Need better debug logging for patch operations #89874
Comments
MikeSpreitzer
added
the
kind/feature
k8s-ci-robot
added
the
needs-sig
|
@kubernetes/sig-api-machinery-feature-requests |
k8s-ci-robot
added
sig/api-machinery
|
/good-first-issue |
|
@MikeSpreitzer: Please ensure the request meets the requirements listed here. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
good first issue
|
This may be particularly helpful to someone struggling with #89875 |
|
/assign |
|
FYI, for a comparison of similar debug logging you can try setting |
|
FYI, here is the debug logging statement that I used: That was right after the call to |
|
It would be appropriate to do the same for the case of JSON Patch and JSON Merge Patch as well as the stategic merge patch. |
That's somewhat intentional. Logging of API server request bodies without regard to whether the resource is a confidential one (e.g. secrets) would expose confidential content. If we add debug output of Request bodies to the API server log, we'll need to do so in a way that is not considered a vulnerability. |
|
Good point. So would it suffice to carve out an exception for objects of the core Secret kind? |
The audit logging and storage encryption mechanisms do not special-case secret resources, I would not expect this to. |
|
/assign @jennybuckley |
|
Can I take this up as my first issue? Any pointers would be helpful. |
|
@twisted-sres : yes. |
In general, I don't want to increase the number of ways confidential data can leak into server logs. Are there other ways we could ease testing patches (like simpler use of patching functions in a library/unit test) or surface potential problems (like returning warnings, similar to the mechanism proposed in #73032)? |
|
The particularly difficult thing about patching is that it is very easy for a client developer to make a mistake that produces an unexpected result and NO error NOR warning message on the server. Just goof up a field name or a bit of structure, and the patch has little or no effect on the target object. I suppose it should be possible --- for JSON merge and for strategic merge patches --- to add a check on the server side, comparing the patch with the patched object to see if the patch contains material that does not appear in the patched object. It should be possible to also do a similar check for a JSON patch, looking for patch material that had no effect. Would there be a way to plumb a warning from these out to a reply header? |
I actually just started a proposal for server -> client warnings (https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1693-warnings) which could surface something like that in the future, though getting the "field X in patch didn't exist so was ignored" plumbed out of the patch/json stack without erroring would be non-trivial as well. |
|
Note that users can and should use dry run to verify their change will have the desired effect. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
removed
the
lifecycle/stale
k8s-ci-robot
added
the
lifecycle/rotten
|
@MikeSpreitzer what is the status of this issue? can we close this one if we follow up with the client warnings instead of generating new logs? |
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
and others
What would you like to be added:
I would like debug logging to show the heart of the processing of a patch request. For example, showing the inputs and outputs of https://github.com/kubernetes/apiserver/blob/fa3c8ad6d7aff4ba13bf7296583ed2815db1be44/pkg/endpoints/handlers/patch.go#L620 .
Why is this needed:
It is way too easy to botch a PATCH request. Due to the way JSON decoding happily and silently discards unexpected contents, it is very easy to accidentally write buggy code that provokes no error. There is no existing debug logging to help a developer see the error in their ways.
I spent a lot of time chasing a bug that was immediately evident when I put in debug logging about the line mentioned above.
The text was updated successfully, but these errors were encountered: