Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bug where some ConfigMap and Secret references could be missed #4330

Merged
merged 1 commit into from
Oct 14, 2024

Conversation

matthchr
Copy link
Member

@matthchr matthchr commented Oct 10, 2024

The ASO controller uses reflection to look through the resource and find the ConfigMapReference and SecretReference fields. This reflection could miss SecretReference and ConfigMapReference fields that had been serialized into the "PropertyBag" property on the storage type. This was most common when working with preview APIs that had added new ConfigMapReference or SecretReference fields that don't exist in the GA api version.

The fix is to use the converted version for reflection-based discovery.

Fixes #4298.
Fixes #4316.

If applicable:

  • this PR contains documentation
  • this PR contains tests
  • this PR contains YAML Samples

Comment on lines +25 to +27
if reflect.PointerTo(rt).Implements(interfaceType) {
return gvk, nil
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use the existing NewEmptyVersionedResourceFromGVK() and then test using if _, ok := empty.(conversion.Hub); ok, avoiding the cryptic reflection code?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two reasons:

  1. scheme.AllKnownTypes returns a map[schema.GroupVersionKind]reflect.Type, so it seemed to make some sense to stay in the "reflect world" when scanning it if I don't actually need an instance.
  2. Since this is called in the (somewhat) hot path of the core reconcile loop logic, and can be hit at least a couple times through each loop (because there may be multiple versions of a resource for a given group + version) I was a bit concerned about performance/extra allocations. It probably wouldn't matter but avoiding constructing 8-10 objects that are immediately thrown away when instead we can do a check via reflection that avoids those allocations.

I almost just computed a map of this upfront once and then we could look it up whenever we wanted but that seemed overkill so instead settled on using a less-allocations approach using this reflection method that kept things "simple" (no extra variables to storage cached data that needed to be passed around) while still avoiding excess allocations.

The ASO controller uses reflection to look through the resource and find
the ConfigMapReference and SecretReference fields. This reflection
could miss SecretReference and ConfigMapReference fields that had been
serialized into the "PropertyBag" property on the storage type. This was
most common when working with preview APIs that had added new
ConfigMapReference or SecretReference fields that don't exist in the GA
api version.

The fix is to use the converted version for reflection-based discovery.

Fixes Azure#4298.
Fixes Azure#4316.
@matthchr matthchr force-pushed the feature/fix-pre-send-discovery branch from f209def to 654df66 Compare October 14, 2024 20:52
@matthchr
Copy link
Member Author

/ok-to-test sha=654df66

@matthchr matthchr added this pull request to the merge queue Oct 14, 2024
Merged via the queue into Azure:main with commit 496f971 Oct 14, 2024
7 checks passed
@matthchr matthchr deleted the feature/fix-pre-send-discovery branch October 14, 2024 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
3 participants