WIP Fix bug 1373330 Invalid formatted generic webhook can trigger new… #11077
Conversation
|
@bparees ptal |
| @@ -43,67 +43,74 @@ func (p *WebHookPlugin) Extract(buildCfg *api.BuildConfig, secret, path string, | |||
| } | |||
|
|
|||
| if buildCfg.Spec.Source.Git == nil { | |||
| glog.V(4).Infof("No git source defined for BuildConfig %s/%s, but triggering anyway", buildCfg.Namespace, buildCfg.Name) | |||
| return revision, envvars, true, err | |||
| warning := webhook.NewWarning("BuildConfig has no git source defined, ignoring and continuing with build") | |||
There was a problem hiding this comment.
i don't think we need this warning anymore. once upon a time git source was pretty much it, but now you could have pipeline builds, or builds that take input from images and builds that embed docker files. if we're going to keep it, it needs to check for all the possible sources of "source" input, basically to ensure it's not a pure binary-only buildconfig.
| } | ||
|
|
||
| contentType := req.Header.Get("Content-Type") | ||
| if len(contentType) != 0 { | ||
| contentType, _, err = mime.ParseMediaType(contentType) | ||
| if err != nil { | ||
| return nil, envvars, false, fmt.Errorf("non-parseable Content-Type %s (%s)", contentType, err) | ||
| return revision, envvars, false, fmt.Errorf("Error parsing Content-Type: %s", err) |
There was a problem hiding this comment.
i don't know the reason behind it, but we never uppercase the start of our error messages. possibly because they end up embedded in other output and look strange.
| envvars = data.Env | ||
| } | ||
| if data.Git == nil { | ||
| warning := webhook.NewWarning("No git information found in payload, ignoring and continuing with build") |
There was a problem hiding this comment.
i don't think this necessitates a warning. if we warn here, users who just want to supply env variables are going to get spurious warnings.
I think if
- we can parse the payload and
- the result is either git data or env variable data (or both)
we should not warn.
| func matchWarning(t *testing.T, err error, message string) { | ||
| if status, ok := err.(*errors.StatusError); !ok { | ||
| t.Errorf("Expected %v to be a StatusError object", err) | ||
| } else { |
There was a problem hiding this comment.
no need for the else. just return inside the if-block above.
|
@openshift/api-review any other thoughts on how we can handle returning a warning on the webhook invocation? basically we need to tell them "you gave us bad payload data, but we're running a build anyway(because that's what we've always done, so compatibility...), using the buildconfig defaults". so here we're returning a StatusError w/ a status code of 200 and a warning message which feels icky to me, but i don't have a better idea. |
jim-minter
force-pushed
the
bz1373330
branch
from
c7e392e to
a17f812
Compare
|
@bparees all changes requested above made, ptal |
| } | ||
| warning := webhook.NewWarning(fmt.Sprintf("skipping build. None of the supplied refs matched %q", buildCfg.Spec.Source.Git.Ref)) |
There was a problem hiding this comment.
why is this a warning and not an error, since it's not actually going to result in a build?
There was a problem hiding this comment.
It is maintaining previous API. This is identical behaviour as before, but I converted a glog.V(2).Infof (only accessible by admin, and tricky to find) to a returned "warning" (clearer to end user) as it felt within the scope and aims of this patch.
There was a problem hiding this comment.
The existing api returns a 200 in this scenario?
There was a problem hiding this comment.
That is my understanding.
There was a problem hiding this comment.
And I've tried it again - yes, it currently returns a 200 in this case.
There was a problem hiding this comment.
hm. that was probably the wrong choice when we implemented the api, but ok I guess we're stuck with it. Still feels awkward to call it a warning since in all the other cases a warning means "something went wrong but we're proceeding with the build" and here the warning means "something went wrong and we're not doing the build even though we gave you back a 200"
I wonder if we could get away w/ changing this to a non-200 return code even though it's technically breaking the existing api. @smarterclayton ?
There was a problem hiding this comment.
i'm going to interpret @smarterclayton's response on the main thread as a "no, you can't change it to a non-200". oh well.
| return revision, envvars, false, warning | ||
| } | ||
| if !webhook.GitRefMatches(data.Git.Ref, webhook.DefaultConfigRef, &buildCfg.Spec.Source) { | ||
| warning := webhook.NewWarning(fmt.Sprintf("skipping build. Branch reference from %q does not match configuration", data.Git.Ref)) |
|
Is this bad data we allowed to be sent in 1.0? Or bad data we started allowing someone to send us in 1.3? |
we've always allowed this data to be sent, though it looks like in the original implementation we immediately failed if the data wasn't readable and at some point we changed to proceeding w/ the build but ignoring the bad data: 6594ffd#diff-d0545fc405d0111150cfcc584145ed18 That change was in march 2015. |
|
Did we actually honor any data in here in 1.0? Or was that only later On Mon, Sep 26, 2016 at 11:26 AM, Ben Parees [email protected]
|
yes we honored it. we used the git ref. |
|
@smarterclayton @bparees the conversation left me hanging - please advise if I need to make changes to the PR in order to get it merged. |
at this point i'm fine with it as is. still need @openshift/api-review to sign off though. |
|
@openshift/api-review bump |
|
Preserve existing error behavior and document why it is that way. |
|
this PR is preserving the existing behavior, just adding a warning to the response body (while still returning a 200 status) @jim-minter you can doc the behavior here: |
|
That is correct. On Wed, Oct 19, 2016 at 10:59 PM, Ben Parees [email protected]
|
|
@openshift/api-review so is this api approved? basically the change is a warning message that comes back w/ your 200 status code in certain cases. |
|
It's possible you're going to break people because they aren't expecting a body. What are the odds of that? |
|
@smarterclayton Inevitably it is feasible, but I think it's a pretty poor show if any modern HTTP client posts a GET or a POST and doesn't know what to do with a response. It's hardly out of HTTP spec for us to do this. The warnings closely match the k8s StatusError responses so are in idiom for a client which is already reading these for error cases. In addition I think they add helpful information (you sent content with an invalid content-type; your build didn't trigger because of XYZ) which is better sent back than left lurking in a server-side log. |
|
Once we've released an API we have to act like every change could break a client. For this one the odds seem low, so I'll let it pass here. But we've broken people before with much less why it's important to be cautious. |
|
@smarterclayton can you mark it approved, then? |
|
[merge] |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/10622/) (Image: devenv-rhel7_5240) |
|
…-build without warning
|
flake #11517 |
|
[test] |
|
Evaluated for origin test up to aea22a7 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/10622/) (Base Commit: 1f62556) |
|
[merge] |
|
Evaluated for origin merge up to aea22a7 |
|
@bparees just to check with this - is the expectation a docs PR against https://docs.openshift.org/latest/dev_guide/builds.html#webhook-triggers and doc text in https://bugzilla.redhat.com/show_bug.cgi?id=1373330 ? |
|
@jim-minter yup |
…ors instead of 500 errors where possible
…ors instead of 500 errors where possible
… build without warning