[GCP] Private Endpoint Support #417
Conversation
Signed-off-by: Sarah McClure <[email protected]>
…point-based implementation Signed-off-by: Sarah McClure <[email protected]>
Signed-off-by: Sarah McClure <[email protected]>
Signed-off-by: Sarah McClure <[email protected]>
Signed-off-by: Sarah McClure <[email protected]>
Unit Test Results309 tests +4 309 ✅ +4 4s ⏱️ +2s Results for commit afdaf96. ± Comparison against base commit 9287b6a. This pull request removes 8 and adds 12 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
|
For the detailed report, please go to
|
Signed-off-by: Sarah McClure <[email protected]>
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
|
For the detailed report, please go to
|
Signed-off-by: Sarah McClure <[email protected]>
Signed-off-by: Sarah McClure <[email protected]>
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
|
For the detailed report, please go to
|
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
|
For the detailed report, please go to
|
Signed-off-by: Sarah McClure <[email protected]>
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
|
For the detailed report, please go to
|
Signed-off-by: Sarah McClure <[email protected]>
Signed-off-by: smcclure20 <[email protected]>
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
Signed-off-by: Sarah McClure <[email protected]>
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
|
For the detailed report, please go to
|
…p-psc-google-services
There was a problem hiding this comment.
Thanks for working on this @smcclure20! Mostly looks good although I'm very new to services in general so it may be helpful for someone like @praveingk or @divega to look at this at a higher level. I left comments mostly about code.
Is it possible to have an integration test for this? Would definitely be helpful to see a barebones example even if it's contrived. But also understand if this is like our k8s example where it's hard to implement an integration test.
pkg/gcp/resources.go
Outdated
| clusterNameFormat = "projects/%s/locations/%s/clusters/%s" | ||
| clusterTypeName = "cluster" | ||
| instanceTypeName = "instance" | ||
| serviceAttachmentTypeName = "serviceAttachment" |
There was a problem hiding this comment.
I find the serviceAttachment as a resource to be confusing, since serviceAttachment is just the target URL of a service, and create function creates a forwarding rule which triggers creation of Private Service Connect endpoints which connects to an existing service attachment url.
Should this be called endpointConnectType to be more specific and common across clouds?
There was a problem hiding this comment.
Ah, that's fair. The main reason I kept it as serviceAttachment is due to how it is used in like 142. We have to look at the URL for its type (serviceAttachment) and I thought it was best to be consistent. I could see an argument for renaming the handler though as you mention below.
| } else if err := json.Unmarshal(resourceDesc, createClusterRequest); err == nil && createClusterRequest.Cluster != nil { | ||
| return &gcpGKE{}, nil | ||
| return &clusterHandler{}, nil | ||
| } else if err := json.Unmarshal(resourceDesc, serviceAttachment); err == nil { |
There was a problem hiding this comment.
Should we check if the request is a proper service URL?
There was a problem hiding this comment.
I think we should do type-specific checks like this in getResourceInfo. I'll add that.
| return handler, nil | ||
| handler = &clusterHandler{} | ||
| } else if resourceType == serviceAttachmentTypeName { | ||
| handler = &privateServiceHandler{} |
There was a problem hiding this comment.
Same here. We are returning privateService handler from serviceAttachmentType.
There was a problem hiding this comment.
Elaborating a bit more from the above: I think this just reflects the underlying cloud abstractions. We are creating a private service connect, but to do that, we need the URL of a service attachment.
|
Thanks for adding this support. I have reviewed and posted some suggestions. |
Signed-off-by: Sarah McClure <[email protected]>
smcclure20
had a problem deploying
to
functional-tests
GitHub Actions
Failure
…non-GCP services Signed-off-by: Sarah McClure <[email protected]>
Signed-off-by: Sarah McClure <[email protected]>
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
|
For the detailed report, please go to
|
| Address string | ||
| } | ||
|
|
||
| type ServiceAttachmentDescription struct { |
There was a problem hiding this comment.
