[pull] main from nephio-project:main#34
Merged
Merged
Conversation
Add REST NBI with Porch storage, schema validation, and GitOps deployment ### Description This PR introduces the FOCOM North Bound Interface (NBI) REST API layer, Porch-based GitOps storage, FPR template parameter schema validation, and supporting infrastructure for the focom-operator. ### What changed #### REST NBI API (`internal/nbi/`) A complete REST API layer built with Gin, implementing the draft → validate → approve → publish lifecycle for three resource types: OCloud, TemplateInfo, and FocomProvisioningRequest. The API follows the OpenAPI spec at `api/openapi/focom-nbi-api.yaml`. - `handlers/` — HTTP handlers for all three resource types with full CRUD, draft management, revision history, and lifecycle operations (validate, approve, reject) - `services/` — Business logic layer with dependency validation, state machine enforcement, and schema validation orchestration - `models/` — Internal data models with JSON serialization, ID generation, and structured error types - `validation/` — Validation framework with JSON Schema validation (`gojsonschema`), business rule validation, dependency validation, and schema metavalidation - `storage/` — Storage abstraction with two implementations: - `inmemory.go` — In-memory storage for testing - `porch.go` — Production storage using Nephio Porch PackageRevisions via Kubernetes REST API, with full draft/revision lifecycle mapped to Porch's Draft/Proposed/Published states - `integration/` — Operator integration layer for mapping NBI resources to Kubernetes CRs - `config/` — Runtime configuration with environment variable support #### FPR Template Parameter Schema Validation Validates FPR `templateParameters` against the `templateParameterSchema` defined in the referenced TemplateInfo: - Schema validation runs during ValidateDraft (always) and optionally during CreateDraft/UpdateDraft when `FOCOM_EARLY_SCHEMA_VALIDATION=true` - TemplateInfo schema metavalidation ensures `templateParameterSchema` is a valid JSON Schema before approval - Structured error reporting with field path, constraint type, and human-readable description - Property-based tests (using `gopter`) verify schema validation conformance, error structure completeness, metavalidation correctness, and error serialization round-trip #### Porch Storage Implementation Full implementation of the storage layer using Nephio Porch as a GitOps backend: - Maps NBI draft/validate/approve lifecycle to Porch PackageRevision Draft/Proposed/Published states - Stores resources as Kubernetes-style YAML inside Porch packages - Supports kubeconfig-based and token-based authentication - Handles revision management, draft-from-revision creation, and resource listing with state mapping #### GitOps Deployment (ConfigSync & Flux) - ConfigSync integration via `config/configsync/` for automatic Git → Kubernetes sync - Flux integration via `config/flux/` as an alternative GitOps engine with webhook support for instant sync - Makefile targets: `deploy`, `deploy-with-flux`, `deploy-with-flux-webhook`, `undeploy`, `undeploy-flux` #### Testing - Unit tests for models, validation, services, storage, and controller - Property-based tests (gopter, 100 iterations each) for schema validation correctness - Integration test framework with smoke, integration, and stability test tiers against live Porch clusters - Postman collection (`api/postman/`) for manual API testing - Makefile targets: `unit-tests`, `ci-tests`, `test-smoke`, `test-integration`, `test-stability` #### Documentation - Architecture overview (`docs/ARCHITECTURE.md`) - Deployment guide (`docs/DEPLOYMENT.md`) - Porch setup guide (`docs/PORCH_SETUP.md`) - Troubleshooting guide (`docs/TROUBLESHOOTING.md`) - Flux deployment docs (`docs/flux/`) - kpt deployment docs (`docs/kpt/`) - OpenAPI specification (`api/openapi/focom-nbi-api.yaml`) ### Environment Variables | Variable | Description | Default | |---|---|---| | `FOCOM_NAMESPACE` | Default namespace for resources | `focom-system` | | `FOCOM_EARLY_SCHEMA_VALIDATION` | Enable schema validation on create/update | `false` | | `NBI_STORAGE_BACKEND` | Storage backend (`inmemory` or `porch`) | `porch` | | `PORCH_NAMESPACE` | Porch PackageRevision namespace | `default` | | `PORCH_REPOSITORY` | Porch repository name | `focom-resources` | ### Testing ```bash cd focom-operator make unit-tests # Unit tests only make test-smoke # Smoke tests against live Porch (requires cluster) Signed-off-by: saul.gill <saul.gill@est.tech>
…ecializers (#1098) ## Summary Previously, errors from KRM function pipelines (IPAM, VLAN, Generic specializers) were logged but ignored. This caused the controller to continue reconciliation and commit partially processed or invalid resources to Porch, while incorrectly reporting success. This PR fixes the issue by returning errors from `r.krmfn.Process(rl)` directly to controller-runtime, ensuring failed reconciliations are retried and no corrupted state is committed. --- ## Root Cause - Errors from KRM functions were swallowed instead of returned. - Controller continued execution with incomplete/invalid resources. - `ctrl.Result{}, nil` prevented retries, causing silent failures. --- ## Fix - Propagate errors by returning them immediately: ```go _, err = r.krmfn.Process(rl) if err != nil { log.Error(err, "function run failed") return ctrl.Result{}, errors.Wrap(err, "function run failed") } ``` ## Applied Across - ipam-specializer - vlan-specializer - generic-specializer - specializer-reconciler ## Ensures - No partial state is committed - Reconciliation stops on failure - controller-runtime retries with backoff --- ## Tests - Added error-path unit tests for: - IPAM specializer - VLAN specializer - Verified: - Errors are returned correctly - No updates are made to Porch on failure - All tests passing: `go test ./...` --- ## Impact - Eliminates silent failures in KRM pipelines - Prevents corrupted/partial GitOps state from being committed - Enables automatic retries for transient failures (e.g., IPAM/VLAN backend issues) - Improves reliability and correctness of Nephio deployments --- Fixes #1097 Signed-off-by: pulkitvats2007-crypto <pulkitvats2007@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )