Skip to content

validate name is set #996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-bot merged 1 commit into from
Feb 19, 2015
Merged

validate name is set #996

openshift-bot merged 1 commit into from
Feb 19, 2015

Conversation

@pweil-
Copy link

@pweil- pweil- commented Feb 12, 2015

Validate a name is set on the route and add a test case for all route.* field validation (excludes tls, there are separate test cases for those scenarios).

@pweil- pweil- force-pushed the route-validate-name branch 3 times, most recently from a7b8f3a to 32679e4 Compare February 12, 2015 21:39
smarterclayton
smarterclayton reviewed Feb 12, 2015
View reviewed changes
test/templates/fixtures/guestbook.json Outdated
Copy link
Contributor

@smarterclayton smarterclayton Feb 12, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whitespace is off

@pweil- pweil- force-pushed the route-validate-name branch from 32679e4 to ab63b47 Compare February 13, 2015 14:05
@pweil-
Copy link
Author

pweil- commented Feb 13, 2015

Updated to use upstream validation method. I reused ValidateServiceName as the name validation function. If there is a more appropriate func (ValidatePodName, ValidateReplicationControllerName, or ValidateNodeName) or if we should create our own specifically for routes then say the word and it shall be so.

@pweil- pweil- force-pushed the route-validate-name branch from ab63b47 to bcee02b Compare February 13, 2015 14:27
@smarterclayton
Copy link
Contributor

smarterclayton commented Feb 13, 2015

it depends on how we're fixing the unique name problem.

@pweil-
Copy link
Author

pweil- commented Feb 13, 2015

The unique host name (different from route meta name) issue has been a bit tricky. In order to validate the uniqueness of a host we need access to storage and do a query using the all namespace. However, accessing storage from within validation (ie. passing the registry) creates a circular dependency.

So right now my thinking is that it belongs closer to REST which is where validation is called anyway. In terms of actual implementation I am thinking I will get all the routes and iterate through them validating that:

  1. You cannot create the same host in two different namespaces
  2. There can only be 2 routes with the same host. Of those two routes, one must be unsecure and the other must have a tls termination definition.

@smarterclayton
Copy link
Contributor

smarterclayton commented Feb 13, 2015

I think we really can move this problem to router binding. That is the only way the check will scale anyway. The act of binding is a reservation process that can succeed or fail. It's really not different than pod binding.

On Feb 13, 2015, at 9:38 AM, Paul [email protected] wrote:

The unique host name (different from route meta name) issue has been a bit tricky. In order to validate the uniqueness of a host we need access to storage and do a query using the all namespace. However, accessing storage from within validation (ie. passing the registry) creates a circular dependency.

So right now my thinking is that it belongs closer to REST which is where validation is called anyway. In terms of actual implementation I am thinking I will get all the routes and iterate through them validating that:

You cannot create the same host in two different namespaces
There can only be 2 routes with the same host. Of those two routes, one must be unsecure and the other must have a tls termination definition.

Reply to this email directly or view it on GitHub.

@pweil-
Copy link
Author

pweil- commented Feb 13, 2015

Interesting, I gave that some thought but abandoned it to allow create-time failure. I can add a status to the route which would be good anyway. I'll head that direction.

@smarterclayton
Copy link
Contributor

smarterclayton commented Feb 13, 2015

You can definitely throw out any name that can't be DNS. Name uniqueness within a namespace is then checked by the save. But the fact that someone might want multiple dns names, or we want to limit to only the first one to register, or want to change those on the fly (create/recreate route?) is really a different use case.

----- Original Message -----

Interesting, I gave that some thought but abandoned it to allow create-time
failure. I can add a status to the route which would be good anyway. I'll
head that direction.

Reply to this email directly or view it on GitHub:
#996 (comment)

@pweil-
Copy link
Author

pweil- commented Feb 13, 2015

To be clear since we're talking about 2 things on this PR:

  1. This PR is specifically to address the issue of not requiring ObjectMeta.Name to be set. The upstream function ValidateObjectMeta requires a name validation function to be passed. I chose to reuse an existing function that is used for service names.
  2. What we're discussing in this thread now is about validation of the Host field on a route. I will add a DNS validation to the field at create time and add a bind time validation for Host uniqueness. Uniqueness is defined as no more than 1 secure and 1 unsecure version of that Host. Having multiple Hosts for a service is currently possible by using multiple routes but that can also be improved by making Host a slice if we want.

