search

holos-run / holos

Holos - The Holistic platform manager
https://holos.run
Apache License 2.0
19 stars 0 forks source link

Constraints #244

Closed jeffmccune closed 1 month ago

jeffmccune commented 1 month ago

The doc following projects has the theme of constraints.

Here's a simple example of how to constrain the output generated by a project. The platform team could add the constraint at projects/httpbin/constraints.cue and the development team is able to create directories via the projects/httpbin/components/OWNERS file, for example adding the projects/httpbin/components/backend/backend.cue component.

We're likely going to need to re-work the core BuildPlan definition to make this ergonomic, for example adding one top level spec.resources field for platform teams to constrain, but that can come later, the versioned api and schema/core packages should make it pretty straight forward to do without impacting users too badly. They should just need to bump from v1alpha3 to v1alpha4 in the root schema.cue file of their repo, no other code changes should be necessary. Hopefully.

diff --git a/components/namespaces/namespaces.cue b/components/namespaces/namespaces.cue
index a6cc0f2..0f6e4b0 100644
--- a/components/namespaces/namespaces.cue
+++ b/components/namespaces/namespaces.cue
@@ -3,7 +3,13 @@ package holos
 let Objects = {
    Name: "namespaces"
    Resources: Namespace: #Namespaces
+   Resources: Jeff: jeff: metadata: name: "jeff"
 }

 // Produce a kubernetes objects build plan.
 (#Kubernetes & Objects).BuildPlan
+
+// Constrain what can be managed from the project.
+#AllowedResources: Namespace: _
+
+spec: components: kubernetesObjectsList: [{apiObjectMap: #AllowedResources}]

This constraint results in:

❯ cue export --out yaml ./components/namespaces
spec.components.kubernetesObjectsList.0.apiObjectMap.Jeff: field not allowed:
    ./components/namespaces/namespaces.cue:10:1
    ./components/namespaces/namespaces.cue:13:20
    ./components/namespaces/namespaces.cue:15:58
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/apiobjects_go_gen.cue:34:17
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/apiobjects_go_gen.cue:50:16
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/buildplan_go_gen.cue:26:14
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/buildplan_go_gen.cue:35:15
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/buildplan_go_gen.cue:40:27
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/buildplan_go_gen.cue:40:30
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/component_go_gen.cue:22:17
    ./cue.mod/gen/github.com/holos-run/holos/api/core/v1alpha3/kubernetesobjects_go_gen.cue:12:2
    ./cue.mod/gen/github.com/holos-run/holos/api/schema/v1alpha3/definitions_go_gen.cue:29:13
    ./cue.mod/gen/github.com/holos-run/holos/api/schema/v1alpha3/definitions_go_gen.cue:94:11
    ./cue.mod/pkg/github.com/holos-run/holos/api/core/v1alpha3/apiobjects.cue:12:3
    ./cue.mod/pkg/github.com/holos-run/holos/api/core/v1alpha3/apiobjects.cue:13:18
    ./cue.mod/pkg/github.com/holos-run/holos/api/schema/v1alpha3/definitions.cue:22:13
    ./cue.mod/pkg/github.com/holos-run/holos/api/schema/v1alpha3/definitions.cue:137:25
    ./cue.mod/pkg/github.com/holos-run/holos/api/schema/v1alpha3/definitions.cue:138:13
    ./cue.mod/pkg/github.com/holos-run/holos/api/schema/v1alpha3/definitions.cue:140:45