HNC: Handle object propagation conflict #1076

yiqigao217 · 2020-09-02T18:14:29Z

This issue is raised on Slack. See http://bit.ly/hnc-propagation-conflict for detailed design.

Consider an example tree structure with one source object demo role in namespace tenant1:

org1
├── tenant1 (with a demo role)
│   └── space1 (with a propagated demo role from tenant1) 
└── tenant2
   └── space2

Now let’s create a demo role in org1 namespace: currently, HNC propagates demo from org1 to space1, tenant2 and space2, but it skips propagation to namespace tenant1 since a conflicting source object already exists.

For now, we will fix this issue by adding new webhook rules to prevent it (creating conflicting source). If the webhook is bypassed, HNC will overwrite any conflicts in the descendants, e.g. overwriting demo in tenant1 with the one in org1.

The text was updated successfully, but these errors were encountered:

adrianludwin · 2020-10-16T18:42:27Z

@yiqigao217 I think this is finished now, correct?

yiqigao217 · 2020-10-19T16:28:44Z

@yiqigao217 I think this is finished now, correct?

I would say yes, since #1120 is a rare corner case that we thought it was not a rush and could be done later, so we may close this for now.

adrianludwin · 2020-10-19T16:35:55Z

/close

…

On Mon, Oct 19, 2020 at 12:29 PM Yiqi Gao ***@***.***> wrote: @yiqigao217 <https://github.com/yiqigao217> I think this is finished now, correct? I would say yes, since #1120 <#1120> is a rare corner case that we thought it was not a rush and could be done later, so we may close this for now. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1076 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AE43PZAHPA2P5YE46YXPD4DSLRSM5ANCNFSM4QTPCCTQ> .

k8s-ci-robot · 2020-10-19T16:36:04Z

@adrianludwin: Closing this issue.

In response to this:

/close

On Mon, Oct 19, 2020 at 12:29 PM Yiqi Gao notifications@github.com wrote:

@yiqigao217 https://github.com/yiqigao217 I think this is finished now,
correct?

I would say yes, since #1120
#1120 is a rare
corner case that we thought it was not a rush and could be done later, so
we may close this for now.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#1076 (comment),
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AE43PZAHPA2P5YE46YXPD4DSLRSM5ANCNFSM4QTPCCTQ
.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

This was referenced Sep 2, 2020

Update object reconciler to overwrite conflicting source #1077

Merged

HNC: Update object validator to avoid overwriting source #1079

Closed

Update object webhook to deny creating conflict object #1085

Merged

yiqigao217 mentioned this issue Sep 10, 2020

Update hc validator to check object conflicts #1092

Merged

adrianludwin added this to the hnc-v0.6 milestone Sep 10, 2020

This was referenced Sep 23, 2020

HNC: Update kubectl hns config set-type to allow force updating #1133

Closed

Update docs for v0.5.3 #1159

Merged

k8s-ci-robot closed this as completed Oct 19, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HNC: Handle object propagation conflict #1076

HNC: Handle object propagation conflict #1076

yiqigao217 commented Sep 2, 2020

adrianludwin commented Oct 16, 2020

yiqigao217 commented Oct 19, 2020

adrianludwin commented Oct 19, 2020 via email

k8s-ci-robot commented Oct 19, 2020

HNC: Handle object propagation conflict #1076

HNC: Handle object propagation conflict #1076

Comments

yiqigao217 commented Sep 2, 2020

adrianludwin commented Oct 16, 2020

yiqigao217 commented Oct 19, 2020

adrianludwin commented Oct 19, 2020 via email

k8s-ci-robot commented Oct 19, 2020