New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1860136: Fix for Annotation was not propagated to the route when changes made to existing ingress object #149
Conversation
@Miciah PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't routeMatchesIngress
need to check annotations?
Can you add a test case to TestController_sync
?
pkg/route/ingress/ingress.go
Outdated
@@ -439,11 +439,21 @@ func (c *Controller) sync(key queueKey) error { | |||
if err != nil { | |||
return err | |||
} | |||
annotations, err_annotation := json.Marshal(&route.Annotations) | |||
if err_annotation != nil { | |||
return err_annotation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you just use err
?
pkg/route/ingress/ingress.go
Outdated
annotations = []byte(fmt.Sprintf(`[{"op":"replace","path":"/metadata/annotations","value":%s}]`, annotations)) | ||
_, err_annotation = c.routeClient.Routes(route.Namespace).Patch(context.TODO(), route.Name, types.JSONPatchType, annotations, metav1.PatchOptions{}) | ||
if err_annotation != nil { | ||
err_annotations = append(err_annotations, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't use err_annotations
anywhere. Why not append the error value to errs
?
bb6f0ed
to
ae39fd4
Compare
@Miciah PTAL |
Unit test have passed -> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/retitle Bug 1860136: Fix for Annotation was not propagated to the route when changes made to existing ingress object
Could you add a unit test where the route exists and has an annotation and the ingress has no annotations?
pkg/route/ingress/ingress.go
Outdated
@@ -15,7 +16,6 @@ import ( | |||
kerrors "k8s.io/apimachinery/pkg/api/errors" | |||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | |||
"k8s.io/apimachinery/pkg/labels" | |||
"k8s.io/apimachinery/pkg/types" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please put this back.
pkg/route/ingress/ingress.go
Outdated
@@ -565,6 +572,9 @@ func newRouteForIngress( | |||
|
|||
func preserveRouteAttributesFromExisting(r, existing *routev1.Route) { | |||
r.Name = existing.Name | |||
if r.Annotations != nil && existing.Annotations != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think if r.Annotations != nil && existing.Annotations != nil
should be deleted for the same reason I mentioned on the patch logic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The unit test cases fails after making these changes ->
[miheer@miheer openshift-controller-manager]$ GO111MODULE=on go test -v -run TestController_sync ./pkg/route/ingress/
=== RUN TestController_sync
=== RUN TestController_sync/no_changes
=== RUN TestController_sync/sync_namespace_-no_ingress
=== RUN TestController_sync/sync_namespace-two_ingress
=== RUN TestController_sync/ignores_incomplete_ingress-no_host
=== RUN TestController_sync/ignores_incomplete_ingress-no_service
=== RUN TestController_sync/ignores_incomplete_ingress-no_paths
=== RUN TestController_sync/ignores_incomplete_ingress-service_does_not_exist
=== RUN TestController_sync/create_route
=== RUN TestController_sync/create_route-_targetPort_string,service_port_with_name
=== RUN TestController_sync/create_route-blocked_by_expectation
=== RUN TestController_sync/update_route
=== RUN TestController_sync/no-op
=== RUN TestController_sync/no-op-ignore_partially_owned_resource
=== RUN TestController_sync/update_ingress_with_missing_secret_ref
=== RUN TestController_sync/update_ingress_to_not_reference_secret
=== RUN TestController_sync/update_route-tls_config_missing
=== RUN TestController_sync/update_route-termination_policy_changed_to_passthrough
=== RUN TestController_sync/update_route-termination_policy_changed_to_reencrypt
=== RUN TestController_sync/update_route-_termination_policy_changed_to_reencrypt_and_no_tls_secret
=== RUN TestController_sync/termination_policy_on_ingress_invalid,nothing_happens
=== RUN TestController_sync/termination_policy_on_ingress_invalid,disables_tls
=== RUN TestController_sync/Empty_tlsconfig_enables_edge_termination_without_explicit_cert
=== RUN TestController_sync/update_route-secret_values_changed
=== RUN TestController_sync/no-op-has_TLS
=== RUN TestController_sync/no-op-has_secret_with_empty_keys
=== RUN TestController_sync/no-op-termination_policy_has_been_changed_by_the_user
=== RUN TestController_sync/update_route-router_admitted_route
=== RUN TestController_sync/update_route-second_router_admitted_route
=== RUN TestController_sync/no-op-ingress_status_already_updated
=== RUN TestController_sync/no-op-router_rejected_route
=== RUN TestController_sync/delete_route_when_referenced_secret_is_not_TLS
=== RUN TestController_sync/delete_route_when_referenced_secret_is_not_valid
=== RUN TestController_sync/ignore_route_when_parent_ingress_no_longer_exists(gc_will_handle)
=== RUN TestController_sync/update_route-termination_policy_changed_to_passthrough_and_timeout_set
--- FAIL: TestController_sync (0.00s)
--- PASS: TestController_sync/no_changes (0.00s)
--- PASS: TestController_sync/sync_namespace-no_ingress (0.00s)
--- PASS: TestController_sync/sync_namespace-two_ingress (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-no_host (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-no_service (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-no_paths (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-service_does_not_exist (0.00s)
--- PASS: TestController_sync/create_route (0.00s)
--- PASS: TestController_sync/create_route-_targetPort_string,service_port_with_name (0.00s)
--- PASS: TestController_sync/create_route-blocked_by_expectation (0.00s)
--- PASS: TestController_sync/update_route (0.00s)
--- PASS: TestController_sync/no-op (0.00s)
--- PASS: TestController_sync/no-op-ignore_partially_owned_resource (0.00s)
--- PASS: TestController_sync/update_ingress_with_missing_secret_ref (0.00s)
--- PASS: TestController_sync/update_ingress_to_not_reference_secret (0.00s)
--- PASS: TestController_sync/update_route-tls_config_missing (0.00s)
--- FAIL: TestController_sync/update_route-termination_policy_changed_to_passthrough (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"passthrough","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- FAIL: TestController_sync/update_route-termination_policy_changed_to_reencrypt (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"reencrypt","certificate":"cert","key":"key","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- FAIL: TestController_sync/update_route-_termination_policy_changed_to_reencrypt_and_no_tls_secret (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"reencrypt","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- FAIL: TestController_sync/termination_policy_on_ingress_invalid,nothing_happens (0.00s)
ingress_test.go:2623: Controller.sync() unexpected actions: []testing.Action{testing.PatchActionImpl{ActionImpl:testing.ActionImpl{Namespace:"test", Verb:"patch", Resource:schema.GroupVersionResource{Group:"route.openshift.io", Version:"v1", Resource:"routes"}, Subresource:""}, Name:"1-abcdef", PatchType:"application/json-patch+json", Patch:[]uint8{0x5b, 0x7b, 0x22, 0x6f, 0x70, 0x22, 0x3a, 0x22, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x22, 0x2c, 0x22, 0x70, 0x61, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x2f, 0x73, 0x70, 0x65, 0x63, 0x22, 0x2c, 0x22, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x3a, 0x7b, 0x22, 0x68, 0x6f, 0x73, 0x74, 0x22, 0x3a, 0x22, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x22, 0x2c, 0x22, 0x70, 0x61, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x2f, 0x22, 0x2c, 0x22, 0x74, 0x6f, 0x22, 0x3a, 0x7b, 0x22, 0x6b, 0x69, 0x6e, 0x64, 0x22, 0x3a, 0x22, 0x22, 0x2c, 0x22, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x3a, 0x22, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2d, 0x31, 0x22, 0x2c, 0x22, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0x3a, 0x6e, 0x75, 0x6c, 0x6c, 0x7d, 0x2c, 0x22, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x3a, 0x7b, 0x22, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x3a, 0x22, 0x68, 0x74, 0x74, 0x70, 0x22, 0x7d, 0x2c, 0x22, 0x74, 0x6c, 0x73, 0x22, 0x3a, 0x7b, 0x22, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x22, 0x65, 0x64, 0x67, 0x65, 0x22, 0x2c, 0x22, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x3a, 0x22, 0x63, 0x65, 0x72, 0x74, 0x22, 0x2c, 0x22, 0x6b, 0x65, 0x79, 0x22, 0x3a, 0x22, 0x6b, 0x65, 0x79, 0x22, 0x2c, 0x22, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x45, 0x64, 0x67, 0x65, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x3a, 0x22, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x22, 0x7d, 0x7d, 0x7d, 0x2c, 0x7b, 0x22, 0x6f, 0x70, 0x22, 0x3a, 0x22, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x22, 0x2c, 0x22, 0x70, 0x61, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x2f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x2c, 0x22, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x3a, 0x6e, 0x75, 0x6c, 0x6c, 0x7d, 0x5d}}}
