Conversation
* inited extra controller and added extra CRD * sample config
… better permissions check
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds first-class RabbitMQ support to the operator (new RabbitMQAccess API + controller), refactors shared controller logic to be reused across Postgres/RabbitMQ, and expands the e2e test suite to cover both Postgres and RabbitMQ behavior.
Changes:
- Introduce
RabbitMQAccessCRD/API/controller with RBAC + sample manifests. - Factor shared controller utilities (finalizers, status conditions, secret/connection handling) into reusable shared logic and update Postgres controller to use it.
- Add comprehensive e2e tests and utilities for RabbitMQ and Postgres; update CI workflows and multi-arch image publishing.
Reviewed changes
Copilot reviewed 41 out of 42 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| test/utils/e2e_rabbitmq.go | New e2e helpers for deploying RabbitMQ and asserting users/vhosts/permissions. |
| test/utils/e2e_postgres.go | Extracted/expanded Postgres e2e helpers (incl. CNPG) out of e2e.go. |
| test/utils/e2e.go | Utility refactor: keep generic helpers, add WaitForResourceDeleted, generalize TriggerReconciliation, and share YAML list formatting. |
| test/e2e/rabbitmq_e2e_test.go | New RabbitMQ e2e test suite covering reconciliation, deletion, drift repair, and Controller policy behavior. |
| test/e2e/postgres_e2e_test.go | New Postgres e2e test suite (incl. CNPG), expanded coverage for policy, drift, deletion, and password rotation. |
| test/e2e/manager_e2e_test.go | New manager-level e2e checks (pod readiness, metrics endpoint). |
| test/e2e/e2e_suite_test.go | E2E suite setup/teardown improvements and default Eventually configuration. |
| internal/controller/shared_logic.go | New shared controller utilities for finalizers, status updates, secret reconciliation, and connection secret parsing/policy. |
| internal/controller/rabbitmqaccess_controller_test.go | New unit tests for RabbitMQ controller helper logic and reconcile/finalize behavior. |
| internal/controller/rabbitmqaccess_controller.go | New RabbitMQAccess reconciler implementing desired user/vhost/permission reconciliation + cleanup. |
| internal/controller/rabbitmq_connection.go | RabbitMQ connection resolution + management endpoint building + Controller settings resolution helpers. |
| internal/controller/rabbitmq.go | RabbitMQ management operations (users, vhosts, permissions) and stale-detection helpers. |
| internal/controller/postgresaccess_controller_test.go | Align tests with shared condition types; update fake client status subresources to include RabbitMQAccess. |
| internal/controller/postgresaccess_controller.go | Refactor Postgres reconciler to use shared finalizer/secret/status helpers and shared Controller settings resolver. |
| internal/controller/postgresaccess_connection.go | Refactor connection/secret namespace resolution to shared helpers; reuse shared direct/existing secret parsing. |
| internal/controller/db.go | Update ConnectionDetails to embed shared connection fields. |
| go.mod | Add RabbitMQ management dependency (rabbit-hole). |
| go.sum | Dependency updates for RabbitMQ + other module sums. |
| config/samples/kustomization.yaml | Update samples list to include RabbitMQ sample (but currently references a missing file). |
| config/samples/access_v1_rabbitmqaccess.yaml | New sample RabbitMQAccess manifest. |
| config/rbac/role.yaml | Add RabbitMQAccess permissions to generated manager role. |
| config/rbac/rabbitmqaccess_viewer_role.yaml | Scaffolded viewer ClusterRole for RabbitMQAccess. |
| config/rbac/rabbitmqaccess_editor_role.yaml | Scaffolded editor ClusterRole for RabbitMQAccess. |
| config/rbac/rabbitmqaccess_admin_role.yaml | Scaffolded admin ClusterRole for RabbitMQAccess. |
| config/rbac/kustomization.yaml | Include scaffolded RabbitMQAccess roles in RBAC kustomization. |
