Throwing an exception in case the sum of weights is over uint32_t max value#10578
Conversation
… value Signed-off-by: Adi Suissa-Peleg <adip@google.com>
snowp
left a comment
snowp
left a comment
There was a problem hiding this comment.
Thanks this looks like a reasonable fix to me.
| uint64_t sum = 0; | ||
| for (const auto& host : hosts) { | ||
| sum += host->weight(); | ||
| if (sum > std::numeric_limits<uint32_t>::max()) { |
There was a problem hiding this comment.
This seems like a fine way to check for overflow (the other one I could think of would be if (sum + host->weight() >= sum) with sum being uint32_t).
Can you make sure both this and the other exception has coverage and if not add a unit test?
There was a problem hiding this comment.
Thanks @snowp !
I agree that we can check if sum is increasing, but I think the current option clarifies that we check for an overflow.
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
Added tests for the new exceptions |
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
snowp
left a comment
snowp
left a comment
There was a problem hiding this comment.
Thanks this looks good, just a comment on the error message
| sum += weight; | ||
| if (sum > std::numeric_limits<uint32_t>::max()) { | ||
| throw EnvoyException( | ||
| fmt::format("Load balancing locality weights has accumulated over its maximum value {}", |
There was a problem hiding this comment.
I think this error message could be a bit clearer: it might not be obvious to an operator that these weights are being accumulated. Maybe the message should be around the fact that the sum of locality weights within a priority causing overflow? Similar with host weights, though I'm not sure what the invariant is there (per locality? per priority?)
|
Also: @envoyproxy/api-shepherds is this something we'd want to be documenting on the protos? Or are we okay with this just failing validation if it happens? |
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
Changed the error messages according to: envoy/api/envoy/api/v2/endpoint/endpoint_components.proto Lines 93 to 101 in b5a3405 and envoy/api/envoy/api/v2/endpoint/endpoint_components.proto Lines 116 to 126 in b5a3405 |
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
@snowp it probably makes sense to document. We can't use PGV though, you'd need something like CEL to express cross-field constraints which we don't have today. @adisuissa can you ad a comment to https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/endpoint/endpoint_components.proto#L93 and https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/endpoint/endpoint_components.proto#L121 to make this explicit in the API docs? Thanks. |
Sure. |
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…pi_shadow) Signed-off-by: Adi Suissa-Peleg <adip@google.com>
|
/lgtm api |
|
/retest |
|
🔨 rebuilding |
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
…20200330 Signed-off-by: Adi Suissa-Peleg <adip@google.com>
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Please merge master so the v4alpha changes propagate.
…20200330 Signed-off-by: Adi Suissa-Peleg <adip@google.com>
merged latest master. |
4 participants
Verifying that the sum of weights in the configuration file isn't over uint32_t maximal value.
If the sum is overflowing, an exception is thrown.
Risk Level: Low
Testing: None
Fixes fuzz test: 5702999713513472
Signed-off-by: Adi Suissa-Peleg adip@google.com