Preserve conflicting schemas and report conflicts #1364
Conversation
willbeason
force-pushed
the
conflicting-schema
branch
from
49e5f42
to
2137c73
Compare
willbeason
force-pushed
the
conflicting-schema
branch
6 times, most recently
from
937a78e
to
7a5c82f
Compare
|
|
||
| childKey := path[0].Key() | ||
| if _, found := n.children[childKey]; !found { | ||
| // The child does not exist. |
There was a problem hiding this comment.
In this case an unexpected missing field indicates that the database has been corrupted, leaving the process in an unknown state. The only way to recover from that is to panic.
We rely on mutex locks to prevent duplicated calls, and the fact that we bypass schema deletion if the mutator is not registered.
willbeason
force-pushed
the
conflicting-schema
branch
2 times, most recently
from
0b0a14c
to
26265d1
Compare
|
Setting up a meeting to figure out the desired behavior of pkg/mutation/system.go. |
willbeason
force-pushed
the
conflicting-schema
branch
3 times, most recently
from
860fa84
to
7d9886f
Compare
| @@ -0,0 +1,7 @@ | |||
| package util | |||
|
|
|||
| type Error string | |||
There was a problem hiding this comment.
Why are we adding this? Is errors.New() insufficient?
There was a problem hiding this comment.
Oren recommended this pattern so that errors could be compile-time constants. I have absolutely no opinion on whether we do this and will concede to reviewers. If you want me to remove it, I will.
There was a problem hiding this comment.
Let's figure out the "why" to get you out of the middle of conflicting feedback.
@shomron Is there benefit in creating our own error class instead of using errors.New()? I get the appeal of a constant.
willbeason
force-pushed
the
conflicting-schema
branch
from
7d9886f
to
cb4be04
Compare
willbeason
force-pushed
the
conflicting-schema
branch
from
cb4be04
to
f44d087
Compare
willbeason
force-pushed
the
conflicting-schema
branch
2 times, most recently
from
f833ede
to
0d23718
Compare
willbeason
force-pushed
the
conflicting-schema
branch
from
0d23718
to
ab86794
Compare
willbeason
force-pushed
the
conflicting-schema
branch
from
ab86794
to
aaa3d6b
Compare
willbeason
force-pushed
the
conflicting-schema
branch
2 times, most recently
from
48eea59
to
e90c987
Compare
|
minor gofmt issue in linter |
When multiple Pods are running mutators, it is possible that they will ingest mutators in different orders. Before this PR, we would essentially randomly pick which mutator to honor and discard future mutators which conflicted. Fixes: open-policy-agent#1216 Signed-off-by: Will Beason <willbeason@google.com>
willbeason
force-pushed
the
conflicting-schema
branch
from
67cef0d
to
a334e12
Compare
…1364) When multiple Pods are running mutators, it is possible that they will ingest mutators in different orders. Before this PR, we would essentially randomly pick which mutator to honor and discard future mutators which conflicted. Fixes: open-policy-agent#1216 Signed-off-by: Will Beason <willbeason@google.com> Signed-off-by: juliankatz <juliankatz@google.com>
Pre-warning: Some of the changes in this PR can be split off into
other PRs and others cannot. Many of the changes discussed
which can be split off won't make sense without this PR (e.g. the
changes to parser.Node), but I can put those in their own PR.
When multiple Pods are running mutators, it is possible that they will
ingest mutators in different orders. Before this PR, we would
essentially randomly pick which mutator to honor and discard future
mutators which conflicted.
AssignMutators now directly store []schema.GroupVersionKind
representing the types they match for schema bookkeeping. In the
future we may replace this with a map if we decide to use that
instead of iterating over the ApplyTos. ApplyTos thus have a
convenience method for flattening to the list of GVKs they match.
Various uses of meta.Accessor() have been removed as they are
no longer needed with the relatively new client.Client interface
update. Respective interfaces have been changed to accept
client.Object instead of runtime.Object as in all cases where
this change has been made, we have a client.Object.
Added degenerate cases to unit testing for Match to document
that it is intentional that empty Match fields implicitly match
everything.
Remove Bindings type (which just replicated the ApplyTo struct)
as we just use []schema.GroupVersionKind instead.
Replace combined cmp.Equal+cmp.Diff calls with single call to
cmp.Diff since this is more idiomatic.
Add Key() to Node interface so callers can access the key field
without needing to do type introspection.
Make Path no longer match the Node interface. We never use
a Path as a Node, so this has no functional impact. It does
make code checking for Nodes cleaner as we don't need to
check to see if a Node is of type Path (which in all cases is an error).
Split implicit schema conflict checking into its own type, schema.node.
Large changes to schema.DB to account for that we allow the implicit
schema to be in an inconsistent state, but can be healed by removing
the offending mutators.
As a side effect, this greatly reduced the complexity of DB and makes
testing simpler than it was before. I've completely rewritten the test
cases. It's possible I've missed edge cases - please suggest more.
Modify mutation.System to properly account for that schemas may
enter inconsistent states. Before calling mutate, System now
checks the DB to see if the mutator has conflicts in any of the
types it declares. Note that this means that if mutators Foo and Bar
have a conflict on the v1/Role type, but only Foo modifies the
v1beta1/Role type, then Foo will not perform mutations on
v1beta1/Role objects.
Define Error string type alias in util/ for use throughout the repository
per comment on previous PR.
Fixes: #1216
Signed-off-by: Will Beason willbeason@google.com