Mbe 776 decouple credentialstore from kubers and add more complex #3388
Conversation
…or certificate retrieval; replace in-method logic with reusable implementation in `cluster_api.rs`.
…et_or_init` in `CredentialStore`
|
Skimmed through the PR:
Each simulated mirrord session should go through the whole flow, starting from loading the credentials file. |
| @@ -27,3 +27,5 @@ pub mod credentials; | |||
| pub mod error; | |||
| /// Public/Private key abstraction for serialization and deserialization | |||
| pub mod key_pair; | |||
|
|
|||
| pub use cluster_api::AuthClient; | |||
There was a problem hiding this comment.
nit: both cluster_api and AuthClient are already pub right? so why re-export?
There was a problem hiding this comment.
I'd hide cluster_api here n reexport AuthClient since is a pub trait, do you agree ?
There was a problem hiding this comment.
Sorry, somehow missed this comment.
Sure.
mirrord/auth/src/credentials.rs
Outdated
|
|
||
| //use kube::{api::PostParams, Api, Client, Resource}; |
| &self, | ||
| key_pair: &KeyPair, | ||
| common_name: &str, | ||
| ) -> impl Future<Output = Result<Certificate, CredentialStoreError>> + Send; |
There was a problem hiding this comment.
Don't we have async fn in traits?
There was a problem hiding this comment.
Here based on what I've seen in intproxy the code seems to be aligned with the project, that part at least (though I personally have some reservations about async in traits).
I completely agree with the point about complexity. In this case, I'd say the complexity isn’t particularly high, but we don’t really have a way to measure it objectively, so… xD.
It does tend to hide complexity, though: one for all, the fact that two futures cannot share the same type to the compiler, can only belong to the same family(like closures).
Just sharing thoughts, of course :)
There was a problem hiding this comment.
I think it's like that in the intproxy mostly due to it being a more unstable thing at the time, and we've been trying to avoid adding features so one day we can get back on stable rust (a bit of mirrord project background/backstory here).
About complexity, yeah it's not high, but the implementation we have wouldn't it look more like a normal function with async? Like the error handling could be done with just ? instead of match, and the async move part be dropped completely?
let request = certificate_request(common_name, key_pair)?;
let certificate = request.encode_pem()?;
let api: Api<R> = Api::all(self.clone());
Ok(api.create_subresource("certificate", "operator", &PostParams::default(), certificate_request.into()).await?)There was a problem hiding this comment.
I wouldn't say this is a true blocker, we have not talked about it yet, so if you think impl Future would be better, then maybe we can bring it up in the next sync and come to an agreement with the team?
There was a problem hiding this comment.
This is the correct syntax. You could write
trait Whatever {
async fn something();
}But then you can implement this trait it in a way that makes the future not Send, and clippy complains (because the trait is mostly unusable in async code).
While when you use the fn name() -> impl Future<...> + ... syntax, you can add trait bounds on the returned future.
There was a problem hiding this comment.
Can't we use https://crates.io/crates/async-trait for this then?
| R: for<'de> Deserialize<'de> + Resource + Clone + Debug, | ||
| <R as Resource>::DynamicType: Default, | ||
| { | ||
| fn obtain_certificate( |
There was a problem hiding this comment.
I think async would simplify this impl, or am I misunderstanding something here?
|
|
||
| use crate::{certificate::Certificate, error::CredentialStoreError, key_pair::KeyPair}; | ||
|
|
||
| pub trait AuthClient<R> { |
There was a problem hiding this comment.
This trait is part of our default-features, while the Client impl is part of the client feature, right? If I'm understanding this correctly, then I think AuthClient should be moved up (to some upper mod, which I guess it's lib.rs), and we could feature gate this whole mod with client?
There was a problem hiding this comment.
I don't want to complicate things though (not a big fan of having features like this), so do we care @Razz4780 ?
There was a problem hiding this comment.
If it's used only by code hidden behind the client feature, it should also be behind this feature
…-and-add-more-complex
…-and-add-more-complex
…-and-add-more-complex
…-and-add-more-complex
decoupled Client from kube.rs in CredentialsStore and Credentials and
added unit test leveraging on achieved decoupling