Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix PSP update validation #31934

Merged
merged 1 commit into from
Sep 3, 2016
Merged

Fix PSP update validation #31934

merged 1 commit into from
Sep 3, 2016

Conversation

timstclair
Copy link

@timstclair timstclair commented Sep 2, 2016
edited by k8s-oncall
Loading

Issues fixed:

  • apparmor annotations were not being validated
  • sysctl annotations were not being validated
  • ValidateObjectMetaUpdate parameters were reversed

/cc @sttts

1.4 justification:

  • Risk: If I did something wrong, valid updates could be rejected or invalid updates accepted.
  • Rollback: Nothing should depend on this behavior
  • Cost: As it stands, the PSP can be updated to an invalid state. The cost of this is relatively low, but a bad user experience.

This change is Reviewable

@timstclair timstclair added area/security area/api Indicates an issue on api area. labels Sep 2, 2016
@timstclair timstclair added this to the v1.4 milestone Sep 2, 2016
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Sep 2, 2016
@timstclair timstclair added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Sep 2, 2016
@k8s-bot
Copy link

k8s-bot commented Sep 2, 2016

GCE e2e build/test passed for commit 4f25651.

@pweil-
Copy link
Contributor

pweil- commented Sep 2, 2016

+1 good catch. LGTM

@timstclair timstclair added cherrypick-candidate lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed cherrypick-candidate labels Sep 2, 2016
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Sep 3, 2016

GCE e2e build/test passed for commit 4f25651.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit da0e565 into kubernetes:master Sep 3, 2016
@k8s-github-robot k8s-github-robot mentioned this pull request Sep 3, 2016
Closed
@sttts
Copy link
Contributor

sttts commented Sep 5, 2016

@timstclair thanks for spotting and fixing this 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@pweil- pweil-

Labels
area/api Indicates an issue on api area. area/security lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@timstclair @k8s-bot @pweil- @k8s-github-robot @sttts @googlebot @tallclair