Skip to content

Make sure the ingress namespace is same with service#6873

Merged
knative-prow-robot merged 1 commit intoknative:masterfrom
MIBc:ingress
Feb 19, 2020
Merged

Make sure the ingress namespace is same with service#6873
knative-prow-robot merged 1 commit intoknative:masterfrom
MIBc:ingress

Conversation

@MIBc
Copy link
Copy Markdown
Contributor

@MIBc MIBc commented Feb 17, 2020

Fixes #6868

Proposed Changes

  • Validate whether the ingress namespace is same with service.

@googlebot googlebot added the cla: yes Indicates the PR's author has signed the CLA. label Feb 17, 2020
@knative-prow-robot knative-prow-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 17, 2020
@knative-prow-robot
Copy link
Copy Markdown
Contributor

knative-prow-robot commented Feb 17, 2020

Hi @MIBc. Thanks for your PR.

I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@knative-prow-robot knative-prow-robot added area/API API objects and controllers area/networking labels Feb 17, 2020
markusthoemmes
markusthoemmes reviewed Feb 17, 2020
View reviewed changes
Comment thread pkg/apis/networking/v1alpha1/ingress_validation.go Outdated
all = all.Also(apis.ErrMissingField("serviceNamespace"))
}
// Service namespace should be same with ingress.
if b.ServiceNamespace != "" && b.ServiceNamespace != ctx.Value("ingressNamespace") {
Copy link
Copy Markdown
Contributor

@markusthoemmes markusthoemmes Feb 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

else if to the above condition?

Comment thread pkg/apis/networking/v1alpha1/ingress_validation.go Outdated
// Validate inspects and validates Ingress object.
func (i *Ingress) Validate(ctx context.Context) *apis.FieldError {
return i.Spec.Validate(apis.WithinSpec(ctx)).ViaField("spec")
newContext := context.WithValue(ctx, "ingressNamespace", i.Namespace)
Copy link
Copy Markdown
Contributor

@markusthoemmes markusthoemmes Feb 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use apis.WithinParent(apis.WithinSpec(ctx)) instead and fetch the meta below via ParentMeta?

Copy link
Copy Markdown
Contributor Author

@MIBc MIBc Feb 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WithinParent is cool.

markusthoemmes
markusthoemmes reviewed Feb 18, 2020
View reviewed changes
Comment thread pkg/apis/networking/v1alpha1/ingress_validation.go Outdated
all = all.Also(apis.ErrMissingField("serviceNamespace"))
} else if b.ServiceNamespace != apis.ParentMeta(ctx).Namespace {
all = all.Also(&apis.FieldError{
Message: "Ingress namespace is different with service",
Copy link
Copy Markdown
Contributor

@markusthoemmes markusthoemmes Feb 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Message: "Ingress namespace is different with service",
Message: "service namespace must match ingress namespace",

(lowercase seems to be usual for these messages)

Copy link
Copy Markdown
Contributor Author

@MIBc MIBc Feb 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

markusthoemmes
markusthoemmes approved these changes Feb 18, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@markusthoemmes markusthoemmes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I'd like for some API folks to look at this too.

/assign @mattmoor @dgerd

@knative-prow-robot knative-prow-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 18, 2020
@mattmoor
Copy link
Copy Markdown
Member

mattmoor commented Feb 18, 2020

LGTM after @markusthoemmes comment

@MIBc
Make sure the ingress namespace is same with service
34eb895 
* Validate whether the ingress namespace is same with service.
mattmoor
mattmoor reviewed Feb 19, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@knative-prow-robot knative-prow-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 19, 2020
@knative-prow-robot
Copy link
Copy Markdown
Contributor

knative-prow-robot commented Feb 19, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: markusthoemmes, mattmoor, MIBc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot merged commit 87cbd0e into knative:master Feb 19, 2020
@MIBc MIBc deleted the ingress branch February 19, 2020 03:19
@MIBc MIBc mentioned this pull request Aug 28, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nak3 nak3 Awaiting requested review from nak3

2 more reviewers

@mattmoor mattmoor mattmoor left review comments

@markusthoemmes markusthoemmes markusthoemmes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mattmoor mattmoor

@dgerd dgerd

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/API API objects and controllers area/networking cla: yes Indicates the PR's author has signed the CLA. lgtm Indicates that a PR is ready to be merged. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

KIngress should disallow ServiceNamespace that differs from its own

6 participants

@MIBc @knative-prow-robot @mattmoor @markusthoemmes @googlebot @dgerd