Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 pointer checks if user doesn't specify CASecret #253

Merged
merged 1 commit into from
Jun 3, 2024
Merged

🐛 pointer checks if user doesn't specify CASecret #253

merged 1 commit into from
Jun 3, 2024

Conversation

faiq
Copy link
Contributor

@faiq faiq commented Jun 3, 2024

What this PR does / why we need it:

This PR fixes a nil pointer panic if a user does not specify CASecretRef in TLSConfig.

I0603 14:53:15.290968       1 controller.go:115] "Observed a panic in reconciler: runtime error: invalid memory address or nil pointer dereference" controller="helmchartproxy" controllerGroup="addons.cluster.x-k8s.io" controllerKind="HelmChartProxy" HelmChartProxy="default/```" namespace="default" name="node-feature-discovery-docker-cluster-cilium-helm-addon5" reconcileID="8498516d-cf78-49bb-bf2a-0ee6b355f62e"
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
	panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x20d81cd]

goroutine 268 [running]:
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1()
	sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:116 +0x1e5
panic({0x24a6b00?, 0x4314de0?})
	runtime/panic.go:914 +0x21f
sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy.constructHelmReleaseProxy(0x0, 0xc00088e900, {0xc0004d8d20, 0x1c5}, 0xc000aaf460)
	sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy/helmchartproxy_controller_phases.go:242 +0x84d
sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy.(*HelmChartProxyReconciler).createOrUpdateHelmReleaseProxy(0xc0002a6690, {0x2ce2120, 0xc000ae4870}, 0x0, 0x12?, 0xc000bcf460, {0xc0004d8d20, 0x1c5})
	sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy/helmchartproxy_controller_phases.go:144 +0xb3
sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy.(*HelmChartProxyReconciler).reconcileForCluster(_, {_, _}, _, {{{0x21f74a1, 0x7}, {0xc000a16078, 0x18}}, {{0xc0005c1140, 0x21}, ...}, ...})
	sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy/helmchartproxy_controller_phases.go:98 +0x71e
sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy.(*HelmChartProxyReconciler).reconcileNormal(0x28edbe7?, {0x2ce2120, 0xc000ae4870}, 0xc00088e900, {0xc000a3a9c0, 0x1, 0x1}, {0x43ad560, 0x0, 0x0})
	sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy/helmchartproxy_controller.go:221 +0x2f8
sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy.(*HelmChartProxyReconciler).Reconcile(0xc0002a6690, {0x2ce2120?, 0xc000ae4870}, {{{0xc0000bd4a0, 0x7}, {0xc000a966c0, 0x38}}})
	sigs.k8s.io/cluster-api-addon-provider-helm/controllers/helmchartproxy/helmchartproxy_controller.go:188 +0x106c
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x2ce8638?, {0x2ce2120?, 0xc000ae4870?}, {{{0xc0000bd4a0?, 0xb?}, {0xc000a966c0?, 0x0?}}})
	sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119 +0xb7
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0005f20a0, {0x2ce2158, 0xc000979c20}, {0x25e5020?, 0xc0007dafe0?})
	sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:316 +0x3cc
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0005f20a0, {0x2ce2158, 0xc000979c20})
	sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266 +0x1af
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
	sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227 +0x79
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2 in goroutine 178
	sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:223 +0x565

This is the yaml that is giving the issue.

$ k get hcp node-feature-discovery-docker-cluster-cilium-helm-addon5 -o yaml
apiVersion: addons.cluster.x-k8s.io/v1alpha1
kind: HelmChartProxy
metadata:
  creationTimestamp: "2024-06-03T14:52:58Z"
  finalizers:
  - helmchartproxy.addons.cluster.x-k8s.io
  generation: 1
  name: node-feature-discovery-docker-cluster-cilium-helm-addon5
  namespace: default
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta1
    kind: Cluster
    name: docker-cluster-cilium-helm-addon5
    uid: ef487087-bf8a-44d1-8286-a05174cd8ecb
  resourceVersion: "2551"
  uid: 9bd0db75-96b2-43ed-b628-3460f60afae2
spec:
  chartName: node-feature-discovery
  clusterSelector:
    matchLabels:
      cluster.x-k8s.io/cluster-name: docker-cluster-cilium-helm-addon5
  namespace: node-feature-discovery
  options:
    enableClientCache: false
    install:
      createNamespace: true
    timeout: 10m0s
    upgrade:
      maxHistory: 10
  releaseName: node-feature-discovery
  repoURL: oci://mindthegap.default.svc/charts
  tlsConfig:
    insecureSkipTLSVerify: true

