Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certain resources should be ignored once they have a deletionTimestamp #14983

Open
enj opened this issue Jun 30, 2017 · 8 comments
Open

Certain resources should be ignored once they have a deletionTimestamp #14983

enj opened this issue Jun 30, 2017 · 8 comments
Labels
area/security component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2
Milestone
v3.8

Comments

@enj
Copy link
Contributor

enj commented Jun 30, 2017

The following resources should not be honored once they are awaiting deletion:

  1. oauthclientauthorization
  2. ??

xref #14978 (comment)

@openshift/security
@pweil-
Copy link
Contributor

pweil- commented Jul 4, 2017

@mfojtik I believe I saw a PR from @deads2k that started addressing this

@deads2k
Copy link
Contributor

deads2k commented Jul 5, 2017

@mfojtik I believe I saw a PR from @deads2k that started addressing this

I fixed up three resources in three spots for authentication, but not the large problem. oauthclientauthorizations are still outstanding.

I also fixed the GC finalizers being added to non-gc-able resources, but that doesn't stop someone (anyone with update powers) from adding more finalizers.

@deads2k deads2k changed the title Certain resources should be ignored once they have a finalizer Certain resources should be ignored once they have a deletionTimestamp Jul 5, 2017
@mfojtik mfojtik assigned enj and unassigned mfojtik Jul 12, 2017
@pweil- pweil- added this to the 3.7.0 milestone Aug 1, 2017
@adelton
Copy link
Contributor

adelton commented Sep 8, 2017

I fixed up three resources in three spots for authentication, but not the large problem. oauthclientauthorizations are still outstanding.

@deads2k, could you please point me to the change where you addressed it for those three resources, and where you think things should be addressed for oauthclientauthorization?

@enj
Copy link
Contributor Author

enj commented Sep 9, 2017

@adelton see #14978

oauthclientauthorization are cluster scoped which means that they are not GC'd (as far as I know). Tracking issue: #15120

Unlike the stuff that David already fixed, oauthclientauthorizations are not secrets, and while we should add special logic to ignore them if they have a deletion timestamp, the bigger issue is they should go away if their "pointers" are invalid. #15121 is related to this as well.

HasAuthorizedClient in pkg/auth/oauth/registry/grantchecker.go around line 32 is probably where the deletion check should be added.

@simo5 simo5 modified the milestones: 3.7.0, 3.8.0 Oct 9, 2017
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 22, 2018
@openshift-bot
Copy link
Contributor

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

@openshift-ci-robot openshift-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Mar 24, 2018
@openshift-bot
Copy link
Contributor

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

@enj enj added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Apr 24, 2018
@enj enj reopened this Apr 24, 2018
@enj
Copy link
Contributor Author

enj commented Oct 16, 2019

/unassign

@stlaz @sttts @mfojtik

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security component/auth lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/P2
Projects
None yet
Milestone
v3.8
Development

No branches or pull requests
8 participants
@mfojtik @openshift-bot @adelton @pweil- @enj @deads2k @simo5 @openshift-ci-robot