-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Runtime type checks of Unstructured content #55297
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ash2k Assign the PR to them by writing Associated issue: 51940 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
@@ -99,6 +122,9 @@ func NestedInt64(obj map[string]interface{}, fields ...string) (int64, bool) { | |||
return 0, false | |||
} | |||
i, ok := val.(int64) | |||
if !ok && invalidTypeDetectionEnabled { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My understanding of the bool in the return values is to allow this situation. It's a bit strange to panic.
Why not check the types on all the setters and every code path which creates an Unstructured. Then we get caller which is responsible for wrong types. If everything "incoming" is type-correct, we don't have to check in the getters. |
@@ -183,6 +231,9 @@ func setNestedFieldNoCopy(obj map[string]interface{}, value interface{}, fields | |||
if valMap, ok := val.(map[string]interface{}); ok { | |||
m = valMap | |||
} else { | |||
if invalidTypeDetectionEnabled { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we do deep type checking? We should, go recursively go into the map[string]interface{}
, compare the deepcopy func.
/cc @lavalamp |
I am terrified by having test code that gets compiled into production binaries. It's also not obvious to me that things that trigger this would definitely be errors. |
We have a strict implicit typing of the content in Unstructured. The algorithms like deepcopy and serialization depend on that and fall over or worse, return inconsistent results. These are errors. If we don't find them in tests, we will hit them in production. We can choose: add additional type-checking in unit or integration tests (not in e2e, so e2e will be exactly like production) or live with the uncertainity that we never checked the types. |
/ok-to-test |
@sttts You are right, this should be enough and we already do that - for any slice/map/interface{} data we do a deep copy which checks types recursively. This code was more to catch issues introduced by putting invalid types directly into
This should be "ownerReferences": []interface{}{
map[string]interface{}{
// ...
},
}, However I'd like to keep some cleanups from this PR - can submit another one if we decide this one is not needed. |
but we don't panic on type-error, but should probably. Yes, please keep the cleanups! |
What do you mean? We do panic in json deep copy: kubernetes/staging/src/k8s.io/apimachinery/pkg/conversion/unstructured/converter.go Line 451 in 7c10cbc
|
right, so every code path with SetNestedField at the end is fine. We have SetNestedSlice and SetNestedMap which do not deepcopy. But if my Gogland is right, they are not used. Can we remove them? |
Both of them just delegate to kubernetes/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/helpers.go Lines 226 to 228 in 7c10cbc
kubernetes/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/helpers.go Lines 210 to 212 in 7c10cbc
|
Right, should take some more time reviewing this or change my glasses :) Then we are on the safe side. Good! |
ecd026f
to
5936771
Compare
5936771
to
f0ac746
Compare
Automatic merge from submit-queue (batch tested with PRs 55615, 56010, 55990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Unstructured cleanups **What this PR does / why we need it**: Cleanups for `Unstructured`/`UnstructuredList` extracted from #55297. **Release note**: ```release-note NONE ``` /sig api-machinery /kind enhancement /assign @sttts
@ash2k PR needs rebase |
Most of the checks have been incorporated into #55168. I'm closing this PR, at least for now. Please reopen if this functionality is needed. |
What this PR does / why we need it:
Adds a flag that can be enabled via
UNSTRUCTURED_INVALID_TYPE_DETECTOR
environment variable to do strict type checks inUnstructured
code. It can be used in unit and integration tests to catch bugs. This is similar to existing flags:kubernetes/staging/src/k8s.io/apimachinery/pkg/conversion/unstructured/converter.go
Line 81 in 51e653d
and
kubernetes/staging/src/k8s.io/client-go/tools/cache/mutation_detector.go
Line 34 in ed42305
Special notes for your reviewer:
This is a follow up for #51940. I don't know how to enable this in unit, integration tests (also when run via Bazel). Any ideas?
Release note:
/kind feature
/sig api-machinery
/assign @sttts