Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for validation on AzureName and ResourceGroup immutability #2260

Merged
merged 23 commits into from
May 9, 2022
Merged

Add support for validation on AzureName and ResourceGroup immutability #2260

merged 23 commits into from
May 9, 2022

Conversation

super-harsh
Copy link
Collaborator

@super-harsh super-harsh commented May 3, 2022
edited
Loading

Closes #2134

What this PR does / why we need it:

We had an issue where changing AzureName and Resource groups would abandon the old resource and creates a new one. Which is solved using validation web-hook on UPDATE for immutable fields in this PR.

This PR includes:

  • Validation for AzureName immutability
  • Validation for Resource Group immutability
  • Helper method to handle more immutable fields in future
  • Edge case test for AzureName and ResourceGroup

Porges
Porges requested changes May 3, 2022
View reviewed changes
Copy link
Member

@Porges Porges left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment

@codecov-commenter
Copy link

codecov-commenter commented May 3, 2022
edited
Loading

Codecov Report

Merging #2260 (3794d9e) into main (de18cf8) will increase coverage by 0.04%.
The diff coverage is 23.49%.

@@            Coverage Diff             @@
##             main    #2260      +/-   ##
==========================================
+ Coverage   53.11%   53.15%   +0.04%     
==========================================
  Files         808      809       +1     
  Lines      248049   248769     +720     
==========================================
+ Hits       131744   132238     +494     
- Misses      97525    97700     +175     
- Partials    18780    18831      +51
Impacted Files Coverage Δ
...ha1api20200801preview/role_assignment_types_gen.go 26.82% <0.00%> (-0.31%) ⬇️
...v1beta20200801preview/role_assignment_types_gen.go 52.82% <0.00%> (-0.61%) ⬇️
...tch/v1alpha1api20210101/batch_account_types_gen.go 40.18% <0.00%> (-0.16%) ⬇️
...pi/batch/v1beta20210101/batch_account_types_gen.go 54.08% <0.00%> (-0.21%) ⬇️
...alpha1api20201201/redis_firewall_rule_types_gen.go 22.64% <0.00%> (-0.37%) ⬇️
...alpha1api20201201/redis_linked_server_types_gen.go 26.64% <0.00%> (-0.38%) ⬇️
...lpha1api20201201/redis_patch_schedule_types_gen.go 32.14% <0.00%> (-0.37%) ⬇️
...2/api/cache/v1alpha1api20201201/redis_types_gen.go 40.66% <0.00%> (-0.20%) ⬇️
...api20210301/redis_enterprise_database_types_gen.go 41.45% <0.00%> (-0.28%) ⬇️
.../v1alpha1api20210301/redis_enterprise_types_gen.go 35.81% <0.00%> (-0.33%) ⬇️
... and 177 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update de18cf8...3794d9e. Read the comment docs.

matthchr
matthchr reviewed May 4, 2022
View reviewed changes
v2/internal/controllers/edge_case_test.go Outdated
newAzureName := "test123"
old := acct.DeepCopy()
acct.Spec.AzureName = newAzureName
tc.PatchAndExpectError(old, acct)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe instead of doing PatchAndExpectError we should just have a Patch that returns the error. Then you can actually assert that it has the right shape as well?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have Patch which expects error to be nil. Can make this one return error and then assert on if error is not nil

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Totally agree that's the right approach

theunrepentantgeek
theunrepentantgeek reviewed May 4, 2022
View reviewed changes
v2/pkg/genruntime/admissions.go Outdated
}

if oldObj.AzureName() != newObj.AzureName() {
errs = append(errs, errors.Errorf("updating 'AzureName()' is not allowed for '%s", oldObj.GetName()))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is AzureName written as though it's a method call?

Suggested change
errs = append(errs, errors.Errorf("updating 'AzureName()' is not allowed for '%s", oldObj.GetName()))
errs = append(errs, errors.Errorf("updating 'AzureName( is not allowed for '%s", oldObj.GetName()))

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, does oldObj.GetName() return a fully qualified GVK or only a partial name?

Copy link
Collaborator Author

@super-harsh super-harsh May 4, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the partial name.. Have also added added kind as well now. Or do you think GVK is better?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably dont need version as this error is for all versions always I think? But G + K is good.

...nal/codegen/testdata/ArmResource/Arm_oneof_resource_conversion_on_arm_type_only_azure.golden Outdated
}

// validateImmutableProperties validates all immutable properties
func (resource *FakeResource) validateImmutableProperties(old runtime.Object) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We suppress some pipeline stages for these golden tests as they focus on property structure and the functions are noise - perhaps validation should be suppressed too? #unsure

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have validateResourceReferences in the golden tests though

v2/pkg/genruntime/admissions.go Outdated
@@ -26,3 +28,22 @@ type Defaulter interface {
// CustomDefault performs custom defaults that are run in addition to the code generated defaults.
CustomDefault()
}

// ValidateImmutableProperties function validates the update on immutable properties.
func ValidateImmutableProperties(oldObj MetaObject, newObj MetaObject) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure "Immutable" is quite the right term for these properties, but I'm having trouble coming up with a reasonable alternative.

matthchr
matthchr approved these changes May 4, 2022
View reviewed changes
Copy link
Member

@matthchr matthchr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved but take a look at my test comments as I think there's 1 more test you should have.

theunrepentantgeek
theunrepentantgeek reviewed May 5, 2022
View reviewed changes
v2/tools/generator/internal/functions/kubernetes_admissions_validations.go Outdated
Comment on lines 99 to 101
ReceiverType: &dst.StarExpr{
X: receiverType,
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a helper function in astbuilder for this.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to use astbuilder.Deference

v2/tools/generator/internal/functions/kubernetes_admissions_validations.go
cast := astbuilder.TypeAssert(obj, dst.NewIdent("old"), astbuilder.Dereference(receiver.AsType(codeGenerationContext)))
checkAssert := astbuilder.ReturnIfNotOk(astbuilder.Nil())

returnStmt := astbuilder.Returns(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest configuring this to have a blank line before the return statement.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added!

@Porges
Copy link
Member

Porges commented May 8, 2022
edited
Loading

Somewhat fixes #1443, but we still need support for more (custom) fields there.

@super-harsh super-harsh merged commit 3264b31 into main May 9, 2022
@super-harsh super-harsh deleted the feature/immutability branch May 9, 2022 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theunrepentantgeek theunrepentantgeek theunrepentantgeek left review comments

@matthchr matthchr matthchr approved these changes

@Porges Porges Porges approved these changes

@davefellows davefellows Awaiting requested review from davefellows davefellows is a code owner

@babbageclunk babbageclunk Awaiting requested review from babbageclunk babbageclunk is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

We should have a webhook that rejects updates to AzureName
5 participants
@super-harsh @codecov-commenter @Porges @theunrepentantgeek @matthchr