Add builds/status and buildconfigs/status subresource #10061
Conversation
|
[test] |
|
@bparees ptal |
|
@openshift/api-review |
| func ValidateBuildStatusUpdate(build *buildapi.Build, older *buildapi.Build) field.ErrorList { | ||
| allErrs := field.ErrorList{} | ||
| // Ensure that the cancelled flag is not changed in a status update | ||
| if older.Status.Cancelled != build.Status.Cancelled { |
There was a problem hiding this comment.
why do we have a field in status that can't be changed by updating status?
There was a problem hiding this comment.
because we have made bad choices in life.
There was a problem hiding this comment.
It shouldn't have been put in status in the first place.
There was a problem hiding this comment.
Cancelled is user input. It should be reflected into status, but they are two separate fields.
- Users set spec cancelled.
- Build controller reacts with status cancelled.
Not the same field.
There was a problem hiding this comment.
Also, cancelled is one way.
csrwng
force-pushed
the
build_status_subresource
branch
from
5886133 to
0897179
Compare
|
|
||
| func validateBuildConfigTriggerStatusUpdate(trigger buildapi.BuildTriggerPolicy, older buildapi.BuildTriggerPolicy, fldPath *field.Path) field.ErrorList { | ||
| allErrs := field.ErrorList{} | ||
| if trigger.Type != older.Type { |
There was a problem hiding this comment.
Please use a deep reflection and exclude the fields you want to copy (see upstream for examples) instead of doing this. This is extremely fragile - we want a "whitelist" approach for "is this allowed to change, not blacklist.
csrwng
force-pushed
the
build_status_subresource
branch
from
0897179 to
77f9ee3
Compare
| @@ -117,12 +117,7 @@ func init() { | |||
| // BuildController.BuildUpdater (OSClientBuildClient) | |||
| { | |||
| Verbs: sets.NewString("update"), | |||
| Resources: sets.NewString("builds"), | |||
There was a problem hiding this comment.
You can't do this here. Doing this will break old controllers running against new masters, right?
There was a problem hiding this comment.
Yes it will, I didn't know that was a thing :)
What's the use case ?
csrwng
force-pushed
the
build_status_subresource
branch
from
77f9ee3 to
61f1bbd
Compare
|
@deads2k updated policy and update strategies to allow the previous type of updates (and TODOs to get rid of them when appropriate) |
|
flake #9775 |
csrwng
force-pushed
the
build_status_subresource
branch
from
61f1bbd to
0d40e06
Compare
|
Added commit to move the Cancelled flag to the Build.Spec in the internal Build type based on @bparees suggestion. |
|
[test] |
|
flake #9775 |
|
[test] |
|
@csrwng I guess this could have been clearer -- the job that failed that we were looking for was technically the super-job, not the integration sub-job. When the new feature gets rolled out again I'll send out a clearer e-mail. |
|
flake #9959 |
|
re[test] |
| @@ -63,6 +36,12 @@ func (c OSClientBuildClient) Update(namespace string, build *buildapi.Build) err | |||
| return e | |||
| } | |||
|
|
|||
| // Update updates build status using the OpenShift client. | |||
csrwng
force-pushed
the
build_status_subresource
branch
from
0d40e06 to
f5dc258
Compare
| newBC.Spec = oldBC.Spec | ||
| // Allow changes to triggers for LastImageID. If anything else in triggers is | ||
| // changed, validation of the update will fail. | ||
| newBC.Spec.Triggers = newTriggers |
There was a problem hiding this comment.
This is because we're keeping status inside the trigger spec (LastTriggeredImageID). I'm all in favor of moving it to the status field. Thoughts?
There was a problem hiding this comment.
It's not backwards compatible unfortunately to change it.
There was a problem hiding this comment.
Couldn't we do it via conversion? keep it in the same place in v1 and eventually expose it in the right place in v2?
|
this PR needs to be on @pweil- 's radar as it includes significant api changes and we still want it for 3.3 hopefully. |
csrwng
force-pushed
the
build_status_subresource
branch
from
f5dc258 to
acffaff
Compare
|
#9856 |
|
Evaluated for origin test up to acffaff |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/7421/) |
openshift-bot
added
the
needs-rebase
|
What's the status of this? |
|
@smarterclayton the problem with this pull was that we wanted to convince ourselves that making a change like this would not introduce backward compatibility problems. I have since introduced extended tests for builds that test compatibility with a previous version -> #10707. Right now it's running build integration tests on the following combinations: At this point, I'm not sure if the existing set of tests is sufficient or we need more tests. However, I do think that doing this split of spec v. status is the right thing to do. |
|
Ok, can discuss in 1.5. On Mon, Oct 24, 2016 at 9:43 AM, Cesar Wong [email protected]
|
openshift-bot
added
needs-rebase
openshift-bot
added
needs-rebase
|
Still has outstanding questions. |
openshift-bot
added
needs-rebase
openshift-bot
added
needs-rebase
openshift-bot
removed
the
needs-rebase
|
Origin Action Required: Pull request cannot be automatically merged, please rebase your branch from latest HEAD and push again |
openshift-bot
added
the
needs-rebase
|
Closing for now. Will revisit in the next API revision. |
Introduces 2 new subresources for builds and buildconfigs
For builds, any modifications to the build.Status struct should now be done through the builds/status subresource, with the exception of the build.Status.Cancelled flag. That flag can still be modified through the regular builds resource. Modifications to the build.Spec can only be done through the builds resource.
For buildConfigs, modifications to the buildconfig.Status struct are now only allowed through the buildconfigs/status subresource. Modifications to the buildconfig.Spec struct are only allowed through the buildconfigs resource with the exception of changes to the buildconfig.Spec.Triggers[x].ImageChange.LastImageID field. That field can be modified through the buildconfigs/status subresource.
The intent of these changes is to separate the use cases for regular updates vs status updates. In general, only the system (controllers, API server) should be allowed to change the status of an object. And only users should be allowed to change the Spec of the object. In the case of builds, a build should generally be immutable from a regular user's perspective. The exception to this is the cancel operation.
The build controller service account no longer needs to have create permission on the builds/source, builds/docker, builds/custom subresources because it only needs to do builds/status updates.
Fixes #6886