OCPBUGS-63228: groupmapper: avoid mutating original group users slice when removing user#211
Conversation
|
@liouk: This pull request references Jira Issue OCPBUGS-63228, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
c0d88a1 to
974367b
Compare
|
/jira refresh |
|
@liouk: This pull request references Jira Issue OCPBUGS-63228, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
Requesting review from QA contact: DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Since we do not currently have any unit tests that cover this issue, I will create a proof PR to demonstrate the bug and then incorporate the appropriate unit tests in this one. /hold |
974367b to
483fdef
Compare
|
Proof PR: #212 These tests have also been added in this PR, and must succeed for the fix to be proven. |
|
@liouk: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Unit tests on proof PR (#212) failed as expected, while the ones in this PR are passing. /hold cancel |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: everettraven, ibihim, liouk The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Verified via:
Marking as verified based on the above. /verified by @liouk cc @xingxingxia |
|
@liouk: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/cherrypick release-4.21 release-4.20 |
|
@liouk: once the present PR merges, I will cherry-pick it on top of DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@liouk: Jira Issue Verification Checks: Jira Issue OCPBUGS-63228 Jira Issue OCPBUGS-63228 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@liouk: new pull request created: #213 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
When removing a user from a group,
removeUserFromGroupgets a pointer to the group object living in the informer cache via the lister, then builds the new user list using append on a sub-slice of it:Because the sub-slice shares the backing array with the cached object,
appendmutates the cached object's user list in place -- the removed user disappears and the last user gets duplicated. When the informer re-indexes the group after an update event, it diffs the corrupted old object against the new one. Since the removed user is no longer in the corrupted old object, its index entry is never cleaned up and becomes a permanent phantom.On subsequent logins,
GroupsFor(user)returns the phantom group from the index.groupsDiffsees that the cache already includes the group, matches the provider's desired state, and computes no changes needed -- so the user is never actually added to the group.addUserToGrouphas a similar issue.This PR fixes this issue by creating a slice with a new backing array to store the updated user list.
addUserToGroupcan simply use the deep-copied object as this already uses a new backing array.