New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression in 4.10.3 and up related to the customize hook #842
Comments
hmm I do not belive it was supported.... |
It did work before 4.10.3. Was it a bug in all versions prior to 4.10.3? |
I managed to replicate the issue by switching from Cluster scope to Namespaced. Prior to 4.10.3 it would return the list of namespaces, whereas now it is limited to the namespace of the parent resoure's namespace. This seems like it could cause data leakage and not the intended behavior of a Namespaced scope resource. We could possibly only allow an exception for namespaces to be read and no other resources in the customize hook outside of the namespaced parent. |
The documentation also clearly states that Related resources for a Namespaced controller would only be for the same namespace as the parent. We could we possibly add a feature flag that would allow for this? I did see some issues that were related to this. See: https://metacontroller.github.io/metacontroller/guide/best-practices.html |
This is already a feature request for that. The fact it was working like that was because the code and flow is bit complicated and changes are scattered along the code, which makes subtle behavior being harder to implement or test properly. I am working on implementing handling of |
Hi,
Metacontroller version 4.10.3 has a regression compared to 4.10.2 when it comes to how the customize hook works.
One of our controllers is a decorator controller that acts on Deployment. In order to generate the child resource, it requires data (labels) from the namepace the Deployment is in. Our code contains this simple code:
When we run this against 4.10.2, the namespace data is returned correctly. When we run the same code against 4.10.3 or up, no namespace data is returned. No changes were done to our python code.
Tested it also with a composite controller that does a similar lookup, same behavior.
I've tried to reproduce it with the SecretPropagation example, but that seems to not be affected. Perhaps it is related to the parent resource being a cluster scoped resource instead of a namespace scoped one?
4.10.3 was released with some changes to support the v2 API for the customize hook, so it's probably related to that.
The text was updated successfully, but these errors were encountered: