The autoscaling validation test only ran cross-version DV without the
gate matrix. The replicationcontroller storage test toggled the
deprecated DeclarativeValidationTakeover gate and only covered RC.
Both are subsumed by test/declarative_validation/{autoscaling,apps}/scale/.
Replace inline ValidateScale + dv.ValidateDeclaratively composition in
each ScaleREST.UpdatedObject with a call to ValidateScaleUpdate.
Replicationcontroller already invoked declarative validation inline;
deployment, replicaset, and statefulset now do so too, so HV/DV mismatch
metrics fire on apps /scale traffic in addition to RC.
Move the existing declarative_validation_test.go files out of
pkg/registry/ into a top-level tree at
test/declarative_validation/<group>/<kind>/. The new location pairs
each hand-written test with the per-Kind TestMain and version-init
files emitted by validation-gen, so the coverage gate runs alongside
the equivalence checks and apiVersions no longer needs to be
hand-maintained.
This enables implementing different behavior for AllowUnconditionalUpdate and
AllowCreateOnUpdate depending on the API version, which can be found in
ReqInfo.APIVersion. The specific need for this is to switch from
AllowUnconditionalUpdate=true (not recommended!) to false in v1 of
resource.k8s.io DeviceTaintRule.
This is done by adding the missing context parameter to the existing methods
instead of adding a new optional interface because a) the resulting
implementation is simpler and gets checked by the compiler and b) the Go API
guarantees of k8s.io/apiserver are more relaxed than in other modules because
it's less used downstream.
Example implementation:
func (*deviceTaintRuleStrategy) AllowUnconditionalUpdate(ctx context.Context) bool {
reqInfo, _ := request.RequestInfoFrom(ctx)
if reqInfo != nil && reqInfo.APIVersion == "v1" {
// Should have done that already earlier. Better late than never...
return false
}
// Historic behavior for v1beta2 and older, cannot change that anymore.
return true
}
This change graduates the 'DeclarativeValidation' feature gate to GA in v1.36.
The feature gate is now locked to 'true' by default.
Changes:
- Updated 'DeclarativeValidation' feature gate to GA in 'pkg/features/kube_features.go' and 'staging/src/k8s.io/apiserver/pkg/features/kube_features.go'.
- Updated feature gate documentation and versioned lists via 'hack/update-featuregates.sh'.
- Added feature gate emulation versioning to tests that explicitly disable 'DeclarativeValidation' to prevent panics now that the gate is locked to default.
This relies on `+k8s:subfield` and validation cohorts. The
`k8s:optional` ensures that we don't run the name validation if name is
empty, because core apimachinery will already flag it as Required().
This demonstrates some of the DV value - docs and clients are now (in
theory) able to see what RC's name format is.
Co-Authored-by: Yongrui Lin <yongrlin@outlook.com>
The boilerplate for running declarative validation was duplicated across multiple resource strategies. This included feature gate checks, metric identifier generation, error comparison, and conditional merging logic, which made the code verbose and difficult to maintain.
This commit introduces a new helper function, `rest.ValidateDeclarativelyWithMigrationChecks`, to encapsulate this common logic. All relevant strategies have been refactored to use this new function, resulting in cleaner and more concise code.
Introduces new testing helpers to simplify testing of declarative validation rules. The new `VerifyValidationEquivalence` and `VerifyUpdateValidationEquivalence` functions reduce boilerplate by encapsulating the logic for:
- Toggling the `DeclarativeValidation` and `DeclarativeValidationTakeover` feature gates.
- Comparing the validation output from the imperative and declarative paths.
The declarative validation tests for CertificateSigningRequest and ReplicationController are updated to use these new, simpler helpers.
This is needed to make declaratve validation clean. Past me thought
this was clever (pointer versioned, non-pointer internal) but it is just
confusing.
Introduce a test suite that ensures declarative test cases
are fully tested and that validation errors are compared
with handwritten validation to ensure consistency.
Co-authored-by: Tim Hockin <thockin@google.com>
Co-authored-by: Aaron Prindle <aprindle@google.com>
Co-authored-by: Yongrui Lin <yongrlin@google.com>
After declarative validation is enabled in the ReplicationController
strategy in this way, the generated declarative validation code
in pkg/apis/core/v1/zz.generated.validations.go will be run
when the strategy validates ReplicationController.
Co-authored-by: Tim Hockin <thockin@google.com>
Co-authored-by: Aaron Prindle <aprindle@google.com>
Co-authored-by: Yongrui Lin <yongrlin@google.com>
Co-authored-by: David Eads <deads@redhat.com>
The "// import <path>" comment has been superseded by Go modules.
We don't have to remove them, but doing so has some advantages:
- They are used inconsistently, which is confusing.
- We can then also remove the (currently broken) hack/update-vanity-imports.sh.
- Last but not least, it would be a first step towards avoiding the k8s.io domain.
This commit was generated with
sed -i -e 's;^package \(.*\) // import.*;package \1;' $(git grep -l '^package.*// import' | grep -v 'vendor/')
Everything was included, except for
package labels // import k8s.io/kubernetes/pkg/util/labels
because that package is marked as "read-only".
* Pod terminationGracePeriodSeconds is always valid
Validation of a pod spec will always use the pod's
TerminationGracePeriodSeconds value.
A set of pod test-helpers have been created to help construct Pods.
* remove unused func
* reduction
* reduce 2
* simplify test
* report invalid grace period
* update SupplementalGroupPolicy tests
This introduces `singularNameProvider`. This provider will be used
by core types to have their singular names are defined in discovery
endpoint. Thanks to that, core resources singular name always have
higher precedence than CRDs shortcuts or singular names.
Some of these changes are cosmetic (repeatedly calling klog.V instead of
reusing the result), others address real issues:
- Logging a message only above a certain verbosity threshold without
recording that verbosity level (if klog.V().Enabled() { klog.Info... }):
this matters when using a logging backend which records the verbosity
level.
- Passing a format string with parameters to a logging function that
doesn't do string formatting.
All of these locations where found by the enhanced logcheck tool from
https://github.com/kubernetes/klog/pull/297.
In some cases it reports false positives, but those can be suppressed with
source code comments.
