From e7bda4431da05b55b4e8f66ed308d4ed90efd2df Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Wed, 3 Oct 2018 13:30:29 -0700 Subject: [PATCH] storage: propagate TransformFromStorage errors from List Like we do everywhere else we use TranformFromStorage. The current behavior is causing all service account tokens to be regenerated, invalidating old service account tokens and unrecoverably breaking apps that are using InClusterConfig or exported service account tokens. If we are going to break stuff, let's just break the Lists so that misconfiguration of encryption config or checkpoint corruption are obvious. --- staging/src/k8s.io/apiserver/pkg/storage/etcd3/BUILD | 1 - staging/src/k8s.io/apiserver/pkg/storage/etcd3/store.go | 4 +--- .../src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go | 8 ++------ 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/BUILD b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/BUILD index 6853f0f5472..1e683a48d7f 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/BUILD @@ -24,7 +24,6 @@ go_test( "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library", - "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/watch:go_default_library", diff --git a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store.go b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store.go index d8aa8b2fd37..2e12e914185 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store.go @@ -35,7 +35,6 @@ import ( "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/conversion" "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/storage" "k8s.io/apiserver/pkg/storage/etcd" @@ -594,8 +593,7 @@ func (s *store) List(ctx context.Context, key, resourceVersion string, pred stor data, _, err := s.transformer.TransformFromStorage(kv.Value, authenticatedDataString(kv.Key)) if err != nil { - utilruntime.HandleError(fmt.Errorf("unable to transform key %q: %v", kv.Key, err)) - continue + return storage.NewInternalErrorf("unable to transform key %q: %v", kv.Key, err) } if err := appendListItem(v, data, uint64(kv.ModRevision), pred, s.codec, s.versioner); err != nil { diff --git a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go index ff811a0e2af..f50f8b251d4 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/etcd3/store_test.go @@ -39,7 +39,6 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/diff" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/apiserver/pkg/apis/example" @@ -718,14 +717,11 @@ func TestTransformationFailure(t *testing.T) { } store.transformer = oldTransformer - // only the first item is returned, and no error + // List should fail var got example.PodList - if err := store.List(ctx, "/", "", storage.Everything, &got); err != nil { + if err := store.List(ctx, "/", "", storage.Everything, &got); !storage.IsInternalError(err) { t.Errorf("Unexpected error %v", err) } - if e, a := []example.Pod{*preset[0].storedObj}, got.Items; !reflect.DeepEqual(e, a) { - t.Errorf("Unexpected: %s", diff.ObjectReflectDiff(e, a)) - } // Get should fail if err := store.Get(ctx, preset[1].key, "", &example.Pod{}, false); !storage.IsInternalError(err) {