Since the definition of ServiceAttachmentDescription is defined in paraglider scope and not GCP, may be we need to define it somewhere, when we document private endpoint support. Just noting it here :)
There was a problem hiding this comment.
Yeah, we definitely should include it in the docs about this.
Signed-off-by: Sarah McClure <[email protected]>
smcclure20
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
|
For the detailed report, please go to
|
* initial outline of psc support Signed-off-by: Sarah McClure <[email protected]> * created clients struct for convenience and competed switch to PSC endpoint-based implementation Signed-off-by: Sarah McClure <[email protected]> * lint passing and tests mostly written for service support Signed-off-by: Sarah McClure <[email protected]> * most tests written, all passing Signed-off-by: Sarah McClure <[email protected]> * cleanup and add a few tests Signed-off-by: Sarah McClure <[email protected]> * fix target type for rules for service accounts and how URLs are read Signed-off-by: Sarah McClure <[email protected]> * initial setup for google service support Signed-off-by: Sarah McClure <[email protected]> * change workload env variable name to match new actions Signed-off-by: Sarah McClure <[email protected]> * fix firewall naming Signed-off-by: Sarah McClure <[email protected]> * initial implementation; needs testing Signed-off-by: Sarah McClure <[email protected]> * fix build issues Signed-off-by: Sarah McClure <[email protected]> * respond to review comments Signed-off-by: Sarah McClure <[email protected]> * fix tests Signed-off-by: Sarah McClure <[email protected]> * make the paraglider label a constant Signed-off-by: Sarah McClure <[email protected]> --------- Signed-off-by: Sarah McClure <[email protected]> Signed-off-by: smcclure20 <[email protected]> Signed-off-by: Pravein-Govindan-Kannan <[email protected]>
* initial outline of psc support Signed-off-by: Sarah McClure <[email protected]> * created clients struct for convenience and competed switch to PSC endpoint-based implementation Signed-off-by: Sarah McClure <[email protected]> * lint passing and tests mostly written for service support Signed-off-by: Sarah McClure <[email protected]> * most tests written, all passing Signed-off-by: Sarah McClure <[email protected]> * cleanup and add a few tests Signed-off-by: Sarah McClure <[email protected]> * fix target type for rules for service accounts and how URLs are read Signed-off-by: Sarah McClure <[email protected]> * initial setup for google service support Signed-off-by: Sarah McClure <[email protected]> * change workload env variable name to match new actions Signed-off-by: Sarah McClure <[email protected]> * fix firewall naming Signed-off-by: Sarah McClure <[email protected]> * initial implementation; needs testing Signed-off-by: Sarah McClure <[email protected]> * fix build issues Signed-off-by: Sarah McClure <[email protected]> * respond to review comments Signed-off-by: Sarah McClure <[email protected]> * fix tests Signed-off-by: Sarah McClure <[email protected]> * make the paraglider label a constant Signed-off-by: Sarah McClure <[email protected]> --------- Signed-off-by: Sarah McClure <[email protected]> Signed-off-by: smcclure20 <[email protected]> Signed-off-by: Julian Tweneboa Kodua <[email protected]> Signed-off-by: Julian Tweneboa Kodua <[email protected]>
[Update] Closed #435 and merged it into this PR. Originally, this PR used the URI of the service attachment for later references of the PSC (ex, adding/removing rules on it). However, since Google services do not have a service attachment, I changed the returned URI to be the forwarding rule that implements the PSC. Users shouldn't even have to use this URI since they can refer to the connection via its name and the tag service will map that to the URI.
Completes the GCP portion of #394
Anticipated UI
For a minimal change to the existing user interface and in alignment with our discussions on the API, this does not require any front-end changes. Instead, users should send requests for private service connections (PSCs) by sending a CreateResource request with the description having one field: "url" which provides the URL of the service attachment to connect to (https://cloud.google.com/vpc/docs/configure-private-service-connect-services)
We can revisit this as needed as we implement for other clouds.
Also in this PR
resources.go