⚒️ fix CAPBK file conversion, add validating webhook #3100
Conversation
k8s-ci-robot
added
cncf-cla: yes
| file := restored.Spec.Files[i] | ||
|
|
||
| // Track files successfully up-converted. | ||
| // We need this |
There was a problem hiding this comment.
incomplete sentence?
alexeldeib
force-pushed
the
ace/convert
branch
2 times, most recently
from
08aeaf6 to
55161db
Compare
Signed-off-by: Alexander Eldeib <alexeldeib@gmail.com>
| for i, file := range src.Spec.Files { | ||
| if file.ContentFrom != nil { | ||
| // Cut file with referenced content. | ||
| // It's already in the marshaled data. | ||
| dst.Spec.Files = append(dst.Spec.Files[:i], dst.Spec.Files[i+1:]...) | ||
| } | ||
| } |
There was a problem hiding this comment.
I'm not sure if this is advisable, if I'm reading the code here and above correctly, we're removing all the files with file.ContentFrom and then restoring it later?
Another thing we should probably do is to backport the changes we made on making Content non-required to v1alpah2
There was a problem hiding this comment.
We can index on path name and set contentFrom where content is unset. Unfortunately, content is a string, not a string pointer, so detecting unset vs. empty is not really possible otherwise.
The alternative is converting the secret content into raw exposed string, but that doesn't make much sense to me.
Thoughts on options?
There was a problem hiding this comment.
We can change content to string pointer, but I wasn't sure about that since it would require client changes
There was a problem hiding this comment.
I see, if we relax the Content field in v1alpha2, allowing it to be empty we should be able to set ContentFrom back regardless? It's probably fair to say that ContentFrom takes precedence over Content
There was a problem hiding this comment.
We could also start validating against empty string for content? But I could imagine sentinel files being useful for stuff, I don't really want to introduce that dependency.
There was a problem hiding this comment.
I didn't run into anything that seemed to cause issues with empty string in v1a2, let me know if that's somehow mistaken.
There was a problem hiding this comment.
Our current tests won't run into OpenAPI validation for v1alpha2 types anymore, but given that the v1alpha2 field is required https://github.com/kubernetes-sigs/cluster-api/blob/master/bootstrap/kubeadm/api/v1alpha2/kubeadmbootstrapconfig_types.go#L140 we need to relax that to allow v1alpha2 controllers to operate
There was a problem hiding this comment.
Isn’t an empty string valid? I thought that would mean the field would get serialized as empty string, and adding omitempty to string would omit the field?
There was a problem hiding this comment.
I think you're right, having it without omitempty makes an empty string a valid value
alexeldeib
force-pushed
the
ace/convert
branch
2 times, most recently
from
12d0864 to
03ce2cf
Compare
Signed-off-by: Alexander Eldeib <alexeldeib@gmail.com>
alexeldeib
force-pushed
the
ace/convert
branch
2 times, most recently
from
fa71c57 to
de469ca
Compare
| // them as pointers for later modification without paying for second | ||
| // lookup. | ||
| dstPaths := make(map[string]*kubeadmbootstrapv1alpha3.File, len(dst.Spec.Files)) | ||
| for i := range dst.Spec.Files { |
There was a problem hiding this comment.
| for i := range dst.Spec.Files { | |
| for _, file := range dst.Spec.Files { |
There was a problem hiding this comment.
The first time you left this in review I agreed but for this one I don’t think I do because we need the pointer to the indexed value?
There was a problem hiding this comment.
yeah makes sense
| // file with no content, we should restore contentFrom to that file. | ||
| for _, restoredFile := range restored.Spec.Files { | ||
| dstFile, exists := dstPaths[restoredFile.Path] | ||
| if exists && dstFile.Content == "" { |
There was a problem hiding this comment.
I read the other thread but I'm still not sure I follow why we're checking for empty Content here instead of checking for set ContentFrom... isn't empty string content a valid File use case?
There was a problem hiding this comment.
So if you set a file content to empty in either v1a2 or v1a3, that still works. This will only try to match files where a v1a3 file was downconverted into empty content and then re-unconverted. It requires a match on the path.
Realistically, I don’t think this makes any difference. When does downconversion even happen in this scenario? V1a3 is the storage version, this is mostly for the sake of maintaining roundtrip-ability?
There was a problem hiding this comment.
That said I know string pointer is more correct and this feels weird, but I think it works okay in practice
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alexeldeib, vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
4 participants
What this PR does / why we need it:
Follow up from #3083