*: Port from Update to Release for ClusterVersion status #419
Conversation
f8c787d to
3a84314
Compare
|
Pulling the WIP, because 3a84314 -> f666975 addresses the outstanding issues with populating the new Release properties. Review is probably most convenient via |
7eec1e2 to
0a0483a
Compare
The next/last Actual comparison avoids:
invalid operation: next.Actual == last.Actual (struct containing []string cannot be compared)
The image pullspec is sufficient for that matching. The test suite's
expected LastProgress changes are because the shift from:
{Version: "4.0.1", Image: "image/image:1"}
to:
{Version: "1.0.0-abc", Image: "image/image:1"}
no longer counts as a LastProgress-bumping change (because we're now
only comparing the Image pullspecs).
Also adjusts the upstream/Cincinnati retrieval and payload loading
logic to preserve the additional metadata that we're now exposing.
Storing a Release on the Operator, instead of extending the previous
releaseVersion/releaseImage pattern, makes it easy to keep track of
payload-loaded metadata, so we can fall-back to upstream metadata for
properties where the payload has no opinion, as described in the
enhancement.
In findUpdateFromConfigVersion, if some crazy upstream service
declared a node with a matching version but no image, we used to say
"sorry, no match" without looking through history. Now we skip the
useless entry and move on to consider later entries and history. We
only say "no match" if we have no image pullspec associated with the
requested version available.
| releaseVersion string | ||
| // release is the release the current operator points to and | ||
| // metadata read from the release image. It allows templating of | ||
| // the CVO deployment manifest. |
There was a problem hiding this comment.
This comment does not communicate properly about release API. We should reword this or we can remove the comment all together. Also we can fix this later after this PR merges.
There was a problem hiding this comment.
This is internal state not directly related to external APIs. Rewording suggestions?
| // mergeReleaseMetadata returns a deep copy of the input release. | ||
| // Values from any matching availableUpdates release are used as | ||
| // fallbacks for any properties not defined in the input release. | ||
| func (optr *Operator) mergeReleaseMetadata(release configv1.Release) configv1.Release { |
There was a problem hiding this comment.
I would have named this as updateReleaseMetadata() but we can handle this in another PR.
There was a problem hiding this comment.
It doesn't update in place, it returns a new object merging data from two sources
The commit diff is also verbose and hard to understand. I'd like to explain my motivation behind the fiddly bits. Did you have specific sections which need rewording? |
|
Is that pivot obvious without an explanation? Or is the explanation unclear? |
It is just hard to understand the context and why the text is there. |
|
Context is changes like this, which you should be able to find in the diff by searching for the mentioned |
I still cannot understand why this needs to go to the commit message. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: LalatenduMohanty, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
So in a year when we reroll this, we remember the motivation ;) |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
e2e had som Prom issues. /retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
If, for example, the configured ClusterVersion spec.upstream advertised a given image as 4.0.1, but the version baked into the release's own metadata was 1.0.0-abc, report VerifyPayloadVersionFailed and continue to apply the previous release image, instead of optimistically moving on to apply the new release image. This protects users from compromised or man-in-the-middled upstreams who attempt downgrade and similar attacks by misrepresenting a recommended update. Addressing a FIXME from 58356de (*: Port from Update to Release for ClusterVersion status, 2020-07-24, openshift#419).
| } else if payloadUpdate.Release.Version != work.Desired.Version { | ||
| err = fmt.Errorf("release image version %s does not match the expected upstream version %s", payloadUpdate.Release.Version, work.Desired.Version) | ||
| w.eventRecorder.Eventf(cvoObjectRef, corev1.EventTypeWarning, "VerifyPayloadVersionFailed", "verifying payload failed version=%q image=%q failure=%v", work.Desired.Version, work.Desired.Image, err) | ||
| /* FIXME: Ignore for now. I will make this fatal in a follow-up pivot |
There was a problem hiding this comment.
I've opened #431 to address this.
If, for example, the configured ClusterVersion spec.upstream advertised a given image as 4.0.1, but the version baked into the release's own metadata was 1.0.0-abc, report VerifyPayloadVersionFailed and continue to apply the previous release image, instead of optimistically moving on to apply the new release image. This protects users from compromised or man-in-the-middled upstreams who attempt downgrade and similar attacks by misrepresenting a recommended update. Addressing a FIXME from 58356de (*: Port from Update to Release for ClusterVersion status, 2020-07-24, openshift#419).
Typo is from 58356de (*: Port from Update to Release for ClusterVersion status, 2020-07-24, openshift#419).
Bump dependencies to pull in openshift/api#521, and then port our status code to use the new
Releasetype.This is mostly mechanical, except for the next/last
Actualcomparison, where I had to avoid:now that
Releasehas a slice of channels. Now I'm comparing onlyImage, which is sufficient for "is this a different target?". The test suite's expectedLastProgresschanges are because the shift from:{Version: "4.0.1", Image: "image/image:1"}to:
{Version: "1.0.0-abc", Image: "image/image:1"}no longer counts as a
LastProgress-bumping change, because theImageremains unchanged.WIP because I still have some FIXMEs in there about populating the new
Releaseproperties.