[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kevtaylor
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: soltysh

Assign the PR to them by writing /assign @soltysh in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Strictly speaking this is a breaking change. A directory named $(foo) or even $(rm -rf ..) is technically valid. This feature breaks that.

I didn't see the original PR, so I apologize for not reviewing it then. This is the sort of change that needs sig-arch to review (@jdumars @kubernetes/sig-architecture-api-reviews) (the process is in development, so no indictment here :). It's a good example of an API change that DOESN'T touch a types.go file, because we don't document alpha features in the comments.

The compatible way to do this would be to add a new field, e.g. subPathFrom as was done for EnvVar.ValueFrom. I'd say this PR should NOT go in until that is changed.

I didn't track all the original work - I assume this properly handles $$ escape and that we validate that FOO="../../../../../proc is not allowed?

Edit: for future, the way to make sure I see a PR is to ASSIGN it to me :)

Not sure why you think it is a breaking change as it doesn't alter the existing subpath creation or validation

 setting env to "" gives /logs/hello.txt
 setting env to " " gives /logs/ /hello.txt
 setting env variable to $(PODX_NAME) gives /logs/$(PODX_NAME)/hello.txt

There are tests for backticks and absolute paths to ensure no validation was violated.

So can't see the need for introduction of a new element but I guess that's your perogative as code owners.

/cc @msau42

/ok-to-test

@thockin Thanks for the clarity and yes I see your point on this edge case but that would be a very unconventional use of file systems to include $ in files/folders

However, in our defence the massive workarounds that we had to do to implement this and the subsequent vulnerabilities that the team uncovered as a result of it are in my opinion a greater justification for this feature than the edge case(s) that you highlight.

Also, not sure if you saw this but Michelle Au raised #64045 for a wider discussion

@thockin Thanks for the clarity and yes I see your point on this edge case but that would be a very unconventional use of file systems to include $ in files/folders

However, in our defence the massive workarounds that we had to do to implement this and the subsequent vulnerabilities that the team uncovered as a result of it are in my opinion a greater justification for this feature than the edge case(s) that you highlight.

I agree with @thockin that it isn't acceptable to break the meaning of the existing field. That doesn't preclude the introduction of a mutually exclusive parallel field with expansion semantics.

Yes I agree we should consider an alternative API.

I couldn't find it because it was in this thread, LOL.

Jordan's suggestion is better - can we add a new field? We ruled out subPathFrom because we need catenated variables. What about subPathExpr or subPathTemplate which is explicitly an env-substituted value and mutually exclusive with subPath?

@thockin I think the use of the word template implies a lot more functionality than is actually occurring so I prefer subPathExpr

@kevtaylor: PR needs rebase.

Please feel free to find a better name - those were just seeds...

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

Can this be closed? We have a KEP for the new proposal that we will pursue in 1.14: kubernetes/community#2871

/close

@kevtaylor: Closed this PR.