Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separate Scope resource for providers #108

Open
tronghn opened this issue Sep 9, 2022 · 0 comments
Open

Separate Scope resource for providers #108

tronghn opened this issue Sep 9, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@tronghn
Copy link
Contributor

tronghn commented Sep 9, 2022
edited
Loading

Ref. b2652a5:

A client without any scopes is disallowed; ideally we shouldn't even
create a Maskinporten client if the spec only defines scopes to be
exposed and none consumed.

This commit adds a default consumer scope for the Maskinporten client if
none are defined. Ideally, the "exposed scope" directive should be split out
into its own resource and reconciler rather than being tied directly to a
MaskinportenClient resource.

Other pain points with tying exposure of scopes to a single MaskinportenClient:

  • ownership becomes unclear:
    • multiple application manifests may define the same scope, but the source of truth is the last applied manifest
    • what happens if the same application in the same namespace, but in different clusters have the same exposed scope?
  • tracking desired and actual state becomes difficult (e.g. how do we determine that a scope should be deleted?)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tronghn @ybelMekk