-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MarkUnsafe is not applied to the full CR or full CR spec extra vars #41
Comments
@plnordquist: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Bug Report
What did you do?
When the custom resource content includes a go/ansible template block, Ansible chokes on the content of the custom resource when using either the full CR extra var
_cr_name
or the full CR spec extra var_cr_name_spec
as defined by the Ansible Operator since Ansible treats the content as safe.The issue here operator-framework/operator-sdk#5160 was marked as closed when the accompanying PR was merged operator-framework/operator-sdk#6376. That PR does not exist in this repository as the content was lifted from the main operator-sdk repo just days prior to the PR merge. The PR was then merged here operator-framework/operator-sdk@b8a271a6 and then the content from the main repository was deleted here operator-framework/operator-sdk@d21ed64.
What did you expect to see?
A template block in the CR content should not break the operator.
What did you see instead? Under which circumstances?
The following error occurs when attempting to access the
_cr_name_spec
var with an alertmanager template string in the cr spec:The operator then places this content into the failure condition on the CR with the bad template string. Our operator also references the full CR
_cr_name
var to access parts of the status of the CR so that also fails even when the template string is removed from the spec content with a different but similar error:Environment
Operator type:
/language ansible
Kubernetes cluster type:
vanilla
$ operator-sdk version
operator-sdk version: "v1.32.0", commit: "4dcbbe343b29d325fd8a14cc60366335298b40a3", kubernetes version: "1.26.0", go version: "go1.19.13", GOOS: "linux", GOARCH: "amd64"
$ kubectl version
Possible Solution
Merge this PR operator-framework/operator-sdk#6376 into this repo. That should fix the full CR spec
_cr_name_spec
extra var unsafe although I haven't tested it. Any of these unsafe string fixes require the markUnsafe var to be set in the watches yaml content for each CR. I'm not actually sure about how to fix the full CR_cr_name
extra var since it is being attached as the raw content here https://github.com/operator-framework/ansible-operator-plugins/blob/cbc2d46705c5beee42021429630c2e184c1283b6/internal/ansible/runner/runner.go#L365C28-L365C28.Additional context
The workarounds for this seem to be to use the snake case vars that the operator defines since those can be marked unsafe. It also seems like the
kubernetes.core.k8s_info
task is able to read the content in safely and does not have these issues.The text was updated successfully, but these errors were encountered: