-
Notifications
You must be signed in to change notification settings - Fork 137
update webhooks: handle resourceVersion conflicts properly #2009
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -55,6 +55,10 @@ func (ad *admissionData) mutateMachineDeployments(ctx context.Context, ar admiss | |||||||||
| if err := json.Unmarshal(ar.OldObject.Raw, &oldMachineDeployment); err != nil { | ||||||||||
| return nil, fmt.Errorf("failed to unmarshal OldObject: %w", err) | ||||||||||
| } | ||||||||||
| if oldMachineDeployment.ResourceVersion != machineDeployment.ResourceVersion { | ||||||||||
| // resource version conflict. Return success to fall back to the API server's default handler, which will respond with a proper 409 | ||||||||||
| return createAdmissionResponse(log, machineDeploymentOriginal, &machineDeployment) | ||||||||||
|
Comment on lines
+59
to
+60
|
||||||||||
| // resource version conflict. Return success to fall back to the API server's default handler, which will respond with a proper 409 | |
| return createAdmissionResponse(log, machineDeploymentOriginal, &machineDeployment) | |
| // Resource version conflict. Return success without a patch so the API server can respond with a proper 409. | |
| return &admissionv1.AdmissionResponse{Allowed: true}, nil |
Copilot
AI
Mar 31, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the conflict branch, the handler currently reaches this resourceVersion check only after running defaulting/mutations and validateMachineDeployment earlier in the function. That means an update with an outdated resourceVersion can still be rejected by the webhook with a 400 before the API server returns the intended 409. Consider moving the resourceVersion mismatch check to the very start of the Update path (before any mutation/validation) and returning Allowed=true with no patch when it mismatches.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -62,6 +62,10 @@ func (ad *admissionData) mutateMachines(ctx context.Context, ar admissionv1.Admi | |
| if err := json.Unmarshal(ar.OldObject.Raw, &oldMachine); err != nil { | ||
| return nil, fmt.Errorf("failed to unmarshal OldObject: %w", err) | ||
| } | ||
| if oldMachine.ResourceVersion != machine.ResourceVersion { | ||
| // resource version conflict. Return success to fall back to the API server's default handler, which will respond with a proper 409 | ||
| return createAdmissionResponse(log, machineOriginal, &machine) | ||
| } | ||
|
Comment on lines
+65
to
+68
|
||
| if oldMachine.Spec.Name != machine.Spec.Name && machine.Spec.Name == machine.Name { | ||
| oldMachine.Spec.Name = machine.Spec.Name | ||
| } | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line has inconsistent indentation (spaces instead of tabs) and will be rewritten by gofmt; it may also fail formatting/lint checks in CI. Please run gofmt (or fix indentation) so the return statement is properly aligned with the surrounding block.