| config/crd/kustomization.yaml | Include RabbitMQAccess CRD base. |
| config/crd/bases/access.k8s.delta10.nl_rabbitmqaccesses.yaml | New generated CRD for RabbitMQAccess. |
| config/crd/bases/access.k8s.delta10.nl_postgresaccesses.yaml | Minor doc update for PostgresAccess username field. |
| config/crd/bases/access.k8s.delta10.nl_controllers.yaml | Extend Controller settings schema with RabbitMQ settings (excluded users/vhosts, deletion policy). |
| cmd/main.go | Register the new RabbitMQAccess controller with the manager. |
| api/v1/zz_generated.deepcopy.go | Generated deep-copies for RabbitMQ types and controller settings. |
| api/v1/rabbitmqaccess_types.go | New RabbitMQAccess API types and markers. |
| api/v1/postgresaccess_types.go | Minor doc update aligning with required username behavior. |
| api/v1/controller_types.go | Add RabbitMQ settings and StaleVhostDeletionPolicy type. |
| PROJECT | Register RabbitMQAccess resource in Kubebuilder project metadata. |
| AGENTS.md | Update agent guidance and e2e notes (contains a small typo). |
| .github/workflows/test.yml | Update workflow action versions and keep unit tests running in CI. |
| .github/workflows/test-e2e.yml | Update workflow action versions and keep e2e tests running in CI. |
| .github/workflows/release-setup-file.yml | Switch to digest-based multi-arch build/merge flow for releases. |
| .github/workflows/lint.yml | Update workflow action versions for lint pipeline. |
| .github/workflows/docker-publish.yml | Switch to per-arch build + merge manifest + signing flow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Closed
* First pass from Codex, test speed halved on my laptop; needs review * cleanup run * Squashed commit of the following: commit 66d2121 Author: Fay <61050421+FayKn@users.noreply.github.com> Date: Tue Mar 17 08:45:09 2026 +0100 don't reque on error and use right priviliege drift interval commit f1330c9 Author: Fay <61050421+FayKn@users.noreply.github.com> Date: Tue Mar 17 08:27:02 2026 +0100 Removed a useless emit function and error on multiple secrets commit 4ce8a32 Author: Fay <61050421+FayKn@users.noreply.github.com> Date: Mon Mar 16 15:53:52 2026 +0100 Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> commit ed02322 Author: Fay <61050421+FayKn@users.noreply.github.com> Date: Mon Mar 16 15:53:03 2026 +0100 fix nitpick from copilot Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Fixed race condition and new line bug * run only certain contexts * updated postrges and rabbitmq * reduce image pulls * e2e arm runner * back to x86
tijmenbaarda
left a comment
tijmenbaarda
left a comment
There was a problem hiding this comment.
De readme is zeker bruikbaar voor eindgebruikers! Ik vond bepaalde dingen nog niet direct duidelijk, daar heb ik opmerkingen over gemaakt.
* Move functions to own packages * tests fixed * moved a bit of code * Fix tests not running * Share reconcile logic and make e2e tests less flakey * instructions for adding new controller * Feat/redis (#39) * First pass by the gpt * Split files by concern * added redis mod test and fixed CNPG race condition. * docker compose CRs and fixed postgres to work in k8s * share test suite logic * fixed Copilot nits
Contributor
There was a problem hiding this comment.
Pull request overview
This PR expands the operator to manage access for RabbitMQ and Redis in addition to Postgres, while refactoring shared controller reconciliation/test bootstrapping and adding parallelized e2e coverage.
Changes:
- Add RabbitMQAccess and RedisAccess APIs/CRDs, RBAC manifests, controller wiring, and samples.
- Refactor controller reconciliation into shared helpers (status, secrets, config/policy, envtest bootstrap) and update existing controllers to use them.
- Add/extend e2e test suite (parallel support, Redis scenarios, controller policy) and update CI/release workflows.
