Skip to content

Limit the number of operations in a single json patch to be 10,000 #74000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 14, 2019

Conversation

caesarxuchao
Copy link
Contributor

@caesarxuchao caesarxuchao commented Feb 13, 2019

/kind bug
/sig api-machinery
/assign

The apiserver, including both the kube-apiserver and apiservers built with the generic apiserver library, will now return 413 RequestEntityTooLarge error if a json patch contains more than 10,000 operations.

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Feb 13, 2019
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Feb 13, 2019
@k8s-ci-robot k8s-ci-robot added area/apiserver sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Feb 13, 2019
@caesarxuchao
Copy link
Contributor Author

caesarxuchao commented Feb 13, 2019

/unassign
/assign @liggitt @cjcullen

@@ -331,6 +336,11 @@ func (p *jsonPatcher) applyJSPatch(versionedJS []byte) (patchedJS []byte, retErr
if err != nil {
return nil, errors.NewBadRequest(err.Error())
}
if len(patchObj) > maxJSONPatchOperations {
return nil, errors.NewRequestEntityTooLargeError(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had also considered 422 unprocessable entity, but that's for semantic error.

@caesarxuchao caesarxuchao removed their assignment Feb 13, 2019
@liggitt
Copy link
Member

liggitt commented Feb 13, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 13, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: caesarxuchao, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 13, 2019
@k8s-ci-robot k8s-ci-robot merged commit 508a4f7 into kubernetes:master Feb 14, 2019
k8s-ci-robot added a commit that referenced this pull request Feb 21, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
…#73443-#73713-#73805-#74000-upstream-release-1.12

Automated cherry pick of #73443: update json-patch to pick up bug fixes
k8s-ci-robot added a commit that referenced this pull request Feb 21, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
…#73443-#73713-#73805-#74000-upstream-release-1.13

Automated cherry pick of #73443: update json-patch to pick up bug fixes
k8s-ci-robot added a commit that referenced this pull request Feb 23, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
…#68428-#68442-#73443-#73713-#73805-#74000-upstream-release-1.11

Automated cherry pick of #68428: vendor: bump github.com/evanphx/json-patch
@dims
Copy link
Member

dims commented Mar 1, 2019

related to #74534

joestringer added a commit to joestringer/cilium that referenced this pull request Apr 23, 2019
make complains:

```
Unformatted Go source code:
./pkg/k8s/json_patch.go
diff -u ./pkg/k8s/json_patch.go.orig ./pkg/k8s/json_patch.go
--- ./pkg/k8s/json_patch.go.orig        2019-04-22 16:48:14.987138041 -0700
+++ ./pkg/k8s/json_patch.go     2019-04-22 16:48:14.987138041 -0700
@@ -14,7 +14,7 @@

 package k8s

-const(
+const (
        // maximum number of operations a single json patch may contain.
        // See kubernetes/kubernetes#74000
        MaxJSONPatchOperations = 10000
```

Fix it

Signed-off-by: Joe Stringer <joe@cilium.io>
aanm pushed a commit to cilium/cilium that referenced this pull request Apr 23, 2019
make complains:

```
Unformatted Go source code:
./pkg/k8s/json_patch.go
diff -u ./pkg/k8s/json_patch.go.orig ./pkg/k8s/json_patch.go
--- ./pkg/k8s/json_patch.go.orig        2019-04-22 16:48:14.987138041 -0700
+++ ./pkg/k8s/json_patch.go     2019-04-22 16:48:14.987138041 -0700
@@ -14,7 +14,7 @@

 package k8s

-const(
+const (
        // maximum number of operations a single json patch may contain.
        // See kubernetes/kubernetes#74000
        MaxJSONPatchOperations = 10000
```

Fix it

Signed-off-by: Joe Stringer <joe@cilium.io>
@liggitt liggitt added this to the v1.14 milestone Jun 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants