-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cleanup resolved object before validating through dry-run #8051
Cleanup resolved object before validating through dry-run #8051
Conversation
Skipping CI for Draft Pull Request. |
The following is the coverage report on the affected files.
|
cc @JeromeJu @chitrangpatel |
The following is the coverage report on the affected files.
|
This ensure that we are not going to fail during validation with dry-run. An example of such a failure would be the following scenario. - A task in a namespace has `ownerReferences` with `blockOwnerDeletion: true` - A user uses the `cluster` resolver to fetch that task - That user doesn't have a lot of rights in that namespace (only listing Tasks for example). /kind bug Signed-off-by: Vincent Demeester <[email protected]>
1418fb3
to
69a6b8d
Compare
The following is the coverage report on the affected files.
|
The following is the coverage report on the affected files.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there is another side to this as well. But that could be a separate PR.
Right now, we only use dryRun to Validate. If users have mutating admission webhooks on the cluster then when we do the dryRun and validate, the mutations will happen before the validation. However, we ignore the mutated object and only continue with the original runtime Object even though we have validated the mutated one. In practice, when we do the dryrun, we should return the mutated object in addition to the validation error so that we use the mutated object in the underlying spec.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chitrangpatel The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Ah that's a good point, we should probably track this into an issue. |
/cherry-pick v0.59.x |
@vdemeester: once the present PR merges, I will cherry-pick it on top of v0.59.x in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick v0.56.x |
@vdemeester: once the present PR merges, I will cherry-pick it on top of v0.56.x in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick v0.53.x |
@vdemeester: once the present PR merges, I will cherry-pick it on top of v0.53.x in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick v0.50.x |
@vdemeester: once the present PR merges, I will cherry-pick it on top of v0.50.x in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
@savitaashture: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
@jkandasa: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
@vdemeester: cannot checkout In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@vdemeester: cannot checkout In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@vdemeester: cannot checkout In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@vdemeester: cannot checkout In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-v0.59.x |
@vdemeester: #8051 failed to apply on top of branch "release-v0.59.x":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Arf… I'll have to manually cherry-pick.. |
Changes
This ensure that we are not going to fail during validation with
dry-run. An example of such a failure would be the following scenario.
ownerReferences
withblockOwnerDeletion: true
cluster
resolver to fetch that tasklisting Tasks for example).
/kind bug
Signed-off-by: Vincent Demeester [email protected]
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
/kind <type>
. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes