ISM Policies support #575
ISM Policies support #575
Conversation
|
Hi @IshaGirdhar. How does this new PR relate to your old #555? Does it supersede it so the old one can be closed? |
yes old one can be closed. |
opensearch-operator/opensearch-gateway/responses/ISMPolicyResponse.go
Outdated
Show resolved
Hide resolved
opensearch-operator/opensearch-gateway/services/os_security_service.go
Outdated
Show resolved
Hide resolved
|
@idanl21 @swoehrl-mw Please review. |
IshaGirdhar
force-pushed
the
igirdhar/ism_policy_controller
branch
from
bebe1dc
to
acb9752
Compare
Done |
There was a problem hiding this comment.
- Also add the yamls for the new CRD to the PR (both in
config/crd/basesand in the helm chart) - Make sure you are dealing with situations where the policyId is not set (fall back to metadata.name)
- You need to detect situations where policyId is changed and error out (the field should basically be treated as immutable)
- See inline comments
IshaGirdhar
force-pushed
the
igirdhar/ism_policy_controller
branch
from
0be7ec5
to
10ea313
Compare
…cile. Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]> Fix test Fix test
Signed-off-by: Isha Girdhar <[email protected]>
Signed-off-by: Isha Girdhar <[email protected]>
IshaGirdhar
force-pushed
the
igirdhar/ism_policy_controller
branch
from
10ea313
to
c23aa9d
Compare
Signed-off-by: Isha Girdhar <[email protected]>
IshaGirdhar
force-pushed
the
igirdhar/ism_policy_controller
branch
from
087ac64
to
69162b7
Compare
Signed-off-by: Isha Girdhar <[email protected]>
charts/opensearch-operator/files/opensearch.opster.io_ismpolicies.yaml
Outdated
Show resolved
Hide resolved
|
I've noticed that the https://github.com/Opster/opensearch-k8s-operator/blob/main/opensearch-operator/PROJECT file hasn't been kept up-to-date lately. Additionally, the newly introduced CRD hasn't been added to it. This is because developers haven't utilized a command like Considering that we aren't currently using it for any specific purpose, such as OLM integration, should we consider removing it altogether (this can be done in another PR)? Alternatively, should we make a concerted effort to keep it updated? Reference to the PROJECT file can be found here: https://book.kubebuilder.io/reference/project-config.html |
Good point, it doesn't hurt to have the file, so I'd say keep it and try to keep it consistent. |
Signed-off-by: Isha Girdhar <[email protected]>
IshaGirdhar
force-pushed
the
igirdhar/ism_policy_controller
branch
from
d76b701
to
2add5e4
Compare
Signed-off-by: Isha Girdhar <[email protected]>
|
@IshaGirdhar would you mind adding the CRD to the PROJECT file? |
My last review comments were all addressed, so should be good to go. |
Signed-off-by: Isha Girdhar <[email protected]>
This PR fixes opensearch-project#435 Add structs to generate the ISM policy CRDs Add roles Add a controller to reconcile the ISM policy Add Reconciler to create/update and delete the ISM policy from the OS cluster. Add helper functions. Add documentation
This PR fixes #435
Add structs to generate the ISM policy CRDs
Add roles
Add a controller to reconcile the ISM policy
Add Reconciler to create/update and delete the ISM policy from the OS cluster.
Add helper functions.
Add documentation