New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server Side Strict Field Validation #105916
Server Side Strict Field Validation #105916
Conversation
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler.go
Outdated
Show resolved
Hide resolved
This PR may require API review. If so, when the changes are ready, complete the pre-review checklist and request an API review. Status of requested reviews is tracked in the API Review project. |
/triage accepted |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Writing tests now, but it's going pretty slowly. Will hopefully add a bunch more tomorrow. Probably wont address the converter
stuff until I've made it through all the tests. Feel free to hold off on reviewing until I've added more tests, but if you do want to take a look I made some changes the to jsonPatcher
in order to collect decoding errors that arise from the patch itself having invalid json, and started updating a few of the tests to be more inline with your testing comment.
e8b931a
to
dd91910
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've done a big pass based on previous feedback. In particular, I revamped the integration testing suite based on Jordan's previous comments. It caught a bunch of bugs.
I figured this would be a good time to check in and ask for a review especially around the testing strategy.
In parallel, I have a few isolated issues I'm working on, but I don't want this to block reviewing. These are mainly:
1. (fixed by unmarshalling directly into the object)kjson.UnmarshalStrict
doesn't seem to recognizing duplicate fields when unmarshalling into an unstructured object. I need to dig into this further.
2. I still need to implement full field path collection to the converter (and pruning) so that the errors reported contain the full path to the field (i.e (Done)/spec/unknownField
rather than just unknownField
)
3. The SMP/warn test case is not returning the full list of unknown fields. I need to dig into this further.(Fixed via the new converter implementation)
Also, I've cordoned off the benchmark tests for now. Still working on them, but the ones I had I think lost their utility and were hard to maintain as I was rapidly iterating on the tests. I will rewrite them once the test suite gets reviewed and is a little more stable.
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler.go
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All feedback addressed, benchstats still look good (ignore case is completely inert, but slightly more allocs in the strict case than before):
Ignore
name old time/op new time/op delta
FromUnstructuredWithValidation/Ignore-16 149µs ± 1% 148µs ± 1% ~ (p=0.222 n=5+5)
name old alloc/op new alloc/op delta
FromUnstructuredWithValidation/Ignore-16 26.8kB ± 0% 26.8kB ± 0% ~ (p=0.524 n=5+5)
name old allocs/op new allocs/op delta
FromUnstructuredWithValidation/Ignore-16 641 ± 0% 641 ± 0% ~ (all equal)
Strict
name old time/op new time/op delta
FromUnstructuredWithValidation/Strict-16 149µs ± 1% 167µs ± 1% +11.87% (p=0.008 n=5+5)
name old alloc/op new alloc/op delta
FromUnstructuredWithValidation/Strict-16 26.8kB ± 0% 33.5kB ± 0% +25.00% (p=0.008 n=5+5)
name old allocs/op new allocs/op delta
FromUnstructuredWithValidation/Strict-16 641 ± 0% 745 ± 0% +16.22% (p=0.008 n=5+5)
c6d7e04
to
be7e61d
Compare
// alpha: v1.23 | ||
// | ||
// Enables server-side field validation. | ||
StrictFieldValidation featuregate.Feature = "StrictFieldValidation" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: would ServerSideFieldValidation
be a better name, since the feature enables warnings in addition to strict handling? should be an easy find/replace if so
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yea I agree, done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
follow up with a PR updating the KEP and a PR updating website docs
staging/src/k8s.io/apimachinery/pkg/runtime/serializer/recognizer/recognizer.go
Show resolved
Hide resolved
staging/src/k8s.io/apimachinery/pkg/runtime/serializer/versioning/versioning.go
Show resolved
Hide resolved
staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/schema/pruning/algorithm.go
Show resolved
Hide resolved
staging/src/k8s.io/apimachinery/pkg/runtime/serializer/json/json.go
Outdated
Show resolved
Hide resolved
be7e61d
to
a46c5f9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all feedback addressed
// alpha: v1.23 | ||
// | ||
// Enables server-side field validation. | ||
StrictFieldValidation featuregate.Feature = "StrictFieldValidation" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yea I agree, done
staging/src/k8s.io/apimachinery/pkg/runtime/serializer/recognizer/recognizer.go
Show resolved
Hide resolved
staging/src/k8s.io/apimachinery/pkg/runtime/serializer/versioning/versioning.go
Show resolved
Hide resolved
a46c5f9
to
8cd4bf0
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kevindelgado, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
8cd4bf0
to
bea263b
Compare
/lgtm |
@kevindelgado: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Implements server side field validation behind the `ServerSideFieldValidation` feature gate. With the feature enabled, any create/update/patch request with the `fieldValidation` query param set to "Strict" will error if the object in the request body have unknown fields. A value of "Warn" (also the default when the feautre is enabled) will succeed the request with a warning. When the feature is disabled (or the query param has a value of "Ignore"), the request will succeed as it previously had with no indications of any unknown or duplicate fields.
bea263b
to
e50e2bb
Compare
/lgtm |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Performs strict server side schema validation via the
fieldValidation=[Strict,Warn,Ignore]
query parameter.It introduces the
fieldValidation
query parameter that when set toStrict
causes requests to error when unknown fields are present, when set toWarn
succeeds the request but returns a warning, and when set toIgnore
it ignores unknown fields.For create/update requests, we use strict json unmarshalling to determine the unknown fields and error/warn based on those fields.
For JSON Patch requests (i.e. CRDs), we use the prune mechanism in the customresource handler to resolve any unknown fields.
For SMP Patch request, we use the the unstructured converter to resolve unknown fields.
Apply Patch requests already require strict schemas and will error on unknown fields.
Which issue(s) this PR fixes:
First step in solving #39434 and #5889
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
KEP-2885