Reviewed changes
Copilot reviewed 78 out of 79 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| test/utils/e2e_redis.go | Adds Redis e2e utilities for deploying Redis and interacting via redis-cli. |
| test/e2e/test_helpers_test.go | Adds shared e2e helpers for Ready conditions, events, logs, and Controller CR creation/deletion. |
| test/e2e/redis_e2e_test.go | Adds RedisAccess e2e scenarios (invalid connection, create/update/drift/rotation/deletion). |
| test/e2e/redis_controller_policy_e2e_test.go | Adds e2e coverage for Controller policy affecting cross-namespace existingSecret. |
| test/e2e/parallel_support_test.go | Adds parallel-safe namespaces/backends per Ginkgo worker for Postgres/RabbitMQ/Redis. |
| test/e2e/manager_e2e_test.go | Adds e2e assertions around manager health/metrics and debugging output on failures. |
| test/e2e/e2e_suite_test.go | Switches to synchronized suite setup/teardown; installs CRDs, deploys manager, cleanup. |
| internal/controller/suite_test.go | Refactors envtest suite to use shared bootstrap/teardown helpers. |
| internal/controller/shared_test_logic.go | Introduces shared envtest bootstrap/teardown and test helpers (fake client, event receive). |
| internal/controller/shared_secret_logic.go | Introduces shared generated secret reconciliation and connection detail resolution from secrets. |
| internal/controller/shared_reconciliation_logic.go | Introduces shared managed-access reconciliation loop, status updates, and events. |
| internal/controller/shared_config_logic.go | Adds shared connection/config helpers and manager deployment listing utilities. |
| internal/controller/redis/suite_test.go | Adds Redis controller envtest suite using shared bootstrap helpers. |
| internal/controller/redis/redis_connection.go | Implements Redis connection resolution and controller settings (excluded users, policy). |
| internal/controller/redis/redis_client.go | Adds Redis ACL client abstraction backed by go-redis. |
| internal/controller/rabbitMQ/suite_test.go | Adds RabbitMQ controller envtest suite using shared bootstrap helpers. |
| internal/controller/rabbitMQ/rabbitmq_connection.go | Refactors RabbitMQ connection resolution and management endpoint derivation. |
| internal/controller/rabbitMQ/rabbitmq.go | Contains RabbitMQ API wrapper logic (users, vhosts, permissions reconciliation). |
| internal/controller/postgresaccess_connection.go | Removes old Postgres connection logic (moved/refactored into shared helpers and postgres package). |
| internal/controller/postgres/suite_test.go | Adds Postgres controller envtest suite using shared bootstrap helpers. |
| internal/controller/postgres/postgresaccess_grants.go | Moves Postgres grants logic into postgres subpackage. |
| internal/controller/postgres/postgresaccess_controller.go | Refactors Postgres controller to use shared managed-access reconciliation/status/finalizer helpers. |
| internal/controller/postgres/postgresaccess_connection.go | Adds Postgres connection string construction using shared connection resolution. |
| internal/controller/postgres/mock_db.go | Extracts MockDB for Postgres unit tests. |
| internal/controller/postgres/db.go | Renames Postgres DB implementation type and removes embedded MockDB from production file. |
| internal/controller/internal_shared_logic.go | Adds internal shared helpers (secret refs, singleton controller resolution, namespace policy, parsing). |
| internal/controller/controller_controller_test.go | Updates controller tests to use shared fake client and shared event receiver helper; adds new namespace validation test. |
| internal/controller/controller_controller.go | Tightens singleton Controller validation to require operator namespace; exports reason constant; refactors deployment listing to shared helper. |
| internal/controller/README.md | Documents repo conventions for adding controllers and using shared reconciliation flow. |
| go.sum | Updates dependency checksums for RabbitMQ/Redis + workflow/tooling changes. |
| go.mod | Adds dependencies for RabbitMQ/Redis controllers and adjusts indirect deps. |
| docker-compose.yml | Adds a Redis dev container; normalizes compose formatting/network naming. |
| config/samples/kustomization.yaml | Registers new RabbitMQ and Redis sample manifests (plus docker-focused samples). |
| config/samples/access_v1_redisaccess_docker.yaml | Adds a RedisAccess sample targeting local/docker Redis settings. |
| config/samples/access_v1_rabbitmqaccess.yaml | Adds a RabbitMQAccess sample manifest. |
| config/samples/access_v1_postgresaccess_docker.yaml | Adds a PostgresAccess sample targeting local/docker Postgres settings. |
| config/samples/access_v1_postgresaccess.yaml | Updates Postgres sample namespace and host to be cluster-appropriate. |
| config/samples/access_v1_controller.yaml | Updates Controller sample (namespace + example settings). |
| config/rbac/role.yaml | Expands operator role permissions to include rabbitmqaccesses/redisaccesses resources. |
| config/rbac/redisaccess_viewer_role.yaml | Adds scaffolded viewer ClusterRole for RedisAccess. |
| config/rbac/redisaccess_editor_role.yaml | Adds scaffolded editor ClusterRole for RedisAccess. |
| config/rbac/redisaccess_admin_role.yaml | Adds scaffolded admin ClusterRole for RedisAccess. |
| config/rbac/rabbitmqaccess_viewer_role.yaml | Adds scaffolded viewer ClusterRole for RabbitMQAccess. |
| config/rbac/rabbitmqaccess_editor_role.yaml | Adds scaffolded editor ClusterRole for RabbitMQAccess. |
| config/rbac/rabbitmqaccess_admin_role.yaml | Adds scaffolded admin ClusterRole for RabbitMQAccess. |
| config/rbac/kustomization.yaml | Registers the new RabbitMQ/Redis RBAC helper roles in kustomize. |
| config/crd/kustomization.yaml | Registers RabbitMQAccess and RedisAccess CRDs. |
| config/crd/bases/access.k8s.delta10.nl_redisaccesses.yaml | Adds RedisAccess CRD definition. |
| config/crd/bases/access.k8s.delta10.nl_rabbitmqaccesses.yaml | Adds RabbitMQAccess CRD definition. |
| config/crd/bases/access.k8s.delta10.nl_postgresaccesses.yaml | Updates PostgresAccess CRD description (username generation note removed). |
| config/crd/bases/access.k8s.delta10.nl_controllers.yaml | Extends Controller settings schema for rabbitmq/redis options; updates cross-namespace setting docs. |
| cmd/main.go | Wires RabbitMQ and Redis controllers into the manager; updates Postgres controller import path. |
| api/v1/zz_generated.deepcopy.go | Regenerates deepcopy code for new API types/settings. |
| api/v1/redisaccess_types.go | Adds RedisAccess API type definitions. |
| api/v1/rabbitmqaccess_types.go | Adds RabbitMQAccess API type definitions. |
| api/v1/postgresaccess_types.go | Updates PostgresAccess API docs (username generation note removed). |
| api/v1/controller_types.go | Adds Controller settings for RabbitMQ and Redis (excluded users, vhost deletion policy). |
| README.md | Updates project documentation to include RabbitMQ/Redis and expanded usage instructions. |
| PROJECT | Updates Kubebuilder metadata to include RabbitMQAccess and RedisAccess resources. |
| Makefile | Switches e2e runner to ginkgo with parallelism and focus support; minor symlink tweak. |
| DEVELOPER.md | Adds contributor/developer guide content and references controller README. |
| CONTRIBUTING.md | Adds contribution guidelines template. |
| AGENTS.md | Updates agent guidance (removes multigroup section; adjusts e2e notes). |
| .github/workflows/test.yml | Updates workflow actions versions and test steps. |
| .github/workflows/test-e2e.yml | Updates workflow actions versions and e2e invocation. |
| .github/workflows/release-setup-file.yml | Refactors release to build per-arch and merge multi-arch manifest by digest; updates action versions. |
| .github/workflows/lint.yml | Updates workflow actions versions. |
| .github/workflows/docker-publish.yml | Refactors docker publish to per-arch builds + merge job; updates action versions and signing flow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
action runners are not so fast so start polling later to clutter logs less
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pretty large PR, folders of most importance to review:
internal/controller
api/v1 for the specs (the config/samples are also useful)