Tightening GRPCRoute validation, fixing gaps in HTTPRoute and Gateway webhook validation #1599
Conversation
k8s-ci-robot
added
the
kind/cleanup
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
the
size/XL
robscott
force-pushed
the
grpc-validation
branch
from
a341f9c
to
2b71c68
Compare
robscott
force-pushed
the
grpc-validation
branch
from
2b71c68
to
cd3a100
Compare
|
Adding a hold since I want to wait for a couple reviews on this one. /hold |
k8s-ci-robot
added
the
do-not-merge/hold
robscott
force-pushed
the
grpc-validation
branch
from
ffaf774
to
34f00f8
Compare
robscott
changed the title
k8s-ci-robot
added
the
lgtm
| @@ -54,8 +69,129 @@ func validateRuleMatches(matches []gatewayv1a2.GRPCRouteMatch, path *field.Path) | |||
| var errs field.ErrorList | |||
| for i, m := range matches { | |||
| if m.Method != nil && m.Method.Service == nil && m.Method.Method == nil { | |||
| errs = append(errs, field.Required(path.Index(i).Child("methods"), "one or both of `service` or `method` must be specified")) | |||
| return errs | |||
| errs = append(errs, field.Required(path.Index(i).Child("method"), "one or both of `service` or `method` must be specified")) | |||
There was a problem hiding this comment.
There are two different methods to handle return errs in webhook validation now.
- If the condition matches, return errors immediately to avoid returning too many errors :
gateway-api/apis/v1beta1/validation/common.go
Lines 52 to 54 in df03bd5
- Return errors at the end of the function like your code.
I think we should unify the ways to return errors to users, returning all errors or returning the first error. What do you think?
There was a problem hiding this comment.
If needed we can file a follow up for this since it doesn't feel directly tied to this PR. In general I think we should return as many errors as we reasonably can so users don't have take multiple iterations to fix a set of problems. I think that largely matches what we're already doing, but your specific example may be an example where it makes sense to return both errors.
| errs = append(errs, field.Invalid(path, http.CanonicalHeaderKey(name), "cannot match the same header multiple times in the same rule")) | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Please remove the blank line.
There was a problem hiding this comment.
I think this may just be a preference thing but I actually prefer a bit more whitespace like this. In this case, this func is copied almost verbatim from HTTPRoute and maintains the same spacing as the original function:
gateway-api/apis/v1beta1/validation/httproute.go
Lines 180 to 196 in df03bd5
If you feel strongly about where we should have new lines in our functions it may be worth a follow up issue to discuss more.
k8s-ci-robot
removed
the
lgtm
|
Still need one more LGTM, but removing hold since I think we have consensus on the changes here. /hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gnossen, robscott, shaneutt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
I had a question about the validation here |
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
This PR started with a single goal - address feedback from #1538 by filling in missing GRPCRoute webhook validation. As I started that process, I realized that we'd introduced some significant gaps between v1a2 and v1b1 validation among the resources that had graduated. This also updates that logic to share code where possible and provide a consistent experience.
Does this PR introduce a user-facing change?: