Skip to content

SwiftContainer: add controller#824

Open
eshulman2 wants to merge 7 commits into
k-orc:mainfrom
eshulman2:swiftcontainer-controller
Open

SwiftContainer: add controller#824
eshulman2 wants to merge 7 commits into
k-orc:mainfrom
eshulman2:swiftcontainer-controller

Conversation

@eshulman2

@eshulman2 eshulman2 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

  • add a SwiftContainer API and controller for managing Swift containers
  • add name-based import handling, metadata and ACL reconciliation, generated clients, CRD/RBAC wiring, and manager registration
  • add unit tests, KUTTL suites, examples, and CRD documentation

@github-actions github-actions Bot added the semver:major Breaking change label Jun 23, 2026

@winiciusallan winiciusallan left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @eshulman2, thanks for the PR!

I did a round of review through the API and left other comments inline. Will take some time to look how CRUD operations are being performed and the tests :).

Comment thread api/v1alpha1/swiftcontainer_types.go Outdated
Comment thread api/v1alpha1/swiftcontainer_types.go Outdated
// comma-separated list of account/container combinations.
// +kubebuilder:validation:MaxLength:=256
// +optional
ContainerWrite *string `json:"containerWrite,omitempty"`

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto for ContainerWrite

Comment thread api/v1alpha1/swiftcontainer_types.go Outdated
Comment thread internal/osclients/swiftcontainer_test.go Outdated
}

// SwiftContainerResourceSpec contains the desired state of a Swift container.
type SwiftContainerResourceSpec struct {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are other fields that we could implement in the ResourceSpec, but I'm okay leaving as it is and add them later.

Comment thread api/v1alpha1/swiftcontainer_types.go Outdated
Comment thread internal/controllers/swiftcontainer/controller.go Outdated
Comment thread internal/controllers/swiftcontainer/status.go Outdated
Comment thread internal/controllers/swiftcontainer/actuator_test.go Outdated
Comment thread internal/controllers/swiftcontainer/actuator.go Outdated
@eshulman2 eshulman2 force-pushed the swiftcontainer-controller branch from 2fb1881 to c85a5da Compare June 28, 2026 13:54
@eshulman2 eshulman2 requested a review from winiciusallan June 29, 2026 07:21
eshulman2 added 7 commits July 2, 2026 13:51
Scaffold the SwiftContainer controller using the controller generator:

$ go run ./cmd/scaffold-controller -interactive=false     -kind=SwiftContainer     -gophercloud-client=NewObjectStorageV1     -gophercloud-module=github.com/gophercloud/gophercloud/v2/openstack/objectstorage/v1/containers     -gophercloud-type=Container     -openstack-json-object=container
Add the SwiftContainer API, generated clients, OpenStack client wrapper, controller wiring, status writer, and reconciliation logic.

Swift containers are name-addressed, so the controller uses the container name as the ORC status ID and adds custom import handling for name-based imports.
Add unit coverage for Swift container import, adoption, creation, validation, and OpenStack client behavior.

Add KUTTL suites for minimal and full creation, import success and failure, updates, and name validation, and enable Swift in the E2E environment.
Document SwiftContainer in the resource matrix and generated CRD reference, and add example manifests for create and import workflows.
@eshulman2 eshulman2 force-pushed the swiftcontainer-controller branch from 222add3 to ab62b5d Compare July 2, 2026 10:58
// and 256 characters long and must not contain forward slashes.
// +kubebuilder:validation:MinLength:=1
// +kubebuilder:validation:MaxLength:=256
// +kubebuilder:validation:Pattern:=`^[^/]+$`

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think of adding a XValidation here instead of a Pattern so we can return a clear message to the user? Something like:

// +kubebuilder:validation:XValidation:rule="self.matches('^[^/]+$')",message="names must no contain forward slashes"

Comment on lines +197 to +207
createOpts := containers.CreateOpts{}

if resource.ContainerRead != "" {
createOpts.ContainerRead = resource.ContainerRead
}
if resource.ContainerWrite != "" {
createOpts.ContainerWrite = resource.ContainerWrite
}
if resource.StoragePolicy != "" {
createOpts.StoragePolicy = resource.StoragePolicy
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can extract this code to the following

Suggested change
createOpts := containers.CreateOpts{}
if resource.ContainerRead != "" {
createOpts.ContainerRead = resource.ContainerRead
}
if resource.ContainerWrite != "" {
createOpts.ContainerWrite = resource.ContainerWrite
}
if resource.StoragePolicy != "" {
createOpts.StoragePolicy = resource.StoragePolicy
}
createOpts := containers.CreateOpts{
ContainerRead: resource.ContainerRead
ContainerWrite: resource.ContainerWrite
StoragePolicy: resource.StoragePolicy
}

If the field is an empty string, it won't be parsed into a map in Gophercloud.

https://github.com/gophercloud/gophercloud/blob/main/params.go#L495

// that when specifying an import by name, the resource MUST already exist.
// The ORC object will enter an error state if the resource does not exist.
// +optional
Name *SwiftContainerName `json:"name,omitempty"`

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you mind explain what is the difference between this Name here (spec.import.name) and in spec.import.filter.name?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this file is useless for us since we have committed this directory with changes.

Comment on lines +178 to +185
// Swift treats '/' as a path separator in container names, making the name
// invalid at the API level. Validate explicitly to provide a clear error
// message rather than a confusing HTTP error from gophercloud.
if strings.Contains(name, "/") {
return nil, progress.WrapError(
orcerrors.Terminal(orcv1alpha1.ConditionReasonInvalidConfiguration,
"container name must not contain forward slashes"))
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// MaxLength:=256 marker counts Unicode code points, not bytes, so a name
// with multi-byte UTF-8 characters can pass API validation yet exceed the
// byte limit. Validate explicitly here to produce a clear error message.
if len(name) > 256 {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same as the above validation.

that the observed state corresponds to the spec.

Also validate that the OpenStack resource uses the name of the ORC object when
`spec.resource.name` is not specified (SC-001).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is a downstream reference

Suggested change
`spec.resource.name` is not specified (SC-001).
`spec.resource.name` is not specified.

metadata:
name: swiftcontainer-create-minimal
status:
resource:

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're missing storagePolicy here. IIRC, a fresh devstack install use Policy-0 when no default policy is configured.


Validates that:
- The OpenStack resource uses the name from `spec.resource.name` when it is
specified, rather than the ORC object name (SC-002).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Downstream reference

Suggested change
specified, rather than the ORC object name (SC-002).
specified, rather than the ORC object name.

- The import filter matches the container with exact name (not a superstring).
- `status.id` is populated with the imported container name.
- Adoption from unmanaged import to available state works without recreating
the container (SC-003).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my search I think this is the last one :)

Suggested change
the container (SC-003).
the container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

semver:major Breaking change

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants