the old Ingresses format usage across the codebase:

Verification successful

Verification Successful: No references to the old Ingresses format found.

The transition from the Ingresses field type []string to *apiextensionsv1.JSON appears to be complete, with no remaining references to the old format in the codebase or documentation. This suggests that the change has been fully integrated without issues.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Search for usage of the old `Ingresses` format of type `[]string`.

# Test: Search for the old `Ingresses` format usage. Expect: Only occurrences in test files or examples.
rg --type go -A 5 $'Ingresses:\s*\[\]string'
Length of output: 45

Script:
#!/bin/bash
# Description: Search for any documentation or comments that might reference the old `Ingresses` format of type `[]string`.

# Test: Search for comments or documentation mentioning `Ingresses` with `[]string`.
rg --type go -A 5 '//.*Ingresses.*\[\]string' || rg --type md 'Ingresses.*\[\]string'
Length of output: 86

coderabbitai

Actionable comments posted: 4

Outside diff range and nitpick comments (1)

tests/routing/internal-flag/chainsaw-test.yaml (1)
17-17: Add a new line at the end of the file.

To improve readability and compatibility with various tools, it's recommended to add a new line at the end of the file.

Add a new line at the end of the file:
            file: routing-internal-flag-assert.yaml
+
Tools

yamllint

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 49d30c1 and 871f70c.

Files selected for processing (9)

api/v1alpha1/application_types.go (4 hunks)
tests/application/internal-flag/application-internal-flag-assert.yaml (1 hunks)
tests/application/internal-flag/application-internal-flag.yaml (1 hunks)
tests/application/internal-flag/application-internal-missing-internal-flag-assert.yaml (1 hunks)
tests/application/internal-flag/application-internal-missing-internal-flag-ext-assert.yaml (1 hunks)
tests/application/internal-flag/application-internal-missing-internal-flag-ext.yaml (1 hunks)
tests/application/internal-flag/application-internal-missing-internal-flag.yaml (1 hunks)
tests/application/internal-flag/chainsaw-test.yaml (1 hunks)
tests/routing/internal-flag/chainsaw-test.yaml (1 hunks)

Additional context used

yamllint

tests/routing/internal-flag/chainsaw-test.yaml

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

Additional comments not posted (19)

tests/application/internal-flag/application-internal-flag.yaml (1)

1-10: LGTM! The internal flag is a valuable addition to the ingress configuration.

The introduction of the internal flag in the ingress configuration provides a clear and explicit way to define internal applications. This enhancement offers several benefits:

It improves security by restricting access to the application and controlling network traffic.

It provides a straightforward mechanism to differentiate between internal and external applications.

It eliminates the need for relying on regex patterns or other indirect methods to manage internal/external configurations.

The YAML structure adheres to the Kubernetes resource definition standards, ensuring compatibility and ease of deployment.

Great work on implementing this feature!

tests/routing/internal-flag/chainsaw-test.yaml (3)

1-2: LGTM!

The API version and kind are correctly specified for the Chainsaw test configuration.

3-4: LGTM!

The metadata is correctly specified, and the name "routes" is appropriate for a test that validates routing configurations.

5-17: LGTM!

The test execution parameters and steps are correctly specified and well-structured. The choice of YAML files for applying configurations and asserting the expected outcomes is appropriate for testing the routing internal flag functionality.

Tools

yamllint

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

tests/application/internal-flag/chainsaw-test.yaml (3)

11-15: LGTM!

The step correctly applies the internal flag configuration and asserts its correctness.

16-20: LGTM!

The step correctly tests the scenario where an internal flag is missing and validates the expected outcome.

21-25: LGTM!

The step correctly patches the configuration and asserts the expected results.

tests/application/internal-flag/application-internal-flag-assert.yaml (3)

1-24: LGTM!

The Gateway configuration looks good:

It correctly selects the istio-ingress-internal app for traffic routing.

The HTTP and HTTPS server configurations are correct.

The TLS settings use a SIMPLE mode with a credentialName secret.

26-54: LGTM!

The VirtualService configuration looks good:

The namespace exports are correct for the internal routing use case.

The Gateway reference is correct.

The redirect from HTTP to HTTPS is a good security practice.

The default route to the application service is correct.

56-76: LGTM!

The NetworkPolicy configuration looks good:

The ingress traffic restriction to the istio-ingress-internal pods is correct for the internal routing use case.

The port and protocol settings match the application service configuration.

The pod selector correctly targets the application pods.

tests/application/internal-flag/application-internal-missing-internal-flag-ext-assert.yaml (3)

1-24: LGTM!

The Gateway resource is correctly configured for external access to the application. It properly defines the HTTP and HTTPS protocols on ports 80 and 443, and includes a valid TLS configuration for secure connections.

26-54: LGTM!

The VirtualService resource is correctly configured to route traffic to the application. It properly implements a redirect from HTTP to HTTPS for specific paths and allows default routing to the application on port 8000.

56-76: LGTM!

The NetworkPolicy resource is correctly configured to restrict ingress traffic to the application. It properly allows connections only from pods labeled as istio-ingress-external within the istio-gateways namespace.

tests/application/internal-flag/application-internal-missing-internal-flag-assert.yaml (3)

1-23: LGTM!

The Gateway resource is correctly defined with appropriate selector, server configurations, and TLS settings for secure communication.

26-54: LGTM!

The VirtualService resource is correctly defined with appropriate exportTo, gateways, hosts, and HTTP routes for traffic management and secure communication.

56-76: LGTM!

The NetworkPolicy resource is correctly defined with appropriate podSelector, ingress rules, and ports to restrict traffic to the application pods from the internal Istio ingress only.

api/v1alpha1/application_types.go (3)

330-333: LGTM!

The Ingresses struct is well-defined and aligns with the PR objective. The Hostname and Internal fields provide a clear structure for representing ingress configurations.

71-71: Review the change to the Ingresses field in ApplicationSpec.

The change from a slice of strings to a pointer to a JSON object (*apiextensionsv1.JSON) for the Ingresses field is significant. This modification allows for a more complex and flexible representation of ingress data, which aligns with the PR's objectives to handle ingress configurations more effectively.

However, this change raises a few concerns:

Backward Compatibility: Ensure that existing deployments that use the old string format are still supported or properly migrated.

Validation and Error Handling: The use of a JSON object increases the complexity of input validation and error handling. It's crucial to ensure that these aspects are thoroughly addressed to prevent runtime errors.

Consider adding more robust validation logic and error handling to manage the complexities introduced by this change. Also, ensure backward compatibility is maintained or provide a clear migration path for existing configurations.

8-8: LGTM!

The import statement for the util package is necessary to support the changes made in the file. It is correctly added and there are no issues with it.

tests/application/internal-flag/application-internal-missing-internal-flag-ext.yaml

tests/application/internal-flag/application-internal-missing-internal-flag.yaml

… internal-flag

coderabbitai

Actionable comments posted: 7

Outside diff range and nitpick comments (2)

tests/application/telemetry/application.yaml (1)

6-6: Update the image property with the actual container image name.

The image property is currently set to a placeholder value image. Please update it with the actual container image name to be used for deployment.
tests/skipjob/telemetry/skipjob.yaml (1)
12-12: Add a new line at the end of the file.

The static analysis tool yamllint has flagged that the file is missing a new line character at the end. While this is a minor formatting issue and does not affect the functionality, it is considered a best practice to include a new line at the end of files.

Please add a new line at the end of the file to address this:
      - "-wle"
      - "print bpi(2000)"
+
Tools

yamllint

[error] 12-12: no new line character at the end of file

(new-line-at-end-of-file)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 871f70c and f225423.

