Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix token controller keyFunc bug #68119

Merged
merged 1 commit into from
Sep 6, 2018
Merged

fix token controller keyFunc bug #68119

merged 1 commit into from
Sep 6, 2018

Conversation

WanLinghao
Copy link
Contributor

Currently, token manager use keyFunc like: fmt.Sprintf("%q/%q/%#v", name, namespace, tr.Spec).
Since tr.Spec contains point fields, new token request would not reuse the cache at all.
This patch fix this, also adds unit test.

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/kubelet sig/node Categorizes an issue or PR as relevant to SIG Node. labels Aug 31, 2018
@WanLinghao
Copy link
Contributor Author

/assign mikedanese

@WanLinghao WanLinghao force-pushed the token_controller_cachekey_fix branch from 239bf62 to 6f1dfa6 Compare August 31, 2018 10:08
@mikedanese mikedanese added the kind/bug Categorizes issue or PR as related to a bug. label Sep 1, 2018
@mikedanese mikedanese added this to the v1.12 milestone Sep 1, 2018
@WanLinghao
Copy link
Contributor Author

/retest

@WanLinghao
Copy link
Contributor Author

@awly PTAL thanks

awly
awly reviewed Sep 4, 2018
View reviewed changes
pkg/kubelet/token/token_manager.go Outdated
return "", fmt.Errorf("bound object was nil for tr: %#v", tr)
}

specKey := fmt.Sprintf("%#v:%d:%#v", tr.Spec.Audiences, *tr.Spec.ExpirationSeconds, *tr.Spec.BoundObjectRef)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Call fmt.Sprintf only once, with all of the vars.
Also, any reason to use : here as separator vs / below?

pkg/kubelet/token/token_manager.go Outdated
func keyFunc(name, namespace string, tr *authenticationv1.TokenRequest) string {
return fmt.Sprintf("%q/%q/%#v", name, namespace, tr.Spec)
func keyFunc(name, namespace string, tr *authenticationv1.TokenRequest) (string, error) {
if tr.Spec.ExpirationSeconds == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this should return error just because dereferencing the pointers would panic. Declare vars with empty values for these fields and set them if fields aren't nil.

pkg/kubelet/token/token_manager_test.go Outdated
_, hit := mgr.get(getKey(c.target))

if hit != c.shouldHit {
t.Errorf("%s: got unexpected hit result", c.name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add hit/shouldHit to the message

pkg/kubelet/token/token_manager_test.go Outdated
ExpirationSeconds: getInt64Point(2000),
BoundObjectRef: &authenticationv1.BoundObjectReference{
Kind: "pod",
APIVersion: "",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this line on all TokenRequests

pkg/kubelet/token/token_manager_test.go Outdated
@@ -221,3 +221,197 @@ func TestCleanup(t *testing.T) {
})
}
}

type tokenRequestUnit struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move this into TestKeyFunc

@tallclair tallclair removed their request for review September 5, 2018 00:21
@WanLinghao WanLinghao force-pushed the token_controller_cachekey_fix branch from 6f1dfa6 to a329709 Compare September 5, 2018 02:11
@WanLinghao
Copy link
Contributor Author

@awly comments addressed, PTAL

mikedanese
mikedanese reviewed Sep 6, 2018
View reviewed changes
pkg/kubelet/token/token_manager.go Outdated
@@ -147,5 +148,16 @@ func (m *Manager) requiresRefresh(tr *authenticationv1.TokenRequest) bool {

// keys should be nonconfidential and safe to log
func keyFunc(name, namespace string, tr *authenticationv1.TokenRequest) string {
return fmt.Sprintf("%q/%q/%#v", name, namespace, tr.Spec)
if tr.Spec.ExpirationSeconds == nil {
Copy link
Member

@mikedanese mikedanese Sep 6, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like that this modifies the the provided token request. I pushed a change that fixes that.

@WanLinghao @mikedanese
Currently, token manager use keyFunc like: `fmt.Sprintf("%q/%q/%#v", …
794e665 
…name, namespace, tr.Spec)`.

Since tr.Spec contains point fields, new token request would not reuse
the cache at all.  This patch fix this, also adds unit test.

Signed-off-by: Mike Danese <mikedanese@google.com>
@mikedanese mikedanese force-pushed the token_controller_cachekey_fix branch from a329709 to 794e665 Compare September 6, 2018 16:04
@mikedanese
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 6, 2018
@awly
Copy link
Contributor

awly commented Sep 6, 2018

/lgtm

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: awly, mikedanese, WanLinghao

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mikedanese mikedanese added the priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. label Sep 6, 2018
@mikedanese
Copy link
Member

@WanLinghao I pushed a slight change since I want to get this into 1.12. You are preserved as the author. Thanks for finding this!

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 68119, 68191). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md.

@k8s-github-robot k8s-github-robot merged commit 4bb3712 into kubernetes:master Sep 6, 2018
@k8s-ci-robot
Copy link
Contributor

@WanLinghao: The following tests failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-integration 794e665 link /test pull-kubernetes-integration
pull-kubernetes-e2e-kops-aws 794e665 link /test pull-kubernetes-e2e-kops-aws
pull-kubernetes-local-e2e-containerized 794e665 link /test pull-kubernetes-local-e2e-containerized

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikedanese mikedanese mikedanese left review comments

@awly awly awly left review comments

Assignees

@awly awly

@mikedanese mikedanese

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note-none Denotes a PR that doesn't merit a release note. sig/node Categorizes an issue or PR as relevant to SIG Node. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.12
Development

Successfully merging this pull request may close these issues.
5 participants
@WanLinghao @mikedanese @awly @k8s-ci-robot @k8s-github-robot