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 3, 2024
@k8s-ci-robot k8s-ci-robot requested review from Jont828 and mboersma June 3, 2024 14:58
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jun 3, 2024
@faiq faiq changed the title fix: pointer checks if user doesn't specify CASecret 🐛 pointer checks if user doesn't specify CASecret Jun 3, 2024
@mboersma
Copy link
Contributor

mboersma commented Jun 3, 2024
edited
Loading

@faiq thanks for contributing this! Do you think it's related to the bug just fixed in #252?

It's probably a good idea to add these nil checks regardless. Could you add a unit test case to helmreleaseproxy_controller_test.go that triggers this panic so we know this fixes it and CAAPH doesn't regress?

cluster-api-addon-provider-helm/controllers/helmreleaseproxy/helmreleaseproxy_controller_test.go

Line 320 in a95e8c5

func TestReconcileNormalWithCredentialRef(t *testing.T) {

@faiq faiq force-pushed the fix-null-ptr-checks branch from cf38341 to 95c7f9f Compare June 3, 2024 19:16
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jun 3, 2024
@faiq
Copy link
Contributor Author

faiq commented Jun 3, 2024

@mboersma

I added a case in controllers/helmchartproxy/helmchartproxy_controller_phases_test.go that highlights the issue.

I tried to add a case in helmreleaseproxy_controller_test.go but I was not able to figure out how to do.

@faiq faiq force-pushed the fix-null-ptr-checks branch from 95c7f9f to 1c89844 Compare June 3, 2024 19:54
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 3, 2024
@faiq faiq force-pushed the fix-null-ptr-checks branch from 1c89844 to 2654670 Compare June 3, 2024 19:55
@faiq
Copy link
Contributor Author

faiq commented Jun 3, 2024

@mboersma i spoke too soon.

i also added another case for the helmrelease controller. both of these tests panic on main.

@faiq faiq force-pushed the fix-null-ptr-checks branch from 2654670 to f801efc Compare June 3, 2024 20:45
mboersma
mboersma approved these changes Jun 3, 2024
View reviewed changes
Copy link
Contributor

@mboersma mboersma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

Thanks @faiq!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 3, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: faiq, mboersma

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 3, 2024
@k8s-ci-robot k8s-ci-robot merged commit 681ddfa into kubernetes-sigs:main Jun 3, 2024
13 checks passed
@supershal supershal mentioned this pull request Jun 12, 2024
Merged
faiq added a commit to nutanix-cloud-native/cluster-api-runtime-extensions-nutanix that referenced this pull request Jun 12, 2024
@faiq
feat: bumps caaph to 0.2.4 (#718)
5cdac0b 
**What problem does this PR solve?**:
Upgrade CAAPH to 0.2.4
This release includes fixes needed for supporting CAAPH in airgap
environment.

🌱 Use upstream cluster RESTConfig utility by @jimmidyson in
kubernetes-sigs/cluster-api-addon-provider-helm#248
🐛 Fix OCI client configuration logic by @jimmidyson in
kubernetes-sigs/cluster-api-addon-provider-helm#252
🐛 pointer checks if user doesn't specify CASecret by @faiq in
kubernetes-sigs/cluster-api-addon-provider-helm#253
**Which issue(s) this PR fixes**:
Fixes #

**How Has This Been Tested?**:
<!--
Please describe the tests that you ran to verify your changes.
Provide output from the tests and any manual steps needed to replicate
the tests.
-->

**Special notes for your reviewer**:
<!--
Use this to provide any additional information to the reviewers.
This may include:
- Best way to review the PR.
- Where the author wants the most review attention on.
- etc.
-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mboersma mboersma mboersma approved these changes

@Jont828 Jont828 Awaiting requested review from Jont828

Assignees

@mboersma mboersma

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@faiq @mboersma @k8s-ci-robot