Files ignored due to path filters (1)

go.sum is excluded by !**/*.sum

Files selected for processing (50)

.github/workflows/api-docs.yaml (1 hunks)
.github/workflows/build-and-deploy.yaml (1 hunks)
.github/workflows/deploy-sandbox-dispatch.yaml (1 hunks)
.github/workflows/release-version.yaml (1 hunks)
.github/workflows/test.yml (2 hunks)
.gitignore (1 hunks)
.goreleaser.yaml (3 hunks)
Dockerfile (1 hunks)
Dockerfile.goreleaser (1 hunks)
README.md (2 hunks)
api/v1alpha1/application_types.go (5 hunks)
api/v1alpha1/istiotypes/istio_settings.go (1 hunks)
api/v1alpha1/istiotypes/zz_generated.deepcopy.go (1 hunks)
api/v1alpha1/skipjob_types.go (4 hunks)
api/v1alpha1/skipns_types.go (1 hunks)
api/v1alpha1/skipobj_interfaces.go (2 hunks)
api/v1alpha1/zz_generated.deepcopy.go (6 hunks)
config/crd/skiperator.kartverket.no_applications.yaml (2 hunks)
config/crd/skiperator.kartverket.no_routings.yaml (2 hunks)
config/crd/skiperator.kartverket.no_skipjobs.yaml (2 hunks)
config/rbac/role.yaml (2 hunks)
go.mod (8 hunks)
internal/controllers/application.go (5 hunks)
internal/controllers/skipjob.go (5 hunks)
pkg/resourcegenerator/istio/telemetry/telemetry.go (1 hunks)
pkg/resourcegenerator/job/job.go (1 hunks)
pkg/resourcegenerator/networkpolicy/dynamic/common.go (6 hunks)
pkg/resourceschemas/schemas.go (4 hunks)
pkg/util/constants.go (1 hunks)
tests/application/access-policy/chainsaw-test.yaml (1 hunks)
tests/application/access-policy/multiple-ns-same-label-assert.yaml (1 hunks)
tests/application/cloudsql-auth-proxy/application-no-cloudsql-patch.yaml (0 hunks)
tests/application/cloudsql-auth-proxy/application.yaml (0 hunks)
tests/application/telemetry/application-assert.yaml (1 hunks)
tests/application/telemetry/application-custom-tracing-assert.yaml (1 hunks)
tests/application/telemetry/application-custom-tracing.yaml (1 hunks)
tests/application/telemetry/application.yaml (1 hunks)
tests/application/telemetry/chainsaw-test.yaml (1 hunks)
tests/skipjob/access-policy-job/chainsaw-test.yaml (1 hunks)
tests/skipjob/access-policy-job/skipjob-cron-assert.yaml (1 hunks)
tests/skipjob/access-policy-job/status-ready-no-job-assert.yaml (1 hunks)
tests/skipjob/access-policy-job/status-ready-no-job.yaml (1 hunks)
tests/skipjob/cron-job-timezone/chainsaw-test.yaml (1 hunks)
tests/skipjob/cron-job-timezone/skipjob-assert.yaml (1 hunks)
tests/skipjob/cron-job-timezone/skipjob.yaml (1 hunks)
tests/skipjob/telemetry/chainsaw-test.yaml (1 hunks)
tests/skipjob/telemetry/skipjob-assert.yaml (1 hunks)
tests/skipjob/telemetry/skipjob-custom-tracing-assert.yaml (1 hunks)
tests/skipjob/telemetry/skipjob-custom-tracing.yaml (1 hunks)
tests/skipjob/telemetry/skipjob.yaml (1 hunks)

Files not reviewed due to no reviewable changes (2)

tests/application/cloudsql-auth-proxy/application-no-cloudsql-patch.yaml
tests/application/cloudsql-auth-proxy/application.yaml

Files skipped from review due to trivial changes (3)

api/v1alpha1/istiotypes/zz_generated.deepcopy.go
api/v1alpha1/skipns_types.go
tests/application/access-policy/multiple-ns-same-label-assert.yaml

Files skipped from review as they are similar to previous changes (2)

config/crd/skiperator.kartverket.no_applications.yaml
config/crd/skiperator.kartverket.no_routings.yaml

Additional context used

yamllint

tests/skipjob/telemetry/skipjob.yaml

[error] 12-12: no new line character at the end of file

(new-line-at-end-of-file)

actionlint

.github/workflows/api-docs.yaml

22-22: shellcheck reported issue in this script: SC2046:warning:1:20: Quote this to prevent word splitting

(shellcheck)

22-22: shellcheck reported issue in this script: SC2046:warning:1:29: Quote this to prevent word splitting

(shellcheck)

22-22: shellcheck reported issue in this script: SC2086:info:1:46: Double quote to prevent globbing and word splitting

(shellcheck)

GitHub Check: Build and run tests

api/v1alpha1/application_types.go

[failure] 463-463:
MarshalledIngresses redeclared in this block

[failure] 451-451:
other declaration of MarshalledIngresses

Additional comments not posted (105)

tests/application/telemetry/application.yaml (1)

1-7: LGTM! The Application resource is well-structured.

The YAML configuration follows the expected structure for defining an application resource in the Skiperator framework. The apiVersion, kind, metadata, and spec fields are properly defined.

.gitignore (1)

10-11: LGTM!

The change to the Istio-related ignore pattern refines the exclusion criteria to only ignore files starting with "istio-" while still allowing any directory named "istio" to be included.

This may result in some previously ignored files (those starting with "istio" but not followed by a hyphen) being included in the repository, which seems to be the intended behavior for more specific control over Istio-related files.

The change does not appear to have any negative impact on the repository.

tests/application/telemetry/application-custom-tracing.yaml (1)

1-11: LGTM!

The YAML configuration file is well-structured and correctly defines an Istio-based application with custom tracing settings. The random sampling percentage of 75% is appropriately configured to enable monitoring and debugging of the application.

This setup is crucial for gaining insights into application performance and behavior in a microservices architecture. The changes are approved.

tests/skipjob/telemetry/skipjob.yaml (1)

1-12: LGTM! The file introduces a new resource type for running jobs.

The skipjob.yaml file correctly defines a Kubernetes custom resource of kind SKIPJob under the skiperator.kartverket.no/v1alpha1 API version. The resource specifies a minimal job configuration that runs a Perl command to calculate the value of π (pi) to 2000 decimal places.

The file structure follows the standard conventions for defining Kubernetes resources, with appropriate sections for apiVersion, kind, metadata, and spec. The spec section correctly specifies the container image and command to execute.

Overall, this file serves as a good example of how to define and run jobs using the Skiperator framework.

Tools

yamllint

[error] 12-12: no new line character at the end of file

(new-line-at-end-of-file)

Dockerfile.goreleaser (1)

1-11: LGTM!

The Dockerfile follows best practices for building minimal and secure container images:

It uses a multi-stage build process to keep the final image size small.

The scratch image ensures that only the necessary components are included in the final image.

Copying the CA certificates allows the application to make secure network connections.

Running as a non-root user is a good security practice.

The ENTRYPOINT directive correctly specifies the command to run when the container starts.

Great job on implementing a clean and efficient Dockerfile!

tests/skipjob/cron-job-timezone/chainsaw-test.yaml (1)

1-14: LGTM!

The test configuration follows the Chainsaw framework's structure and conventions. The file is well-structured and easy to understand. The test's execution parameters and steps are correctly defined.
Dockerfile (1)
1-1: Verify compatibility with Go 1.23 and update dependencies if needed.

Upgrading to Go 1.23 can potentially introduce improvements, optimizations, and new features that could enhance the build process and the resulting application. However, it's important to ensure that the application code and dependencies are fully compatible with the new Go version.

Please run the following script to verify the compatibility and update dependencies if necessary:

Verification successful

Dockerfile change to Go 1.23 is compatible and appropriate

The update to FROM golang:1.23 as builder in the Dockerfile is verified to be compatible with the project:

The go.mod file already specifies Go 1.23.1 as the required version.

No build constraints or version-specific imports were found in the codebase.

The Makefile doesn't contain any conflicting Go version specifications.

This change aligns the Dockerfile with the project's existing Go version requirement and should not introduce any compatibility issues.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify compatibility with Go 1.23 and update dependencies.

# Test: Check if the application builds successfully with Go 1.23.
make

# Test: Run the application tests to ensure compatibility.
make test

# Test: Update dependencies to the latest versions compatible with Go 1.23.
go get -u ./...
go mod tidy
Length of output: 336

Script:
#!/bin/bash

# List the project structure
echo "Project Structure:"
tree -L 2

# Search for Go-specific files
echo -e "\nGo-specific files:"
fd -e go -e mod -e sum

# Look for Go 1.23 specific syntax or features
echo -e "\nSearching for Go 1.23 specific syntax or features:"
rg -i "go 1\.23" --type go

# Check for documentation mentioning Go version requirements
echo -e "\nChecking documentation for Go version requirements:"
rg -i "go (version|1\.23)" README.md CHANGELOG.md docs/
Length of output: 5462

Script:
#!/bin/bash

# Check go.mod for Go version requirement
echo "Go version requirement in go.mod:"
grep -i "go 1\." go.mod

# Check for build constraints
echo -e "\nChecking for build constraints:"
rg -i "^//\s*\+build\s+" --type go

# Check for version-specific imports
echo -e "\nChecking for version-specific imports:"
rg -i "^import\s+.*go1\." --type go

# Check Makefile for any Go version specifications
echo -e "\nChecking Makefile for Go version specifications:"
grep -i "go1\." Makefile
Length of output: 499
tests/skipjob/cron-job-timezone/skipjob.yaml (6)

1-2: LGTM!

The API version and kind are correctly specified for the SKIPJob resource.

3-4: LGTM!

The metadata is correctly defined, and the resource name is descriptive.

5-7: LGTM!

The container specification is correctly defined, and the Perl image version is appropriate.

8-12: LGTM!

The command is correctly defined, and the Perl script is using appropriate flags and modules to compute π (pi) to a high precision.

15-15: LGTM!

The timezone is correctly defined, ensuring that the job runs according to the local time in Oslo, Norway.

1-15: LGTM!

The overall YAML structure and indentation are correct, and the SKIPJob resource is properly defined with the required fields.

tests/skipjob/telemetry/skipjob-custom-tracing.yaml (1)

1-16: LGTM!

The SKIPJob resource configuration is valid and should work as expected. The job is correctly defined with a descriptive name, valid Perl image version, and a Perl one-liner command that computes and prints the value of π (pi) to 2000 decimal places. The Istio settings for telemetry are also correctly specified, enabling tracing with a 75% random sampling percentage.

tests/skipjob/access-policy-job/status-ready-no-job.yaml (4)

1-2: LGTM!

The apiVersion and kind are correctly specified for a SKIPJob resource.

3-4: LGTM!

The metadata.name uniquely identifies the job and follows the naming convention for Kubernetes resources.

6-11: Verify the allowed external host.

The accessPolicy section correctly defines the allowed external host as data.helsecert.no. However, please verify that this host is intended and secure.

12-19: LGTM!

The spec.cron and spec.job sections are correctly configured:

The job is scheduled to run daily at 6 AM and allows concurrent executions.

The job has a backoff limit of 6 retries and a TTL of 3600 seconds after completion.

The job is not suspended, allowing it to run as scheduled.

tests/skipjob/telemetry/skipjob-assert.yaml (1)

1-15: LGTM!

The Istio telemetry configuration is well-structured and follows best practices:

The apiVersion and kind fields are correctly specified for an Istio telemetry resource.

The metadata.name field provides a unique name for the resource.

The spec.tracing section configures the OpenTelemetry tracing provider with a reasonable 10% random sampling percentage, which balances capturing relevant traces and reducing overhead.

The spec.selector section uses appropriate labels to target specific pods related to the skiperator application and its skipjob functionality, ensuring focused telemetry data collection.

This configuration will enhance observability for the specified job while minimizing the impact on other components.

tests/skipjob/telemetry/skipjob-custom-tracing-assert.yaml (1)

1-15: LGTM! The Telemetry resource configuration is well-defined and enhances observability.

The introduced YAML configuration file correctly defines a Telemetry resource for Istio, targeting the "minimal-job" managed by the "skiperator" application. The configuration offers the following benefits:

Integrates tracing capabilities using the "otel-tracing" provider, enabling performance monitoring and debugging.

Sets a random sampling percentage of 75%, ensuring that a significant portion of traces are captured for analysis.

Utilizes specific selector labels to precisely target the relevant application components, preventing unintended application of the configuration.

Overall, this configuration enhances the observability of the "minimal-job" and follows best practices for defining Istio Telemetry resources.

tests/skipjob/telemetry/chainsaw-test.yaml (4)

1-2: LGTM!

The API version and kind declarations are correct and align with the Chainsaw framework's specifications.

3-4: LGTM!

The metadata section is correctly defined, and the name "telemetry" accurately reflects the purpose of the test.

5-8: LGTM!

The spec section is correctly structured, and the skip, concurrent, and skipDelete flags are appropriately set based on the desired test behavior.

9-19: Verify the contents of the referenced YAML files.

The test steps are correctly structured using the try-catch mechanism. The first step appropriately creates a resource and asserts its correctness, while the second step applies a custom tracing configuration and verifies its application.

However, the contents of the referenced YAML files (skipjob.yaml, skipjob-assert.yaml, skipjob-custom-tracing.yaml, skipjob-custom-tracing-assert.yaml) cannot be verified based on the provided context. Please ensure that these files contain the expected configurations and assertions.

tests/application/telemetry/chainsaw-test.yaml (5)

1-2: LGTM!

The API version and kind declarations are consistent with the Kyverno policy engine's test configuration format.

3-4: LGTM!

The metadata section is correctly defined, and the test name "telemetry" is appropriate for a telemetry application test.

5-8: LGTM!

The test specification is correctly defined:

The test is set to run and not be skipped.

The test can run concurrently with other tests.

The created resources will be deleted after the test.

10-15: LGTM!

The first test step is correctly defined:

The step attempts to create a resource from application.yaml.

The step asserts the correctness of the created resource against application-assert.yaml.

The try block handles any errors during the step execution.

16-20: LGTM!

The second test step is correctly defined:

The step applies a custom tracing configuration from application-custom-tracing.yaml.

The step verifies the applied configuration against application-custom-tracing-assert.yaml.

The try block handles any errors during the step execution.

tests/application/telemetry/application-assert.yaml (1)

1-16: LGTM!

The Telemetry resource configuration looks good and follows the expected structure for enabling tracing in an Istio-based application using OpenTelemetry.

A few additional insights:

The random sampling percentage of 10% is a reasonable default value to start with. It can be adjusted based on the observability requirements and the performance impact of tracing.

The use of label matching in the selector ensures that the configuration is applied only to the intended application. Make sure that the labels used in the selector match the actual labels assigned to the application during deployment.

The ($namespace) variable in the application.skiperator.no/app-namespace label should be replaced with the actual namespace value during deployment. Ensure that the deployment process handles this variable substitution correctly.

Overall, this configuration enables tracing for the Istio-based application, allowing for better observability and debugging capabilities.

tests/application/telemetry/application-custom-tracing-assert.yaml (1)

1-16: LGTM!

The Telemetry resource configuration looks good:

It uses the correct API version and kind for defining a Telemetry resource.

The tracing configuration specifies the OpenTelemetry tracing provider with a reasonable random sampling percentage of 75%.

The selector labels match the intended application managed by "skiperator", ensuring that the telemetry settings are applied only to the desired application instances.

This configuration will enhance observability and performance monitoring for the Istio-based application while aligning with industry standards for distributed tracing.

.github/workflows/test.yml (3)

10-10: Verify if ignoring api-docs.yaml changes is intended.

Adding .github/workflows/api-docs.yaml to the paths-ignore list for pull requests means the workflow will not run when this file is changed.

Please confirm if this is the intended behavior. If the api-docs.yaml file impacts the application behavior, ignoring its changes could potentially lead to missing tests.

17-17: Verify if ignoring api-docs.yaml changes is intended.

Adding .github/workflows/api-docs.yaml to the paths-ignore list for push events means the workflow will not run when this file is changed.

Please confirm if this is the intended behavior. If the api-docs.yaml file impacts the application behavior, ignoring its changes could potentially lead to missing tests.

29-29: Verify compatibility with Go 1.23.1.

The Go version used in the workflow has been updated to 1.23.1.

Please ensure that the codebase and all dependencies are compatible with Go 1.23.1. Incompatibilities could lead to build failures or unexpected behavior.

api/v1alpha1/skipobj_interfaces.go (1)

22-24: LGTM!

