contour icon indicating copy to clipboard operation
contour copied to clipboard

Published 20 hours ago verified publisher icon projectcontour

internal/dag: add explicit check that virtualhost.TCPProxy is never overwritten.

Open davecheney opened this issue 5 years ago • 8 comments

There should be compensating controls that ensure when a HTTPProxy TCPProxy is processed we never overwrite the TCPProxy value on the resulting securevirtualhost. But that's not stated explicitly, or tested, and it would be good to cover both of those cases.

davecheney avatar Oct 23 '19 05:10 davecheney

@davecheney I'll take a stab at this one if that's ok?

philipgough avatar Nov 15 '19 15:11 philipgough

@PhilipGough sure thing but please, before sending any code, please write a sketch of your change here. Specifically, if this invariant is broken, what happens? Logging is not appropriate as dag rebuilds happen constantly. Panicking or otherwise aborting are not appropriate because that will stall unrelated updates.

davecheney avatar Nov 16 '19 03:11 davecheney

@davecheney perhaps I misunderstood the task (highly likely since I'm new to the codebase) but from reading your description I thought the change was straightforward enough (https://github.com/projectcontour/contour/compare/master...PhilipGough:1777?expand=1)

From your description though, it seems like I am on the wrong track so if you have any pointers for where I should be working in that would be appreciated.

philipgough avatar Nov 18 '19 10:11 philipgough

@PhilipGough thanks for your reply. The outstanding problem is what to do when the invariant that svh.TCPProxy == nil is violated? Should that invalidate the httpproxy object? Should it be logged? when and where should it be logged -- we generally don't log during dag rebuilds as those happen frequently and will cause log spam and lead to issues where customers ask us to turn down the logging -- trading one problem for another.

To proceed, the answer to the question "what happens if svh.TCPProxy != nil needs to be defined.

davecheney avatar Nov 19 '19 01:11 davecheney

@davecheney thanks for your response, makes sense to me now. Let me see if I can progress this then, seems like a good opportunity to dig through the code base if nothing else. Thanks

philipgough avatar Nov 19 '19 09:11 philipgough

Hey @PhilipGough just wanted to circle back on this issue. Are you still working on it?

stevesloka avatar Mar 02 '20 20:03 stevesloka

@stevesloka to be honest, after spending a very short time on it initially, my scope to work on it got reduced and I never managed to circle back around on it so feel free to open it yourself/others.

If it doesn't get picked up in the mean time I'll revisit it as soon as I can.

philipgough avatar Mar 03 '20 09:03 philipgough