Closed amirmalka closed 6 months ago
PR Description updated to latest commit (https://github.com/kubescape/storage/commit/9c8ab0230afe67fdb47835603a3c14855ff78a75)
⏱️ Estimated effort to review [1-5] | 2, because the changes are mostly focused on adding validation logic and annotations handling, which are straightforward to review. The logic is not deeply complex but requires understanding of the existing annotation and status management system. |
🧪 Relevant tests | No |
🔍 Possible issues | Possible Bug: The validation logic in both `PrepareForUpdate` methods (for ApplicationProfile and NetworkNeighbors) directly modifies the annotations of the new object to match the old object if a transition from 'complete' to 'partial' is attempted. This approach might not be thread-safe and could lead to race conditions in a concurrent environment. Consider using a more robust method to handle this validation and rejection logic. |
Inconsistency: The validation functions `ValidateCompletionAnnotation` and `ValidateStatusAnnotation` in `pkg/utils/validations.go` return a single error. In scenarios where multiple annotations are invalid, it would only report the first encountered error. This might not provide full visibility into all issues with the annotations to the caller. Consider aggregating all errors before returning. | |
🔒 Security concerns | No |
Category | Suggestions |
Maintainability |
Refactor annotation checks and settings into a utility function for better code reuse.___ **Instead of manually checking and setting the annotations for completion and status inPrepareForUpdate , consider creating a utility function that encapsulates this logic. This will improve code reuse and maintainability.** [pkg/registry/softwarecomposition/applicationprofile/strategy.go [67-69]](https://github.com/kubescape/storage/pull/105/files#diff-31c3884639bb3a8bb6f8f2968b8573d46eeeb993e9e5579aa8a835c030402a01R67-R69) ```diff -if oldAP.Annotations[helpers.CompletionMetadataKey] == helpers.Complete && newAP.Annotations[helpers.CompletionMetadataKey] == helpers.Partial { - newAP.Annotations[helpers.CompletionMetadataKey] = helpers.Complete - newAP.Annotations[helpers.StatusMetadataKey] = oldAP.Annotations[helpers.StatusMetadataKey] -} +utils.EnforceCompletionAndStatusAnnotations(oldAP.Annotations, newAP.Annotations) ``` |
Use a loop to append validation errors for improved readability.___ **To improve code readability and maintainability, consider using a loop to append errorsfrom validation functions in Validate and ValidateUpdate methods, similar to the previous suggestion.** [pkg/registry/softwarecomposition/networkneighbors/strategy.go [75-80]](https://github.com/kubescape/storage/pull/105/files#diff-161c3be0f5fbc375e1b8674907589ffca7d5af236040512635f03dd702351abbR75-R80) ```diff -if err := utils.ValidateCompletionAnnotation(nn.Annotations); err != nil { - allErrors = append(allErrors, err) +validationFuncs := []func(map[string]string) *field.Error{ + utils.ValidateCompletionAnnotation, + utils.ValidateStatusAnnotation, } +for _, validate := range validationFuncs { + allErrors = append(allErrors, validate(nn.Annotations)) +} +// Filter out nil errors before returning +var validErrors field.ErrorList +for _, err := range allErrors { + if err != nil { + validErrors = append(validErrors, err) + } +} +return validErrors ``` | |
Bug |
Add nil check for annotations map to prevent potential nil pointer dereferences.___ **Consider adding error handling for the case where theannotations map is nil to prevent potential nil pointer dereferences in ValidateCompletionAnnotation and ValidateStatusAnnotation .**
[pkg/utils/validations.go [9]](https://github.com/kubescape/storage/pull/105/files#diff-6bca129ad221feaa0f19d8bfa910562a00a9e88c222a6fb79e59771cb8672262R9-R9)
```diff
+if annotations == nil {
+ return field.Required(field.NewPath("metadata").Child("annotations"), "annotations cannot be nil")
+}
if v, ok := annotations[helpers.CompletionMetadataKey]; ok {
```
|
Enhancement |
Aggregate validation errors for comprehensive feedback.___ **The error handling inValidate and ValidateUpdate methods could be enhanced by aggregating errors instead of returning immediately upon encountering the first error. This provides a more comprehensive validation feedback.** [pkg/registry/softwarecomposition/applicationprofile/strategy.go [78-83]](https://github.com/kubescape/storage/pull/105/files#diff-31c3884639bb3a8bb6f8f2968b8573d46eeeb993e9e5579aa8a835c030402a01R78-R83) ```diff -if err := utils.ValidateCompletionAnnotation(ap.Annotations); err != nil { - allErrors = append(allErrors, err) +allErrors = append(allErrors, utils.ValidateCompletionAnnotation(ap.Annotations)) +allErrors = append(allErrors, utils.ValidateStatusAnnotation(ap.Annotations)) +// Filter out nil errors before returning +var validErrors field.ErrorList +for _, err := range allErrors { + if err != nil { + validErrors = append(validErrors, err) + } } +return validErrors ``` |
Summary:
@amirmalka can you check you test failures?
Summary:
Summary:
User description
Type
enhancement, bug_fix
Description
pkg/utils/validations.go
for validating completion and status annotations with predefined valid values.Changes walkthrough
strategy.go
Enhance ApplicationProfile Status Update Validation
pkg/registry/softwarecomposition/applicationprofile/strategy.go
ApplicationProfile.
update.
strategy.go
Implement NetworkNeighbors Status Update Validation
pkg/registry/softwarecomposition/networkneighbors/strategy.go
NetworkNeighbors.
update.
validations.go
Add Utility Functions for Annotations Validation
pkg/utils/validations.go
annotations.