Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rejecting valid Environment Variable Names #47 #78910

Closed
wants to merge 1 commit into from
Closed

Rejecting valid Environment Variable Names #47 #78910

wants to merge 1 commit into from

Conversation

pswica
Copy link
Contributor

@pswica pswica commented Jun 11, 2019

What type of PR is this?
/kind bug

What this PR does / why we need it:
Allows using ':' chars in kubectl --env, e.g. kubectl run myname --image=myimage:86 --port=80 --env="ConnectionStrings:DefaultConnection=Data Source=tcp:mySqlServer,1433;Initial Catalog=myDB;User Id=myUser;Password=mypassword;":
Which issue(s) this PR fixes:
Fixes kubernetes/kubectl#47

Special notes for your reviewer:
NONE
Does this PR introduce a user-facing change?:

Allows the use of ':' in environment names kubectl --env

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jun 11, 2019
@k8s-ci-robot
Copy link
Contributor

Hi @pswica. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 11, 2019
@pswica pswica mentioned this pull request Jun 11, 2019
Closed
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pswica
To complete the pull request process, please assign lavalamp
You can assign the PR to them by writing /assign @lavalamp in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 11, 2019
@pswica
Copy link
Contributor Author

pswica commented Jun 11, 2019
edited
Loading

/priority backlog

@k8s-ci-robot k8s-ci-robot added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jun 11, 2019
@pswica
Copy link
Contributor Author

pswica commented Jun 11, 2019

/cc @apelisse

@apelisse
Copy link
Member

Yeah, this should be mentioned in the kubectl issue, but there is already a long discussion about that somewhere else. Let me find you a reference.

@liggitt
Copy link
Member

liggitt commented Jun 12, 2019

xref #69415 (comment)

@pswica
Copy link
Contributor Author

pswica commented Jun 12, 2019

Thanks a lot @liggitt, everyone working actively on Kubernetes has been so helpful in getting me started and understanding a lot of the nuances when changing source code.

I will say this. I have tested what happens to resources that were created with a colon ':' and are then rolled back. I did this (with persistent etcd thanks to @dims) by

  1. making my changes in the PR
  2. running hack/local-up-cluster.sh
  3. creating a deployment with a colon in an environmental variable name:
  4. rolling back my changes in the PR
  5. running hack/local-up-cluster.sh

Here is what I found:

  1. I can view and use the resource just fine and I got no error messages interacting with it
  2. I can delete the resource just fine and got no errors deleting it
  3. I could not scale the resource

This leads me to think that, perhaps, this change could be introduced by simply providing a warning to the user when they make a resource with a colon in an environment name:

 if strings.Contains(value, ":") {
    klog.Warningf("You are using an environment variable name that contains a colon: '%v'. This is a new feature, and if you rollback your Kubernetes version you will only be able to get and delete this resource", value)
}

Perhaps first expand the validation (as in your 1a, b) and then Error out saying that allowing colons will happens soon. Then in the 1.X release can add the warning.

@liggitt
Copy link
Member

liggitt commented Jun 12, 2019

  • I can view and use the resource just fine and I got no error messages interacting with it
  • I can delete the resource just fine and got no errors deleting it
  • I could not scale the resource

Even not being able to scale the resource would be reason enough to need to phase this in, but there are additional scenarios that would break:

  • HA API servers skewed n-1 would not allow the resource to be updated
  • If a finalizer was added to the object, it would not be able to be removed via an n-1 API server

Relaxing validation on a GA API must be phased in over two releases as described

@fedebongio
Copy link
Contributor

/assign @apelisse

@pswica
Copy link
Contributor Author

pswica commented Jun 13, 2019

@fedebongio
Thank you for performing an /assign but this has already been reviewed by @apelisse and @liggitt . If anything, this can likely be closed as it causes an API breaking change. The goal now, for me, is to come up with a way so that v1.16 works if it has environmental names with a ":" (and others). E.g. it would not create environmental variables with ":" in the name but it could live with them.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Sep 11, 2019
@liggitt liggitt mentioned this pull request Sep 24, 2019
Closed
@liggitt
Copy link
Member

liggitt commented Sep 24, 2019

thanks for the PR. let's coordinate on desired approach in #53201 (comment) before proceeding (and be aware there are other PRs trying to address the same issue)

@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 24, 2019
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cheftako cheftako Awaiting requested review from cheftako

@wojtek-t wojtek-t Awaiting requested review from wojtek-t

@apelisse apelisse Awaiting requested review from apelisse

Assignees

@apelisse apelisse

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. priority/backlog Higher priority than priority/awaiting-more-evidence. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rejecting valid Environment Variable Names
6 participants
@pswica @k8s-ci-robot @apelisse @liggitt @fedebongio @fejta-bot