@pweil-
Copy link
Author

pweil- commented Feb 16, 2015

Summary of recent discussion:

Definitions

Host: the dns name of the route like www.example.com
Name: the resource name of the route object withing the OpenShift system

Route Summary

  1. Route that simply asks for a Host to be assigned. The generated Host would include the namespace
  2. Route request when the customer already has a domain they would like to use as the Host

Route Characteristics

  1. Route hosts are not guaranteed to be unique
  2. Secure and unsecure versions of the same route utilize the same host
  3. Applications performing a no-downtime blue/green deployment will want the same route to exist multiple times
  4. Route hosts should be unique across router shards
  5. Uniqueness still allows for secure/non-secure versions of the same route to exist in the same shard
  6. In the sharded environment the first route to hit the shard reserves the right to exist there indefinitely. Even across restarts
  7. Routes should be parkable
  8. There are a couple of ways this can be done: commands or pointing to an empty service
  9. A parked route still exists in the system and should be able to display an informational message/page
  10. Routes do not need a Host to be defined, users should be able to add the information late

Route Permissions

  1. In the course of determining uniqueness of routes it must be easily grokable to an administrator when a route Host is already taken within a shard or exists elsewhere in the system.
  2. It is a valid use case for the same route to exist across multiple projects in the case of a blue/green deployment. Permissions must be flexible enough to support this or the creation of a route must be verbose enough to communicate potential issues.

API TODOs

  1. Route bindings
  2. Adding a createdAt date/time to a resource to allow ordering

Open Items To Be Addressed in This PR

  1. Remove the host requirement on a route. Routes with no hosts are already skipped by the template, this is a validation update
  2. Add DNS validation to the Host field if it exists
  3. The Name validation does not need to use kval.ValidateServiceName (but is still a required field)

@pweil- pweil- force-pushed the route-validate-name branch from bcee02b to 537b777 Compare February 17, 2015 15:42
@pweil-
Copy link
Author

pweil- commented Feb 17, 2015

I have updated this PR to reflect the open items we discussed above.

  1. Host is no longer required.
  2. If it is set it will be validated with upstream's IsDNSSubdomain
  3. ObjectMeta is validated with upstream's ValidateObjectMeta. The name function required is an always true placeholder since there are no special requirements (as opposed to reusing the pod/service/etc func that already exist)
  4. Unit tests have been updated to reflect the new validations

@pweil- pweil- force-pushed the route-validate-name branch from 537b777 to 23a06cc Compare February 17, 2015 15:45
@smarterclayton
Copy link
Contributor

smarterclayton commented Feb 18, 2015

You should use pod name as the name for routes.

@pweil- pweil- force-pushed the route-validate-name branch from 23a06cc to 68f1bf5 Compare February 18, 2015 14:55
@pweil-
Copy link
Author

pweil- commented Feb 18, 2015

updated to use the upstream ValidatePodName function in ValidateObjectMeta

@smarterclayton
Copy link
Contributor

smarterclayton commented Feb 19, 2015

LGTM [merge]

@openshift-bot
Copy link
Contributor

openshift-bot commented Feb 19, 2015

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_openshift3/969/) (Image: devenv-fedora_839)

@openshift-bot
Copy link
Contributor

openshift-bot commented Feb 19, 2015

Evaluated for origin up to 68f1bf5

openshift-bot pushed a commit that referenced this pull request Feb 19, 2015
Merge pull request #996 from pweil-/route-validate-name
e966f79 
Merged by openshift-bot
@openshift-bot openshift-bot merged commit e966f79 into openshift:master Feb 19, 2015
jpeeler pushed a commit to jpeeler/origin that referenced this pull request Aug 10, 2017
Squashed 'cmd/service-catalog/go/src/github.com/kubernetes-incubator/…
099429c 
…service-catalog/' changes from 568a7b9..8f07b7b

