Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to custom handle redirects #5678

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

abogdanov37
Copy link

@abogdanov37 abogdanov37 commented Apr 24, 2024

Copy link

linux-foundation-easycla bot commented Apr 24, 2024

CLA Signed

The committers listed above are authorized under a signed CLA.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. label Apr 24, 2024
@k8s-ci-robot
Copy link
Contributor

Welcome @abogdanov37!

It looks like this is your first PR to kubernetes-sigs/kustomize 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/kustomize has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 24, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @abogdanov37. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Apr 24, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: abogdanov37
Once this PR has been reviewed and has the lgtm label, please assign knverey for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@abogdanov37 abogdanov37 reopened this Apr 24, 2024
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels May 2, 2024
@abogdanov37
Copy link
Author

@koba1t @varshaprasad96 Please, check the task may be it has more simple solution than thit PR!

@koba1t koba1t closed this Jun 20, 2024
@koba1t koba1t reopened this Jun 20, 2024
Copy link
Member

@koba1t koba1t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @abogdanov37
Thanks for your contribution!

I think looks good to me for your codebase.
I add a few comments. Please check that.

So, I think we need to add some tests that check to fix the problem.
Please add some test scenarios to check this problem!

.gitignore Outdated Show resolved Hide resolved
api/internal/target/kusttarget.go Outdated Show resolved Hide resolved
@abogdanov37
Copy link
Author

Hi @abogdanov37 Thanks for your contribution!

I think looks good to me for your codebase. I add a few comments. Please check that.

So, I think we need to add some tests that check to fix the problem. Please add some test scenarios to check this problem!

Ok. Next week I'll add tests and work on comments!
Thanks for feedback!

@k8s-ci-robot
Copy link
Contributor

This PR has multiple commits, and the default merge method is: merge.
You can request commits to be squashed using the label: tide/merge-method-squash

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jun 25, 2024
@abogdanov37 abogdanov37 force-pushed the add-getting-resources-with-redirect-support branch from 52c81db to 1967df5 Compare June 26, 2024 10:31
@abogdanov37 abogdanov37 force-pushed the add-getting-resources-with-redirect-support branch from 1967df5 to f8e3e74 Compare June 26, 2024 11:12
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Jun 26, 2024
@abogdanov37
Copy link
Author

Hi @abogdanov37 Thanks for your contribution!
I think looks good to me for your codebase. I add a few comments. Please check that.
So, I think we need to add some tests that check to fix the problem. Please add some test scenarios to check this problem!

Ok. Next week I'll add tests and work on comments! Thanks for feedback!

Hi @koba1t! I have been add test for fileloader. Skip localizer and kusttarget because have no idea how to test override loader there. If you have any idea please share it I'll try to implement

},
}
for _, x := range testCaseRedirect {
expectedLocation := "https://redirect.com/resource.yaml"
Copy link
Member

@koba1t koba1t Jun 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like redirect.com is owned by a company.
I understand this fakeHttpClient won't access the global internet, but I prefer to use a reserved example domain instead of something that someone else owns.


   Domain Name: REDIRECT.COM
   Registry Domain ID: 32687398_DOMAIN_COM-VRSN
   Registrar WHOIS Server: Whois.bigrock.com
   Registrar URL: http://www.bigrock.com
   Updated Date: 2023-06-20T20:24:31Z
   Creation Date: 2000-08-10T10:33:16Z
   Registry Expiry Date: 2024-08-10T10:33:15Z
   Registrar: BigRock Solutions Ltd
   Registrar IANA ID: 1495
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: +1.832-295-1535
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS-1118.AWSDNS-11.ORG
   Name Server: NS-1717.AWSDNS-22.CO.UK
   Name Server: NS-320.AWSDNS-40.COM
   Name Server: NS-918.AWSDNS-50.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-06-30T18:22:52Z <<<

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ок. I'll fix it!

Copy link
Member

@koba1t koba1t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for adding a test!

So, it looks like your test only checks that the location needs to redirect. I think it's preferable to add a check to ensure that redirect doesn't happen.

api/internal/loader/fileloader_test.go Show resolved Hide resolved
api/internal/loader/fileloader_test.go Show resolved Hide resolved
@abogdanov37
Copy link
Author

Thank you for adding a test!

So, it looks like your test only checks that the location needs to redirect. I think it's preferable to add a check to ensure that redirect doesn't happen.

I think that another tests check behavior if redirect is not happened.

@abogdanov37
Copy link
Author

I plan fix all issues today. Thanks for review!

@abogdanov37
Copy link
Author

Hi @koba1t. All highlited issues have been fixed!

@koba1t koba1t closed this Aug 6, 2024
@koba1t koba1t reopened this Aug 6, 2024
@koba1t
Copy link
Member

koba1t commented Aug 6, 2024

I tried to run CI on GitHub Actions

@koba1t
Copy link
Member

koba1t commented Aug 6, 2024

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 6, 2024
@@ -423,7 +423,12 @@ func (kt *KustTarget) accumulateResources(
if errors.Is(errF, load.ErrHTTP) {
return nil, errF
}
var redErr *load.RedirectionError
if errors.As(errF, &redErr) {
path = redErr.NewPath
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this code is using redirect Location path directly.
I am worried that newPath will be used by no check.
like the redirected path requires redirecting more, or the redirected path is missing contents.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I investigated in these scenarious

  1. new loader works only with directory and git repo because of that all checks will be done in common way in
    func (fl *FileLoader) New(path string) (ifc.Loader, error) {
  2. If newPath will be a simple url in new loader it will be treated as directory and kustomize finish work with error in common way
  3. If some redirects (301 to 309 http codes) will happen in loading process
    resp, err := hc.Get(path)
    They will be processed by http client out of the box
    Following this points I think that all possible checks have been done

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, Maybe I explained it wrong.

The scenario I was concerned about that the redErr.NewPath address returning a 300 status code.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have understood! Sorry ((( I does not implement this case to avoid recursion. If you think that this case should be implemented I'll do it.

Copy link
Member

@koba1t koba1t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @abogdanov37
I'm so sorry to delay the review.

I add comments for implements. Please check and write your comment if you think my worries are trivial matter.

Comment on lines +325 to +329
var newPath string = resp.Header.Get("Location")
return nil, &RedirectionError{
Msg: "Response is redirect",
NewPath: newPath,
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe That is better to solve redirects here than return RedirectionError and a new path.

Copy link
Author

@abogdanov37 abogdanov37 Aug 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi! It does not work in all cases. For example if I return redirect to git. In that case httpClient has no credentials for download content

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For example if I return redirect to git. In that case httpClient has no credentials for download content

Sorry, I couldn't understand about this sentence.
In my understanding, that repo uses the HTTPS protocol to download when HTTP redirects to git.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My explanation was not clear. Sorry for that. I'll try again.
Example
We get next url in resource section https://example.com/apps/app1?version=1.1.0
When kustomize (in build proccess) go to that url, it get Redirect 300 with newPath https://customgit.org/somegrop/project-app1.git?refs=1.1.0. The repository is PRIVATE.
In this case if we go to that git repo using httpClient we get page with ask for credential (((
But if we create a new loader kustomize will use console git which already have credentials and can clone repository

@abogdanov37
Copy link
Author

Hi @abogdanov37 I'm so sorry to delay the review.

I add comments for implements. Please check and write your comment if you think my worries are trivial matter.

Hi @koba1t.
It's ok.
I add comments for your issues.
Thanks for review

@abogdanov37
Copy link
Author

Hi @koba1t! Any other issues in my pr? May be I can help some how to force PR merge?

@koba1t
Copy link
Member

koba1t commented Sep 3, 2024

Hi @abogdanov37

Sorry for the delayed response.
I have added a few replies. Please check my comments!

@abogdanov37
Copy link
Author

Hi @abogdanov37

Sorry for the delayed response. I have added a few replies. Please check my comments!

Hi @koba1t! Thanks for explanations. I post answers.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants