Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[wip] annotate PersistentVolume with schema validations #123163

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

[wip] annotate PersistentVolume with schema validations #123163

wants to merge 10 commits into from

Conversation

alexzielenski
Copy link
Contributor

@alexzielenski alexzielenski commented Feb 6, 2024
edited

What type of PR is this?

/kind feature

What this PR does / why we need it:

Updates kube-openapi dependency to bring in recent marker comment changes. and also annotates PersistentVolume with comments as well as instrumenting its validation unit tests with a framework to also test against versioned schemas.

Was able to get surprisingly far annotating persistentvolume, but we still have some gaps in our tooling preventing us from going faster/farther:

Outstanding issues discovered by this exploration (with corresponding failing unit tests in italics):

Kube-OpenAPI Bugs/Things that can be solved with kube-openapi

  • Int-Or-String Differences: In Kube-openapi we use oneOf to distinguish IntOrString types like Quantity without writing type in their schema. This causes problems with our CEL schema code written for CRDs which expect a non-empty type. This can be worked around by adding x-kubernetes-int-or-string: true to any place we generate such a oneOf.
  • Scopedness not included in schema: We don't know how to validate namespace
  • +enum ignored when used as a list element
  • Missing ability to parameterize/override validations in shared schemas at point of use
  • (Not blocking) Validation comments on types ignored when they are embedded
  • (Not blocking) [In Progress] Name format marker comments

CEL Library augmentations

  • CEL Library for name formats
  • Missing path.Clean CEL library func (_with_recycle_reclaim_policy 2)
  • No Set library or ability to efficiently detect duplicates

More Complicated/Needs Design

  • [In Progress] Use variables within schemas to avoid repetition and access parent information in subfields (JobSpec, Pod)
  • Can't specify FieldValueUnsupported or FieldValueNotFound as a reason on a Validation Rule.

/hold

Still exploring marker comments & their limits

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 6, 2024
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kube-proxy area/kubectl sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Feb 6, 2024
@ndixita ndixita moved this from Triage to Archive-it in SIG Node CI/Test Board Feb 28, 2024
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 2, 2024
@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 11, 2024
@alexzielenski alexzielenski force-pushed the update-kube-openapi-markers branch 3 times, most recently from a0d5ed2 to 1070734 Compare April 19, 2024 02:05
@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 23, 2024
@alexzielenski alexzielenski force-pushed the update-kube-openapi-markers branch 4 times, most recently from 2bc5e1f to b2741f7 Compare May 6, 2024 21:48
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: alexzielenski
Once this PR has been reviewed and has the lgtm label, please assign liggitt for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@alexzielenski alexzielenski mentioned this pull request May 7, 2024
Merged
@alexzielenski
TEMP: pin openapi
d632e5e 
pin
@alexzielenski
bugfix/workaround: preserve field-level overrides
d4983a5 
resolveRefs has the side effect that it clobbers extra schema information stored in the field which used the ref
@alexzielenski
bugfix/workaround: inject x-kubernetes-int-or-string to such oneOf sc…
7ddb7ff 
…hemas
@alexzielenski
bugfix/workaround: strip unsupported formats from schema when resolving
27d544c
@alexzielenski
add portName format to CEL library
ab0b97c
@alexzielenski
allow multiple messageExpression strings to be returned
cdc08ee
@alexzielenski
allow CEL and additionalProperties used in allof
1453085 
additionalProperties makes sense to use in a NestedValueValidation, but it is currently forbidden. This change makes the treatment of additionalProperties more in line with the treatment of `items` or `properties` - so users can specify additional value validations for schemas which use `additionalProperties` structurally.

This change also move XValidations so that it is allowed to be used inside an allOf in a CRD schema

codegen: deepycopy-gen

preserve errors for additionalProperties and xvalidations so the API surface stays the same

Once this has had some soak time we can allow CRDs to use these abilities

add allOf support into CEL validator

preserve errors for additionalProperties and xvalidations so the API surface stays the same

Once this has had some soak time we can allow CRDs to use these abilities
@alexzielenski
add framework for testing validations for native types and schemas
dd86474 
f
@alexzielenski
annotate a subset of Pod and PersistentVolune with declarative valida…
2b3c07c 
…tions

pd

pd

pd

pd
@alexzielenski
update codegen
0c33db6 
gen

gen

gen
@k8s-ci-robot
Copy link
Contributor

@alexzielenski: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kubernetes-node-e2e-containerd-1-7-dra add3eb3 link false /test pull-kubernetes-node-e2e-containerd-1-7-dra
pull-kubernetes-kind-dra add3eb3 link false /test pull-kubernetes-kind-dra
pull-kubernetes-e2e-gce-providerless add3eb3 link false /test pull-kubernetes-e2e-gce-providerless
pull-kubernetes-node-e2e-crio-dra add3eb3 link false /test pull-kubernetes-node-e2e-crio-dra
pull-kubernetes-e2e-kind-kms add3eb3 link false /test pull-kubernetes-e2e-kind-kms
pull-kubernetes-e2e-kind-ipv6 0c33db6 link true /test pull-kubernetes-e2e-kind-ipv6
pull-kubernetes-unit 0c33db6 link true /test pull-kubernetes-unit
pull-kubernetes-conformance-kind-ga-only-parallel 0c33db6 link true /test pull-kubernetes-conformance-kind-ga-only-parallel
pull-kubernetes-e2e-gce 0c33db6 link true /test pull-kubernetes-e2e-gce
pull-kubernetes-e2e-kind 0c33db6 link true /test pull-kubernetes-e2e-kind
pull-kubernetes-dependencies 0c33db6 link true /test pull-kubernetes-dependencies
pull-kubernetes-conformance-kind-ipv6-parallel 0c33db6 link false /test pull-kubernetes-conformance-kind-ipv6-parallel
pull-kubernetes-node-e2e-containerd 0c33db6 link true /test pull-kubernetes-node-e2e-containerd
pull-kubernetes-linter-hints 0c33db6 link false /test pull-kubernetes-linter-hints
pull-kubernetes-verify-lint 0c33db6 link true /test pull-kubernetes-verify-lint
pull-kubernetes-typecheck 0c33db6 link true /test pull-kubernetes-typecheck
pull-kubernetes-integration 0c33db6 link true /test pull-kubernetes-integration
check-dependency-stats 0c33db6 link false /test check-dependency-stats
pull-kubernetes-verify 0c33db6 link true /test pull-kubernetes-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewsykim andrewsykim Awaiting requested review from andrewsykim

@aroradaman aroradaman Awaiting requested review from aroradaman

Assignees
No one assigned
Labels
area/apiserver area/cloudprovider area/code-generation area/dependency Issues or PRs related to dependency changes area/kube-proxy area/kubectl area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/storage Categorizes an issue or PR as relevant to SIG Storage. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
SIG Apps
Status: Needs Triage
SIG Auth
Status: Needs Triage
SIG CLI
Status: Needs Triage
SIG Node CI/Test Board
Archive-it
SIG Node PR Triage
Status: not-only-sig-node
SIG Node PR Triage
WIP
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alexzielenski @k8s-ci-robot