The addition of the IstioSettings field to the CommonSpec struct is a well-designed enhancement that enables the management of Istio-specific configurations. The use of a pointer type allows for optional configuration, ensuring backward compatibility and flexibility. The modular design, with the IstioSettings type imported from the istiotypes package, promotes code reusability and maintainability.

The change aligns with the overall goal of integrating service mesh configurations into the existing resource specifications, as mentioned in the PR objectives.

tests/skipjob/access-policy-job/chainsaw-test.yaml (1)

37-41: LGTM! The added test case improves the test coverage.

The new try block with apply and assert operations is a valuable addition to the testing framework. It helps validate the system's behavior when a specific status is applied without a job present.

By covering this scenario, the test case ensures that the system's readiness state is properly validated under these conditions, thereby enhancing the overall test coverage and robustness of the framework.

tests/application/access-policy/chainsaw-test.yaml (1)

7-7: LGTM!

Setting concurrent to false is a valid change for a test configuration. It will make the test steps run sequentially, which can be beneficial for determinism and debugging, at the cost of potentially increased execution time.

.github/workflows/release-version.yaml (1)

28-28: Approve the Go version update.

Updating the Go version to 1.23.1 is a good move to leverage the latest language features, performance optimizations, and bug fixes.

Please ensure that the codebase is compatible with Go 1.23.1 by running tests and validations against this version before merging the changes.

tests/skipjob/access-policy-job/status-ready-no-job-assert.yaml (3)

1-30: LGTM!

The metadata and status sections are well-defined and align with the PR objective. The resource name is clear, the access policies are ready, and all subresources are synced. The job states and overall summary provide a clear picture of the resource's status.

32-37: Verify the placeholder image name.

The spec.container section allows outbound access to the external host "data.helsecert.no", which aligns with the PR objective. However, the container image is specified as "image", which may be a placeholder.

Please confirm if "image" is indeed a placeholder and if the actual image name will be provided later or varies based on the environment.

38-45: Verify if allowing job concurrency is intended.

The spec.cron section defines a reasonable schedule to run the job daily at 6 AM. However, allowConcurrency is set to "Allow", which may not be ideal if the job performs resource-intensive or conflicting operations.

Please confirm if allowing concurrent job runs is intended and consider the potential impact of overlapping runs if the job takes longer than 24 hours to complete.

pkg/util/constants.go (1)

14-15: LGTM!

The new global variable IstioTraceProvider is a clear and descriptive addition to the existing set of constants. The comment provides helpful context about its purpose in representing the trace provider configured in the Istiod installation.

This addition may facilitate better integration with observability tools and improve the overall tracing capabilities of the system.

.github/workflows/api-docs.yaml (4)

16-19: LGTM!

The step is correctly using the actions/checkout action to check out the repository with a custom path parameter to avoid conflicts.

25-30: LGTM!

The step is correctly using the actions/checkout action to check out the target repository with custom path, repository, and ssh-key parameters.

32-34: LGTM!

The step is correctly using the cp command to copy the generated documentation file to the target repository.

36-43: LGTM!

The step is correctly using the git command to stage, commit, and push the changes to the target repository.

tests/skipjob/access-policy-job/skipjob-cron-assert.yaml (1)

27-27: LGTM!

The addition of the accessPolicies: Ready field in the status section enhances the status reporting of the cron job's access policies. This change improves observability and provides a clear indication of the operational readiness of the access policies.

pkg/resourcegenerator/istio/telemetry/telemetry.go (1)

15-53: LGTM!

The Generate function is well-implemented and follows a clear logic flow. It correctly handles unsupported SKIP object types, generates unique names for the telemetry resources, and processes the telemetry tracing settings to create corresponding Tracing objects. The function also assigns the necessary metadata and specification to the telemetry resource and adds it to the reconciliation context.

The changes enhance the telemetry capabilities of the system by allowing the dynamic generation of Istio telemetry resources based on specific application configurations. The function is designed to handle different SKIP object types and ensures that the telemetry settings are applied to the appropriate workloads through the use of a workload selector.

Overall, the implementation is robust and follows best practices. Great job!

api/v1alpha1/istiotypes/istio_settings.go (3)

8-19: LGTM!

The Tracing struct is well-defined with clear documentation and validation annotations. The use of int type for RandomSamplingPercentage field is a reasonable choice given the constraints with the kubebuilder code generator. The default value and the ability to disable tracing by setting the value to 0 are also well-documented.

24-29: LGTM!

The Telemetry struct is well-defined with clear documentation and validation annotations. The Tracing field is appropriately marked as optional and has a sensible default value. The comment about the potential for future extension to configure additional telemetry settings is also helpful.

34-38: LGTM!

The IstioSettings struct is well-defined with clear documentation and validation annotations. The Telemetry field is appropriately marked as optional and has a sensible default value that matches the default value of the Tracing struct. The comment about the current support for only telemetry configuration is also helpful.

tests/skipjob/cron-job-timezone/skipjob-assert.yaml (3)

1-9: LGTM!

The ServiceAccount configuration looks good. It is correctly labeled to associate it with the SKIPJob.

11-49: LGTM!

The CronJob configuration looks good. It is correctly configured with:

A schedule to run every minute

The Europe/Oslo timezone

A concurrency policy of Allow

Reasonable job history limits

A job template specifying the perl:5.34.0 container image

51-64: LGTM!

The Pod configuration looks good. It is correctly labeled to associate it with the SKIPJob, and it has an appropriate owner reference to the Job it belongs to.

.goreleaser.yaml (5)

1-1: LGTM!

The version field is correctly set to 2, indicating that the configuration file is using version 2 of the GoReleaser configuration file format.

26-42: LGTM!

The changes in the archives section are well-structured and improve the project's distribution:

Including the LICENSE file in the archive is a good practice for open-source projects.

The updated name_template generates archive names that are more compatible with the OS and architecture naming conventions.

Using zip format for Windows archives ensures better compatibility.

45-63: LGTM!

The expanded dockers section demonstrates a well-structured approach to building multi-platform Docker images:

Using the buildx feature to build images for different architectures (amd64 and arm64) is a good practice to support a wider range of platforms.

Specifying separate image templates for each architecture allows for better control and flexibility in the image builds.

Using specific build flags and Dockerfiles for each architecture ensures the images are built correctly for the target platform.

64-68: LGTM!

The introduction of the docker_manifests section is a great addition to simplify the management and distribution of multi-architecture images:

Creating a manifest for the multi-architecture images allows users to pull the appropriate image for their platform using a single tag.

Including both arm64 and amd64 images in the manifest ensures compatibility with a wide range of platforms.

96-96: LGTM!

The update in the snapshot section from name_template to version_template is a good change:

It aligns the snapshot naming convention with the new versioning scheme.

This change ensures consistency in the naming of snapshot artifacts.
config/rbac/role.yaml (4)
7-23: LGTM!

The added permissions for managing configmaps, pods, pods/ephemeralcontainers, secrets, serviceaccounts, and services are appropriate and comprehensive. The allowed verbs provide the necessary control over these resources.

24-30: Verify if the limited permissions for events are intentional.

The permissions for the events resource only allow create and patch operations. This means the role can generate new events and modify existing ones but cannot read, list, update, or delete events.

Please confirm if these limited permissions are intentional and sufficient for the role's intended responsibilities. Consider adding get, list, watch, update, and delete verbs if the role requires more comprehensive management of events.

194-205: LGTM!

The permissions for managing telemetries resources in the telemetry.istio.io API group are appropriate and comprehensive. The allowed verbs provide full control over these resources, which aligns with the overall changes in this file.

31-38: Read-only permissions for namespaces are typically sufficient.

The permissions for the namespaces resource allow get, list, and watch operations, providing read-only access. This is usually adequate for most roles that don't need to manage namespaces directly.

To confirm if the role requires namespace management permissions, run the following script:

Verification successful

Confirmed: Read-only permissions for namespaces are correct and sufficient.

After thorough verification, the ClusterRole "skiperator" maintains read-only permissions (get, list, watch) for namespaces, which aligns with the original implementation. No create, update, patch, or delete permissions were found for namespaces in any ClusterRole definition.

The current permissions allow for viewing namespaces without the ability to modify them, which is typically sufficient for most use cases and maintains the principle of least privilege.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Check if the role requires namespace management permissions.

# Test: Search for occurrences of the role creating, updating, or deleting namespaces.
# Expect: No occurrences found.
rg --type yaml $'kind:\\s*ClusterRole\\s*\n\\s*name:\\s*skiperator\\s*\n(.*\n)*?\\s*-\\s*namespaces\\s*\n\\s*verbs:\\s*\n(\\s*-\\s*(create|update|patch|delete)\\s*\n)+'
Length of output: 342

Script:
#!/bin/bash
# Description: Check if any ClusterRole requires namespace management permissions.

# Test: Search for occurrences of ClusterRoles with create, update, patch, or delete permissions on namespaces.
# Expect: No occurrences found if read-only permissions are sufficient.
rg -U --type yaml 'kind:\s*ClusterRole\s*(\n|.)*?resources:\s*(\n|.)*?-\s*namespaces\s*(\n|.)*?verbs:\s*(\n|.)*?(create|update|patch|delete)'
Length of output: 1790
.github/workflows/deploy-sandbox-dispatch.yaml (1)

33-33: LGTM! Verify application compatibility with Go 1.23.1.

Updating to a newer version of Go is a good practice to leverage new features, performance improvements, and bug fixes. The change itself looks good.

However, it's important to ensure that the Skiperator application is thoroughly tested and verified to be compatible with Go 1.23.1. Please confirm that the application has been tested with this updated Go version and no issues were found.

pkg/resourceschemas/schemas.go (4)

15-15: LGTM!

The import statement for the telemetryv1 package is correct and follows the proper naming convention. The package is used in the subsequent code changes, so it is not an unused import.

36-36: Looks good!

The registration of the telemetryv1 API with the provided scheme is implemented correctly. The AddToScheme function is called with the correct argument, and the function call is wrapped with utilruntime.Must to handle any potential errors during the registration process. This change is consistent with the existing code in the AddSchemas function.

66-66: Looks good!

The addition of &telemetryv1.TelemetryList{} to the list of object lists returned by the GetApplicationSchemas function is implemented correctly. The TelemetryList type is consistent with the other types used in the list, and its inclusion suggests that telemetry resources are considered part of the application schemas.

89-89: Looks good!

The addition of &telemetryv1.TelemetryList{} to the list of object lists returned by the GetJobSchemas function is implemented correctly. The TelemetryList type is consistent with the other types used in the list, and its inclusion suggests that telemetry resources are also considered part of the job schemas.

pkg/resourcegenerator/job/job.go (1)

60-60: LGTM!

The addition of the TimeZone field to the CronJobSpec struct is a valuable enhancement. It allows for more precise scheduling of cron jobs based on time zone considerations, improving the flexibility and accuracy of job execution across different geographical contexts.

The field is correctly sourced from the skipJob.Spec.Cron.TimeZone property, ensuring that the specified time zone is properly applied to the cron job specification.

This change reflects a positive improvement in the handling of scheduling configurations for cron jobs within the Skiperator framework.

.github/workflows/build-and-deploy.yaml (1)

104-104: LGTM!

Updating the Go version to 1.23.1 is a good practice to ensure access to the latest features, performance improvements, and bug fixes. The minor version update is unlikely to introduce any breaking changes or compatibility issues.
README.md (3)
166-171: LGTM!

The introduction of the podSettings field in the Application resource is a valuable addition. It provides more control over pod-specific configurations, such as annotations, termination grace period, and pod spread topology constraints. These settings enhance the flexibility and customization options for deploying applications.

172-177: Ensure the sampling percentage is set appropriately.

The introduction of the istioSettings field in the Application resource is a useful addition for configuring Istio-specific settings. The telemetry.tracing.randomSamplingPercentage field allows adjusting the sampling percentage for tracing, which can be helpful for controlling the amount of tracing data collected for the application.

Please ensure that the specified sampling percentage is within the valid range and aligns with the tracing requirements of your application.

18-18: Verify the new API documentation link.

Please ensure that the updated link https://skip.kartverket.no/docs/skiperator is accessible and contains the expected API documentation.

Run the following script to verify the link:

Verification successful

New API documentation link is accessible

The updated link https://skip.kartverket.no/docs/skiperator is accessible and returns a successful HTTP status code (200). This indicates that the link is valid and likely contains the expected API documentation.

However, to ensure the content is correct:

Please manually verify that the link leads to the intended API documentation for Skiperator.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the accessibility of the new API documentation link.

# Test: Check if the link is accessible. Expect: Status code 200.
curl -I -s -o /dev/null -w "%{http_code}" https://skip.kartverket.no/docs/skiperator
Length of output: 90
pkg/resourcegenerator/networkpolicy/dynamic/common.go (4)
11-12: LGTM!

The new imports slices and strings are valid additions, likely used in the new sortNetPolPorts function.

53-53: LGTM!

The updated getIngressRules function call correctly passes the new HostCollection type.

106-106: LGTM!

Sorting the ports using the sortNetPolPorts function is a good addition for maintaining consistency in the egress rules.

237-237: Consider centralizing label definitions.

The function getIngressGatewayLabel determines labels based on whether the ingress is internal or external. This is a critical piece of logic that could benefit from being placed in a centralized configuration or constants file, as suggested by the existing TODO comment.
- // TODO Should be in constants or something
+ // Moved to constants for better maintainability
Moving these label definitions to a constants file not only cleans up the code but also makes it easier to manage changes to these labels in the future.

Likely invalid or redundant comment.
api/v1alpha1/skipjob_types.go (4)

6-6: LGTM!

The import statement for the istiotypes package is correctly added.

85-91: LGTM!

The IstioSettings field is correctly added to the SKIPJobSpec struct with appropriate annotations and default value.

187-193: LGTM!

The TimeZone field is correctly added to the CronSettings struct with appropriate annotations and comment.

299-301: LGTM!

The GetCommonSpec method is correctly updated to include the IstioSettings field.

go.mod (5)

3-3: LGTM!

Updating the Go version to 1.23.1 ensures compatibility with the latest language features and improvements. The minor version bump should maintain backward compatibility.

10-12: LGTM!

Updating the dependencies to newer versions can provide bug fixes, performance improvements, and new features. The minor version bumps should maintain backward compatibility.

20-21: LGTM!

Updating the dependencies to newer versions can provide bug fixes, performance improvements, and new features. The minor version bumps for google.golang.org/protobuf and sigs.k8s.io/controller-tools should maintain backward compatibility. The more significant version bump for golang.org/x/exp is expected, as it's an experimental package.

Also applies to: 29-29

34-38: LGTM!

Updating the Google Cloud and AWS SDK dependencies to newer versions can provide bug fixes, performance improvements, and new features. The minor version bumps should maintain backward compatibility.

Also applies to: 57-57

118-118: LGTM!

Updating the various dependencies to newer versions can provide bug fixes, performance improvements, and new features. The version bumps are mostly minor or patch releases, which should maintain backward compatibility.

Also applies to: 122-122, 124-124, 137-138, 160-160, 162-162, 190-197, 211-214, 225-226, 230-230

internal/controllers/skipjob.go (6)

12-12: LGTM!

The import for the telemetry package is added correctly.

19-19: LGTM!

The import for the telemetry v1 package is added correctly.

42-42: LGTM!

The RBAC permission to manage telemetry resources is added correctly.

80-80: LGTM!

The ownership of telemetry v1 resources is set correctly.

153-153: LGTM!

The telemetry.Generate function is added correctly to the resource generation logic.

307-314: LGTM!

The modification to set explicit conditions when no jobs are found is implemented correctly. This change enhances the clarity of the job's status in the absence of jobs.

internal/controllers/application.go (4)

20-20: LGTM!

The import statement for the telemetry package is correctly added, enabling the application to utilize telemetry-related functionalities.

35-35: LGTM!

The import statement for the telemetryv1 package is correctly added, enabling the application to utilize the telemetryv1 package.

62-62: LGTM!

The RBAC annotation is correctly added to grant permissions for managing telemetries resources, allowing the necessary operations on these resources.

90-90: LGTM!

The changes to include ownership of Telemetry resources in the SetupWithManager function and the addition of telemetry.Generate in the Reconcile function are correctly implemented. These modifications ensure proper management and generation of telemetry resources as part of the application's lifecycle.

Also applies to: 202-202

api/v1alpha1/application_types.go (2)

339-342: Review the new Ingresses struct.

The new Ingresses struct has been introduced to represent ingress data with additional metadata. It contains the following fields:

Hostname: Represents the ingress hostname.

Internal: A pointer to a boolean indicating whether the ingress is internal or not.

This struct aligns with the goal of providing a more structured representation of ingress data, allowing for the inclusion of relevant metadata. The addition of this struct is a positive change that supports the PR's objectives.

445-448: Review the inclusion of additional fields in the CommonSpec struct.

The GetCommonSpec method has been updated to include the following additional fields:

GCP

AccessPolicy

IstioSettings

These fields are assigned from the corresponding fields in the ApplicationSpec. Including them in the CommonSpec struct suggests that they are now considered part of the common specification for an application.

The changes align with the overall goal of enhancing the application specification and configuration. Populating these fields in the GetCommonSpec method ensures that they are properly included when retrieving the common specification.

api/v1alpha1/zz_generated.deepcopy.go (4)

81-82: LGTM!

The changes to handle the Ingresses field as a pointer to v1.JSON type and the addition of the IstioSettings field are implemented correctly.

Also applies to: 207-211

329-333: LGTM!

The addition of the TimeZone field and its deep copy logic are implemented correctly.

509-513: LGTM!

The addition of the Internal field and its deep copy logic are implemented correctly.

621-625: LGTM!

The addition of the IstioSettings field and its deep copy logic are implemented correctly.

config/crd/skiperator.kartverket.no_skipjobs.yaml (3)

6-6: LGTM!

The version bump for the controller-gen annotation looks good. This change alone does not introduce any functional changes to the CRD.

783-789: Approve the addition of the timeZone field.

The new timeZone field in the spec.job.cron object is a valuable addition. It allows users to specify the time zone for the job schedule, defaulting to the cluster's time zone if not provided. This enhances the flexibility of scheduling jobs according to local time requirements.

The field description and example provide clear guidance on usage.

793-832: Approve the addition of the istioSettings object and its tracing configuration.

The new istioSettings object in the spec.job object is a valuable addition. It provides configuration options for Istio-specific resources, particularly focusing on telemetry settings.

Within the istioSettings object, the tracing configuration allows users to control the sampling rate for tracing requests, with a default value of 10%. This enables flexibility in managing the tracing overhead while providing a reasonable starting point.

The detailed structure of the istioSettings object, including properties for telemetry and tracing, is well-defined and enhances the observability and monitoring capabilities of the jobs.

tests/skipjob/cron-job-timezone/skipjob.yaml

tests/skipjob/access-policy-job/status-ready-no-job.yaml

.github/workflows/api-docs.yaml

pkg/resourcegenerator/networkpolicy/dynamic/common.go

api/v1alpha1/application_types.go

coderabbitai

Actionable comments posted: 2

Outside diff range and nitpick comments (2)

api/v1alpha1/application_types.go (2)

451-460: Consider improving error handling and type safety.

The MarshalledIngresses function could be improved in a couple of ways:

Return the error along with the nil result when marshaling fails. This will help with debugging and prevent silent failures.

Consider using a more specific type for the ingresses parameter instead of interface{}. This will improve type safety and catch potential issues at compile time.

463-491: LGTM with a minor suggestion!

The changes to the Hosts method look good overall. The dual unmarshaling approach provides backward compatibility, and the error handling has been improved.

One suggestion: Consider accumulating all errors encountered during processing of the object format before returning, similar to how it's done for the string format. This will provide a complete view of all issues.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f225423 and 0b54024.

Files selected for processing (6)

api/v1alpha1/application_types.go (5 hunks)
config/crd/skiperator.kartverket.no_applications.yaml (2 hunks)
tests/routing/internal-flag/application.yaml (1 hunks)
tests/routing/internal-flag/chainsaw-test.yaml (1 hunks)
tests/routing/internal-flag/routing-internal-flag-assert.yaml (1 hunks)
tests/routing/internal-flag/routing-internal-flag.yaml (1 hunks)

Files skipped from review as they are similar to previous changes (3)

config/crd/skiperator.kartverket.no_applications.yaml
tests/routing/internal-flag/routing-internal-flag-assert.yaml
tests/routing/internal-flag/routing-internal-flag.yaml

Additional context used

yamllint

tests/routing/internal-flag/chainsaw-test.yaml

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

Additional comments not posted (4)

tests/routing/internal-flag/application.yaml (1)

1-15: LGTM!

The YAML file correctly defines two Application resources for testing purposes. The use of the same generic image with different port configurations is a valid approach for testing multiple instances of an application.

The file structure follows the standard Kubernetes resource definition format, and all the necessary fields are properly specified.

tests/routing/internal-flag/chainsaw-test.yaml (1)

1-17: The test configuration looks good and follows the Chainsaw framework's conventions.

The test is well-structured and clearly defines the steps to validate the functionality of the new internal flag for routing configurations. It applies the necessary YAML files and includes an assertion step to verify the expected outcomes.

The test aligns with the PR objectives of introducing a new flag to streamline the process of toggling between internal and external ingress configurations.

Tools

yamllint

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

api/v1alpha1/application_types.go (2)

247-254: LGTM!

The new IstioSettings field with a default value that enables tracing with a 10% random sampling rate is a good addition. It provides flexibility to configure Istio-specific settings directly within the Application resource while keeping the default behavior sensible.

339-342: LGTM!

The new Ingresses struct provides a clean and structured way to represent ingress data, aligning with the change to the Ingresses field in ApplicationSpec. The Internal field being a *bool allows for flexibility in specifying the internal/external state of an ingress.

tests/routing/internal-flag/chainsaw-test.yaml

api/v1alpha1/application_types.go

api/v1alpha1/hosts.go

Co-authored-by: Martin Haram Nygård <[email protected]>

coderabbitai

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0b54024 and 9802c87.

Files selected for processing (1)

api/v1alpha1/hosts.go (5 hunks)

Additional context used

GitHub Check: Build and run tests

api/v1alpha1/hosts.go

[failure] 57-57:
undefined: IsInternal

Additional comments not posted (5)

api/v1alpha1/hosts.go (5)
6-6: LGTM!

The import statement for the "regexp" package is valid and necessary for using regular expressions later in the code.

19-19: LGTM!

Adding the "Internal" field to the "Host" struct is a valid change. It allows the system to track whether a host is internal or external.

71-71: LGTM!

Modifying the "Add" method of the "HostCollection" struct to accept an additional "internal" parameter and using it to set the "Internal" field of the "Host" struct is a valid change. It allows the "HostCollection" to manage the internal status of hosts more explicitly.

The past review comment suggesting to modify the method signature is not applicable anymore as the method signature has already been modified as suggested.

Also applies to: 77-77

114-116: LGTM!

The "isInternal" function is a valid addition to the code. It encapsulates the logic to determine if a hostname is internal or not.

The past review comment suggesting to modify the function signature is not applicable anymore as the function signature is already defined as suggested.

12-13: Anchor the regular expression for internal hostnames.

The regular expression used to determine internal hostnames is missing anchors to ensure that the pattern matches the entire hostname rather than any part of it. This might lead to unintended matches if the pattern appears anywhere within a larger string.

Modify the regular expression to ensure it matches the entire hostname:
-var internalPattern = regexp.MustCompile(`[^.]\.skip\.statkart\.no|[^.]\.kartverket-intern.cloud`)
+var internalPattern = regexp.MustCompile(`^(?:[^.]+\.skip\.statkart\.no|[^.]+\.kartverket-intern.cloud)$`)

api/v1alpha1/hosts.go

coderabbitai

Actionable comments posted: 4

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 9802c87 and 6cbaad4.

Files selected for processing (2)

api/v1alpha1/application_types.go (4 hunks)
api/v1alpha1/hosts.go (5 hunks)

Files skipped from review as they are similar to previous changes (1)

api/v1alpha1/hosts.go

Additional comments not posted (1)

api/v1alpha1/application_types.go (1)

72-72: Breaking Change to Ingresses Field

Changing the Ingresses field from []string to *apiextensionsv1.JSON introduces a significant change that may affect backward compatibility. Ensure that existing deployments and configurations that rely on the old []string format are properly handled or migrated to prevent runtime issues.

To verify if the old Ingresses format is used elsewhere in the codebase, run the following script:

api/v1alpha1/application_types.go

coderabbitai · 2024-09-20T13:30:23Z

api/v1alpha1/application_types.go

+type Ingresses struct {
+	Hostname string
+	Internal *bool
+}


Missing JSON Tags in Ingresses Struct

The fields in the Ingresses struct lack JSON tags, which may lead to issues during JSON marshaling and unmarshaling. To ensure proper serialization, add JSON tags to the struct fields.

Apply the following diff to add the necessary JSON tags:

type Ingresses struct { - Hostname string - Internal *bool + Hostname string `json:"hostname"` + Internal *bool `json:"internal,omitempty"` }

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

type Ingresses struct {

Hostname string

Internal *bool

}

type Ingresses struct {

Hostname string `json:"hostname"`

Internal *bool `json:"internal,omitempty"`

}

api/v1alpha1/application_types.go

evenh · 2024-09-20T07:07:51Z

api/v1alpha1/application_types.go

 func (s *ApplicationSpec) Hosts() (HostCollection, error) {
+	var ingressesAsString []string
+	var ingressesAsObject []Ingresses
+	var errorsFound []error
 	hosts := NewCollection()

-	var errorsFound []error
-	for _, ingress := range s.Ingresses {
-		err := hosts.Add(ingress)
+	ingresses := MarshalledIngresses(s.Ingresses)
+	err := json.Unmarshal(ingresses.Raw, &ingressesAsString)
+
+	if err != nil {
+		err := json.Unmarshal(ingresses.Raw, &ingressesAsObject)
+		if err != nil {
+			errorsFound = append(errorsFound, err)
+			return NewCollection(), errors.Join(errorsFound...)
+		}
+
+		for _, ingress := range ingressesAsObject {
+			if ingress.Internal == nil {
+				ingress.Internal = util.PointTo(IsInternal(ingress.Hostname))
+			}
+
+			err := hosts.Add(ingress.Hostname, *ingress.Internal)
+			if err != nil {
+				errorsFound = append(errorsFound, err)
+				return NewCollection(), errors.Join(errorsFound...)
+			}
+		}
+		return hosts, nil
+	}
+
+	for _, ingress := range ingressesAsString {
+		err := hosts.Add(ingress, IsInternal(ingress))
 		if err != nil {
 			errorsFound = append(errorsFound, err)
-			continue
 		}
 	}



Suggested change

func (s *ApplicationSpec) Hosts() (HostCollection, error) {

var ingressesAsString []string

var ingressesAsObject []Ingresses

var errorsFound []error

hosts := NewCollection()

var errorsFound []error

for _, ingress := range s.Ingresses {

err := hosts.Add(ingress)

ingresses := MarshalledIngresses(s.Ingresses)

err := json.Unmarshal(ingresses.Raw, &ingressesAsString)

if err != nil {

err := json.Unmarshal(ingresses.Raw, &ingressesAsObject)

if err != nil {

errorsFound = append(errorsFound, err)

return NewCollection(), errors.Join(errorsFound...)

}

for _, ingress := range ingressesAsObject {

if ingress.Internal == nil {

ingress.Internal = util.PointTo(IsInternal(ingress.Hostname))

}

err := hosts.Add(ingress.Hostname, *ingress.Internal)

if err != nil {

errorsFound = append(errorsFound, err)

return NewCollection(), errors.Join(errorsFound...)

}

}

return hosts, nil

}

for _, ingress := range ingressesAsString {

err := hosts.Add(ingress, IsInternal(ingress))

if err != nil {

errorsFound = append(errorsFound, err)

continue

}

}

func (s *ApplicationSpec) Hosts() (HostCollection, error) {

var legacyIngresses []string

var flexibleIngresses []Ingresses

var errorsFound []error

hosts := NewCollection()

jsonIngresses := MarshalledIngresses(s.Ingresses)

err := json.Unmarshal(jsonIngresses.Raw, &legacyIngresses)

// If the ingresses supplied is not a list of hostnames (legacy), i.e. the modern approach with objects

if err != nil {

if mErr := json.Unmarshal(jsonIngresses.Raw, &flexibleIngresses); mErr != nil {

errorsFound = append(errorsFound, mErr)

return hosts, errors.Join(errorsFound...)

}

for _, ingress := range flexibleIngresses {

if ingress.Internal == nil {

ingress.Internal = util.PointTo(IsInternal(ingress.Hostname))

}

if aErr := hosts.Add(ingress.Hostname, *ingress.Internal); aErr != nil {

errorsFound = append(errorsFound, aErr)

}

}

return hosts, errors.Join(errorsFound...)

}

// Handle the legacy format

for _, ingress := range legacyIngresses {

err := hosts.Add(ingress, IsInternal(ingress))

if err != nil {

errorsFound = append(errorsFound, err)

}

}

api/v1alpha1/hosts.go

tests/application/internal-flag/application-internal-missing-internal-flag-ext.yaml

tests/application/internal-flag/application-internal-missing-internal-flag-ext-assert.yaml

coderabbitai

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 49b3f7e and 9e0e790.

📒 Files selected for processing (1)

api/v1alpha1/application_types.go (4 hunks)

api/v1alpha1/application_types.go

This reverts commit 12eb2a8.

coderabbitai

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 12eb2a8 and 6399cbd.

📒 Files selected for processing (1)

api/v1alpha1/application_types.go (4 hunks)

🔇 Additional comments (6)

api/v1alpha1/application_types.go (6)
9-9: Import statement is necessary

The import "github.com/kartverket/skiperator/pkg/util" is required for utility functions used within the code, such as util.PointTo.

72-72: Enhanced flexibility with updated Ingresses field

Changing the Ingresses field to *apiextensionsv1.JSON allows for more flexible and complex ingress configurations, improving the application's extensibility.

493-493: Correct function name from isInternal to IsInternal

Similarly, update the function call to use the correct function name.

Apply this diff:
-		err := hosts.Add(ingress, isInternal(ingress))
+		err := hosts.Add(ingress, IsInternal(ingress))
481-481: ⚠️ Potential issue

Correct function name from isInternal to IsInternal

The function isInternal is undefined. It should be IsInternal with an uppercase 'I' to match the existing function.

Apply this diff to fix the function call:
-				ingress.Internal = util.PointTo(isInternal(ingress.Hostname))
+				ingress.Internal = util.PointTo(IsInternal(ingress.Hostname))
Likely invalid or redundant comment.

339-342: 🛠️ Refactor suggestion

Consider adding JSON tags to Ingresses struct fields

To ensure proper JSON serialization and deserialization, it's recommended to add JSON tags to the Ingresses struct fields.

Apply the following diff to include JSON tags:
 type Ingresses struct {
-	Hostname string
-	Internal *bool
+	Hostname string `json:"hostname"`
+	Internal *bool  `json:"internal,omitempty"`
 }
Likely invalid or redundant comment.

451-461: ⚠️ Potential issue

Enhance error handling in MarshalledIngresses function

Currently, MarshalledIngresses returns nil when marshaling fails without providing error details. Modifying the function to return an error alongside the JSON object will improve error transparency and handling.

Consider updating the function signature and implementation:
-func MarshalledIngresses(ingresses interface{}) *apiextensionsv1.JSON {
+func MarshalledIngresses(ingresses interface{}) (*apiextensionsv1.JSON, error) {
And modify the return statement:
	IngressesJSON.Raw, err = json.Marshal(ingresses)
	if err == nil {
		return IngressesJSON
	}

-	return nil
+	return nil, err
Ensure that callers of MarshalledIngresses are updated to handle the error appropriately.

Likely invalid or redundant comment.

api/v1alpha1/application_types.go

coderabbitai

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

api/v1alpha1/application_types.go (2)
464-492: Consider adding unit tests for new ingress handling logic

The introduction of new logic for handling both legacy and new ingress formats in the Hosts method is significant. Adding unit tests will ensure that both formats are handled correctly and will help prevent regressions in the future.

Would you like assistance in creating unit tests for this functionality?

340-343: Provide documentation comments for the Ingress struct

Adding GoDoc comments to the Ingress struct will improve code readability and maintainability by clearly describing the purpose and usage of the struct.

Example:
+// Ingress represents the configuration for a single ingress host, including whether it's internal.
 type Ingress struct {

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6399cbd and 01d9c30.

📒 Files selected for processing (1)

api/v1alpha1/application_types.go (4 hunks)

🧰 Additional context used

🔇 Additional comments (3)

api/v1alpha1/application_types.go (3)
73-73: Change to Ingresses field enhances flexibility

The update of the Ingresses field from []string to *apiextensionsv1.JSON allows for more complex ingress configurations while maintaining backward compatibility through the parsing logic in the Hosts method.

452-461: Improved error handling in MarshalledIngresses function

Great job updating the MarshalledIngresses function to return an error alongside the JSON object. This enhancement improves transparency and allows callers to handle errors more effectively.

464-492: ⚠️ Potential issue

Consistent use of IsInternal function

The function isInternal is used in the Hosts method, but it appears to be undefined. The correct function, based on the context and naming conventions, might be IsInternal.

Apply this diff to correct the function calls:
 if ingress.Internal == nil {
-    ingress.Internal = util.PointTo(isInternal(ingress.Hostname))
+    ingress.Internal = util.PointTo(IsInternal(ingress.Hostname))
 }

...

-    err := hosts.Add(ingress, isInternal(ingress))
+    err := hosts.Add(ingress, IsInternal(ingress))

coderabbitai · 2024-10-08T06:49:26Z

api/v1alpha1/application_types.go

+type Ingress struct {
+	Hostname string
+	Internal *bool
+}


⚠️ Potential issue

Add JSON tags to the Ingress struct fields

To ensure proper JSON marshaling and unmarshaling, add JSON struct tags to the Hostname and Internal fields. This facilitates accurate serialization and deserialization when handling ingress data.

Apply the following diff to include the JSON tags:

type Ingress struct { - Hostname string - Internal *bool + Hostname string `json:"hostname"` + Internal *bool `json:"internal,omitempty"` }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

type Ingress struct {

Hostname string

Internal *bool

}

type Ingress struct {

Hostname string `json:"hostname"`

Internal *bool `json:"internal,omitempty"`

}

BardOve added 5 commits September 5, 2024 09:25

Support for multiple types in ingresses

d10ed54

changes

4d206e3

Removed unused functions

2f60565

tests

13efe89

added internal flag to routing

dc2d01d

BardOve requested a review from a team as a code owner September 5, 2024 07:32

BardOve requested review from evenh, omaen and martinhny September 5, 2024 07:32

martinhny reviewed Sep 5, 2024

View reviewed changes

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

martinhny reviewed Sep 5, 2024

View reviewed changes

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

martinhny reviewed Sep 5, 2024

View reviewed changes

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

martinhny reviewed Sep 5, 2024

View reviewed changes

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

martinhny reviewed Sep 5, 2024

View reviewed changes

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

coderabbitai bot reviewed Sep 5, 2024

View reviewed changes

martinhny reviewed Sep 5, 2024

View reviewed changes

api/v1alpha1/hosts.go Outdated Show resolved Hide resolved

martinhny reviewed Sep 5, 2024

View reviewed changes

pkg/resourcegenerator/deployment/deployment.go Show resolved Hide resolved

martinhny reviewed Sep 5, 2024

View reviewed changes

pkg/util/helperfunctions.go Outdated Show resolved Hide resolved

martinhny reviewed Sep 5, 2024

View reviewed changes

tests/application/ingress/application-is-internal-vanity.yaml Show resolved Hide resolved

BardOve added 6 commits September 10, 2024 10:28

newlines

317898c

moved helperfunction

b55bad2

errorhandling

06294d3

rename variables

ce2639c

moved type def and corrected typo

42aa262

renamed function

49d30c1

coderabbitai bot reviewed Sep 10, 2024

View reviewed changes

BardOve added 2 commits September 16, 2024 10:39

tests

16290f8

pointer bool to enable nil check.

871f70c

coderabbitai bot reviewed Sep 16, 2024

View reviewed changes

tests/application/internal-flag/application-internal-missing-internal-flag-ext.yaml Outdated Show resolved Hide resolved

tests/application/internal-flag/application-internal-missing-internal-flag.yaml Show resolved Hide resolved

BardOve added 8 commits September 16, 2024 12:19

moved helperfunction

e289bc3

errorhandling

ddb9785

rename variables

a24ed0f

moved type def and corrected typo

d9bd2ab

renamed function

871a092

tests

44ae494

pointer bool to enable nil check.

653f740

Merge branch 'internal-flag' of github.com:kartverket/skiperator into…

f225423

… internal-flag

coderabbitai bot reviewed Sep 16, 2024

View reviewed changes

Refactor tests.

0b54024

coderabbitai bot reviewed Sep 18, 2024

View reviewed changes

tests/routing/internal-flag/chainsaw-test.yaml Show resolved Hide resolved

api/v1alpha1/application_types.go Show resolved Hide resolved

Merge branch 'main' into internal-flag

659b295

martinhny reviewed Sep 20, 2024

View reviewed changes

api/v1alpha1/hosts.go Outdated Show resolved Hide resolved

martinhny approved these changes Sep 20, 2024

View reviewed changes

Update api/v1alpha1/hosts.go

9802c87

Co-authored-by: Martin Haram Nygård <[email protected]>

coderabbitai bot reviewed Sep 20, 2024

View reviewed changes

api/v1alpha1/hosts.go Outdated Show resolved Hide resolved

rename function

6cbaad4

coderabbitai bot reviewed Sep 20, 2024

View reviewed changes

evenh reviewed Sep 26, 2024

View reviewed changes

rename app and resources in tests

49b3f7e

kartverket deleted a comment from coderabbitai bot Sep 30, 2024

Avoid error shadowing.

9e0e790

coderabbitai bot reviewed Sep 30, 2024

View reviewed changes

api/v1alpha1/application_types.go Show resolved Hide resolved

api/v1alpha1/application_types.go Show resolved Hide resolved

BardOve added 2 commits September 30, 2024 15:14

Avoid error shadowing.

12eb2a8

Revert "Avoid error shadowing."

6399cbd

This reverts commit 12eb2a8.

coderabbitai bot reviewed Oct 2, 2024

View reviewed changes

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

BardOve requested a review from evenh October 7, 2024 10:37

evenh requested changes Oct 7, 2024

View reviewed changes

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

api/v1alpha1/application_types.go Outdated Show resolved Hide resolved

cleanup

01d9c30

coderabbitai bot reviewed Oct 8, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Internal flag #530

Internal flag #530

BardOve commented Sep 5, 2024 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Sep 5, 2024 •

edited

Loading

Chat

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (`.coderabbit.yaml`)

Documentation and Community

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot Sep 20, 2024

evenh Sep 20, 2024

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot left a comment

coderabbitai bot Oct 8, 2024

Internal flag #530

Are you sure you want to change the base?

Internal flag #530

Conversation

BardOve commented Sep 5, 2024 • edited by coderabbitai bot Loading

Summary by CodeRabbit

Summary by CodeRabbit

coderabbitai bot commented Sep 5, 2024 • edited Loading

Walkthrough

Changes

Sequence Diagram(s)

Possibly related PRs

Chat

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Sep 20, 2024

Choose a reason for hiding this comment

evenh Sep 20, 2024

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot left a comment

Choose a reason for hiding this comment

coderabbitai bot Oct 8, 2024

Choose a reason for hiding this comment

BardOve commented Sep 5, 2024 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Sep 5, 2024 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)