--- FAIL: TestController_sync/termination_policy_on_ingress_invalid,disables_tls (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- PASS: TestController_sync/Empty_tlsconfig_enables_edge_termination_without_explicit_cert (0.00s)
--- PASS: TestController_sync/update_route-secret_values_changed (0.00s)
--- PASS: TestController_sync/no-op-has_TLS (0.00s)
--- PASS: TestController_sync/no-op-has_secret_with_empty_keys (0.00s)
--- PASS: TestController_sync/no-op-termination_policy_has_been_changed_by_the_user (0.00s)
--- PASS: TestController_sync/update_route-router_admitted_route (0.00s)
--- PASS: TestController_sync/update_route-second_router_admitted_route (0.00s)
--- PASS: TestController_sync/no-op-ingress_status_already_updated (0.00s)
--- PASS: TestController_sync/no-op-router_rejected_route (0.00s)
--- PASS: TestController_sync/delete_route_when_referenced_secret_is_not_TLS (0.00s)
--- PASS: TestController_sync/delete_route_when_referenced_secret_is_not_valid (0.00s)
--- PASS: TestController_sync/ignore_route_when_parent_ingress_no_longer_exists(gc_will_handle) (0.00s)
--- FAIL: TestController_sync/update_route-_termination_policy_changed_to_passthrough_and_timeout_set (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"passthrough","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
FAIL
FAIL github.com/openshift/openshift-controller-manager/pkg/route/ingress 0.019s
FAIL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, you're right— the assignment r.Annotations = existing.Annotations
overrides the annotations that were inherited from the Ingress with whatever annotations are set on the Route. Why did you add the assignment?
pkg/route/ingress/ingress.go
Outdated
len(route.Spec.AlternateBackends) == 0 | ||
if !match { | ||
return false | ||
if route.Annotations != nil && ingress.Annotations != nil { | ||
match_annotations = reflect.DeepEqual(route.Annotations, ingress.Annotations) | ||
if !match && !match_annotations { | ||
return false | ||
} else if !match { | ||
return false | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
len(route.Spec.AlternateBackends) == 0 | |
if !match { | |
return false | |
if route.Annotations != nil && ingress.Annotations != nil { | |
match_annotations = reflect.DeepEqual(route.Annotations, ingress.Annotations) | |
if !match && !match_annotations { | |
return false | |
} else if !match { | |
return false | |
} | |
len(route.Spec.AlternateBackends) == 0 && | |
reflect.DeepEqual(route.Annotations, ingress.Annotations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The unit test cases fails after making these changes ->
[miheer@miheer openshift-controller-manager]$ GO111MODULE=on go test -v -run TestController_sync ./pkg/route/ingress/
=== RUN TestController_sync
=== RUN TestController_sync/no_changes
=== RUN TestController_sync/sync_namespace_-no_ingress
=== RUN TestController_sync/sync_namespace-two_ingress
=== RUN TestController_sync/ignores_incomplete_ingress-no_host
=== RUN TestController_sync/ignores_incomplete_ingress-no_service
=== RUN TestController_sync/ignores_incomplete_ingress-no_paths
=== RUN TestController_sync/ignores_incomplete_ingress-service_does_not_exist
=== RUN TestController_sync/create_route
=== RUN TestController_sync/create_route-_targetPort_string,service_port_with_name
=== RUN TestController_sync/create_route-blocked_by_expectation
=== RUN TestController_sync/update_route
=== RUN TestController_sync/no-op
=== RUN TestController_sync/no-op-ignore_partially_owned_resource
=== RUN TestController_sync/update_ingress_with_missing_secret_ref
