slim clouds #1512
slim clouds #1512
Conversation
SimoneDutto
force-pushed
the
JUJU-7135/slim-clouds
branch
6 times, most recently
from
8cc9a90 to
65b53fa
Compare
SimoneDutto
force-pushed
the
JUJU-7135/slim-clouds
branch
from
65b53fa to
6f18463
Compare
| return jCl, nil | ||
| } | ||
|
|
||
| func (j *JIMM) GetClouds(ctx context.Context, user *openfga.User) (map[string]jujuparams.Cloud, error) { |
| }, nil | ||
| } | ||
|
|
||
| func (j *JIMM) ListCloudsInfo(ctx context.Context, user *openfga.User, all bool) ([]jujuparams.ListCloudInfoResult, error) { |
| @@ -1,4 +1,4 @@ | |||
| // Copyright 2024 Canonical. | |||
| // Copyright 2025 Canonical. | |||
| @@ -1,4 +1,4 @@ | |||
| // Copyright 2024 Canonical. | |||
| // Copyright 2025 Canonical. | |||
| @@ -1,4 +1,4 @@ | |||
| // Copyright 2024 Canonical. | |||
| // Copyright 2025 Canonical. | |||
| return cl, errors.E(op, err) | ||
| return jujuparams.CloudInfo{}, errors.E(op, err) | ||
| } | ||
| // TODO (SimoneDutto): refactor this to use `user.IsCloudAdmin()` |
There was a problem hiding this comment.
where do we require admin access to the cloud?
| @@ -1,4 +1,4 @@ | |||
| // Copyright 2024 Canonical. | |||
| // Copyright 2025 Canonical. | |||
| package db_test | |||
| @@ -26,29 +26,8 @@ type Cloud struct { | |||
| // cloud is hosted. | |||
| HostCloudRegion string | |||
There was a problem hiding this comment.
Why do we need to keep this?
| @@ -0,0 +1,3 @@ | |||
| -- remove non essential fields from cloud. | |||
| ALTER TABLE clouds DROP COLUMN auth_types, DROP COLUMN endpoint, DROP COLUMN identity_endpoint, | |||
There was a problem hiding this comment.
nit: add a space after the comment
| @@ -20,35 +20,173 @@ import ( | |||
| ofganames "github.com/canonical/jimm/v3/internal/openfga/names" | |||
| ) | |||
|
|
|||
| // GetUserCloudAccess returns users access level for the specified cloud. | |||
| func (j *JIMM) GetUserCloudAccess(ctx context.Context, user *openfga.User, cloud names.CloudTag) (string, error) { | |||
There was a problem hiding this comment.
I think there is already a method in the permission manager that does this. Can you use that instead?
| if err := j.Database.GetCloud(ctx, &cl); err != nil { | ||
| return jujuparams.Cloud{}, errors.E(op, err) | ||
| } | ||
| // TODO (SimoneDutto): refactor this to use `user.IsCloudAdmin()` |
| // contain the authentcated user. | ||
| func (j *JIMM) GetCloud(ctx context.Context, user *openfga.User, tag names.CloudTag) (jujuparams.Cloud, error) { | ||
| const op = errors.Op("jimm.CloudInfo") | ||
| zapctx.Info(ctx, string(op)) |
There was a problem hiding this comment.
Was thinking about this sometime last year and whether we want it. If we do want it then it might be better suited to go inside the jujuapi.FindMethod() class of functions so that we don't clutter up these functions.
| if err != nil { | ||
| return jCl, errors.E(op, err) | ||
| } | ||
| jCl.IsControllerCloud = false // jimm doesn't know where is deployed, so none of the clouds should have this field set. |
There was a problem hiding this comment.
| jCl.IsControllerCloud = false // jimm doesn't know where is deployed, so none of the clouds should have this field set. | |
| jCl.IsControllerCloud = false // jimm doesn't know where it's deployed, so none of the clouds should have this field set. |
| for _, cl := range clouds { | ||
| cloud, err := j.getCloudFromController(ctx, cl) | ||
| if err != nil { | ||
| return nil, errors.E(op, err) | ||
| } | ||
| results[cl.ResourceTag().String()] = cloud | ||
| } |
There was a problem hiding this comment.
I have a concern that this will be annoyingly slow. Not so slow that it's bad but since getting a cloud requires a sequential call to a controller... I've experienced running juju <command> to take several seconds sometimes so I hope we don't have that issue here.
Some caching in the future will of course help and then be similar in a way to what the database was doing.
| controllers = append(controllers, c.Controller) | ||
| } | ||
| } | ||
| err := j.firstSuccessfulController(ctx, controllers, func(api API) error { |
There was a problem hiding this comment.
Here we will always be calling the first controller in the list most frequently. We could randomise the list to do some round-robin if we want.
| @@ -1,4 +1,4 @@ | |||
| // Copyright 2024 Canonical. | |||
| // Copyright 2025 Canonical. | |||
|
Points we discussed on this:
|
After the discussion the decision is to close this pr. Moving forward we've decided not to remove from our db static fields. |
Description
In this pr we slim clouds, removing non-essential fields.