Moved bridge configuration setup within the operator #11032
Conversation
|
This PR comes together with strimzi/strimzi-kafka-bridge#963 |
|
/azp run bridge |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run bridge |
|
Azure Pipelines successfully started running 1 pipeline(s). |
ppatierno
force-pushed
the
bridge-config-via-configmap
branch
from
76c9c35 to
d889705
Compare
|
/azp run regression |
|
Azure Pipelines successfully started running 1 pipeline(s). |
...src/main/java/io/strimzi/operator/cluster/operator/assembly/KafkaBridgeAssemblyOperator.java
Outdated
Show resolved
Hide resolved
...perator/src/main/java/io/strimzi/operator/cluster/model/KafkaBridgeConfigurationBuilder.java
Outdated
Show resolved
Hide resolved
| private static final String PLACEHOLDER_CERT_STORE_PASSWORD = "${strimzienv:CERTS_STORE_PASSWORD}"; | ||
| private static final String PLACEHOLDER_SASL_USERNAME = "${strimzienv:KAFKA_BRIDGE_SASL_USERNAME}"; | ||
| private static final String PASSWORD_VOLUME_MOUNT = "/opt/strimzi/bridge-password/"; | ||
| // the SASL password file template includes: <volume_mount>/<secret_name>/<password_file> | ||
| private static final String PLACEHOLDER_SASL_PASSWORD_FILE_TEMPLATE = "${strimzidir:%s%s:%s}"; | ||
| private static final String PLACEHOLDER_OAUTH_CONFIG = "${strimzienv:KAFKA_BRIDGE_OAUTH_CONFIG}"; | ||
| private static final String PLACEHOLDER_OAUTH_ACCESS_TOKEN = "${strimzienv:KAFKA_BRIDGE_OAUTH_ACCESS_TOKEN}"; | ||
| private static final String PLACEHOLDER_OAUTH_REFRESH_TOKEN = "${strimzienv:KAFKA_BRIDGE_OAUTH_REFRESH_TOKEN}"; | ||
| private static final String PLACEHOLDER_OAUTH_CLIENT_SECRET = "${strimzienv:KAFKA_BRIDGE_OAUTH_CLIENT_SECRET}"; | ||
| private static final String PLACEHOLDER_OAUTH_PASSWORD_GRANT_PASSWORD = "${strimzienv:KAFKA_BRIDGE_OAUTH_PASSWORD_GRANT_PASSWORD}"; |
There was a problem hiding this comment.
Do we really need all of these? For example PLACEHOLDER_CERT_STORE_PASSWORD is used multiple times, so I get it. But some of the others seem to be used only once.
There was a problem hiding this comment.
But it would mean having string hardcoded where we use it. I would stick with constant here.
There was a problem hiding this comment.
Doesn't that just make the code harder to read? You wanna see what the configuration will look like, but you actually have to jump between the definitions instead of having it inlined. As I said, I think it makes sense to have this for those that are used multiple times. For those used just once it seems like a waste of space.
There was a problem hiding this comment.
It's not a big issue jumping on a constant definition as weel as today, most of the IDEs shows the value of the constant straight away.
There was a problem hiding this comment.
Right, works in your IDE, so whoever else can go f*ck themself. :-D
Just for the sake of fun try to review your own Pr in the GitHub UI and see how the IDE shows the value there.
There was a problem hiding this comment.
TBH, I think it is easier to live with the names as long as they are used a few times and not for tens of things used just once. I think they can be easily improved by just making them more descriptive. E.g. PLACEHOLDER_CERT_STORE_PASSWORD could be PLACEHOLDER_CERT_STORE_PASSWORD_CONFIG_PROVIDER_FROM_ENV_VAR or something like that.
There was a problem hiding this comment.
I renamed them in the bridge configuration builder. If the names are ok, I will open a separate PR to address the same in the broker configuration builder.
There was a problem hiding this comment.
I still don't get this. You haven't given a single reason why having a special variable that is used once adds some value.
There was a problem hiding this comment.
Too be honest I don't see it really appealing having some hard coded constants and other declared at the top of the file (just because used in one more place). To be honest I would stick with consistency for them all. Is it really a so big problem? Even reviewing on GitHub with the "search" function it's not that difficult to get the constant value imho. You do that anyway when the constant is used in multiple place and you need to know the value. So from this pov it doesn't make any difference.
There was a problem hiding this comment.
Too be honest I don't see it really appealing having some hard coded constants and other declared at the top of the file (just because used in one more place). To be honest I would stick with consistency for them all.
What is the actual benefit of that? What does it make easier? Also, what consistency are you trying to achieve? You have plenty of hardcoded values there:
*PKCS12 is hardcoded
- The security protocol strings are hardcoded
- SASL mechanisms are hardcoded
- Rack ID is hardcoded
- Provider class names are hardcoded
- The configuration keys for all the options are all hardcoded
So what exactly is the underlying logic that makes this consistent?
Please help me to understand it. Because I feel like I gave a pretty reasonable comment that helps improve the code readability for more than just myself and helps to eliminate any need for searching for things or using IDE to read the code. And I do not really see any downside we will get when we apply it. But instead of explaining the benefits of your solution, you seem to keep telling me to use IDE or search. So if consistency is supposed to be the benefit, what exactly is the pattern you are trying to be consistent with?
Even reviewing on GitHub with the "search" function it's not that difficult to get the constant value imho. You do that anyway when the constant is used in multiple place and you need to know the value. So from this pov it doesn't make any difference.
Yeah, try that for example with the next PR when the constant definition is hidden because nothing around it changed but the use of it has changed. Also, even without that, it still means that you need to search for it instead of just seeing it. So what is the positive value that stands against it to justify it?
...perator/src/main/java/io/strimzi/operator/cluster/model/KafkaBridgeConfigurationBuilder.java
Show resolved
Hide resolved
...tor/src/test/java/io/strimzi/operator/cluster/model/KafkaBridgeConfigurationBuilderTest.java
Outdated
Show resolved
Hide resolved
...perator/src/main/java/io/strimzi/operator/cluster/model/KafkaBridgeConfigurationBuilder.java
Outdated
Show resolved
Hide resolved
| public KafkaBridgeConfigurationBuilder withConfigProviders() { | ||
| printSectionHeader("Config providers"); | ||
| writer.println("kafka.config.providers=strimzienv,strimzifile,strimzidir"); | ||
| writer.println("kafka.config.providers.strimzienv.class=org.apache.kafka.common.config.provider.EnvVarConfigProvider"); | ||
| writer.println("kafka.config.providers.strimzienv.param.allowlist.pattern=.*"); | ||
| writer.println("kafka.config.providers.strimzifile.class=org.apache.kafka.common.config.provider.FileConfigProvider"); | ||
| writer.println("kafka.config.providers.strimzifile.param.allowed.paths=/opt/strimzi"); | ||
| writer.println("kafka.config.providers.strimzidir.class=org.apache.kafka.common.config.provider.DirectoryConfigProvider"); | ||
| writer.println("kafka.config.providers.strimzidir.param.allowed.paths=/opt/strimzi"); | ||
| writer.println(); | ||
| return this; | ||
| } |
There was a problem hiding this comment.
If we don't allow users to configure the providers, it should be mentioned in the release notes as that is potentially backwards incompatible. But maybe we can simply handle it and just add our own as we do for broker?
| private static final String PLACEHOLDER_CERT_STORE_PASSWORD = "${strimzienv:CERTS_STORE_PASSWORD}"; | ||
| private static final String PLACEHOLDER_SASL_USERNAME = "${strimzienv:KAFKA_BRIDGE_SASL_USERNAME}"; | ||
| private static final String PASSWORD_VOLUME_MOUNT = "/opt/strimzi/bridge-password/"; | ||
| // the SASL password file template includes: <volume_mount>/<secret_name>/<password_file> | ||
| private static final String PLACEHOLDER_SASL_PASSWORD_FILE_TEMPLATE = "${strimzidir:%s%s:%s}"; | ||
| private static final String PLACEHOLDER_OAUTH_CONFIG = "${strimzienv:KAFKA_BRIDGE_OAUTH_CONFIG}"; | ||
| private static final String PLACEHOLDER_OAUTH_ACCESS_TOKEN = "${strimzienv:KAFKA_BRIDGE_OAUTH_ACCESS_TOKEN}"; | ||
| private static final String PLACEHOLDER_OAUTH_REFRESH_TOKEN = "${strimzienv:KAFKA_BRIDGE_OAUTH_REFRESH_TOKEN}"; | ||
| private static final String PLACEHOLDER_OAUTH_CLIENT_SECRET = "${strimzienv:KAFKA_BRIDGE_OAUTH_CLIENT_SECRET}"; | ||
| private static final String PLACEHOLDER_OAUTH_PASSWORD_GRANT_PASSWORD = "${strimzienv:KAFKA_BRIDGE_OAUTH_PASSWORD_GRANT_PASSWORD}"; |
There was a problem hiding this comment.