=== RUN TestController_sync/update_ingress_to_not_reference_secret
=== RUN TestController_sync/update_route-tls_config_missing
=== RUN TestController_sync/update_route-termination_policy_changed_to_passthrough
=== RUN TestController_sync/update_route-termination_policy_changed_to_reencrypt
=== RUN TestController_sync/update_route-_termination_policy_changed_to_reencrypt_and_no_tls_secret
=== RUN TestController_sync/termination_policy_on_ingress_invalid,nothing_happens
=== RUN TestController_sync/termination_policy_on_ingress_invalid,disables_tls
=== RUN TestController_sync/Empty_tlsconfig_enables_edge_termination_without_explicit_cert
=== RUN TestController_sync/update_route-secret_values_changed
=== RUN TestController_sync/no-op-has_TLS
=== RUN TestController_sync/no-op-has_secret_with_empty_keys
=== RUN TestController_sync/no-op-termination_policy_has_been_changed_by_the_user
=== RUN TestController_sync/update_route-router_admitted_route
=== RUN TestController_sync/update_route-second_router_admitted_route
=== RUN TestController_sync/no-op-ingress_status_already_updated
=== RUN TestController_sync/no-op-router_rejected_route
=== RUN TestController_sync/delete_route_when_referenced_secret_is_not_TLS
=== RUN TestController_sync/delete_route_when_referenced_secret_is_not_valid
=== RUN TestController_sync/ignore_route_when_parent_ingress_no_longer_exists(gc_will_handle)
=== RUN TestController_sync/update_route-termination_policy_changed_to_passthrough_and_timeout_set
--- FAIL: TestController_sync (0.00s)
--- PASS: TestController_sync/no_changes (0.00s)
--- PASS: TestController_sync/sync_namespace-no_ingress (0.00s)
--- PASS: TestController_sync/sync_namespace-two_ingress (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-no_host (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-no_service (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-no_paths (0.00s)
--- PASS: TestController_sync/ignores_incomplete_ingress-service_does_not_exist (0.00s)
--- PASS: TestController_sync/create_route (0.00s)
--- PASS: TestController_sync/create_route-_targetPort_string,service_port_with_name (0.00s)
--- PASS: TestController_sync/create_route-blocked_by_expectation (0.00s)
--- PASS: TestController_sync/update_route (0.00s)
--- PASS: TestController_sync/no-op (0.00s)
--- PASS: TestController_sync/no-op-ignore_partially_owned_resource (0.00s)
--- PASS: TestController_sync/update_ingress_with_missing_secret_ref (0.00s)
--- PASS: TestController_sync/update_ingress_to_not_reference_secret (0.00s)
--- PASS: TestController_sync/update_route-tls_config_missing (0.00s)
--- FAIL: TestController_sync/update_route-termination_policy_changed_to_passthrough (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"passthrough","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- FAIL: TestController_sync/update_route-termination_policy_changed_to_reencrypt (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"reencrypt","certificate":"cert","key":"key","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- FAIL: TestController_sync/update_route-_termination_policy_changed_to_reencrypt_and_no_tls_secret (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"reencrypt","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- FAIL: TestController_sync/termination_policy_on_ingress_invalid,nothing_happens (0.00s)
ingress_test.go:2623: Controller.sync() unexpected actions: []testing.Action{testing.PatchActionImpl{ActionImpl:testing.ActionImpl{Namespace:"test", Verb:"patch", Resource:schema.GroupVersionResource{Group:"route.openshift.io", Version:"v1", Resource:"routes"}, Subresource:""}, Name:"1-abcdef", PatchType:"application/json-patch+json", Patch:[]uint8{0x5b, 0x7b, 0x22, 0x6f, 0x70, 0x22, 0x3a, 0x22, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x22, 0x2c, 0x22, 0x70, 0x61, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x2f, 0x73, 0x70, 0x65, 0x63, 0x22, 0x2c, 0x22, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x3a, 0x7b, 0x22, 0x68, 0x6f, 0x73, 0x74, 0x22, 0x3a, 0x22, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x22, 0x2c, 0x22, 0x70, 0x61, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x2f, 0x22, 0x2c, 0x22, 0x74, 0x6f, 0x22, 0x3a, 0x7b, 0x22, 0x6b, 0x69, 0x6e, 0x64, 0x22, 0x3a, 0x22, 0x22, 0x2c, 0x22, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x3a, 0x22, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2d, 0x31, 0x22, 0x2c, 0x22, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0x3a, 0x6e, 0x75, 0x6c, 0x6c, 0x7d, 0x2c, 0x22, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x3a, 0x7b, 0x22, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x3a, 0x22, 0x68, 0x74, 0x74, 0x70, 0x22, 0x7d, 0x2c, 0x22, 0x74, 0x6c, 0x73, 0x22, 0x3a, 0x7b, 0x22, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x22, 0x65, 0x64, 0x67, 0x65, 0x22, 0x2c, 0x22, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x3a, 0x22, 0x63, 0x65, 0x72, 0x74, 0x22, 0x2c, 0x22, 0x6b, 0x65, 0x79, 0x22, 0x3a, 0x22, 0x6b, 0x65, 0x79, 0x22, 0x2c, 0x22, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x45, 0x64, 0x67, 0x65, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x3a, 0x22, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x22, 0x7d, 0x7d, 0x7d, 0x2c, 0x7b, 0x22, 0x6f, 0x70, 0x22, 0x3a, 0x22, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x22, 0x2c, 0x22, 0x70, 0x61, 0x74, 0x68, 0x22, 0x3a, 0x22, 0x2f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x2c, 0x22, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x3a, 0x6e, 0x75, 0x6c, 0x6c, 0x7d, 0x5d}}}
--- FAIL: TestController_sync/termination_policy_on_ingress_invalid,disables_tls (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
--- PASS: TestController_sync/Empty_tlsconfig_enables_edge_termination_without_explicit_cert (0.00s)
--- PASS: TestController_sync/update_route-secret_values_changed (0.00s)
--- PASS: TestController_sync/no-op-has_TLS (0.00s)
--- PASS: TestController_sync/no-op-has_secret_with_empty_keys (0.00s)
--- PASS: TestController_sync/no-op-termination_policy_has_been_changed_by_the_user (0.00s)
--- PASS: TestController_sync/update_route-router_admitted_route (0.00s)
--- PASS: TestController_sync/update_route-second_router_admitted_route (0.00s)
--- PASS: TestController_sync/no-op-ingress_status_already_updated (0.00s)
--- PASS: TestController_sync/no-op-router_rejected_route (0.00s)
--- PASS: TestController_sync/delete_route_when_referenced_secret_is_not_TLS (0.00s)
--- PASS: TestController_sync/delete_route_when_referenced_secret_is_not_valid (0.00s)
--- PASS: TestController_sync/ignore_route_when_parent_ingress_no_longer_exists(gc_will_handle) (0.00s)
--- FAIL: TestController_sync/update_route-_termination_policy_changed_to_passthrough_and_timeout_set (0.00s)
ingress_test.go:2603: unexpected action[0]: [{"op":"replace","path":"/spec","value":{"host":"test.com","path":"/","to":{"kind":"","name":"service-1","weight":null},"port":{"targetPort":"http"},"tls":{"termination":"passthrough","insecureEdgeTerminationPolicy":"Redirect"}}},{"op":"replace","path":"/metadata/annotations","value":null}]
FAIL
FAIL github.com/openshift/openshift-controller-manager/pkg/route/ingress 0.019s
FAIL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that #149 (comment) is resolved, I think you can fix the "termination policy on ingress invalid, nothing happens" test case as follows:
@@ -1452,6 +1452,9 @@ func TestController_sync(t *testing.T) {
Name: "1-abcdef",
Namespace: "test",
OwnerReferences: []metav1.OwnerReference{{APIVersion: "networking.k8s.io/v1beta1", Kind: "Ingress", Name: "1", Controller: &boolTrue}},
+ Annotations: map[string]string{
+ "route.openshift.io/termination": "Passthrough",
+ },
},
Spec: routev1.RouteSpec{
Host: "test.com",
And then this logic can be simplified as I suggested before:
match := route.Spec.Host == rule.Host &&
route.Spec.Path == path.Path &&
route.Spec.To.Name == path.Backend.ServiceName &&
route.Spec.WildcardPolicy == routev1.WildcardPolicyNone &&
len(route.Spec.AlternateBackends) == 0 &&
reflect.DeepEqual(route.Annotations, ingress.Annotations)
if !match {
return false
}
pkg/route/ingress/ingress_test.go
Outdated
@@ -2415,6 +2415,79 @@ func TestController_sync(t *testing.T) { | |||
}, | |||
args: queueKey{namespace: "test", name: "1"}, | |||
}, | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Delete the blank line.
