akuity / kargo

Application lifecycle orchestration

https://kargo.akuity.io/

Typed actor annotations

devholic opened this issue 2 months ago · comments

Sunghoon Kang commented 2 months ago

Background

#1872 introduces kargo.akuity.io/create-actor to track who created the given resource.

As @hiddeco pointed out in #1872 (review), we may want to add contextual information to the annotation.

Suggestions

Use JSON encoded typed value instead of an actor string
```
{
  "actor": "subject:some-user",
  "controlplane": false
}
```
- controlplane field is to indicate whether the resource is created by controlplane (or we can leverage prefixes like this)
Introduce kargo.akuity.io/last-update-actor to track who updated it
- We may merge create/update actor into single annotation (kargo.akuity.io/actor), but I think it's more clear to have separate annotations and it gives us more flexibility when we decided to change annotation structure.
```
{
  "created-by": {...},
  "last-updated-by": {...}
}
```

Note

We should consider that other MutatingWebhooks may affect the typed information
- Adding type check in validating webhook will be helpful