If you decide to stick with it, you should probably at least better name it to make it more obvious what it is. For example PLACEHOLDER_SASL_PASSWORD_FILE_TEMPLATE is completely unclear if that is file path, env var config provider, file config provider etc.
...src/main/java/io/strimzi/operator/cluster/operator/assembly/KafkaBridgeAssemblyOperator.java
Show resolved
Hide resolved
cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaBridgeClusterTest.java
Outdated
Show resolved
Hide resolved
cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaBridgeClusterTest.java
Outdated
Show resolved
Hide resolved
cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaBridgeClusterTest.java
Show resolved
Hide resolved
cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaBridgeCluster.java
Show resolved
Hide resolved
cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaBridgeCluster.java
Outdated
Show resolved
Hide resolved
...perator/src/main/java/io/strimzi/operator/cluster/model/KafkaBridgeConfigurationBuilder.java
Outdated
Show resolved
Hide resolved
|
/azp run regression |
|
Azure Pipelines successfully started running 1 pipeline(s). |
...test/java/io/strimzi/operator/cluster/operator/assembly/KafkaBridgeAssemblyOperatorTest.java
Outdated
Show resolved
Hide resolved
...test/java/io/strimzi/operator/cluster/operator/assembly/KafkaBridgeAssemblyOperatorTest.java
Outdated
Show resolved
Hide resolved
| @@ -145,7 +145,7 @@ jobs: | |||
| env: | |||
| DOCKER_TAG: $(docker_tag) | |||
| BRIDGE_IMAGE: "latest-released" | |||
| BRIDGE_IMAGE: "quay.io/ppatierno/kafka-bridge:bridge-config" | |||
There was a problem hiding this comment.
We need to address this before merging this.
There was a problem hiding this comment.
Yes sure. After I addressed all comments and merged the corresponding bridge PR.
ppatierno
force-pushed
the
bridge-config-via-configmap
branch
from
5dfc74c to
1c964e1
Compare
Signed-off-by: Paolo Patierno <[email protected]> Reverted back original operator Deployment Set different bridge image for STs Signed-off-by: Paolo Patierno <[email protected]> Fixed missing env vars to setup the truststore Signed-off-by: Paolo Patierno <[email protected]> Removed ST using env vars not in place anymore Signed-off-by: Paolo Patierno <[email protected]> Fixed checkstyle errors Signed-off-by: Paolo Patierno <[email protected]> CHANGELOG update Signed-off-by: Paolo Patierno <[email protected]> Fixed updated systemtests bridge MD Signed-off-by: Paolo Patierno <[email protected]> Fixed scholzj comments Signed-off-by: Paolo Patierno <[email protected]> Factored out a dedicated withConfigProviders method for the bridge configuration builder Refactored bridge configuration builder to use isEquivalent Signed-off-by: Paolo Patierno <[email protected]> Fixed tinaselenge comments Signed-off-by: Paolo Patierno <[email protected]> Fixed checkstyle issues Signed-off-by: Paolo Patierno <[email protected]> Fixed rolling bridge pod on configuration change Signed-off-by: Paolo Patierno <[email protected]> Fixed scholzj and tinaselenge feedback Signed-off-by: Paolo Patierno <[email protected]> Fixed KafkaBridgeAssemblyOperator tests about the missing new hash annotation Signed-off-by: Paolo Patierno <[email protected]> Reverted back some deleted tests Signed-off-by: Paolo Patierno <[email protected]> Adapted system tests to changes in configuration Signed-off-by: Paolo Patierno <[email protected]> Fixed scholzj and fvaleri feedback Signed-off-by: Paolo Patierno <[email protected]>
ppatierno
force-pushed
the
bridge-config-via-configmap
branch
from
1c964e1 to
de427e5
Compare
Signed-off-by: Paolo Patierno <[email protected]>
|
/azp run regression |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Type of change
Description
This PR fixes #10959 by moving the configuration of the bridge to be generated by the operator within a ConfigMap (actually using the same one that today is used for the metrics and logging configuratio, but with a different entry in the data section) then mounted on the bridge pod and loaded from there.
NOTE: the temporary change in the .azure/templates/steps/system_test_general.yaml file is for using a custom bridge image which doesn't use its script to generate the configuration anymore. Of course the commit to the file will be reverted before merging the PR. It's there for running STs.
Checklist