adding option '--insecure-policy' for passthrough and reencrypt routes #12725
Conversation
JacobTanenbaum
force-pushed
the
BZ1403155
branch
2 times, most recently
from
222a11a
to
35d7025
Compare
|
@openshift/networking |
|
[test] @ramr PTAL |
|
The BZ that knobunc mentioned above BZ1418023 |
| @@ -33,6 +33,10 @@ Specify the service (either just its name or using type/name syntax) that the ge | |||
| Set a hostname for the new route | |||
|
|
|||
| .PP | |||
| \fB\-\-insecure\-policy\fP="" | |||
| Set an insecure for the new route | |||
There was a problem hiding this comment.
Set an insecure policy (missing that word) for the new route.
pkg/cmd/cli/cmd/create/route.go
Outdated
| @@ -198,6 +198,7 @@ func NewCmdCreatePassthroughRoute(fullName string, f *clientcmd.Factory, out io. | |||
| kcmdutil.AddDryRunFlag(cmd) | |||
| cmd.Flags().String("hostname", "", "Set a hostname for the new route") | |||
| cmd.Flags().String("port", "", "Name of the service port or number of the container port the route will route traffic to") | |||
| cmd.Flags().String("insecure-policy", "", "Set an insecure for the new route") | |||
There was a problem hiding this comment.
Set an insecure policy (missing keyword!) for the new route.
|
@knobunc as I commented on the other PR - adding some of these checks on client side could be problematic. One is that older cli clients would behave differently vis-a-vis newer cli clients + what happens when the server validation changes say for a list of choices from [foo, bar] to [foo, bar, baz] or even [one, two]? The older cli client checks would be invalid at that point or worse yet even block valid values. |
JacobTanenbaum
force-pushed
the
BZ1403155
branch
2 times, most recently
from
41a9b5b
to
1bc1834
Compare
|
[merge] |
… for CLI PR11953 added support for insecureEdgeTerminationPolicy to reencrypt and passthrough routes, so it should be supported in the CLI as well. Bug: 1403155
JacobTanenbaum
force-pushed
the
BZ1403155
branch
from
1bc1834
to
daa215c
Compare
|
[test] |
|
@openshift/cli-review PTAL |
|
[test] |
|
Evaluated for origin test up to daa215c |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13527/) (Base Commit: 89ed457) |
|
LGTM |
|
We need less client side validation, and more serverside. Clients should not make decisions about valid values. |
|
Ok, based on @smarterclayton's feedback, I have closed the above mentioned bug since we are functioning as designed. |
|
[merge] Last flaked against #12736. Logs: https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin_integration/10912/consoleFull#-83175598956bf4006e4b05b79524e5923 |
|
Evaluated for origin merge up to daa215c |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13581/) (Base Commit: c773aad) (Image: devenv-rhel7_5849) |
PR11953 added support for insecureEdgeTerminationPolicy to reencrypt and passthrough routes,
so it should be supported in the CLI as well.
Bug: 1403155 Link