network: improve the IsHost() function

[obnoxxx]

This change is a follow-up to PR #13693 .
It is also meant to provide a continuation of the closed, stale PR #13878 .

Finally, it is intended as a preparation for the introduction of a way to enforce host networking in the next round of updates to PR
#13651 .

This change improves the documentation comment and the unit testing for the IsHost() method of the CephCluster.Network spec.

The implementation of IsHost() is changed to validate the Network Spec and return error if the spec is invalid.

Checklist:

• Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
• Reviewed the developer guide on Submitting a Pull Request
• Pending release notes updated with breaking and/or notable changes for the next minor release.
• Documentation has been updated, if necessary.
• Unit tests have been added, if necessary.
• Integration tests have been added, if necessary.

[BlaineEXE]

One quick thing:
The commit subject overflows the hard 70-character limit, and thus also overflows the recommended 50 char limit. Please reduce the commit subject title's length. IMO, "network: improve IsHost() function" is sufficient, as docs and unit tests are reasonable assumptions for any PR. Though you're free to title it as you like as long as it's strictly under 70 chars.

[BlaineEXE]

Why is this changing? I don't see anything that appears related in the code changes.

This also seems to be the reason why CI is failing. Here's what I see when I look at the CI output:

...
verifying github.com/portworx/sched-ops@v0.20.4-openstorage-rc3: checksum mismatch
	downloaded: h1:tXnHsjZT2wZ2BCXf8avDoya7zGyCgLNUC8Upt+WEQrY=
	go.sum:     h1:46EZ+vYCJ3qmQolvgDCrGuPz8Tf0vIds41RuF0dqVEw=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

[obnoxxx]

@BlaineEXE wrote:

Why is this changing? I don't see anything that appears related in the code changes.

To be honest, I am not quite certain. I was puzzled myself when I saw go.sum in the list of changed files. 🤷🏼

Here is my guess:

Earlier today, I wanted to build and unit-test locally and this was failing on go mod errors. So I tidied the dependencies and built/tested again, successfully. I assume that this has introduced the change to go.sum.

This also seems to be the reason why CI is failing.

Right, this seems plausible. Let me try and get rid of the go.sum change in the commit

Here's what I see when I look at the CI output:

...
verifying github.com/portworx/sched-ops@v0.20.4-openstorage-rc3: checksum mismatch
	downloaded: h1:tXnHsjZT2wZ2BCXf8avDoya7zGyCgLNUC8Upt+WEQrY=
	go.sum:     h1:46EZ+vYCJ3qmQolvgDCrGuPz8Tf0vIds41RuF0dqVEw=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

[obnoxxx]

Interestingly, when I locally revert the change to go.sum and run make cleanand go mod tidy, I get the same error:

verifying github.com/portworx/sched-ops@v0.20.4-openstorage-rc3: checksum mismatch
	downloaded: h1:46EZ+vYCJ3qmQolvgDCrGuPz8Tf0vIds41RuF0dqVEw=
	go.sum:     h1:tXnHsjZT2wZ2BCXf8avDoya7zGyCgLNUC8Upt+WEQrY=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

so I am still unsure how to properly fix this.

[obnoxxx]

I have undone the change to go.sum and mod-checkpasses in the ci now, but locally, make mod.checkstill fails.

[travisn]

@obnoxxx Can you revert this file? It seems to be causing build issues.

[obnoxxx]

done. no changes to go.sumin the PR anymore, even though I can't build locally without them.

[BlaineEXE]

I don't understand why this change is needed here.

I think that this condition no longer works correctly if the user has HostNetwork: true, because the legacy behavior is no longer also supported.

[obnoxxx]

also note that the signature of IsHost()has changed to include an additional Error return

[obnoxxx]

this has gone now.

[BlaineEXE]

We shouldn't make it a habit to ignore error return values.
Ditto for other similar changes as well.

[obnoxxx]

@BlaineEXE wrote:

We shouldn't make it a habit to ignore error return values. Ditto for other similar changes as well.

ok, good point. Agreed. I will address this, but it might make the code flow more complicated and less natural.

[travisn]

The complication is that IsHost() returns an error, but I don't think it should. The flow will be much simpler if IsHost() only returns a bool. There can be a single check in the reconcile for valid network settings, instead of every time IsHost() is called. This will also allow you to revert a lot of changes in this PR.

[obnoxxx]

@travisn wrote:

The complication is that IsHost() returns an error, but I don't think it should.

The decision to have IsHost return error on invalid network spec was a esult of the discussion between @BlaineEXE and myself in the original PR #13878
#13878 (comment)

The flow will be much simpler if IsHost() only returns a bool.

There can be a single check in the reconcile for valid network settings, instead of every time IsHost() is called.

Agreed.

This will also allow you to revert a lot of changes in this PR.

This sounds like it is desirable to have as few changes as possible in one PR.
Of course, fewer changes tend to be simpler and therefore less likely to break things. So I do see the point. 😄

While it does seem kind of sad to me to revert a major piece of the work put into this so far, I will do it as I see the logic behind the reasoning.

[obnoxxx]

@travisn starting to undo the changes that add the eroor return to IsHost(), I am wondering if it would make sense to still validate the network spec in IsHost() but just issue an informational log message and return false for host network instead of erroring out. wdyt?

[travisn]

Since IsHost() is called from multiple locations, the log entry could easily be too verbose and repetitive. If there is an error condition to check for, I would recommend have a separate method that checks the error once during a reconcile, then IsHost() can assume there is no error condition and just return bool.

[obnoxxx]

done

[BlaineEXE]

Good unit test hygiene is to make sure each test sets up its own inputs so that future test modifications don't have unintended effects. It is hard to read and modify unit tests when test inputs and side-effects are propagated from between test cases.

Please fully specify net = Network{} before each test to ensure tests are independent from each other.

[obnoxxx]

done!

[obnoxxx]

@BlaineEXE wrote:

One quick thing: The commit subject overflows the hard 70-character limit, and thus also overflows the recommended 50 char limit. Please reduce the commit subject title's length. IMO, "network: improve IsHost() function" is sufficient, as docs and unit tests are reasonable assumptions for any PR. Though you're free to title it as you like as long as it's strictly under 70 chars.

fixed, thanks!

[parth-gr]

I pulled the branch and ran make build

/home/rider/go/src/github.com/rook/rook/build/rbac
+ rm -rf /tmp/tmp.if5fFVidQV
+ popd
/home/rider/go/src/github.com/rook/rook
=== go vet
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go vet  -tags '' github.com/rook/rook/cmd/... github.com/rook/rook/pkg/... github.com/rook/rook/tests/integration
diff pkg/apis/ceph.rook.io/v1/network.go.orig pkg/apis/ceph.rook.io/v1/network.go
--- pkg/apis/ceph.rook.io/v1/network.go.orig
+++ pkg/apis/ceph.rook.io/v1/network.go
@@ -46,8 +46,8 @@
 		err = errors.Wrapf(err, "Unable to determine  host network setting from Invalid  network spec. not setting host network.")
 	} else {
 
-	ret = (n.HostNetwork && n.Provider == NetworkProviderDefault) || n.Provider == NetworkProviderHost
-}
+		ret = (n.HostNetwork && n.Provider == NetworkProviderDefault) || n.Provider == NetworkProviderHost
+	}
 	return ret, err
 }
 
make[1]: *** [build/makelib/golang.mk:162: go.fmt] Error 1
make: *** [Makefile:124: build.common] Error 2
[root@fedora rook]# 

SO I think the error is coming from network API

[parth-gr]

I see there a lot of bugs with this implementation

func (n *NetworkSpec) IsHost() (bool, error) {
	ret := false
	err := ValidateNetworkSpec("", *n)
	if err != nil {
		return ret, errors.Wrapf(err, "Unable to determine  host network setting from Invalid  network spec. not setting host network.")
	}
	return (n.HostNetwork && n.Provider == NetworkProviderDefault) || n.Provider == NetworkProviderHost, err
}

Fixing this make the make build worked

[obnoxxx]

@parth-gr this has been fixed.

[obnoxxx]

@parth-gr wrote:

I pulled the branch and ran make build

/home/rider/go/src/github.com/rook/rook/build/rbac
+ rm -rf /tmp/tmp.if5fFVidQV
+ popd
/home/rider/go/src/github.com/rook/rook
=== go vet
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go vet  -tags '' github.com/rook/rook/cmd/... github.com/rook/rook/pkg/... github.com/rook/rook/tests/integration
diff pkg/apis/ceph.rook.io/v1/network.go.orig pkg/apis/ceph.rook.io/v1/network.go
--- pkg/apis/ceph.rook.io/v1/network.go.orig
+++ pkg/apis/ceph.rook.io/v1/network.go
@@ -46,8 +46,8 @@
 		err = errors.Wrapf(err, "Unable to determine  host network setting from Invalid  network spec. not setting host network.")
 	} else {
 
-	ret = (n.HostNetwork && n.Provider == NetworkProviderDefault) || n.Provider == NetworkProviderHost
-}
+		ret = (n.HostNetwork && n.Provider == NetworkProviderDefault) || n.Provider == NetworkProviderHost
+	}
 	return ret, err
 }
 
make[1]: *** [build/makelib/golang.mk:162: go.fmt] Error 1
make: *** [Makefile:124: build.common] Error 2
[root@fedora rook]# 

SO I think the error is coming from network API

right, and that is code from this PR.

I see the same error locally now, but the confusing part is that this is a vet error
triggered from make build while make vetsucceeds locally for me.

And the error message shows which code is wrong but not what aspect. ...

[obnoxxx]

@parth-gr wrote:

I pulled the branch and ran make build

/home/rider/go/src/github.com/rook/rook/build/rbac
+ rm -rf /tmp/tmp.if5fFVidQV
+ popd
/home/rider/go/src/github.com/rook/rook
=== go vet
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go vet  -tags '' github.com/rook/rook/cmd/... github.com/rook/rook/pkg/... github.com/rook/rook/tests/integration
diff pkg/apis/ceph.rook.io/v1/network.go.orig pkg/apis/ceph.rook.io/v1/network.go
--- pkg/apis/ceph.rook.io/v1/network.go.orig
+++ pkg/apis/ceph.rook.io/v1/network.go
@@ -46,8 +46,8 @@
 		err = errors.Wrapf(err, "Unable to determine  host network setting from Invalid  network spec. not setting host network.")
 	} else {
 
-	ret = (n.HostNetwork && n.Provider == NetworkProviderDefault) || n.Provider == NetworkProviderHost
-}
+		ret = (n.HostNetwork && n.Provider == NetworkProviderDefault) || n.Provider == NetworkProviderHost
+	}
 	return ret, err
 }
 
make[1]: *** [build/makelib/golang.mk:162: go.fmt] Error 1
make: *** [Makefile:124: build.common] Error 2
[root@fedora rook]# 

SO I think the error is coming from network API

right, and that is code from this PR.

I see the same error locally now, but the confusing part is that

this is a vet error triggered from make build

wrong it is in fact a gofmt error.

And the error message shows which code is wrong but not what aspect.

manually running go vetyields more information:

$ go vet pkg/apis/ceph.rook.io/v1/network.go
# command-line-arguments
vet: pkg/apis/ceph.rook.io/v1/network.go:31:10: undefined: NetworkSpec

I am surprised that it complains only about line 31: There are many more occurrences like this.

[BlaineEXE]

The go.sum file has been removed entirely in the commit. The build can't proceed without that

[obnoxxx]

@BlaineEXE wrote:

The go.sum file has been removed entirely in the commit. The build can't proceed without that

interesting.

For me, locally, the build would not proceed or even succeed with the checked-in go.sum file
It always produced a go module checksum mismatch error.
I had to remove the go.sum file and run go mod tidyand a few more commands before I could build locally. That's why I committed the removal of the file.

Now I was able to fix the problem locally and build again. I committed the resulting diff and updated the PR.

[BlaineEXE]

If IsHost() is being reverted to only return a bool (even when there are configuration inconsistencies that Rook has to guess about), I don't think it makes sense to keep these changes that add useHost := ...IsHost(), as it's just code churn with no real changes. These should probably be reverted also.

At that point, the focus of the changes is better unit testing and docs, which is still valuable.

[obnoxxx]

done

[obnoxxx]

done now

[travisn]

These changes under pkg/apis actually are from master, not needed for your changes to IsHost(). I'd suggest just add these generated files in a separate commit in this PR. It seems our CI action is not working to catch that this generated code is out of date.

[travisn]

revert this space, note that vscode would automatically remove these extra spaces for you, so you don't have to think about whitespace much in golang.

[obnoxxx]

done (manually 😉 )

[travisn]

revert this space

[obnoxxx]

done

[travisn]

revert this space

[obnoxxx]

done

[travisn]

revert this space

[obnoxxx]

done

[travisn]

revert this space

[obnoxxx]

done

[travisn]

you can revert this file as well

[obnoxxx]

done

[obnoxxx]

addressed a few review requests and updated.

[obnoxxx]

done!

[obnoxxx]

done

[obnoxxx]

done

[obnoxxx]

this has gone now.

[obnoxxx]

done now

[obnoxxx]

done

[obnoxxx]

done

[obnoxxx]

done

[obnoxxx]

done (manually 😉 )

[obnoxxx]

done

[travisn]

LGTM, just a couple small whitespace changes that could be reverted if desired

[travisn]

could revert

[obnoxxx]

done

[travisn]

could revert

[obnoxxx]

done

[obnoxxx]

@travisn wrote:

LGTM, just a couple small whitespace changes that could be reverted if desired

Thanks! I addressed these

feedback addressed