Skip to content

Commit 5c481cd

Browse files
stefanprodanstefanprodan
authored
Merge pull request #1828 from angelbarrera92/issue-1827
fix: default namespace for cross-namespace ref validation
2 parents 0743ef7 + eeeac35 commit 5c481cd

File tree

2 files changed

+46
-5
lines changed

2 files changed

+46
-5
lines changed

pkg/controller/controller.go

Lines changed: 24 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -345,17 +345,36 @@ func (c *Controller) verifyCanary(canary *flaggerv1.Canary) error {
345345
}
346346

347347
func verifyNoCrossNamespaceRefs(canary *flaggerv1.Canary) error {
348-
if canary.Spec.UpstreamRef != nil && canary.Spec.UpstreamRef.Namespace != canary.Namespace {
349-
return fmt.Errorf("can't access gloo upstream %s.%s, cross-namespace references are blocked", canary.Spec.UpstreamRef.Name, canary.Spec.UpstreamRef.Namespace)
348+
if canary.Spec.UpstreamRef != nil {
349+
// Default to canary namespace if upstreamRef namespace is empty
350+
namespace := canary.Spec.UpstreamRef.Namespace
351+
if namespace == "" {
352+
namespace = canary.Namespace
353+
}
354+
if namespace != canary.Namespace {
355+
return fmt.Errorf("can't access gloo upstream %s.%s, cross-namespace references are blocked", canary.Spec.UpstreamRef.Name, canary.Spec.UpstreamRef.Namespace)
356+
}
350357
}
351358
if canary.Spec.Analysis != nil {
352359
for _, metric := range canary.Spec.Analysis.Metrics {
353-
if metric.TemplateRef != nil && metric.TemplateRef.Namespace != canary.Namespace {
354-
return fmt.Errorf("can't access metric template %s.%s, cross-namespace references are blocked", metric.TemplateRef.Name, metric.TemplateRef.Namespace)
360+
if metric.TemplateRef != nil {
361+
// Default to canary namespace if templateRef namespace is empty
362+
namespace := metric.TemplateRef.Namespace
363+
if namespace == "" {
364+
namespace = canary.Namespace
365+
}
366+
if namespace != canary.Namespace {
367+
return fmt.Errorf("can't access metric template %s.%s, cross-namespace references are blocked", metric.TemplateRef.Name, metric.TemplateRef.Namespace)
368+
}
355369
}
356370
}
357371
for _, alert := range canary.Spec.Analysis.Alerts {
358-
if alert.ProviderRef.Namespace != canary.Namespace {
372+
// Default to canary namespace if providerRef namespace is empty
373+
namespace := alert.ProviderRef.Namespace
374+
if namespace == "" {
375+
namespace = canary.Namespace
376+
}
377+
if namespace != canary.Namespace {
359378
return fmt.Errorf("can't access alert provider %s.%s, cross-namespace references are blocked", alert.ProviderRef.Name, alert.ProviderRef.Namespace)
360379
}
361380
}

pkg/controller/controller_test.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,28 @@ func TestController_verifyCanary(t *testing.T) {
7070
},
7171
wantErr: true,
7272
},
73+
{
74+
name: "MetricTemplate in same namespace with no namespace specified should not return an error",
75+
canary: flaggerv1.Canary{
76+
ObjectMeta: metav1.ObjectMeta{
77+
Name: "cd-1",
78+
Namespace: "default",
79+
},
80+
Spec: flaggerv1.CanarySpec{
81+
Analysis: &flaggerv1.CanaryAnalysis{
82+
Metrics: []flaggerv1.CanaryMetric{
83+
{
84+
TemplateRef: &flaggerv1.CrossNamespaceObjectReference{
85+
Name: "mt-1",
86+
Namespace: "",
87+
},
88+
},
89+
},
90+
},
91+
},
92+
},
93+
wantErr: false,
94+
},
7395
{
7496
name: "AlertProvider in a different namespace should return an error",
7597
canary: flaggerv1.Canary{

0 commit comments

Comments
 (0)