Draft
Conversation
This commit adds automatic expiration functionality for BMCUser resources, enabling temporary users for debugging, maintenance windows, and temporary access scenarios. Features: - Dual expiration approach: TTL (relative) and ExpiresAt (absolute) - Immutable expiration time (calculated once at creation) - Automatic cleanup of both K8s objects and BMC accounts - Warning period with condition changes (Active -> ExpiringSoon -> Expired) - Smart requeue coordination with password rotation - Webhook validation for mutual exclusivity and valid values - Fully backward compatible with existing permanent users API Changes: - Added TTL and ExpiresAt fields to BMCUserSpec (mutually exclusive) - Added ExpiresAt and Conditions to BMCUserStatus - Added condition constants and types - Added ExpiresAt printer column for kubectl output Controller Changes: - Implemented expiration calculation (once at creation) - Implemented expiration checking and automatic deletion - Implemented condition management with warning periods - Coordinated requeue timing between rotation and expiration - Added Conditions accessor to BMCUserReconciler Webhook Changes: - Created BMCUser validation webhook - Validates mutual exclusivity of TTL/ExpiresAt - Validates future dates and reasonable values - Warns on changes to immutable fields Testing: - Added 4 comprehensive unit tests for TTL functionality - All 105/105 tests passing - Test coverage maintained Documentation: - Added comprehensive usage guide (docs/usage/bmcuser-ttl.md) - Added examples for debugging, maintenance, and vendor access - Updated README.md with Features section - Linked documentation in VitePress navigation - Added sample YAMLs for temporary users Files modified: - api/v1alpha1/bmcuser_types.go - internal/controller/bmcuser_controller.go - internal/controller/bmcuser_controller_test.go - internal/controller/suite_test.go - cmd/main.go - config/crd/bases/metal.ironcore.dev_bmcusers.yaml - config/webhook/manifests.yaml - dist/chart/templates/* (Helm chart updates) - README.md - docs/.vitepress/config.mts Files added: - internal/webhook/v1alpha1/bmcuser_webhook.go - config/samples/metal_v1alpha1_bmcuser_temporary.yaml - docs/usage/bmcuser-ttl.md
github-actions
bot
added
size/XXL
api-change
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit adds automatic expiration functionality for BMCUser resources, enabling temporary users for debugging, maintenance windows, and temporary access scenarios.
Features: