Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add API types for configuration metadata #14132

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Add API types for configuration metadata #14132

wants to merge 11 commits into from
+877 −625

Conversation

markylaing
Copy link
Contributor

This is so that we can manage configuration metadata with API extensions as we do with any other API response over /1.0

  • Adds an API extension for adding entity metadata to GET /1.0/configuration/metadata.
  • Adds types under shared/api for configuration metadata.
  • Updates entity metadata such that each entity maps to a JSON object, with requires_project and entitlements fields.
  • Enforces that generated metadata conforms to the new API type.
  • Updates the swagger doc for GET /1.0/configuration/metadata to include the newly defined type.

@markylaing markylaing self-assigned this Sep 19, 2024
@github-actions github-actions bot added Documentation Documentation needs updating API Changes to the REST API labels Sep 19, 2024
@github-actions GitHub Actions
Copy link

Heads up @mionaalex - the "Documentation" label was applied to this issue.

kadinsayani
kadinsayani previously approved these changes Sep 19, 2024
View reviewed changes
Copy link
Contributor

@kadinsayani kadinsayani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks!

@kadinsayani kadinsayani mentioned this pull request Sep 20, 2024
Open
tomponline
tomponline reviewed Sep 23, 2024
View reviewed changes
lxd/lxd-metadata/lxd_metadata.go
@@ -285,7 +253,7 @@ func parse(path string, outputJSONPath string, excludedPaths []string, substitut
continue
}

configKeyEntry[metadataMap["key"]].(map[string]any)[dataKVMatch[1]] = detectType(dataKVMatch[2])
configKeyEntry[metadataMap["key"]].(map[string]any)[dataKVMatch[1]] = dataKVMatch[2]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure about this change.

Where is the value in dataKVMatch[2] coming from?

As for how these are classified, whilst I agree that all config values are strings, my understanding of the metadata definition here is in order to indicate in the docs what sort of string values are allowed for a particular config key.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like dataKVMatch is coming from this regular expression (?m)([\S]+):[\s]+([\S \"\']+) on the key value section of the lxdmeta:generate section of the doc block e.g.:

type: string
defaultdesc: `auto`
liveupdate: no
shortdesc: What to do when evacuating the instance

In this example, the first dataKVMatch outputted from lxdDocDataRegex.FindAllStringSubmatch(data, -1) would have

dataKVMatch[1] -> "type"
dataKVMatch[2] -> "string"

My feeling is that lxd-generate shouldn't be too clever about figuring out which config keys are which type. We should just include that in the description of the key. There is only one config key for which this appears to work.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is only one config key for which this appears to work.
which one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commit directly after this change shows the result of make update-metadata. Only one field is changed: 2614bb5#diff-d3459341f992192c3b18b6130aa7e165d305183794a84f219c7ab7512b1b31bcL4316

It is changing the value of defaultdesc from a boolean true to a string "true".

tomponline
tomponline reviewed Sep 23, 2024
View reviewed changes
lxd/lxd-metadata/lxd_metadata.go
@@ -309,6 +309,13 @@ func parse(path string, outputJSONPath string, excludedPaths []string, substitut
return nil, fmt.Errorf("Error while marshaling project documentation: %v", err)
}

// Validate that what we've generated is valid against our API definition.
var metadataConfiguration api.MetadataConfiguration
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice touch

tomponline
tomponline reviewed Sep 23, 2024
View reviewed changes
Copy link
Member

@tomponline tomponline left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from the data type change at the start, this seems all good.

@tomponline
Copy link
Member

needs a rebase.

@edlerd are you happy with this change btw?

@markylaing
api: Add metadata_configuration_entity_types API extension.
3efef59 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
lxd-metadata: All configuration keys are strings.
86b70de 
They may be something like "true", but this is still a string.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
metadata: Runs make update-metadata.
cfbf1aa 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
shared/api: Add MetadataConfiguration API struct definitions.
0194217 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
lxd/auth/generate: Generate entity type JSON conforming to API type.
8dac37f 
This includes adding the `requires_project` field, which will be required
for validating `lxc auth permission add/remove` command arguments.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
lxd-metadata: Update lxd-metadata to use new entity metadata format.
312ab0c 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
lxd-metadata: Validate that the generated JSON conforms to the API de…
9c0c1da 
…finition.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
lxd/metadata: Run make update-metadata.
284da9a 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
lxd: Render api.MetadataConfiguration on /1.0/metadata/configuration.
b5ea215 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
lxd: Add MetadataConfiguration to swagger doc string.
2420033 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
doc: Runs make update-api.
d594de4 
Signed-off-by: Mark Laing <mark.laing@canonical.com>
@markylaing
Copy link
Contributor Author

needs a rebase.

Done 👍

@edlerd
Copy link
Contributor

edlerd commented Sep 25, 2024

@edlerd are you happy with this change btw?

Happy is a big word for a change breaking our integration ;-) It looks all right to me.

One concern is the project_specific field being boolean. It seems not 100% correct, as some entities can be project specific or not, depending on how the project is set up. So IMHO for networks there should be a third option depends and the project_specific field be modelled as non-binary.

@markylaing
Copy link
Contributor Author

@edlerd are you happy with this change btw?

Happy is a big word for a change breaking our integration ;-) It looks all right to me.

One concern is the project_specific field being boolean. It seems not 100% correct, as some entities can be project specific or not, depending on how the project is set up. So IMHO for networks there should be a third option depends and the project_specific field be modelled as non-binary.

I'm a bit confused about this, does this relate to the features.* config on a project?

@edlerd
Copy link
Contributor

edlerd commented Sep 25, 2024

I'm a bit confused about this, does this relate to the features.* config on a project?

Yes, exactly. You can share a network between all projects, so it is not really project specific. Or you can enable the features.networks option on a project, and then the networks created in that project are project specific.

@markylaing
Copy link
Contributor Author

I'm a bit confused about this, does this relate to the features.* config on a project?

Yes, exactly. You can share a network between all projects, so it is not really project specific. Or you can enable the features.networks option on a project, and then the networks created in that project are project specific.

I guess this is a difference in phrasing. When a network is "shared" it is just a network in the default project. It's still project specific because it is in the default project.

Let's say you create project "foo" with features.networks=false and lxdbr0 is available. lxdbr0 is still in the default project, so while lxc network show lxdbr0 --project foo would work, lxc auth group permission add <group> network lxdbr0 can_view project=foo would not work because the network is not truly in the foo project.

@markylaing
Copy link
Contributor Author

I'm a bit confused about this, does this relate to the features.* config on a project?

Yes, exactly. You can share a network between all projects, so it is not really project specific. Or you can enable the features.networks option on a project, and then the networks created in that project are project specific.

I guess this is a difference in phrasing. When a network is "shared" it is just a network in the default project. It's still project specific because it is in the default project.

Let's say you create project "foo" with features.networks=false and lxdbr0 is available. lxdbr0 is still in the default project, so while lxc network show lxdbr0 --project foo would work, lxc auth group permission add <group> network lxdbr0 can_view project=foo would not work because the network is not truly in the foo project.

Project features have been a real headache for fine-grained authorization for this reason. I've added a warning to the documentation on this: https://documentation.ubuntu.com/lxd/en/latest/explanation/projects/#isolation-of-projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomponline tomponline tomponline left review comments

@kadinsayani kadinsayani kadinsayani left review comments

@gabrielmougard gabrielmougard Awaiting requested review from gabrielmougard

At least 1 approving review is required to merge this pull request.

Assignees

@markylaing markylaing

Labels
API Changes to the REST API Documentation Documentation needs updating
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@markylaing @tomponline @edlerd @kadinsayani