Add admission control to support default service plans. Resolves issue 1111

[vaikas]

Closes #1111

[kibbles-n-bytes]

Overall looks fine by me, a few nits.

[kibbles-n-bytes]

I'd be fine with making this the one-and-only ups-instance.yaml for the walkthrough. I don't think we need multiple walkthrough yamls for every possible code path; there's plenty we're not covering as is.

In fact, for the very same user experience issues @duglin had been describing with the user provided services, I think it would be ideal to have this be our preferred story.

[vaikas]

I agree that it would be a great story, I'm just worried when a user tries to create their own instance they won't have a complete example. Any case, I'd prefer to keep this here, but again if you feel strongly, I'll yank it.

[kibbles-n-bytes]

I don't feel strongly. I think in the future we will want to migrate away from using user provided services as our walkthrough example anyway, as it is a bit of a special case (potentially bundled with catalog, no auth, plan concept not making sense, doesn't tell the main "consuming third party services is easy!" OSB story).

[duglin]

@vaikas-google what do you think about moving the deployment of ups to be part of the svc-cat chart so its just deployed by default? As @kibbles-n-bytes was saying, having a walkthru (which is meant to be a learning example) not show the use of plans might not be the best example. Of course we'd need a real broker to be deployed as part of the walkthru instead.

[kibbles-n-bytes]

The "PlanName must be specified" part of the error seems irrelevant to this particular situation where we simply could not get the service class.

[vaikas]

talked offline, changed as per that discussion.

[kibbles-n-bytes]

To document for posterity: it's a bit of a strange error case, as normally an error with the service class would still be allowed to reach the API server, and the user is responsible for getting the service class working correct so that the instance will eventually succeed.

In this case, the error is actually representative of the inability to assign a default plan due to the fetching of the service class having an error. We changed the message to more clearly address that nuance.

[kibbles-n-bytes]

This function is duplicated from the namespace lifecycle admission controller tests. It seems to me it'd be useful to have a util package shared across all admission controller tests, as functions such as these seem to be common, and we will be adding more admission controllers as time goes on.

[vaikas]

Totes agree if there are others, seems more clutter to add another package right now just for this one function however? If you feel strongly though, I can do it.

[kibbles-n-bytes]

My thoughts were that newMockClientForTest(), newBroker(), and newInstance(namespace) from namespace/lifecycle/admission_test.go would move there, as well as newServiceClass(name, plans...) (and the now-duplicate newInstance(namespace)) from this PR.

I don't have super strong feelings about it, just that it'll pretty much have to happen once we hit a third admission controller, so might as well get it out of the way.

[arschles]

I agree it'd be nice. @kibbles-n-bytes how about in a follow-up, in the interest of getting this functionality + its tests in?

[kibbles-n-bytes]

@arschles Yeah that's totally fine.

[kibbles-n-bytes]

This admission controller's behavior as it stands would be completely undocumented. Could we get a short message somewhere in our docs that mentions it?

I guess the most appropriate place would be: https://github.com/kubernetes-incubator/service-catalog/blob/master/docs/design.md#creating-a-service-instance . It's rough around the edges for now, but at least having a mention would remind us to include it in a rewrite should we do so later.

[vaikas]

would you be ok with a follow on PR for this?

[kibbles-n-bytes]

That's fine. Could you make an issue for it?

[vaikas]

#1133

[n3wscott]

I guess no followup happened then... @kibbles-n-bytes

[kibbles-n-bytes]

😢

[duglin]

What's going to happen if someone forgets to deploy the ac?

[pmorie]

Then this won't work, just like any of the other numerous features in k8s that depend on admission controllers.

…

On Mon, Aug 14, 2017 at 10:18 PM Doug Davis ***@***.***> wrote: What's going to happen if someone forgets to deploy the ac? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#1131 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAWXmKKQCyEeUAIM_hBmrddqADDtqjE9ks5sYP_zgaJpZM4O2qfp> .

[duglin]

yea but what will the user see? It seems like the Instance should have a condition saying that it can't proceed because the plan is empty. Otherwise the user will never know what's going on and can't try to fix it.

[duglin]

From a quick look at the code it seems like we'll just call the broker with a blank planID, which will probably result in the broker generating an error - maybe. It seems that as part of this PR we should check for an empty planID before we try to provision the instance, since the spec mandates that it not be blank, and set an appropriate Condition.

