Closed amirmalka closed 5 months ago
PR Description updated to latest commit (https://github.com/kubescape/storage/commit/53e2738ebef0c46f4db6da7a8e71b75fe681e803)
⏱️ Estimated effort to review [1-5] | 3, because the PR involves changes across multiple files including Go structs, OpenAPI specifications, and update strategies which require a good understanding of the existing codebase and the implications of the changes on the system's behavior. |
🧪 Relevant tests | Yes |
🔍 Possible issues | Possible Bug: The logic to prevent updates on completed application profiles might not handle cases where annotations are missing or malformed. It assumes the presence and correctness of specific annotation keys and values. |
🔒 Security concerns | No |
Category | Suggestions |
Enhancement |
Add the
___
**Consider adding the |
Implement error handling when rejecting updates for completed application profiles.___ **When rejecting updates due to the application profile being marked as complete andcompleted, consider adding an error or exception handling mechanism instead of just logging and resetting the object. This could involve throwing a custom error that can be caught and handled appropriately by the calling function, providing clearer feedback to the user or system about why the update was rejected.** [pkg/registry/softwarecomposition/applicationprofile/strategy.go [69-72]](https://github.com/kubescape/storage/pull/110/files#diff-31c3884639bb3a8bb6f8f2968b8573d46eeeb993e9e5579aa8a835c030402a01R69-R72) ```diff logger.L().Debug("application profile is marked as complete and completed, rejecting update", logHelpers.String("name", oldAP.Name), logHelpers.String("namespace", oldAP.Namespace)) -*newAP = *oldAP // reset the new object to the old object +return fmt.Errorf("update rejected: application profile is marked as complete and completed") ``` | |
Best practice |
Update the
___
**Ensure that the |
Enhance test assertions to check the entire object state when updates are rejected.___ **In the test case for rejecting updates when the application profile is marked as completeand completed, ensure that the test asserts not just the state of annotations but also the overall state of the object to confirm that no unintended changes have occurred. This can be done by deep comparing the entire object state, not just the annotations.** [pkg/registry/softwarecomposition/applicationprofile/strategy_test.go [87-91]](https://github.com/kubescape/storage/pull/110/files#diff-50d29e8cedb48c7fb1afb5410d84712023b460583d4154c13415d202b429624dR87-R91) ```diff -expected: map[string]string{ - helpers.CompletionMetadataKey: "complete", - helpers.StatusMetadataKey: "completed", +expected: &softwarecomposition.ApplicationProfile{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + helpers.CompletionMetadataKey: "complete", + helpers.StatusMetadataKey: "completed", + }, + }, + // Include checks for other fields to ensure no changes } ``` |
Summary:
User description
Type
enhancement, bug_fix
Description
Changes walkthrough
types.go
Ensure Required Fields are Always Serialized
pkg/apis/softwarecomposition/v1beta1/types.go
'Opens', and 'Syscalls' in ApplicationProfileContainer.
zz_generated.openapi.go
Update OpenAPI Schema to Reflect Required Fields
pkg/generated/openapi/zz_generated.openapi.go
required fields in the OpenAPI schema.
strategy.go
Reject Updates on Completed Application Profiles
pkg/registry/softwarecomposition/applicationprofile/strategy.go
marked as complete and completed.
ApplicationProfiles.
strategy_test.go
Extend Tests for ApplicationProfile Update Logic
pkg/registry/softwarecomposition/applicationprofile/strategy_test.go
ApplicationProfiles.