⚠️ support delete validation in validator interface #525
Conversation
awesomenix
commented
Jul 18, 2019
awesomenix
commented
- Currently validator interface supports create and update
- Add support for delete as well, which could be a breaking change
- Users need to implement ValidateDelete since interface is updated
k8s-ci-robot
added
the
cncf-cla: yes
|
/assign @mengqiy |
k8s-ci-robot
added
the
size/L
|
@awesomenix I'd like to hear your use case more before we decide to make change to the interface. |
mengqiy
changed the title
|
For breaking change, we should use |
|
@mengqiy In our case we use annotations to validate deletes on certain resource so that none of the deletes are accidental. We used Validating Webhooks which support validating DELETE operations as well (this was easy to override in kubebuilder v1), hence requesting the same in v2 as well. In short making deletes of resources explicit rather than implicit, since we cant protect deletes with finalizers (once the resource is marked for deletion, it can never be recovered) BTW love the easy scaffolding of webhooks v2, way less code than the original |
|
I'm thinking if we should support CONNECT operation. Trying to find if there is a common use case for it. |
|
was thinking if we should add support for CONNECT as well, but wasnt sure of any use case. Honestly i do not know when it will be used, during resource get? |
|
@awesomenix It seems upstream doesn't support it yet. No objects will be in the |
Thanks for the reference. I see that 1.15 has the fix kubernetes/kubernetes#76346. Updating PR to reflect the same. |
There was a problem hiding this comment.
Mostly LG.
IMO we should add some logging showing if a type has implemented the Defaulter and Validator interface in builder package
controller-runtime/pkg/builder/webhook.go
Lines 97 to 132 in 8f633b1
This can give people hints in debugging when they are using webhook builder, but the type doesn't implement the interfaces.
It probably looks like:
func (blder *WebhookBuilder) registerValidatingWebhook() {
if validator, isValidator := blder.apiType.(admission.Validator); isValidator {
log.Info("registering validating webhook, since Validator interface is implemented", "GVK", gvk)
...
} else {
log.Info("webhook.Validator interface is not implemented", "GVK", gvk)
}
}
Same for registerMutatingWebhook
- Currently validator interface supports create and update - Add support for delete as well, which could be a breaking change - Users need to implement ValidateDelete since interface is updated
|
@mengqiy thanks for the feedback. Updated PR. |
| if req.Operation == v1beta1.Delete { | ||
| // In reference to PR: https://github.com/kubernetes/kubernetes/pull/76346 | ||
| // OldObject contains the object being deleted | ||
| err := h.decoder.DecodeRaw(req.OldObject, obj) |
There was a problem hiding this comment.
req.OldObject is an empty object when kube-apiserver is v1.14 or earlier.
obj will be a object with zero values everywhere.
DecodeRaw really should return an error when there is an empty object.
I created #529. We should merge that first.
k8s-ci-robot
added
the
lgtm
mengqiy
added
the
approved
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: awesomenix, mengqiy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
