Skip to content

Permission claim fixes / cleanups #1745

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 15, 2022
Merged

Permission claim fixes / cleanups #1745

merged 3 commits into from
Aug 15, 2022

Conversation

sttts
Copy link
Member

@sttts sttts commented Aug 15, 2022

@openshift-ci openshift-ci bot requested review from ncdc and shawn-hurley August 15, 2022 14:59
@openshift-ci openshift-ci bot added the kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API label Aug 15, 2022
shawn-hurley
shawn-hurley reviewed Aug 15, 2022
View reviewed changes
Copy link

@shawn-hurley shawn-hurley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a couple of questions for myself to understand.

pkg/admission/permissionclaims/mutating_permission_claims.go
for k, v := range expectedLabels {
if labels == nil {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do this inside the loop instead of at line 96?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because only here it is needed

pkg/admission/permissionclaims/mutating_permission_claims.go
u.SetLabels(labels)

return nil

}

func (m *mutatingPermissionClaims) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error {
if a.GetSubresource() != "" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it always the case that we don't want to validate the labels the subresource?

I am unaware of a subresource that will let you change metadata, but I thought I would ask.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as admission is best effort in our case this should be safe, even if some day some other subresource is added that allows it (I doubt it).

ncdc
ncdc reviewed Aug 15, 2022
View reviewed changes
pkg/admission/permissionclaims/mutating_permission_claims.go
labels[k] = v
}

u.SetLabels(labels)

return nil

}

func (m *mutatingPermissionClaims) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty sure we can remove this function entirely, given that Admit sets everything we're validating here. Right?

sttts
sttts commented Aug 15, 2022
View reviewed changes
pkg/reconciler/apis/permissionclaimlabel/permissionclaimlabel_resource_reconcile.go
labels := obj.GetLabels()
if labels == nil {
labels = make(map[string]string)
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

background for this commit: it is not good to depend on nil-vs-empty behaviour of LabelsFor.

@shawn-hurley
Copy link

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 15, 2022
@sttts
Copy link
Member Author

sttts commented Aug 15, 2022

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 15, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 15, 2022
@openshift-merge-robot openshift-merge-robot merged commit 137c9c5 into kcp-dev:main Aug 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncdc ncdc ncdc left review comments

@shawn-hurley shawn-hurley shawn-hurley left review comments

Assignees

@shawn-hurley shawn-hurley

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sttts @shawn-hurley @ncdc @openshift-merge-robot