You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Follow-up from #193.
During review of the NRI synchronize fail-closed changes, we noted that rebuilding runtime state into a completed temporary data structure and then replacing the live state atomically is the safer pattern. Incrementally updating live state during synchronization can leave partially rebuilt state visible if an error occurs halfway through.
This issue tracks auditing the NRI synchronization and related state rebuild paths to make sure this pattern is used consistently.
Scope:
Review Synchronize and related NRI state reconstruction paths.
Check whether podConfigStore, claimTracker, and other shared state are only replaced after successful reconstruction.
Avoid exposing partially rebuilt state on parse, validation, or runtime errors.
Add or adjust tests where useful to cover fail-closed behavior.
This is not a regression from Fail closed during NRI synchronize #193; it is follow-up hardening for a future release.
Follow-up from #193.
During review of the NRI synchronize fail-closed changes, we noted that rebuilding runtime state into a completed temporary data structure and then replacing the live state atomically is the safer pattern. Incrementally updating live state during synchronization can leave partially rebuilt state visible if an error occurs halfway through.
This issue tracks auditing the NRI synchronization and related state rebuild paths to make sure this pattern is used consistently.
Scope:
Synchronizeand related NRI state reconstruction paths.podConfigStore,claimTracker, and other shared state are only replaced after successful reconstruction.
This is not a regression from Fail closed during NRI synchronize #193; it is follow-up hardening for a future release.