Skip to content

API: enhance validation with ErrorMatcher #132577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

API: enhance validation with ErrorMatcher #132577

wants to merge 1 commit into from

Conversation

pohly
Copy link
Contributor

@pohly pohly commented Jun 27, 2025

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

The use of ErrorMatcher and origins makes it possible to remove special detail strings from the resource.k8s.io validation, which is good because it's shorter and avoids the need to update those tests when the shared validation helpers change.

For that to be more complete, several missing WithOrigin calls were added and some were changed to make them consistent. The following rationale was used:

  • All origins should be named after the code generating them. "labelKey" in ValidateLabelName did not follow that because it passed through errors from IsQualifiedName, so this was changed to "format=qualified-name", making it consistent with ValidateQualifiedName.
  • WithOrigin is useful when the corresponding error has a non-trivial detail string, because then validation code can check for the origin instead of string.
  • WithOrigin is not useful for errors with no detail string, for example field.Required, because adding one would just make error matching harder without a benefit.

Unfortunately object meta name validation still has to match strings because the current code has no knowledge about which origin to add. Changing that is a bigger internal code change.

For resource.k8s.io validation, matching the same wanted error against multiple actual errors is undesirable because it could be a bug in the test case. The new WithUniqueMatches makes the matching stricter than the current default.

Which issue(s) this PR is related to:

#132314 (comment)

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

/assign @thockin

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 27, 2025
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/apps Categorizes an issue or PR as relevant to SIG Apps. wg/device-management Categorizes an issue or PR as relevant to WG Device Management. labels Jun 27, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in SIG Apps Jun 27, 2025
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jun 27, 2025
@k8s-ci-robot k8s-ci-robot requested review from bart0sh and dims June 27, 2025 13:34
pohly
pohly commented Jun 27, 2025
View reviewed changes
staging/src/k8s.io/apimachinery/pkg/api/validation/objectmeta.go
@@ -71,19 +71,19 @@ func validateOwnerReference(ownerReference metav1.OwnerReference, fldPath *field
gvk := schema.FromAPIVersionAndKind(ownerReference.APIVersion, ownerReference.Kind)
// gvk.Group is empty for the legacy group.
if len(gvk.Version) == 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("apiVersion"), ownerReference.APIVersion, "version must not be empty"))
allErrs = append(allErrs, field.Invalid(fldPath.Child("apiVersion"), ownerReference.APIVersion, "version must not be empty").WithOrigin("owner-reference"))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or field.Required with no details?

Same below.

pohly
pohly commented Jun 27, 2025
View reviewed changes
staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation/validation.go
@@ -216,12 +216,12 @@ func ValidateFieldManager(fieldManager string, fldPath *field.Path) field.ErrorL
// considered as not set and is defaulted by the rest of the process
// (unless apply is used, in which case it is required).
if len(fieldManager) > FieldManagerMaxLength {
allErrs = append(allErrs, field.TooLong(fldPath, "" /*unused*/, FieldManagerMaxLength))
allErrs = append(allErrs, field.TooLong(fldPath, "" /*unused*/, FieldManagerMaxLength).WithOrigin("field-manager"))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FieldManagerMaxLength gets embedded in a generated details string.

@pohly
API: enhance validation with ErrorMatcher
27c1a30 
The use of ErrorMatcher and origins makes it possible to remove special detail
strings from the resource.k8s.io validation, which is good because it's shorter
and avoids the need to update those tests when the shared validation helpers
change.

For that to be more complete, several missing WithOrigin calls were added and
some were changed to make them consistent. The following rationale was used:
- All origins should be named after the code generating them.
  "labelKey" in ValidateLabelName did not follow that because it passed
  through errors from IsQualifiedName, so this was changed to
  "format=qualified-name", making it consistent with ValidateQualifiedName.
- WithOrigin is useful when the corresponding error has a non-trivial
  detail string, because then validation code can check for the origin
  instead of string.
- WithOrigin is not useful for errors with no detail string, for
  example field.Required, because adding one would just make error matching
  harder without a benefit.

Unfortunately object meta name validation still has to match strings because
the current code has no knowledge about which origin to add. Changing that is a
bigger internal code change.

For resource.k8s.io validation, matching the same wanted error against multiple
actual errors is undesirable because it could be a bug in the test case. The
new WithUniqueMatches makes the matching stricter than the current default.
@pohly pohly force-pushed the dra-api-validation-testing branch from 5c56512 to 27c1a30 Compare June 27, 2025 13:39
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pohly
Once this PR has been reviewed and has the lgtm label, please ask for approval from thockin. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pohly pohly mentioned this pull request Jun 27, 2025
Open
@k8s-triage-robot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bart0sh bart0sh Awaiting requested review from bart0sh

@dims dims Awaiting requested review from dims

Assignees

@thockin thockin

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/apps Categorizes an issue or PR as relevant to SIG Apps. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. wg/device-management Categorizes an issue or PR as relevant to WG Device Management.
Projects
Dynamic Resource Allocation
Status: 🆕 New
SIG Apps
Status: Needs Triage
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pohly @k8s-ci-robot @k8s-triage-robot @thockin