Add pathtest functionality to assign mutators

[maxsmythe]

Signed-off-by: Max Smythe smythe@google.com

What this PR does / why we need it:

Implementing path tests per #1079

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #1079

Special notes for your reviewer:

[shomron]

Very preliminary first pass, haven't gone through all the code yet - will circle back for complete review.

[shomron]

I'm not certain the parser will include enough context as to which path failed - we might want to wrap and include that.

[maxsmythe]

SGTM, added a wrap

[shomron]

What's the concurrency story for this mutator? Do we need to guard here?

[maxsmythe]

I don't think this should be accessed in a concurrent manner, but no reason not to throw a lock around this.

[maxsmythe]

Added an RWMutex

[shomron]

This version is missing the second nil check of the double-checked locking pattern - two threads that saw tester == nil above can serially enter the code below and initialize it twice. Not a huge deal, but probably not what we intended.

I'd suggest using a sync.Once to simplify and fix that issue all at once.

[maxsmythe]

I can definitely add the second nil check.

WRT sync.Once, I think we probably want to run the code every time if the value is nil, so that we can continue to return an appropriate error if nil is the result of an error.

The other option would be to cache the error as well, but that has the potential to make otherwise transient bugs sticky.

[shomron]

It sounds like we have a path forward here but removing lazy initialization.

[maxsmythe]

Yep! Committed a change that switches to eager initialization, should be good now.

[shomron]

This version is missing the second nil check of the double-checked locking pattern - two threads that saw tester == nil above can serially enter the code below and initialize it twice. Not a huge deal, but probably not what we intended.

I'd suggest using a sync.Once to simplify and fix that issue all at once.

[shomron]

Can you clarify why we need a lock for this field and not others?

[maxsmythe]

Sure, the reason is that the others are created on start-up via MutatorForAssign.

I could move the initialization there instead of lazy-loading to avoid locking entirely?

[maxsmythe]

That would have the added benefit of avoiding the need to have as many error returns as we do currently.

[shomron]

Agreed - I feel like it simplifies things if we only need to deal with a fully initialized mutator. 👍🏻

[maxsmythe]

addressed

[shomron]

Should we add bounds checks? It's possible for len(path.Nodes) == 0 with an empty location for example. Are we depending on prior validations?

[maxsmythe]

I think making sure len(path) != 0 is a good idea, as a mutation with no path makes no sense and we should catch that anywhere it leaks.

Looking at other validation code, it appears we are only validating whether location parses, which it would if it were empty. So, I think there are two work items:

1. Validate Mutate inputs using the minimum standards necessary for making a coherent mutate call
2. Add more location validation to Assign (I think AssignMeta enforces using a metadata prefix)

[shomron]

SGTM. Assuming we apply additional validations earlier on, are you thinking we should still do bounds checking in places like this or build on the preconditions from validation?

[maxsmythe]

I think we should do "minimum sane input" bounds checking.

If there is no reason a function should see a given input (e.g. mutating a zero length path has no semantic meaning other than maybe overwriting the entire object), we should validate that so we can surface bugs like uninitialized structs.

I don't think we should go stricter than that though, to avoid needing to tweak validation in too many places if we add functionality.

[maxsmythe]

added the sanity checks to the mutate() function

[shomron]

Is this dereference safe?

[maxsmythe]

It should be... I don't think it's possible to trigger a create against a globbed path entry as a missing entry just doesn't fan out.

We can return an error per above, if you prefer?

[shomron]

Yes, I'd prefer not depending on too many far-away assumptions to avoid panics, as they have a habit of changing under your feet. And even when they don't, it makes it harder to reason about correctness of the code in isolation.

[maxsmythe]

+1

[maxsmythe]

added nil checking

[shomron]

I think this dereference is safe because we know Glob==false, but that requires a lot of knowledge of the parser. It might be worth adding a KeyValue accessor that is nil-safe just in case.

[maxsmythe]

+1

I think the correct answer is to return an error if we get an unexpected nil here.

[shomron]

Agreed.

[maxsmythe]

added nil checking

[codecov-io]

Codecov Report

Merging #1101 (118abb7) into master (be2f5b4) will increase coverage by 0.30%.
The diff coverage is 57.48%.

@@            Coverage Diff             @@
##           master    #1101      +/-   ##
==========================================
+ Coverage   48.08%   48.39%   +0.30%     
==========================================
  Files          62       63       +1     
  Lines        4274     4319      +45     
==========================================
+ Hits         2055     2090      +35     
- Misses       1964     1974      +10     
  Partials      255      255              

Flag	Coverage Δ
unittests	48.39% <57.48%> (+0.30%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/audit/manager.go	0.00% <0.00%> (ø)
pkg/controller/constraint/constraint_controller.go	4.22% <0.00%> (-0.02%)	⬇️
pkg/controller/sync/sync_controller.go	0.00% <0.00%> (ø)
pkg/metrics/exporter.go	0.00% <0.00%> (ø)
pkg/readiness/ready_tracker.go	69.09% <ø> (-0.73%)	⬇️
pkg/util/pack.go	0.00% <0.00%> (ø)
pkg/watch/replay.go	71.08% <ø> (+0.96%)	⬆️
pkg/webhook/mutation.go	12.68% <0.00%> (ø)
pkg/webhook/policy.go	27.31% <0.00%> (ø)
pkg/target/target.go	66.03% <25.00%> (ø)
... and 16 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9d424ff...118abb7. Read the comment docs.

[shomron]

LGTM!

[maxsmythe]

🎊