Fix cross-namespace LIST and WATCH #4395
Conversation
| func (n rootScopeNaming) Name(req *restful.Request) (namespace, name string, err error) { | ||
| name = req.PathParameter("name") | ||
| if len(name) == 0 { | ||
| err = errEmptyName |
There was a problem hiding this comment.
I'm still not sure I'm thrilled with the naked returns. How is assigning err here better than just having this line be return "", errEmptyName?
There was a problem hiding this comment.
I do, however, like having names to the two return types rather than just returning (string, string) so that it's obvious to callers what is being returned.
There was a problem hiding this comment.
Agreed, will fix that today.
On Feb 13, 2015, at 1:03 AM, roberthbailey notifications@github.com wrote:
In pkg/apiserver/api_installer.go:
@@ -401,6 +321,140 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage RESTStorage
return nil
}+// rootScopeNaming reads only names from a request and ignores namespaces
+type rootScopeNaming struct {
- scope meta.RESTScope
- runtime.SelfLinker
- itemPath string
+}
+func (n rootScopeNaming) Namespace(req *restful.Request) (namespace string, err error) {
- return
+}
+func (n rootScopeNaming) Name(req *restful.Request) (namespace, name string, err error) {
- name = req.PathParameter("name")
- if len(name) == 0 {
err = errEmptyName—
Reply to this email directly or view it on GitHub.
There was a problem hiding this comment.
Made that change.
----- Original Message -----
@@ -401,6 +321,140 @@ func (a *APIInstaller) registerResourceHandlers(path
string, storage RESTStorage
return nil
}+// rootScopeNaming reads only names from a request and ignores namespaces
+type rootScopeNaming struct {
- scope meta.RESTScope
- runtime.SelfLinker
- itemPath string
+}
+func (n rootScopeNaming) Namespace(req *restful.Request) (namespace
string, err error) {
- return
+}
+func (n rootScopeNaming) Name(req *restful.Request) (namespace, name
string, err error) {
- name = req.PathParameter("name")
- if len(name) == 0 {
err = errEmptyNameI do, however, like having names to the two return types rather than just
returning (string, string) so that it's obvious to callers what is being
returned.
Reply to this email directly or view it on GitHub:
https://github.com/GoogleCloudPlatform/kubernetes/pull/4395/files#r24645956
|
I left a few initial comments but I'm going to be out of the office until Tuesday. Unassigning in the hopes that someone else will look at this before then, but if not feel free to reassign back to me at that point. |
smarterclayton
force-pushed
the
split_naming
branch
2 times, most recently
from
06de1d6 to
a99e9b1
Compare
|
Please rebase. There's a merge conflict. Otherwise, LGTM. @lavalamp Suggested defining a struct that contains both namespace and name, which sounds good to me, but that can be a separate PR. |
|
@nikhiljindal said he made some comments directly on a commit that were lost in a rebase. @smarterclayton did you see them in email? |
|
I think so, but will double check when I rebase
|
smarterclayton
force-pushed
the
split_naming
branch
from
a99e9b1 to
dc48aa0
Compare
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project, in which case you'll need to sign a Contributor License Agreement (CLA) at https://cla.developers.google.com/. If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check the information on your CLA or see this help article on setting the email on your git commits. Once you've done that, please reply here to let us know. If you signed the CLA as a corporation, please let us know the company's name. |
|
This has been updated with nikhil's comment. It resolves a fairly serious bug introduced with the first version of this pull - cross namespace LIST and WATCH (which we apparently had no test cases for) has been corrected (the scope namer passed to the cross namespace methods does not set a default namespace). Added more test cases. |
smarterclayton
added
the
priority/critical-urgent
smarterclayton
changed the title
|
Actually... picking the bandaid a bit more, and a lot more cross namespace query arterial blood comes pouring out... Now it seems like the client was not properly namespacing requests in a lot of cases, which means that a few api.NamespaceAll queries were only working on the default namespace. |
|
@derekwaynecarr did we change NamespaceAll recently? I'm seeing changes that are possibly related to my earlier api_installer changes from #4263, but also errors that look like we weren't handling namespace scoping consistently from the client (i.e. clients would not be able to properly set NamespaceAll scope). After digging into this more:
|
smarterclayton
force-pushed
the
split_naming
branch
from
dc48aa0 to
fcfe32a
Compare
|
My second commit here properly enforces namespace != "" on namespace scoped resources, and forces our client code to distinguish between namespace not present and namespace empty. Given the larger scope of the change it needs deeper review. This now properly distinguishes in client code between namespace and non-namespaced scoped resources. The legacy behavior of handling empty namespace like "default" on POST is preserved in the first commit. |
smarterclayton
force-pushed
the
split_naming
branch
from
fcfe32a to
2b68f9f
Compare
Fix bug with cross namespace queries not being possible. Ensure selflink is set on lists correctly.
Revise our code to only call Request.Namespace() if a namespace *should* be present. For root scoped resources, namespace should be ignored. For namespaced resources, it is an error to have Namespace=="".
smarterclayton
force-pushed
the
split_naming
branch
from
2b68f9f to
3e2e471
Compare
|
I am not aware of a change. I will review this PR more in morning |
|
At this point, handlers_test had cases for ensuring namespace all behaviors since that was the prior choke point. but I am guessing that the changes were at a level above that test. Sent from my iPhone
|
|
They were - I think this implies to me that there needs to be a higher level set of tests around paths, methods, and RESTStorage objects that permutes all endpoints (like auth_test, but specifically to highlight the modes). ----- Original Message -----
|
|
LGTM - the client side change will help stop subtle errors. the server side change once I found it is right ;-) |
Allows self links to be directly passed
|
Added a better integration test for overlapping endpoint namespaces (to explicitly validate NamespaceAll) and made SelfLink more correct for default namespaces. |
| actions = appendIf(actions, action{"PROXY", "/proxy/" + itemPath, nameParams}, storageVerbs["Redirector"]) | ||
| namer := legacyScopeNaming{scope, a.group.linker, gpath.Join(a.prefix, itemPath)} | ||
|
|
||
| actions = appendIf(actions, action{"LIST", path, namespaceParams, namer}, storageVerbs["RESTLister"]) |
There was a problem hiding this comment.
Doesn't have to be done for this PR, but it would be useful to factor out the common lines of code between the two cases. Or maybe we should just eliminate v1beta1. :-)
|
LGTM. Feel free to merge. |
bgrant0607
added
the
lgtm
Fix cross-namespace LIST and WATCH
|
This broke e2e on update.sh, because it gets tripped up in the check for an empty namespace. I'm going to try to patch forward rather than roll back, but pretty please let's be careful about running e2e. |
|
I saw passing update, but obviously this wasn't true. Can you cc me on the fix?
|
Extracted from #4263 comments @roberthbailey
Realized after this went in that cross-namespace queries were broken.