Add AccessPolicies status

[martinhny]

This adds the printer column "AccessPolicies" and gives us feedback if the access policy configuration is valid

Summary by CodeRabbit

• New Features

  • Added a new "AccessPolicies" column to the ApplicationList for enhanced visibility of access control configurations.
  • Introduced accessPolicies field in multiple resource definitions, indicating the validity of access policies.

• Bug Fixes

  • Updated application and SKIP job status logic to accurately reflect access policy validity as either READY or INVALIDCONFIG.

• Tests

  • Enhanced test configurations to include accessPolicies status, improving monitoring and validation of access policies across different scenarios.

[coderabbitai]

Walkthrough

The changes involve enhancements to the Kubernetes API definitions and associated logic for managing access policies across various resources. New fields and print columns for access policies have been added to multiple structs and YAML configurations, improving the representation and reporting of access control information. Additionally, modifications to reconciler methods streamline the handling of application and job statuses based on access policy validity.

Changes

Files	Change Summary
api/v1alpha1/application_types.go, api/v1alpha1/skipjob_types.go	Added a new print column for "AccessPolicies" to ApplicationList and SKIPJobStatus, enhancing access policy visibility in API responses.
api/v1alpha1/status_types.go	Introduced AccessPolicies field in SkiperatorStatus, expanded StatusNames to include READY and INVALIDCONFIG, and modified status initialization.
config/crd/skiperator.kartverket.no_*.yaml	Added accessPolicies field to specifications and marked it as required in the schemas for applications, routings, and skip jobs.
internal/controllers/application.go	Changed parameter order in getApplication method and updated logic in updateConditions to reflect access policy validity in application status.
internal/controllers/skipjob.go	Enhanced updateConditions method to set skipJob.Status.AccessPolicies based on access policy validation results.
tests/application/access-policy/*.yaml	Introduced accessPolicies field in various test configurations to indicate readiness or invalid state of access policies.
tests/skipjob/access-policy-job/*.yaml, tests/skipjob/conditions/*.yaml	Added accessPolicies field to job configurations, reflecting the state of access policies in job statuses.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ApplicationReconciler
    participant SKIPJobReconciler
    participant API

    User->>API: Request Application List
    API->>ApplicationReconciler: Fetch Application Data
    ApplicationReconciler->>ApplicationReconciler: Check Access Policies
    ApplicationReconciler->>API: Return Application List with AccessPolicies

    User->>API: Request SKIPJob Status
    API->>SKIPJobReconciler: Fetch SKIPJob Data
    SKIPJobReconciler->>SKIPJobReconciler: Validate Access Policies
    SKIPJobReconciler->>API: Return SKIPJob Status with AccessPolicies

Loading

🐰 "In fields of green, I hop with glee,
Access policies now clear to see!
With statuses bright, like stars that gleam,
Our jobs and apps dance in a dream.
Let's celebrate this change so spry,
Hooray for access, oh my, oh my!" 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (1)

tests/application/access-policy/no-policy-assert.yaml (1)

17-17: Add a newline at the end of the file.

Adding a newline at the end of the file is a best practice to avoid potential issues with version control systems and to adhere to POSIX standards.

Apply this diff to add a newline at the end of the file:

 status:
   accessPolicies: Ready
+

Tools

yamllint

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 98d90cd and 583b339.

Files selected for processing (14)

• api/v1alpha1/application_types.go (1 hunks)
• api/v1alpha1/skipjob_types.go (2 hunks)
• api/v1alpha1/status_types.go (3 hunks)
• config/crd/skiperator.kartverket.no_applications.yaml (3 hunks)
• config/crd/skiperator.kartverket.no_routings.yaml (2 hunks)
• config/crd/skiperator.kartverket.no_skipjobs.yaml (3 hunks)
• internal/controllers/application.go (2 hunks)
• internal/controllers/skipjob.go (1 hunks)
• tests/application/access-policy/advanced-assert.yaml (1 hunks)
• tests/application/access-policy/bad-policy-assert.yaml (1 hunks)
• tests/application/access-policy/no-policy-assert.yaml (1 hunks)
• tests/skipjob/access-policy-job/application-assert.yaml (1 hunks)
• tests/skipjob/access-policy-job/skipjob-assert.yaml (1 hunks)
• tests/skipjob/conditions/skipjob-assert.yaml (3 hunks)

Additional context used

yamllint

tests/application/access-policy/no-policy-assert.yaml

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

Additional comments not posted (27)

tests/application/access-policy/no-policy-assert.yaml (1)

16-17: LGTM!

The addition of the status section with the accessPolicies field enhances the semantic meaning of the configuration.

Tools

yamllint

[error] 17-17: no new line character at the end of file

(new-line-at-end-of-file)

tests/skipjob/access-policy-job/application-assert.yaml (1)

8-9: LGTM!

The addition of the status section with the accessPolicies field enhances the semantic meaning of the configuration.

tests/skipjob/conditions/skipjob-assert.yaml (3)

6-6: LGTM!

The addition of the accessPolicies field enhances the semantic meaning of the configuration.

---

22-22: LGTM!

The addition of the accessPolicies field enhances the semantic meaning of the configuration.

---

38-38: LGTM!

The addition of the accessPolicies field enhances the semantic meaning of the configuration.

tests/application/access-policy/bad-policy-assert.yaml (1)

13-13: LGTM!

The addition of the accessPolicies field with the value InvalidConfig enhances the visibility of the access policy configuration status.

tests/skipjob/access-policy-job/skipjob-assert.yaml (1)

94-94: LGTM!

The addition of the accessPolicies field with the value Ready enhances the visibility of the access policy configuration status.

api/v1alpha1/status_types.go (3)

16-17: LGTM!

The addition of the AccessPolicies field enhances the status representation of the SkiperatorStatus by providing more detailed information related to access policies.

---

39-40: LGTM!

The addition of the READY and INVALIDCONFIG constants broadens the range of possible status values that can be represented, enhancing the functionality of the StatusNames type.

---

69-69: LGTM!

The update to the SetSummaryProgressing method ensures that the AccessPolicies field is set appropriately during the state transition, maintaining consistency in the status representation.

tests/application/access-policy/advanced-assert.yaml (1)

127-127: LGTM!

The addition of the accessPolicies field enhances the status reporting of access policies.

config/crd/skiperator.kartverket.no_routings.yaml (2)

79-81: LGTM!

The addition of the accessPolicies field enhances the status reporting of access policies and the description provides clarity on its purpose.

---

175-175: LGTM!

The addition of the accessPolicies field to the list of required fields ensures consistent status reporting.

api/v1alpha1/skipjob_types.go (2)

Line range hint 1-36: LGTM!

The removal of the JobCreatedCondition constant simplifies the state handling for SKIP jobs.

---

37-37: LGTM!

The addition of the AccessPolicies print column enhances the status reporting of SKIP jobs.

internal/controllers/skipjob.go (2)

329-329: LGTM! But verify the function usage in the codebase.

The code changes are approved. However, ensure that all function calls to updateConditions correctly handle the new status updates.

Run the following script to verify the function usage:

---

332-332: LGTM! But verify the function usage in the codebase.

The code changes are approved. However, ensure that all function calls to updateConditions correctly handle the new status updates.

Run the following script to verify the function usage:

Verification successful

---

Function Usage Verified: Status Updates Handled Correctly

The updateConditions function in both skipjob.go and application.go correctly handles the status updates, setting AccessPolicies to READY when appropriate. No further action is needed.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all function calls to `updateConditions` handle the new status updates.

# Test: Search for the function usage. Expect: Proper handling of the new status updates.
rg --type go -A 5 $'updateConditions'

Length of output: 1906

---

Script:

#!/bin/bash
# Verify the implementation of `updateConditions` in `application.go` to ensure it handles status updates correctly.
ast-grep --lang go --pattern $'func (r *ApplicationReconciler) updateConditions(app *skiperatorv1alpha1.Application) {
  $$$
  app.Status.AccessPolicies = $_
  $$$
}'

Length of output: 167

---

Script:

#!/bin/bash
# Search for occurrences of `app.Status.AccessPolicies` in `application.go` to understand how the status is being updated.
rg --type go 'app.Status.AccessPolicies' -A 5

Length of output: 768

api/v1alpha1/application_types.go (1)

32-32: LGTM!

The code changes are approved. The new print column annotation for "AccessPolicies" enhances the representation of the ApplicationList.

internal/controllers/application.go (3)

254-254: LGTM!

The code changes are approved. The change in parameter order may enhance readability or consistency with other method signatures.

---

246-246: LGTM! But verify the function usage in the codebase.

The code changes are approved. However, ensure that all function calls to updateConditions correctly handle the new status updates.

Run the following script to verify the function usage:

---

249-249: LGTM! But verify the function usage in the codebase.

The code changes are approved. However, ensure that all function calls to updateConditions correctly handle the new status updates.

Run the following script to verify the function usage:

Verification successful

---

Function updateConditions handles status updates correctly.

The updateConditions function in internal/controllers/application.go correctly updates the app.Status.AccessPolicies based on the validity of the internal rules and updates the conditions accordingly. No further action is needed.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all function calls to `updateConditions` handle the new status updates.

# Test: Search for the function usage. Expect: Proper handling of the new status updates.
rg --type go -A 5 $'updateConditions'

Length of output: 1906

---

Script:

#!/bin/bash
# Verify the complete implementation of the `updateConditions` function in `internal/controllers/application.go`
ast-grep --lang go --pattern $'func (r *ApplicationReconciler) updateConditions(app *skiperatorv1alpha1.Application) {
  $$$
}'

Length of output: 1202

config/crd/skiperator.kartverket.no_skipjobs.yaml (3)

21-23: LGTM!

The addition of the accessPolicies field in the additionalPrinterColumns section improves the visibility of access policies in the resource status.

---

859-861: LGTM!

The addition of the accessPolicies field in the status properties section enhances the resource's metadata by providing additional context regarding access control.

---

955-955: LGTM!

Marking the accessPolicies field as required ensures that the access policy configuration is always validated.

config/crd/skiperator.kartverket.no_applications.yaml (3)

23-25: LGTM!

The addition of the accessPolicies field in the additionalPrinterColumns section improves the visibility of access policies in the resource status.

---

1105-1107: LGTM!

The addition of the accessPolicies field in the status properties section enhances the resource's metadata by providing additional context regarding access control.

---

1201-1201: LGTM!

Marking the accessPolicies field as required ensures that the access policy configuration is always validated.

[omaen]

Have you thought about using conditions to show the status of AccessPolicies. Not sure if it's possible to add a printcolumn from conditions becuase they are in a list though.
What happens if no AccessPolicies are defined?

[martinhny]

Have you thought about using conditions to show the status of AccessPolicies. Not sure if it's possible to add a printcolumn from conditions becuase they are in a list though. What happens if no AccessPolicies are defined?

Yeah, but I couldn't figure out how. AccessPolicies status basically just takes the result of the condition and displays it. If none are defined then it gets the status "Ready"