backend: Add controllers for dispatching credential requests#4891
backend: Add controllers for dispatching credential requests#4891
Conversation
The operation helper functions have been duplicated the backend's "operationcontrollers" package. The "database" package functions are no longer used.
Backend will soon need to call this. Putting this function in the database package is transitional. I expect to move this function to the backend once porting of Cluster Service calls is complete. At the same time, change the function to also return a list of operation IDs staged for cancellation in the transaction. This allows for logging the operation IDs being cancelled, but also potentially skipping the transaction if there are no operations to cancel.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mbarnes The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| @@ -0,0 +1,147 @@ | |||
| // Copyright 2025 Microsoft Corporation | |||
| @@ -0,0 +1,96 @@ | |||
| // Copyright 2025 Microsoft Corporation | |||
I am trying to think of a reason we'd prefer to do a 2 phased rollout: Is that if we do a one phased, during the rollout to a region, it could be that the frontend is rolled out but not the backend in which case we'll have issues? |
|
@mbarnes: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
2 participants
ARO-24384 - Move Cluster Service CRUD calls to ARO-HCP backend
What
This is part one of a two-phase rollout to move the Cluster Service calls for requesting and revoking break-glass credentials to the RP backend.
This pull request introduces two new backend controllers –
DispatchRequestCredentialandDispatchRevokeCredentials– but they are inert for now because the RP frontend is still making the Cluster Service calls.Once this pull request reaches production, a follow-up pull request will remove these two Cluster Service calls from the RP frontend, at which point the new backend controllers will take over.
Why
This is part of a plan to move all Cluster Service calls to the RP backend, but I'm starting with break-glass credentials because I believe it will have the largest impact in meeting the Control Plane Latency KPI.
Testing
Relevant unit tests have been updated and I have performed manual testing in a personal dev environment (with frontend calls disabled) to verify the new backend controllers. The new controllers probably warrant new integration tests for the backend, but in the interest of expediency and because the new controllers are currently inert, I'm going to defer the integration tests to the follow-up pull request.
This change should be fully transparent to E2E tests, so no changes are needed there.
Special notes for your reviewer
Holding until @deads2k has a chance to look at this. Not sure where in the source code he'd prefer these controllers to live. I put them where I thought it made sense.