Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] "failed to load context" in logs #1585

Closed
chipzoller opened this issue Feb 12, 2021 · 5 comments · Fixed by #1710
Closed

[BUG] "failed to load context" in logs #1585

chipzoller opened this issue Feb 12, 2021 · 5 comments · Fixed by #1710
Assignees
@kacejot
Labels
bug Something isn't working good first issue Good for newcomers
Milestone
Kyverno Release 1...

Comments

@chipzoller
Copy link
Member

Software version numbers
State the version numbers of applications involved in the bug.

  • Kubernetes version: 1.19.1
  • Kyverno version: 1.3.2

Describe the bug
(Follow-up from #1582)

When deleting the Deployment, this gets logged:

I0212 14:21:43.108234       1 validation.go:109] EngineValidate "msg"="failed to load context" "kind"="Deployment" "name"="kyvernodeploy" "namespace"="secrets" "policy"="select-secrets" "rule"="select-secrets-from-volumes" "reason"="failed to substitute variables in context entry volsecret /api/v1/namespaces/{{request.object.metadata.namespace}}/secrets/{{request.object.spec.template.spec.volumes[0].secret.secretName}}: variable request.object.metadata.namespace not resolved at path "
@chipzoller chipzoller added the bug Something isn't working label Feb 12, 2021
@chipzoller chipzoller mentioned this issue Feb 12, 2021
Closed
@chipzoller chipzoller changed the title [BUG] "failed to load context" in logs when deleting resource [BUG] "failed to load context" in logs Feb 12, 2021
@chipzoller
Copy link
Member Author

The aforementioned message gets logged when deleting a Deployment, but it also gets logged when the (linked issue #1582) Policy targets Deployments, a Deployment is created, but there is a variable substitution problem. While the logging is correct in this instance, notice that it doesn't print the path as well as it gets logged in triplicate when it only needs to be logged once.

Here is the log output from such an event:

I0212 18:42:57.884682       1 validation.go:109] EngineValidate "msg"="failed to load context" "kind"="Deployment" "name"="kyvernodeploy" "namespace"="secrets" "policy"="select-secrets" "rule"="select-secrets-from-volumes" "reason"="failed to substitute variables in context entry volsecret /api/v1/namespaces/{{request.object.metadata.namespace}}/secrets/{{request.object.spec.volumes[0].secret.secretName}}: variable request.object.spec.volumes[0].secret.secretName not resolved at path "
I0212 18:42:57.955102       1 validation.go:109] EngineValidate "msg"="failed to load context" "kind"="Deployment" "name"="kyvernodeploy" "namespace"="secrets" "policy"="select-secrets" "rule"="select-secrets-from-volumes" "reason"="failed to substitute variables in context entry volsecret /api/v1/namespaces/{{request.object.metadata.namespace}}/secrets/{{request.object.spec.volumes[0].secret.secretName}}: variable request.object.spec.volumes[0].secret.secretName not resolved at path "
I0212 18:43:00.127616       1 validation.go:109] EngineValidate "msg"="failed to load context" "kind"="Deployment" "name"="kyvernodeploy" "namespace"="secrets" "policy"="select-secrets" "rule"="select-secrets-from-volumes" "reason"="failed to substitute variables in context entry volsecret /api/v1/namespaces/{{request.object.metadata.namespace}}/secrets/{{request.object.spec.volumes[0].secret.secretName}}: variable request.object.spec.volumes[0].secret.secretName not resolved at path "

@realshuting realshuting added this to the Kyverno Release 1.3.3 milestone Feb 13, 2021
@realshuting realshuting added the good first issue Good for newcomers label Feb 13, 2021
@kacejot kacejot self-assigned this Feb 23, 2021
@kacejot
Copy link
Contributor

kacejot commented Feb 26, 2021

@chipzoller,
Should we validate resources on DELETE operation? The simplest solution here is to turn off validation on delete.

I0212 14:21:43.108234       1 validation.go:109] EngineValidate "msg"="failed to load context" "kind"="Deployment" "name"="kyvernodeploy" "namespace"="secrets" "policy"="select-secrets" "rule"="select-secrets-from-volumes" "reason"="failed to substitute variables in context entry volsecret /api/v1/namespaces/{{request.object.metadata.namespace}}/secrets/{{request.object.spec.template.spec.volumes[0].secret.secretName}}: variable request.object.metadata.namespace not resolved at path "

@chipzoller
Copy link
Member Author

It seems like that may be best. @realshuting for her take.

@realshuting
Copy link
Member

@kacejot For the DELETE operation, we should use request.oldObject to lookup values. Can we handle this internally in Kyverno?

kacejot added a commit to kacejot/kyverno that referenced this issue Mar 2, 2021
@kacejot
fix kyverno#1585 issue; validate on DELETE the oldResource
085a565
@kacejot kacejot mentioned this issue Mar 2, 2021
Closed
3 tasks
kacejot added a commit to kacejot/kyverno that referenced this issue Mar 12, 2021
@kacejot
fix kyverno#1585 issue; validate on DELETE the oldResource
08012a6 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
kacejot added a commit to kacejot/kyverno that referenced this issue Mar 15, 2021
@kacejot
fix kyverno#1585 issue; validate on DELETE the oldResource
17699e4 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
@kacejot kacejot mentioned this issue Mar 15, 2021
Merged
3 tasks
kacejot added a commit to kacejot/kyverno that referenced this issue Mar 19, 2021
@kacejot
apply PR edits for kyverno#1585 issue fix; add test with nested var
5b4f8b0 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
@kacejot
Copy link
Contributor

kacejot commented Mar 19, 2021

Status: ready for 1.3.5 release

realshuting pushed a commit that referenced this issue Mar 19, 2021
@kacejot
Bug Fix: #1585 issue; validate on DELETE the oldResource (#1710)
3373a79 
* fix #1585 issue; validate on DELETE the oldResource

Signed-off-by: Max Goncharenko <kacejot@fex.net>

* apply PR edits for #1585 issue fix; add test with nested var

Signed-off-by: Max Goncharenko <kacejot@fex.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kacejot kacejot

Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
Kyverno Release 1.3.5
Development

Successfully merging a pull request may close this issue.

Bug Fix: #1585 issue; validate on DELETE the oldResource kacejot/kyverno
3 participants
@kacejot @realshuting @chipzoller