fix: exemption race conditions #407
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cmwylie19
reviewed
May 15, 2024
TristanHoladay
commented
May 15, 2024
cmwylie19
previously approved these changes
May 15, 2024
Co-authored-by: Case Wylie <cmwylie19@gmail.com>
mjnagel
reviewed
May 15, 2024
There was a problem hiding this comment.
One other broad question/thing to validate - would want to make sure that this no longer being queue based doesn't lead to any weird behaviors with rapid create/edit/delete events (today those get processed in order on a queue with Reconcile, unsure exactly how that would behave with KFC watch here).
|
I was thinking the same @mjnagel . so far i haven't seen any issues, but i'll see about creating a test for it. |
TristanHoladay
changed the title
mjnagel
reviewed
May 17, 2024
mjnagel
reviewed
May 17, 2024
mjnagel
reviewed
May 17, 2024
mjnagel
reviewed
May 17, 2024
rjferguson21
previously approved these changes
Jun 5, 2024
rjferguson21
approved these changes
Jun 5, 2024
MxNxPx
approved these changes
Jun 5, 2024
cmwylie19
approved these changes
Jun 5, 2024
mjnagel
pushed a commit
that referenced
this pull request
Jun 6, 2024
🤖 I have created a release *beep* *boop* --- ## [0.22.1](v0.22.0...v0.22.1) (2024-06-06) ### Bug Fixes * add saml configuration to k3d standard bundle ([#425](#425)) ([15b41d7](15b41d7)) * de-duplicate renovate matches ([#435](#435)) ([4f9dbbb](4f9dbbb)) * default keycloak realm envs ([#455](#455)) ([3a2b48f](3a2b48f)) * exemption race conditions ([#407](#407)) ([d1b3b56](d1b3b56)) * integrated docs ([#431](#431)) ([72238fa](72238fa)) * keycloak schema for package cr ([#436](#436)) ([e32ce9a](e32ce9a)) * networkpolicy for keycloak smtp egress ([4059954](4059954)) * nightly testing eks config architecture ([#452](#452)) ([a0bbd1f](a0bbd1f)) * remove deprecated registry login and add env setup ([#443](#443)) ([ca6b76f](ca6b76f)) * remove go mod ([#441](#441)) ([0de9693](0de9693)) * remove no-tea and update uds version ([#446](#446)) ([434844b](434844b)) * use updated k3s ([#426](#426)) ([1da1c49](1da1c49)) ### Miscellaneous * add checks before killing pods when updating istio annotations ([#457](#457)) ([a62f9a0](a62f9a0)) * add debug logs to save logs for easier searching ([#430](#430)) ([319101b](319101b)) * add velero csi plugin ([#424](#424)) ([c7e49e9](c7e49e9)) * **deps:** update githubactions ([#413](#413)) ([ebd834e](ebd834e)) * **deps:** update istio to v1.22.1 ([#405](#405)) ([ad4b861](ad4b861)) * **deps:** update jest to v29.1.4 ([#438](#438)) ([c3ecc8b](c3ecc8b)) * **deps:** update keycloak to v0.4.4 ([#460](#460)) ([936f40b](936f40b)) * **deps:** update keycloak to v0.4.5 ([#461](#461)) ([3592012](3592012)) * **deps:** update keycloak to v24.0.5 ([#453](#453)) ([6b0c6fc](6b0c6fc)) * **deps:** update keycloak to v24.0.5 ([#454](#454)) ([89911f0](89911f0)) * **deps:** update pepr ([#419](#419)) ([d8f0309](d8f0309)) * **deps:** update pepr to v0.4.5 ([#447](#447)) ([f1dba17](f1dba17)) * **deps:** update prometheus-stack ([#422](#422)) ([a96193e](a96193e)) * **deps:** update uds-common to v0.4.4 ([#442](#442)) ([bf6debd](bf6debd)) * **deps:** update uds-k3d to v0.7.0 ([#428](#428)) ([23b59a2](23b59a2)) * **deps:** update velero ([#408](#408)) ([ffbefda](ffbefda)) * **deps:** update velero ([#440](#440)) ([4b1a3ea](4b1a3ea)) * **deps:** update velero to v6.6.0 ([#456](#456)) ([aff37c1](aff37c1)) * **deps:** update zarf to v0.34.0 ([#434](#434)) ([9badf9d](9badf9d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
5 tasks
5 tasks
rjferguson21
added a commit
that referenced
this pull request
Jul 11, 2024
## Description Fixes race conditions with exemptions that result in overwrites of previous exemptions in the Pepr store or mutating then allowing pods that were meant to be exempted from mutation. ## Issue Fixes #409 Fixes #314 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Case Wylie <cmwylie19@gmail.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com> Co-authored-by: Rob Ferguson <rjferguson21@gmail.com>
rjferguson21
pushed a commit
that referenced
this pull request
Jul 11, 2024
🤖 I have created a release *beep* *boop* --- ## [0.22.1](v0.22.0...v0.22.1) (2024-06-06) ### Bug Fixes * add saml configuration to k3d standard bundle ([#425](#425)) ([15b41d7](15b41d7)) * de-duplicate renovate matches ([#435](#435)) ([4f9dbbb](4f9dbbb)) * default keycloak realm envs ([#455](#455)) ([3a2b48f](3a2b48f)) * exemption race conditions ([#407](#407)) ([d1b3b56](d1b3b56)) * integrated docs ([#431](#431)) ([72238fa](72238fa)) * keycloak schema for package cr ([#436](#436)) ([e32ce9a](e32ce9a)) * networkpolicy for keycloak smtp egress ([4059954](4059954)) * nightly testing eks config architecture ([#452](#452)) ([a0bbd1f](a0bbd1f)) * remove deprecated registry login and add env setup ([#443](#443)) ([ca6b76f](ca6b76f)) * remove go mod ([#441](#441)) ([0de9693](0de9693)) * remove no-tea and update uds version ([#446](#446)) ([434844b](434844b)) * use updated k3s ([#426](#426)) ([1da1c49](1da1c49)) ### Miscellaneous * add checks before killing pods when updating istio annotations ([#457](#457)) ([a62f9a0](a62f9a0)) * add debug logs to save logs for easier searching ([#430](#430)) ([319101b](319101b)) * add velero csi plugin ([#424](#424)) ([c7e49e9](c7e49e9)) * **deps:** update githubactions ([#413](#413)) ([ebd834e](ebd834e)) * **deps:** update istio to v1.22.1 ([#405](#405)) ([ad4b861](ad4b861)) * **deps:** update jest to v29.1.4 ([#438](#438)) ([c3ecc8b](c3ecc8b)) * **deps:** update keycloak to v0.4.4 ([#460](#460)) ([936f40b](936f40b)) * **deps:** update keycloak to v0.4.5 ([#461](#461)) ([3592012](3592012)) * **deps:** update keycloak to v24.0.5 ([#453](#453)) ([6b0c6fc](6b0c6fc)) * **deps:** update keycloak to v24.0.5 ([#454](#454)) ([89911f0](89911f0)) * **deps:** update pepr ([#419](#419)) ([d8f0309](d8f0309)) * **deps:** update pepr to v0.4.5 ([#447](#447)) ([f1dba17](f1dba17)) * **deps:** update prometheus-stack ([#422](#422)) ([a96193e](a96193e)) * **deps:** update uds-common to v0.4.4 ([#442](#442)) ([bf6debd](bf6debd)) * **deps:** update uds-k3d to v0.7.0 ([#428](#428)) ([23b59a2](23b59a2)) * **deps:** update velero ([#408](#408)) ([ffbefda](ffbefda)) * **deps:** update velero ([#440](#440)) ([4b1a3ea](4b1a3ea)) * **deps:** update velero to v6.6.0 ([#456](#456)) ([aff37c1](aff37c1)) * **deps:** update zarf to v0.34.0 ([#434](#434)) ([9badf9d](9badf9d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fixes race conditions with exemptions that result in overwrites of previous exemptions in the Pepr store or mutating then allowing pods that were meant to be exempted from mutation.
Issue
Fixes #409
Fixes #314
Type of change
Checklist before merging