Skip to content

Added --namespace flag to k3kcli policy create #564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
enrichman merged 8 commits into from
Nov 14, 2025
Merged

Added --namespace flag to k3kcli policy create #564

enrichman merged 8 commits into from
Nov 14, 2025

Conversation

@enrichman
Copy link
Collaborator

@enrichman enrichman commented Nov 13, 2025
edited
Loading

Fix #379

The --namespace flag was inherited by the global flags, but it was not used in the policy create command.

This PR change this behaviour, adding the option to provide multiple --namespace flags during the policy creation to actually bind it to existing namespaces:

-> % k3kcli policy create --mode=virtual --namespace k3k-mycluster --namespace k3k-mycluster2 --namespace k3k-myclusterXX virtual-policy
INFO[0000] Creating policy "virtual-policy"             
INFO[0001] Added policy "virtual-policy" to namespace "k3k-mycluster" 
INFO[0001] Added policy "virtual-policy" to namespace "k3k-mycluster2" 
WARN[0001] Namespace "k3k-myclusterXX" not found, skipping
image

As suggested also a --overwrite flag was added. This is used to eventually overwrite existing policy. Without it we are not going to unbind existing policies, but just warn:

-> % k3kcli policy create --mode=virtual --namespace k3k-mycluster --namespace k3k-mycluster2 --namespace k3k-myclusterXX virtual-policy2 --overwrite
INFO[0000] Creating policy "virtual-policy2"            
INFO[0000] Policy "virtual-policy2" already exists      
INFO[0001] Found policy "virtual-policy" bound to namespace "k3k-mycluster". Overwriting it with "virtual-policy2" 
INFO[0001] Added policy "virtual-policy2" to namespace "k3k-mycluster" 
INFO[0001] Found policy "virtual-policy" bound to namespace "k3k-mycluster2". Overwriting it with "virtual-policy2" 
INFO[0001] Added policy "virtual-policy2" to namespace "k3k-mycluster2" 
WARN[0001] Namespace "k3k-myclusterXX" not found, skipping
image 
-> % k3kcli policy create --mode=virtual --namespace k3k-mycluster4 --namespace k3k-mycluster2 --namespace k3k-myclusterXX virtual-policy2 --overwrite
INFO[0000] Creating policy "virtual-policy2"            
INFO[0000] Policy "virtual-policy2" already exists      
INFO[0001] Added policy "virtual-policy2" to namespace "k3k-mycluster4" 
WARN[0001] Namespace "k3k-myclusterXX" not found, skipping
image

@codecov-commenter
Copy link

codecov-commenter commented Nov 13, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 24.48980% with 37 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.42%. Comparing base (2773030) to head (01791be).

Files with missing lines Patch % Lines
cli/cmds/policy_create.go 19.51% 31 Missing and 2 partials ⚠️
cli/cmds/policy_delete.go 25.00% 3 Missing ⚠️
cli/cmds/cluster_create.go 66.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #564      +/-   ##
==========================================
- Coverage   59.78%   59.42%   -0.36%     
==========================================
  Files          56       56              
  Lines        5217     5255      +38     
==========================================
+ Hits         3119     3123       +4     
- Misses       1811     1842      +31     
- Partials      287      290       +3
Flag Coverage Δ
cli 53.07% <24.48%> (-0.39%) ⬇️
controller 57.04% <0.00%> (-0.54%) ⬇️
e2e 57.04% <0.00%> (-0.54%) ⬇️
unit 36.32% <0.00%> (-0.27%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@enrichman enrichman requested a review from jp-gouin November 13, 2025 10:32
@enrichman enrichman self-assigned this Nov 13, 2025
@jp-gouin
Copy link
Collaborator

jp-gouin commented Nov 13, 2025

In case the namespace already has a policy attached. we should display a warning and not change the policy.
We can introduce a --overwrite flag to overwrite the current policy by the new one

pmatseykanets
pmatseykanets reviewed Nov 13, 2025
View reviewed changes
cli/cmds/policy_delete.go
if !apierrors.IsNotFound(err) {
return err
}

Copy link

@pmatseykanets pmatseykanets Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we check if the policy was ever bound to one more namespaces and clear it when deleted?

Copy link
Collaborator Author

@enrichman enrichman Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed offline this should probably responsibility of the controller itself, I've opened an issue about this: #563

pmatseykanets
pmatseykanets reviewed Nov 13, 2025
View reviewed changes
Copy link

@pmatseykanets pmatseykanets left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like tests need some finessing due to message format changes.

pmatseykanets
pmatseykanets reviewed Nov 13, 2025
View reviewed changes
cli/cmds/cluster_create.go Outdated
}

logrus.Infof("Creating cluster [%s] in namespace [%s]", name, namespace)
logrus.Infof("Creating cluster %q in namespace %q", name, namespace)
Copy link

@pmatseykanets pmatseykanets Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May not be a good idea to use double quotes with a structured logger. IMHO it impairs readibility.

Copy link
Collaborator Author

@enrichman enrichman Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, the tests fails because when the cli is not running in a TTY it will output the logs in a structured format, while on the console it looks fine.

I'll move this to single quotes!

@enrichman enrichman force-pushed the 379-policy-bind-namespaces branch 2 times, most recently from 45992e4 to 4ba97fa Compare November 14, 2025 11:55
@enrichman enrichman force-pushed the 379-policy-bind-namespaces branch from 4ba97fa to 01791be Compare November 14, 2025 15:58
@enrichman enrichman merged commit 8760afd into rancher:main Nov 14, 2025
9 checks passed
@enrichman enrichman deleted the 379-policy-bind-namespaces branch November 14, 2025 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmatseykanets pmatseykanets pmatseykanets approved these changes

@jp-gouin jp-gouin Awaiting requested review from jp-gouin

@raulcabello raulcabello Awaiting requested review from raulcabello

Assignees

@enrichman enrichman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

While creating a VirtualClusterPolicy passing namespace, namespace does not get updated

4 participants

@enrichman @codecov-commenter @jp-gouin @pmatseykanets