|
22 | 22 | - [Examples](#examples) |
23 | 23 | - [OpenAPI](#openapi) |
24 | 24 | - [Normalization and Validation](#normalization-and-validation) |
| 25 | + - [Ratcheting Validation](#ratcheting-validation) |
25 | 26 | - [Migrating existing unions](#migrating-existing-unions) |
26 | 27 | - [Test Plan](#test-plan) |
27 | 28 | - [Prerequisite testing updates](#prerequisite-testing-updates) |
@@ -467,6 +468,29 @@ currently done for existing union types. |
467 | 468 |
|
468 | 469 | Objects must be validated AFTER the normalization process. |
469 | 470 |
|
| 471 | +#### Ratcheting Validation |
| 472 | + |
| 473 | +When updating CRDs to support union validation, it is possible that existing CRs |
| 474 | +become invalid. |
| 475 | + |
| 476 | +The naive solution is to require existing CRs to be updated to a valid state |
| 477 | +before they can be updated again. |
| 478 | + |
| 479 | +This creates many potential landmines, and so ratcheting validation is proposed |
| 480 | +as an alternative. Ratcheting validation means that objects will ignore stricter |
| 481 | +validation rules if and only if the existing object also fails the stricter |
| 482 | +validation for the same reason. |
| 483 | + |
| 484 | +Ratcheting validation for custom resources is a separate effort proposed |
| 485 | +outside of this unions effort. For the initial alpha graduation of unions, we |
| 486 | +do not propose supporting ratcheting validation. We will require all invalid CRs |
| 487 | +to be made valid before they can be updated (the naive solution). |
| 488 | + |
| 489 | +In order to potentially support ratcheting validation in the future, we will |
| 490 | +ensure that all callers of union validation retain access to both old and new |
| 491 | +objects, so that future ratcheting validation can be implemented within the |
| 492 | +union validation library. |
| 493 | + |
470 | 494 | #### Migrating existing unions |
471 | 495 |
|
472 | 496 | As mentioned, one of the goals is to migrate at least one existing union to |
@@ -718,8 +742,16 @@ Yes, requests will simply skip union validation and normalization. |
718 | 742 | ###### What happens if we reenable the feature if it was previously rolled back? |
719 | 743 |
|
720 | 744 | Custom resources that were skipping union validation when when the feature was |
721 | | -rolled back may have allowed invalid data to persist. These must be updated to |
722 | | -have valid data. |
| 745 | +rolled back may have allowed invalid data to persist. |
| 746 | + |
| 747 | +For alpha, we require that all modifying requests (update/patch) fail unless the |
| 748 | +data passes union validation. Retrieving newly invalid CRs should still always |
| 749 | +succeed. |
| 750 | + |
| 751 | +In the future, we may require looser "ratcheting validation" which would allow |
| 752 | +modifications to ignore union validation if the existing object fails the union |
| 753 | +validation for the same reason as the new object (see section on "Ratcheting |
| 754 | +Validation" above). This is not a priority for alpha. |
723 | 755 |
|
724 | 756 | ###### Are there any tests for feature enablement/disablement? |
725 | 757 |
|
|
0 commit comments