New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes CEL estimated cost to propagate result sizes correctly #119800
Conversation
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Mon Aug 7 16:31:33 UTC 2023. |
c228a6e
to
f63c61b
Compare
/priority important-soon |
@@ -1688,12 +1688,12 @@ func TestCostEstimation(t *testing.T) { | |||
"before": strType, | |||
"after": strType, | |||
}) | |||
objType = withRule(objType, "self.str.replace(self.before, self.after) == 'does not matter'") | |||
objType = withRule(objType, "self.str.replace(self.before, self.after) == '0123456789'") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
any explanation for why this test changed or why the new value is better / more correct?
asked another way, if we'd kept the value 'does not matter'
, would the expectedCalcCost / expectedSetCost have changed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question. This is the only test that exercised the behavior being fixed. But it failed to catch it.
The estimator calculates the cost of the equals check based on the min(length(LHS), length(RHS))
of the equal operation.
Before fixing the bug it was doing min(length(MAX_INT), length("does not matter"))
and so the expected cost values were based on the length of "does not matter". When I fixed the bug it changed the expected values because length(<expected replace result size>)
became less than "does not matter". This is what the test should have expected all along.
I actually don't need to keep this string change, I modified it when testing my assumptions locally, I'll revert it. The expected values will still change.
/retest |
/triage accepted |
Changelog suggestion Fixed a bug where CEL expressions in CRD validation rules would incorrectly compute a high estimated cost for functions that return strings, lists or maps.
The incorrect cost was evident when the result of a function was used in subsequent operations. Does this definitely only apply to CRD validation and not elsewhere? |
Yes, this applies only to CRD validation. It is the only feature that uses estimated cost. |
/hold cancel |
/lgtm |
LGTM label has been added. Git tree hash: 31c38f82edcf00bb81d314b41b7c74439caacc5d
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jpbetz, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
Merge of this is giving below error in ppc architecture:
@jpbetz Please let us know if anything has to be changed specific to architecture. |
There is not. The cost of this expression changed from 16 to 14 in cel-go 1.16.1 (https://github.com/google/cel-go/commits/v0.16.1) by this exact amount. Can you point me to the test run, I'd like to validate that the dependency update was applied. |
https://prow.ppc64le-cloud.cis.ibm.net/view/gs/ppc64le-kubernetes/logs/periodic-kubernetes-unit-test-ppc64le/1692340684859641856 is the link to CI job that has been failing with above test. |
Yes, the test failures exactly matche what would happen if somehow the cel-go bump from 1.16.0 to 1.16.1 was somehow not applied. I checked the cel-go code for anything architecture specific and found nothing. I think our best lead at the moment is that the failure exactly matches what should happen if the dependency bump is not picked up. I've opened a slack thread: https://kubernetes.slack.com/archives/C09QZ4DQB/p1692373534287669 |
#120097 fixes the ppc64le issue. |
…00-origin-release-1.28 Automated cherry pick of #119800: Fixes CEL estimated cost to propagate result sizes correctly
Manual cherry pick of #119800: Fixes CEL estimated cost to propagate result sizes correctly
Manual cherry pick of #119800: Fixes CEL estimated cost to propagate result sizes correctly
/kind bug
What this PR does / why we need it:
Fixes CEL estimated cost to propagate the result size of functions that returns strings/bytes/lists/maps. Without this fix, the estimated size is assumed to be max integer and the estimated cost limit is exceeded, preventing some valid CEL expressions from being used in CRDs for validation.
Which issue(s) this PR fixes:
Fixes #119749
Special notes for your reviewer:
See google/cel-go#787 for the fix to cel-go picked up by this PR. The rest of this PR is tests to ensure the fix applies as expected.
Does this PR introduce a user-facing change?