-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policy fix revert by only recording an "old" value if it existed before the changes #29162
Conversation
Simplify ChangeState by changing 'Old' back to a 'map[Key]MapStateEntry'. This is used only for reverting and in that case there is no need to optimize scanning deny entries. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
909f73f
to
faeb621
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drive-by comment - lgtm otherwise
Add a Diff member function so that test failures can report the difference between the obtained and expected MapState. Takes in an unused '*testing.T' to make sure this is only used in testing. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
Only record an old entry in ChangeState if it existed before this round of changes. We do this by testing if the entry is already in Adds. If not, then we record the old entry key and value. If the Adds entry exists, however, this entry may have only been added on this round of changes and we do not record the old value. This is safe due to the fact that when the Adds entry is created, the Old value is stored before adding the Adds entry, so for the first Adds entry the Old value does not yet exist and will be added. This removes extraneous Old entries that did not actually originally exist. Before this ChangeState.Revert did restore an entry the should not exists based on these extraneous Old entries. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
faeb621
to
1ef653e
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving pkg/endpoint/bpf.go
changes for my codeowners.
Marking with backport/author as the backports to v1.12, v1.13 and v1.14 are non-trivial and likely require #28352 to be backported first. |
This PR is already part of 1.15 |
Looked into backporting this to 1.13 and 1.12, and there are a lot of non-backported dependencies that make the backport somewhat risky. Since we don't know of any reports of actual problems cause by the issue fixed here, I'll drop the 1.13 and 1.12 backports for now. |
Only record an old entry in
ChangeState
if it existed before this round of changes. We do this by testing if the entry is already inAdds
. If not, then we record the old entry key and value. If theAdds
entry exists, however, this entry may have only been added on this round of changes and we do not record the old value. This is safe due to the fact that when theAdds
entry is created, theOld
value is stored before adding theAdds
entry, so for the firstAdds
entry theOld
value does not yet exist and will be added.This removes extraneous
Old
entries that did not actually originally exist. Before this changeChangeState.Revert
could have restored entries the should not exists, based on these extraneousOld
entries.Note that the change in
TestMapState_AccumulateMapChangesOnVisibilityKeys
on the 3rd commit shows the effect of this change. Previously the test resulted in an entry inChangeState.Old
that did not exist before the changes started, but was recoded due to an entry being first added and then modified within the same set of changes.