-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to custom handle redirects #5678
base: master
Are you sure you want to change the base?
Add ability to custom handle redirects #5678
Conversation
Welcome @abogdanov37! |
Hi @abogdanov37. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: abogdanov37 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@koba1t @varshaprasad96 Please, check the task may be it has more simple solution than thit PR! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @abogdanov37
Thanks for your contribution!
I think looks good to me for your codebase.
I add a few comments. Please check that.
So, I think we need to add some tests that check to fix the problem.
Please add some test scenarios to check this problem!
Ok. Next week I'll add tests and work on comments! |
This PR has multiple commits, and the default merge method is: merge. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
52c81db
to
1967df5
Compare
…art working on unit tests.
1967df5
to
f8e3e74
Compare
Hi @koba1t! I have been add test for fileloader. Skip localizer and kusttarget because have no idea how to test override loader there. If you have any idea please share it I'll try to implement |
}, | ||
} | ||
for _, x := range testCaseRedirect { | ||
expectedLocation := "https://redirect.com/resource.yaml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like redirect.com
is owned by a company.
I understand this fakeHttpClient won't access the global internet, but I prefer to use a reserved example domain instead of something that someone else owns.
Domain Name: REDIRECT.COM
Registry Domain ID: 32687398_DOMAIN_COM-VRSN
Registrar WHOIS Server: Whois.bigrock.com
Registrar URL: http://www.bigrock.com
Updated Date: 2023-06-20T20:24:31Z
Creation Date: 2000-08-10T10:33:16Z
Registry Expiry Date: 2024-08-10T10:33:15Z
Registrar: BigRock Solutions Ltd
Registrar IANA ID: 1495
Registrar Abuse Contact Email: abuse@bigrock.com
Registrar Abuse Contact Phone: +1.832-295-1535
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-1118.AWSDNS-11.ORG
Name Server: NS-1717.AWSDNS-22.CO.UK
Name Server: NS-320.AWSDNS-40.COM
Name Server: NS-918.AWSDNS-50.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-06-30T18:22:52Z <<<
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ок. I'll fix it!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for adding a test!
So, it looks like your test only checks that the location needs to redirect. I think it's preferable to add a check to ensure that redirect
doesn't happen.
I think that another tests check behavior if redirect is not happened. |
I plan fix all issues today. Thanks for review! |
Hi @koba1t. All highlited issues have been fixed! |
I tried to run CI on GitHub Actions |
/ok-to-test |
@@ -423,7 +423,12 @@ func (kt *KustTarget) accumulateResources( | |||
if errors.Is(errF, load.ErrHTTP) { | |||
return nil, errF | |||
} | |||
var redErr *load.RedirectionError | |||
if errors.As(errF, &redErr) { | |||
path = redErr.NewPath |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this code is using redirect Location
path directly.
I am worried that newPath
will be used by no check.
like the redirected path requires redirecting more, or the redirected path is missing contents.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I investigated in these scenarious
- new loader works only with directory and git repo because of that all checks will be done in common way in
kustomize/api/internal/loader/fileloader.go
Line 152 in cc9dd34
func (fl *FileLoader) New(path string) (ifc.Loader, error) { - If newPath will be a simple url in new loader it will be treated as directory and kustomize finish work with error in common way
- If some redirects (301 to 309 http codes) will happen in loading process
kustomize/api/internal/loader/fileloader.go
Line 314 in cc9dd34
resp, err := hc.Get(path)
Following this points I think that all possible checks have been done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, Maybe I explained it wrong.
The scenario I was concerned about that the redErr.NewPath
address returning a 300
status code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have understood! Sorry ((( I does not implement this case to avoid recursion. If you think that this case should be implemented I'll do it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @abogdanov37
I'm so sorry to delay the review.
I add comments for implements. Please check and write your comment if you think my worries are trivial matter.
var newPath string = resp.Header.Get("Location") | ||
return nil, &RedirectionError{ | ||
Msg: "Response is redirect", | ||
NewPath: newPath, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe That is better to solve redirects here than return RedirectionError
and a new path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi! It does not work in all cases. For example if I return redirect to git. In that case httpClient has no credentials for download content
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For example if I return redirect to git. In that case httpClient has no credentials for download content
Sorry, I couldn't understand about this sentence.
In my understanding, that repo uses the HTTPS
protocol to download when HTTP redirects to git.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My explanation was not clear. Sorry for that. I'll try again.
Example
We get next url in resource section https://example.com/apps/app1?version=1.1.0
When kustomize (in build proccess) go to that url, it get Redirect 300
with newPath
https://customgit.org/somegrop/project-app1.git?refs=1.1.0
. The repository is PRIVATE.
In this case if we go to that git repo using httpClient
we get page with ask for credential (((
But if we create a new loader kustomize will use console git
which already have credentials and can clone repository
Hi @koba1t. |
Hi @koba1t! Any other issues in my pr? May be I can help some how to force PR merge? |
Hi @abogdanov37 Sorry for the delayed response. |
Hi @koba1t! Thanks for explanations. I post answers. |
#5675