fix: reject monitors with invalid relabel configs #5841
Conversation
simonpasquier
force-pushed
the
fix-missed-relabel-configs-for-probes
branch
2 times, most recently
from
2cdd7a1
to
1836f57
Compare
simonpasquier
changed the title
| minimumVersionCaseActions := version.GTE(semver.MustParse("2.36.0")) | ||
| minimumVersionEqualActions := version.GTE(semver.MustParse("2.41.0")) | ||
| if rc.Action == "" { | ||
| rc.Action = string(relabel.Replace) |
There was a problem hiding this comment.
shouldn't this be already taken care since we set default as replace?
prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go
Lines 1340 to 1341 in 78a2875
There was a problem hiding this comment.
This is for tests + environments that don't have a recent version of the CRD (e.g. one without the default value).
There was a problem hiding this comment.
I'm struggling a little bit to understand what/where is the bug that you're fixing here 😬
Do I understand it correctly that we're allowing actions with a mixture of Lower/Upper case and then we fail to compare with relabel.<action name>?
If that's the case, what do you think about passing this validation to kubebuilder annotations?
One issue is here: prometheus-operator/pkg/prometheus/resource_selector.go Lines 535 to 548 in 34bb905 If an invalid relabel config is detected, it will be logged but it won't continue from the outer for loop so the probe will be added to the map. Another issue here: prometheus-operator/pkg/prometheus/resource_selector.go Lines 155 to 172 in 34bb905 If L157 returns an error, TL;DR: write unit tests to assert that the code is doing what it should ;)
No upper/lower case actions are fine (in fact the Prometheus config supports everything but will always compare to the lower-case version). |
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
simonpasquier
force-pushed
the
fix-missed-relabel-configs-for-probes
branch
from
1836f57
to
20fa8ef
Compare
| @@ -152,20 +152,14 @@ func (rs *ResourceSelector) SelectServiceMonitors(ctx context.Context, listFn Li | |||
| break | |||
| } | |||
|
|
|||
| for _, rl := range endpoint.RelabelConfigs { | |||
| if rl.Action != "" { | |||
There was a problem hiding this comment.
I'm not sure why we had this test in the first place. I've modified validateRelabelConfig() to default to the replace action if the field is empty.
Ooooh now I get it, we're breaking the inner loop when we wanted to break the outer loop. Thanks for the explanation! |
Swaps to using the code from prometheus-operator#5841
This is a follow-up of prometheus-operator#5841. For the same reason that we didn't continue from the outer loop, invalid ScrapeConfig objects were not rejected. Signed-off-by: Simon Pasquier <spasquie@redhat.com>
This is a follow-up of prometheus-operator#5841. For the same reason that we didn't continue from the outer loop, invalid ScrapeConfig objects were not rejected. Signed-off-by: Simon Pasquier <spasquie@redhat.com>
Description
I noticed that probes, service monitors, pod monitors and scrape configs with invalid relabel configs were not rejected by the operator. This PR fixes it.
Type of change
What type of changes does your code introduce to the Prometheus operator? Put an
xin the box that apply.CHANGE(fix or feature that would cause existing functionality to not work as expected)FEATURE(non-breaking change which adds functionality)BUGFIX(non-breaking change which fixes an issue)ENHANCEMENT(non-breaking change which improves existing functionality)NONE(if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)Changelog entry
Please put a one-line changelog entry below. This will be copied to the changelog file during the release process.