8f07b7b origin: add required patches
ee57bfb Cleanup of ups broker example + making controller follow the OSB API (openshift#807)
45a11ed Revert "Rename our resources to have ServiceCatalog prefix (openshift#1054)" (openshift#1061)
4e47ec1 Rename our resources to have ServiceCatalog prefix (openshift#1054)
2bb334a Rebase on 1.7 API machinery (openshift#944)
5780b59 Run broker reconciler when spec is changed. (openshift#1026)
9c22d04 Merge branch 'pr/1006'
d077915 check number of expected events before dereferencing to avoid panic (openshift#1052)
90d615f Merge branch 'pr/1055'
bb6d6d8 fix log output to use formatted output (openshift#1056)
c7abc81 Adding examples to the README
ccc93c9 Remove different-org rule for LGTM (openshift#1050)
be04cd5 Allow for a period in the GUID of the External ID (openshift#1034)
8c246df Make it so that binding.spec.secretName defaults to binding name (openshift#851)
6745418 Bump OSB Client (openshift#1049)
8346a0d apiserver etcd healthcheck as suggested to address k/k#48215 (openshift#1039)
11d0d4a use GKE's latest 1.6.X cluster version for Jenkins (openshift#1036)
7d71b5b Cross-build all the things!
8ec0874 RBAC setup behind the aggregator. (openshift#936)
0864a2e Upsert retry loop for Secret, set/check ownerReference for Secret owned by Binding (openshift#979)
6be9886 add info about weekly calls (openshift#1027)
a242b26 add OSB API Header version flag (openshift#1014)
66e2ce6 Update REVIEWING doc with changes to LGTM process (openshift#1016)
699e016 Writing the returned progress description from the broker (openshift#998)
02642f4 Adding target to test on the host (openshift#1020)
78ca572 v0.0.13 (openshift#1024)
9e79ec2 use GKE's default K8S version for Jenkins (openshift#1023)
d3c915a Fix curl on API server start error (openshift#1015)
b50be75 Merge branch 'pr/1013'
2c98ba1 Using tag URLs
687f091 Parameterizing the priority fields
34ed5cd update apiregistration yaml to v1.7 final (openshift#1011)
91fa1ad make e2e look for pods' existence before checking status (openshift#1012)
0f90705 explicitly disable leader election if it is not enabled (openshift#965)
f5761e7 controller-manager health checks (openshift#694)
da260f2 Add logging for normal Unbind errors (openshift#992)
4c916a5 make the apiserver test use tls (openshift#991)
1a62ecc refactor reconcileBroker (openshift#986)
cc179bc Add logging for normal Bind errors (openshift#993)
a1458dd add parameterization for user-broker image to e2e tests (openshift#995)
fb15891 Bump OSB client (openshift#1000)
79d5206 v0.0.12 (openshift#996)
39c7407 Merge branch 'pr/975'
a553b2d Merge branch 'pr/974'
d573339 reconcileBinding error checking (openshift#973)
39a1061 Making events and actions checks generic (openshift#960)
73136a4 Bump osb client (openshift#971)
878a987 reconcileInstance error checking in unit-tests
4991d57  reconcileBroker error checking in unit-tests
9ed6812 Extract methods for binding test setup (openshift#961)
b69a1ee Make ups-broker return valid unbind response (openshift#964)
8b37d2f Releasing 0.0.11 (openshift#962)
52fec8b Merge branch 'pr/954'
d49cdeb Swap client
445fa71 Add dependency on pmorie/go-open-service-broker-client
9f743b2 Instructions for enabling API Aggregation (openshift#895)
512508d Use correct infof calls in controller_manager (openshift#950)
77943ba fix regex that determines if a tag is deployable (openshift#947)
8a226b8 Updates for v0.0.10 release (openshift#943)
REVERT: 568a7b9 origin build: add origin tooling

git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog
git-subtree-split: 8f07b7bbf3acb2b557f23596a92b5e775ae9321c
jpeeler pushed a commit to jpeeler/origin that referenced this pull request Feb 1, 2018
v0.0.12 (openshift#996)
79d5206 
Signed-off-by: Doug Davis <[email protected]>
sjenning pushed a commit to sjenning/origin that referenced this pull request Jul 30, 2018
@derekwaynecarr
Merge pull request openshift#996 from tnozicka/backport-statefulset-r…
7b2ff73 
…eport-event-on-pod-recreate-enterprise-3.8

[3.8] UPSTREAM: 55316: Make StatefulSet report an event when recreating failed pod
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pweil- @smarterclayton @openshift-bot