-
Notifications
You must be signed in to change notification settings - Fork 38.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Show error in status if preserve unknown fields is true for nonstructural schemas #93078
Show error in status if preserve unknown fields is true for nonstructural schemas #93078
Conversation
Hi @vareti. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @sttts |
if in.Spec.PreserveUnknownFields { | ||
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "preserveUnknownFields"), | ||
in.Spec.PreserveUnknownFields, | ||
fmt.Sprint("preserveUnknownFields must not be true"))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe the error string can be short,i.e. "must not be true". Would the condition still look good?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. Field name is redundant in error message. Condition still looks good even after removing the field.
73da3be
to
e8d38ba
Compare
e8d38ba
to
d782656
Compare
This PR may require API review. If so, when the changes are ready, complete the pre-review checklist and request an API review. Status of requested reviews is tracked in the API Review project. |
d782656
to
4680ed7
Compare
4680ed7
to
6a6f5b7
Compare
{ | ||
desc: "empty", | ||
expectedViolations: []string{ | ||
"spec.preserveUnknownFields: Invalid value: true: must not be true", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you make preserveUnknownFields a test input and add some test with and without?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added preserveUnknownFields as test input
if v := "spec.versions[0].schema.openAPIV3Schema.properties[a].type: Required value: must not be empty for specified object fields"; strings.Contains(cond.Message, v) { | ||
return false, nil | ||
} | ||
return true, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would add another step where you set preserveUnknownFields to false. Then this last violation should also go.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I set preserveUnknownFields to false, I get a validation error that says the all fields in schema will be pruned which I think is a valid error. Instead, I tried fixing both the validation errors with a patch. Now there will be no violations
Reason: "Violations", | ||
Message: field.Invalid(field.NewPath("spec", "preserveUnknownFields"), | ||
true, | ||
fmt.Sprint("must not be true")).Error(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
must be false
is better IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, sounds good. I updated all the references to must be false
/ok-to-test |
aren't there several reasons we'll elide the schema?
should we treat those coherently (either by adding/removing a condition for each of those, or a single condition to cover "reasons openapi isn't being published")? |
@liggitt don't mix non-structural and having constructs that kubectl does not understand or handle well. This here is about the former. We have a NonStructural condition exactly for that, but forget the global |
ah, ok |
f81dbb1
to
762bdd6
Compare
@@ -934,7 +946,9 @@ properties: | |||
metadata: | |||
type: object | |||
`, | |||
expectedViolations: []string{}, | |||
expectedViolations: []string{ | |||
"spec.preserveUnknownFields: Invalid value: true: must be false", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would instead set the value to false in all test fixtures by default, instead of changing all the expectations below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done!
for _, violation := range expectedViolations { | ||
if !strings.Contains(cond.Message, violation) { | ||
t.Fatalf("expected violation %q, but got: %v", violation, cond.Message) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
am still a little unsure and surprised about this big fallout here in the test. Would expect something very local. Isn't there a way to rewrite this test by adding steps only without rewriting what we have?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree the change is big and the same can be achieved by also adding the steps. But the intent was to just refactor the code to avoid duplication. This part of code does not change any of the previous logic and only adds some checking for preserveUnknownFields
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
made the changes to update the steps locally. please take a look.
762bdd6
to
6e39fc6
Compare
6e39fc6
to
68c23df
Compare
continue | ||
} | ||
if err != nil { | ||
t.Fatalf("unexpected update error: %v", err) | ||
} | ||
break |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sttts, vareti The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind bug
What this PR does / why we need it:
CRDs with
preserveUnknownFields: true
won't be published via OpenAPI andkubectl
explain will not work. This is intentional. But, nothing in the CRD status suggests thatpreserveUnknownFields: true
is the problem. This PR adds an error message when that is the case for non-structural schema.Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: