Skip to content

KEP-5073: Declarative Validation: Explain subresources #5244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
May 6, 2025
Merged

KEP-5073: Declarative Validation: Explain subresources #5244

merged 7 commits into from
May 6, 2025

Conversation

jpbetz
Copy link
Contributor

@jpbetz jpbetz commented Apr 15, 2025

This addresses how we intend to handle subresources with Declarative Validation.

A separate PR will update the ratcheting section to address the need to skip unchanged fields when validating.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory labels Apr 15, 2025
@k8s-ci-robot k8s-ci-robot requested a review from apelisse April 15, 2025 01:38
@k8s-ci-robot k8s-ci-robot added the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Apr 15, 2025
@k8s-ci-robot k8s-ci-robot requested a review from fedebongio April 15, 2025 01:38
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jpbetz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 15, 2025
@jpbetz
Copy link
Contributor Author

jpbetz commented Apr 15, 2025

/assign @deads2k @thockin

cc @aaron-prindle @yongruilin

@jpbetz jpbetz force-pushed the dv-subresources branch 2 times, most recently from 89be28f to b2348a4 Compare April 15, 2025 01:49
deads2k
deads2k requested changes Apr 23, 2025
View reviewed changes
Copy link
Contributor

@deads2k deads2k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get some more detail on conditional validation will be structured and if/how validation conditional on the content of request is separated from conditional validation based on the REST endpoint accessed?

keps/sig-api-machinery/5073-declarative-validation-with-validation-gen/README.md
Comment on lines +1018 to +1021
TODO: Document and explain how:

- Add general purpose ratcheting to automatically skip validation of unchanged fields
- Catalog and handle complex cases where strict equality checks are not sufficient (lots of non-trivial cases exist today)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is important to describe. Particular the limits on conditional validation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we hope to have the plan for this out for review this week. I'm fine holding the merge of this PR until that plan has been reviewed and we're all comfortable with how the features interact.

@jpbetz jpbetz mentioned this pull request Apr 30, 2025
Merged
thockin
thockin reviewed Apr 30, 2025
View reviewed changes
keps/sig-api-machinery/5073-declarative-validation-with-validation-gen/README.md Outdated

**Support required:**

* Conditional validation, provided by dedicated `+k8s:subresource` and `+k8s:exceptSubresource` tags and a `subresources` parameter within validation rule expressions (e.g. `+k8s:if('subresource != "/resize"')=+k8s:immutable`).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor point, but we should land on a convention for names. We have ifOption and ifNotOption in dev branch. Cross-field is looking at if, so ifNot makes sense, but we need to think about how to handle "else" without re-evaluating the expression.

So should this be ifSubresource and ifNotSubresource ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm OK with "if" and "ifNot". @deads2k?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm OK with "if" and "ifNot". @deads2k?

I like the update

@jpbetz jpbetz force-pushed the dv-subresources branch from 053d0ac to 883ec35 Compare May 1, 2025 00:44
deads2k
deads2k reviewed May 2, 2025
View reviewed changes
keps/sig-api-machinery/5073-declarative-validation-with-validation-gen/README.md

**Validation Process:**

1. **Subresource Validation:** The incoming subresource object itself (e.g., the `autoscaling/v1.Scale` object) is validated using *its own* declarative rules.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To have declarative validation used for the subresource object validation, all the endpoints must agree on the validation. I think this is a good thing and I think we obey this today, but it is notable.

@deads2k
Copy link
Contributor

deads2k commented May 2, 2025

/lgtm
/hold
/label tide/merge-method-squash

holding both in case @thockin needs a second look and because I'd like the ratcheting update merged before adding a design that says we're going to rely upon it. Assuming ratcheting looks good, I like this.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 2, 2025
@k8s-ci-robot k8s-ci-robot added tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels May 2, 2025
@jpbetz
Copy link
Contributor Author

jpbetz commented May 6, 2025

@thockin any concerns with this before it merges?

@thockin thockin removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 6, 2025
@k8s-ci-robot k8s-ci-robot merged commit 8e02558 into kubernetes:master May 6, 2025
4 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.34 milestone May 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thockin thockin thockin left review comments

@deads2k deads2k deads2k requested changes

@yongruilin yongruilin yongruilin left review comments

@apelisse apelisse Awaiting requested review from apelisse

@fedebongio fedebongio Awaiting requested review from fedebongio

Assignees

@thockin thockin

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
v1.34
Development

Successfully merging this pull request may close these issues.
5 participants
@jpbetz @k8s-ci-robot @deads2k @thockin @yongruilin