pkg/route/ingress/ingress_test.go
Outdated
@@ -2526,6 +2599,7 @@ func TestController_sync(t *testing.T) { | |||
t.Errorf("unexpected action[%d]: %#v", i, action) | |||
} | |||
if !reflect.DeepEqual(string(action.GetPatch()), string(tt.wantRoutePatches[i].Patch)) { | |||
//if !(string(action.GetPatch()) == string(tt.wantRoutePatches[i].Patch)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please delete this.
@miheer: This pull request references Bugzilla bug 1860136, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
9a5b777
to
b94c6b7
Compare
pkg/route/ingress/ingress.go
Outdated
@@ -565,6 +572,9 @@ func newRouteForIngress( | |||
|
|||
func preserveRouteAttributesFromExisting(r, existing *routev1.Route) { | |||
r.Name = existing.Name | |||
if r.Annotations != nil && existing.Annotations != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, you're right— the assignment r.Annotations = existing.Annotations
overrides the annotations that were inherited from the Ingress with whatever annotations are set on the Route. Why did you add the assignment?
name: "update route - termination policy changed to passthrough and timeout set", | ||
fields: fields{ | ||
i: &ingressLister{Items: []*networkingv1beta1.Ingress{ | ||
{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "1", | ||
Namespace: "test", | ||
Annotations: map[string]string{ | ||
"route.openshift.io/termination": "passthrough", | ||
"haproxy.router.openshift.io/timeout": "6m", | ||
}, | ||
}, | ||
Spec: networkingv1beta1.IngressSpec{ | ||
TLS: []networkingv1beta1.IngressTLS{ | ||
{Hosts: []string{"test.com"}, SecretName: "secret-1"}, | ||
}, | ||
Rules: []networkingv1beta1.IngressRule{ | ||
{ | ||
Host: "test.com", | ||
IngressRuleValue: networkingv1beta1.IngressRuleValue{ | ||
HTTP: &networkingv1beta1.HTTPIngressRuleValue{ | ||
Paths: []networkingv1beta1.HTTPIngressPath{ | ||
{ | ||
Path: "/", Backend: networkingv1beta1.IngressBackend{ | ||
ServiceName: "service-1", | ||
ServicePort: intstr.FromString("http"), | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}}, | ||
r: &routeLister{Items: []*routev1.Route{ | ||
{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: "1-abcdef", | ||
Namespace: "test", | ||
OwnerReferences: []metav1.OwnerReference{{APIVersion: "networking.k8s.io/v1beta1", Kind: "Ingress", Name: "1", Controller: &boolTrue}}, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test case should verify that the annotations are updated even if the route already has annotations (see #149 (comment)):
{
name: "update route - existing annotations are updated",
fields: fields{
i: &ingressLister{Items: []*networkingv1beta1.Ingress{
{
ObjectMeta: metav1.ObjectMeta{
Name: "1",
Namespace: "test",
Annotations: map[string]string{
"route.openshift.io/termination": "passthrough",
"haproxy.router.openshift.io/timeout": "6m",
},
},
Spec: networkingv1beta1.IngressSpec{
TLS: []networkingv1beta1.IngressTLS{
{Hosts: []string{"test.com"}, SecretName: "secret-1"},
},
Rules: []networkingv1beta1.IngressRule{
{
Host: "test.com",
IngressRuleValue: networkingv1beta1.IngressRuleValue{
HTTP: &networkingv1beta1.HTTPIngressRuleValue{
Paths: []networkingv1beta1.HTTPIngressPath{
{
Path: "/", Backend: networkingv1beta1.IngressBackend{
ServiceName: "service-1",
ServicePort: intstr.FromString("http"),
},
},
},
},
},
},
},
},
},
}},
r: &routeLister{Items: []*routev1.Route{
{
ObjectMeta: metav1.ObjectMeta{
Name: "1-abcdef",
Namespace: "test",
OwnerReferences: []metav1.OwnerReference{{APIVersion: "networking.k8s.io/v1beta1", Kind: "Ingress", Name: "1", Controller: &boolTrue}},
Annotations: map[string]string{
"route.openshift.io/termination": "passthrough",
},
},
533eccd
to
f0010b4
Compare
/test e2e-aws |
/bugzilla cc-qa |
@quarterpin: This pull request references Bugzilla bug 1860136, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm Verified via pre-merge verification workflow, more reference related to the test can be found in: |
@Miciah PTAL |
Did you see #149 (comment)? The following patch works for me, and I think it makes the behavior more correct: diff --git a/pkg/route/ingress/ingress.go b/pkg/route/ingress/ingress.go
index 6521a7e7..228c89b9 100644
--- a/pkg/route/ingress/ingress.go
+++ b/pkg/route/ingress/ingress.go
@@ -586,19 +586,14 @@ func routeMatchesIngress(
secretLister corelisters.SecretLister,
serviceLister corelisters.ServiceLister,
) bool {
- var match_annotations bool
match := route.Spec.Host == rule.Host &&
route.Spec.Path == path.Path &&
route.Spec.To.Name == path.Backend.ServiceName &&
route.Spec.WildcardPolicy == routev1.WildcardPolicyNone &&
- len(route.Spec.AlternateBackends) == 0
- if route.Annotations != nil && ingress.Annotations != nil {
- match_annotations = reflect.DeepEqual(route.Annotations, ingress.Annotations)
- if !match && !match_annotations {
- return false
- } else if !match {
- return false
- }
+ len(route.Spec.AlternateBackends) == 0 &&
+ reflect.DeepEqual(route.Annotations, ingress.Annotations)
+ if !match {
+ return false
}
targetPort, err := targetPortForService(ingress.Namespace, path, serviceLister)
if err != nil {
diff --git a/pkg/route/ingress/ingress_test.go b/pkg/route/ingress/ingress_test.go
index 2355be80..823c57a8 100644
--- a/pkg/route/ingress/ingress_test.go
+++ b/pkg/route/ingress/ingress_test.go
@@ -1452,6 +1452,9 @@ func TestController_sync(t *testing.T) {
Name: "1-abcdef",
Namespace: "test",
OwnerReferences: []metav1.OwnerReference{{APIVersion: "networking.k8s.io/v1beta1", Kind: "Ingress", Name: "1", Controller: &boolTrue}},
+ Annotations: map[string]string{
+ "route.openshift.io/termination": "Passthrough",
+ },
},
Spec: routev1.RouteSpec{
Host: "test.com", |
ACK it will work but don't we need to check annotations ? |
What do you mean? |
…to exisiting ingress object BZ https://bugzilla.redhat.com/show_bug.cgi?id=1860136
Looks great! It took some iterations to arrive at the end result, but it looks clean and correct. Thanks! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah, miheer, quarterpin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@miheer: All pull requests linked via external trackers have merged: Bugzilla bug 1860136 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
BZ 1860136: Fix for Annotation was not propagated to the route when changes made to exisiting ingress object
BZ https://bugzilla.redhat.com/show_bug.cgi?id=1860136