[duglin]

any reason this one isn't wrapped by the "NewForbidden" logic?

[vaikas]

done.

[duglin]

shouldn't the fmt.Errorf() just be errors.New() since by that point in the flow "msg" isn't a string needing %'s substitutions any more? I kind of expected lint/vet to catch it.

[jpeeler]

Just FYI: vet doesn't detect this because they claim it's a style preference, not one of correctness (golang/go#17173).

[duglin]

that's really weird because I know I've seen some complaint from some golang checking tool complain about using things like Printf() w/o any variable args. Maybe it was just a dream... :-)

[vaikas]

ack

[duglin]

errors.New()

[vaikas]

done.

[duglin]

errors.New()

[vaikas]

done.

[duglin]

I can't express how much doing strcmp on error string like this in golang disturbs me :-( nothing to change, just venting

[vaikas]

ack

[arschles]

FYI, it doesn't have to be this way. We can create specific error types and compare types (i.e. err != errNotYetReadyToHandleRequest). Nothing needed right now; I'm willing to go back and correct instances where we have these comparisons post-beta.

[pmorie]

If a service instance reaches validation without a plan, it should be rejected.

…

On Tue, Aug 15, 2017 at 7:46 AM Doug Davis ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In plugin/pkg/admission/serviceplan/defaultserviceplan/admission_test.go <#1131 (comment)> : > + fakeClient.AddReactor("list", "serviceclasses", func(action core.Action) (bool, runtime.Object, error) { + return true, nil, fmt.Errorf("simulated test failure") + }) + handler, informerFactory, err := newHandlerForTest(fakeClient) + if err != nil { + t.Errorf("unexpected error initializing handler: %v", err) + } + informerFactory.Start(wait.NeverStop) + + instance := newInstance("dummy") + instance.Spec.ServiceClassName = "foo" + + err = handler.Admit(admission.NewAttributesRecord(&instance, nil, servicecatalog.Kind("Instance").WithVersion("version"), instance.Namespace, instance.Name, servicecatalog.Resource("instances").WithVersion("version"), "", admission.Create, nil)) + if err == nil { + t.Errorf("unexpected success with no ServiceClasses.List succeeding") + } else if !strings.Contains(err.Error(), "not yet ready to handle request") { I can't express how much doing strcmp on error string like this in golang disturbs me :-( nothing to change, just venting — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1131 (review)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAWXmB_EVxtXh0_FH6acONJM6FOKV63Tks5sYYUagaJpZM4O2qfp> .

[kibbles-n-bytes]

@duglin As Paul said, the apiserver validates that the plan is non-empty, so we wouldn't call the broker.

When we have more mature docs, it'd probably be helpful to mention in the section where we say that the catalog defaults to a plan if there's only one something like: if you're getting an error saying "planName is required" when instantiating a service from a class with only a single plan, make sure that the `DefaultServicePlan` admission controller is enabled.

[duglin]

@kibbles-n-bytes - agreed, I just couldn't find that spot in the code yesterday. Got a file/line ref?

[kibbles-n-bytes]

@duglin Lines 56-57 in pkg/apis/servicecatalog/validation/instance.go

[vaikas]

I believe I've addressed all the comments, PTAL.

[duglin]

@vaikas-google thanks for the ptr

[duglin]

can you convert the %s here to %q's so things are quoted and easier to read?

[vaikas]

done.

[duglin]

one very minor nit and then its good to me

[vaikas]

Thanks for the reviews, PTAL.

[duglin]

mucho thanks! LGTM

[duglin]

just waiting on CI then I'll merge

[arschles]

LGTM, thanks Ville!

[arschles]

I agree it'd be nice. @kibbles-n-bytes how about in a follow-up, in the interest of getting this functionality + its tests in?

[arschles]

FYI, it doesn't have to be this way. We can create specific error types and compare types (i.e. err != errNotYetReadyToHandleRequest). Nothing needed right now; I'm willing to go back and correct instances where we have these comparisons post-beta.

[kibbles-n-bytes]

Just FYI @duglin, @arschles , it looks like there's a backlog of work in Travis at the moment since we share our concurrent build allotment across all the incubator projects, so it will probably take quite a while before Travis actually runs.

Jenkins passed, though, so up to you whether you feel that's enough!

[arschles]

@kibbles-n-bytes let's wait for travis. @vaikas-google I will merge this when it's ready to go. If you happen to be watching it, let me know when it's ready