Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate private network for cloudsql is in expected format #374

Merged
merged 1 commit into from
Sep 16, 2021
Merged

Validate private network for cloudsql is in expected format #374

merged 1 commit into from
Sep 16, 2021

Conversation

turkenh
Copy link
Contributor

@turkenh turkenh commented Sep 16, 2021
edited
Loading

Description of your changes

Google Cloud API expects the resource link for the VPC network for the CloudSQL private network field. However, it also accepts VPC name (e.g. "default") but looks like it internally converts it to resource link by assuming it is in the same project, (projects/[project]/global/networks/[name]). This is causing issues like #352 where users are not aware about the underlying problem.

This PR adds a pattern validation on CRD using kubebuilder marker (thanks @hasheddan for pointing that out).

Fixes #352

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

  1. Create a cloudsql instance in the expected format and verify it is created properly (and not getting periodic updates)
  2. Create the following resource and verify that a proper error is reported:
apiVersion: database.gcp.crossplane.io/v1beta1
kind: CloudSQLInstance
metadata:
  name: sre-6-db-hasan-bug352-4
  namespace: crossplane
spec:
  deletionPolicy: "Orphan"
  forProvider:
    databaseVersion: POSTGRES_11
    region: europe-west1
    settings:
      ipConfiguration:
        ipv4Enabled: false
        privateNetwork: default
      tier: db-custom-1-3840
  writeConnectionSecretToRef:
    name: db-connection
    namespace: default

$ kubectl create -f cloudsql.yaml

The CloudSQLInstance "cloudsql-bug352" is invalid: spec.forProvider.settings.ipConfiguration.privateNetwork: Invalid value: "default": spec.forProvider.settings.ipConfiguration.privateNetwork in body should match '^projects\/.+'

turkenh
turkenh commented Sep 16, 2021
View reviewed changes
apis/database/v1beta1/cloudsql_instance_types.go
@@ -349,7 +349,7 @@ type IPConfiguration struct {

// PrivateNetwork: The resource link for the VPC network from which the
// Cloud SQL instance is accessible for private IP. For example,
// /projects/myProject/global/networks/default. This setting can be updated,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is indeed the same comment as the one gcloud API: https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/instances#IpConfiguration

However, using this format (with leading /) does not work actually:

create failed: cannot create new CloudSQL instance: googleapi: Error 400: Invalid request: Project redacted-project has invalid private network name /projects/redacted-project/global/networks/default., invalid

@turkenh turkenh requested review from muvaf, negz and ulucinar September 16, 2021 11:54
hasheddan
hasheddan reviewed Sep 16, 2021
View reviewed changes
pkg/controller/database/cloudsql.go Outdated

type specValidator struct{}

// Initialize adds the external tags to spec.forProvider.settings.userLabels
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this may have been copied over from tags initializer

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed 👍

@turkenh turkenh force-pushed the validate-cloudsql-network branch from d13e5d0 to 7f56e6d Compare September 16, 2021 13:48
hasheddan
hasheddan reviewed Sep 16, 2021
View reviewed changes
Copy link
Member

@hasheddan hasheddan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@turkenh would it be possible to use the CRD field Pattern validation for this? https://book.kubebuilder.io/reference/markers/crd-validation.html

@turkenh turkenh force-pushed the validate-cloudsql-network branch from 7f56e6d to 56aee82 Compare September 16, 2021 16:27
@turkenh
Copy link
Contributor Author

turkenh commented Sep 16, 2021

@turkenh would it be possible to use the CRD field Pattern validation for this? https://book.kubebuilder.io/reference/markers/crd-validation.html

Definitely, Thanks for pointing out!
Updated the PR.

@turkenh turkenh requested a review from hasheddan September 16, 2021 16:32
hasheddan
hasheddan approved these changes Sep 16, 2021
View reviewed changes
Copy link
Member

@hasheddan hasheddan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Thanks @turkenh :)

@turkenh turkenh merged commit 6673c8c into crossplane-contrib:master Sep 16, 2021
@turkenh turkenh deleted the validate-cloudsql-network branch September 16, 2021 20:33
@turkenh turkenh mentioned this pull request Sep 20, 2021
Merged
2 tasks
@bartse bartse mentioned this pull request Aug 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hasheddan hasheddan hasheddan approved these changes

@muvaf muvaf Awaiting requested review from muvaf

@negz negz Awaiting requested review from negz

@ulucinar ulucinar Awaiting requested review from ulucinar

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CloudSQLInstance keeps modifying the instance
2 participants
@turkenh @hasheddan