Skip to content

🐛 Fix potential panic if ClusterResourceSetStrategy is not defined or incorrect #12096

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🐛 Fix potential panic if ClusterResourceSetStrategy is not defined or incorrect #12096

wants to merge 1 commit into from

Conversation

dmvolod
Copy link
Member

@dmvolod dmvolod commented Apr 15, 2025

What this PR does / why we need it:
This is small fix which prevents potential situation when resourceScope and error values could be nil simalteniously.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-area PR is missing an area label labels Apr 15, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign fabriziopandini for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Apr 15, 2025
@dmvolod
Copy link
Member Author

dmvolod commented Apr 15, 2025

/area clusterresourceset

@k8s-ci-robot k8s-ci-robot added area/clusterresourceset Issues or PRs related to clusterresourcesets and removed do-not-merge/needs-area PR is missing an area label labels Apr 15, 2025
chrischdi
chrischdi reviewed Apr 16, 2025
View reviewed changes
Copy link
Member

@chrischdi chrischdi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this PR make sense?

We have openapi validation to ensure it is either set to ApplyOnce or to Reconcile.

On top we have defaulting inside the webhook to default to ApplyOnce it it is not set.

or am I missing something here?

@dmvolod
Copy link
Member Author

dmvolod commented Apr 16, 2025

Does this PR make sense?

We have openapi validation to ensure it is either set to ApplyOnce or to Reconcile.

On top we have defaulting inside the webhook to default to ApplyOnce it it is not set.

or am I missing something here?

The answer: Yes and No. We have some specific installation, i.e. testing or embedded without web-hooks deployment and in this case, the operator will fails with panic instead of correct error message in the logs. For example MachineDeployment or ClusterResourceSet controllers will have correct error message if someone happens with defaults.

fabriziopandini
fabriziopandini reviewed Apr 17, 2025
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm neutral about this change, if other maintainers agree I don't mind considering it as defensive programming.

However IMO it is important to set expectations about the use case described in the sentence below:

We have some specific installation, i.e. testing or embedded without web-hooks deployment and in this case, the operator will fails with panic instead of correct error message in the logs. For example MachineDeployment or ClusterResourceSet controllers will have correct error message if someone happens with defaults.

As far as I'm aware of today CAPI is not providing any support for running controllers without web-hooks, and unless I'm mistaken, this was never discussed nor included in any roadmap.

That's means that If you are using CAPI controllers without web-hooks, you are doing this at your risk.

I would also add that IMO if other controllers don't have panic errors when used without web hooks it is just by chance, as well as I would expect other subtle and tricky errors to happen over time due to unexpected values being stored in etcd.

@dmvolod dmvolod force-pushed the fix-potential-panic-in-crs-scrope branch from 131dc07 to 56674b0 Compare April 17, 2025 10:16
@dmvolod dmvolod force-pushed the fix-potential-panic-in-crs-scrope branch from 56674b0 to 5dc69b6 Compare April 17, 2025 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrischdi chrischdi chrischdi left review comments

@fabriziopandini fabriziopandini fabriziopandini left review comments

@jackfrancis jackfrancis Awaiting requested review from jackfrancis

Assignees
No one assigned
Labels
area/clusterresourceset Issues or PRs related to clusterresourcesets cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dmvolod @k8s-ci-robot @chrischdi @fabriziopandini