create policy cache #1108
create policy cache #1108
Conversation
| return nil, err | ||
| } | ||
|
|
||
| ret := &authorizationapi.PolicyBindingList{} |
There was a problem hiding this comment.
&authorizationapi.PolicyBindingList{
Items: make([]authorizationapi.PolicyBinding, 0, len(bindings)
}
|
Code looks good, can you add a test that at least checks something fundamental here? We can flush out tests later, but just one. |
| policyCache := NewPolicyCache(bindingRegistry, policyRegistry) | ||
| policyCache.Run(1 * time.Second) | ||
|
|
||
| time.Sleep(50 * time.Millisecond) |
There was a problem hiding this comment.
@smarterclayton Is there a spot with a clean example of how to wait for a certain amount of time for a test to pass and if that time is exceeded, then report errors?
There was a problem hiding this comment.
Generally you would instead call "RunOnce" or something to drive one cycle (or drive the individual components). You need to be running and ensuring your things shut down, so the structure of your cache should support running and stopping.
There was a problem hiding this comment.
For this sort of test, usually it's an integration. Your unit test would not run go util.Forever loops, instead it would be incrementally triggering things and testing that they work.
deads2k
force-pushed
the
deads-create-policy-cache
branch
2 times, most recently
from
50e07fc to
f785ae3
Compare
|
added RunUntil and used it for the unit test. |
| policyCache := NewPolicyCache(bindingRegistry, policyRegistry) | ||
| policyCache.RunUntil(bindingStop, policyStop) | ||
|
|
||
| time.Sleep(50 * time.Millisecond) |
There was a problem hiding this comment.
This will break on travis and other slow test envs - you should set something up to make a call a bunch of times until it returns what you expect (you can loop forever because -timeout)
|
I think I've used the channel properly now. The messages for a failure will suck (failed due to timeout), but it will function properly. Are defers run on a timeout failure? I could try to track the current set of failures to be printed. This issue is what my previous question is about: "Is there a spot with a clean example of how to wait for a certain amount of time for a test to pass and if that time is exceeded, then report errors?" |
|
On a timeout failure you get sigabrt'd which triggers a stack dump. |
| close(testStop) | ||
| } | ||
|
|
||
| }, 50*time.Millisecond, testStop) |
There was a problem hiding this comment.
This is too slow, do it every millisecond.
|
Then squash and I'll merge |
deads2k
force-pushed
the
deads-create-policy-cache
branch
from
366ce3f to
eb75981
Compare
|
@smarterclayton set to 1 millisecond and squashed. |
|
LGTM [merge] |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_openshift3/1005/) (Image: devenv-fedora_862) |
|
Evaluated for origin up to eb75981 |
Merged by openshift-bot
…service-catalog/' changes from 8f07b7b..7e650e7 7e650e7 origin build: add origin tooling f32eec2 unit test for ./pkg/rest/core/fake rest client, addresses openshift#860 Test ready to be reviewed (openshift#1113) e388aee explicitly always prefer latest OSBAPI Version (openshift#1138) 962429e Merge branch 'pr/1135' b6ee7ef fix rbac cb1beb9 Merge branch 'pr/1131' ecc5c01 Update Code of Conduct (openshift#1137) e7c5ab3 address one more PR comment ddcbbad address PR comments 652a83b fix test expectation to match the new error message for missing service class 33417cc address PR comments 565fccf Use the chart name instead of the namespace (openshift#1102) bc61919 Add new terminal failure binding condition (openshift#1057) 4e642d5 Added more detailed instructions on how to setup the repo (openshift#1114) bdaea23 update unit tests (openshift#1123) 88a9642 validate the apiserver options (openshift#1116) b0af5fc fix whitespace in the copyright section dee796a generated type changes ef585c4 Rename the directory from default to defaultservicename to conform to go style guide. Wire admission controller into the apiserver 0b5d6c6 add firewall troubleshooting section (openshift#1040) fd9e6bc Fix Typo in Events Code of Conduct (openshift#1126) ebe6506 Fix Typo in Terminology (openshift#1128) 0038b1e Merge branch 'pr/1122' 8411f31 make deprovisioning an instance asynchronously not fall-through to synchronous deprovision (openshift#1067) 76c1d93 handle failures from list and test the not ready condition, cleanup 9241296 finish unit tests, passing ed75774 Minor fixes based on go report card 9911e8d Add GoReport Widget (openshift#1121) dd24e5c clean up old cruft 08276c6 generated file changes 6489d90 Implement the default plan in admission controller a6bb576 Code: Instance/Binding parameters from secret (openshift#1079) 10bb148 Update generated files (openshift#1115) 5291e6f v0.0.15 (openshift#1118) 28a1ea6 Merge branch 'pr/1104' bb4a2d2 Merge branch 'pr/1097' 1c14a90 push all arch images on release tags (openshift#1108) b587b2c Improve log output for deprovision 8887561 Remove PodPreset embedding from Binding (openshift#1030) 1abdcc8 Adjust helm/tiller installation instructions (openshift#1091) f636f99 only skip tls verify if not behind the aggregator (openshift#1101) 43b40ab controller_broker unit test bullet-proofing openshift#1077 (openshift#1099) bb596b8 Use data store instead of database (openshift#1100) 04fa477 Implementation: Support for Bearer token auth between Service Catalog and brokers (openshift#1053) 9e46d3c refactor Jenkins e2e tests (openshift#1082) 1f0a41e remove old/misleading comments about only doing soft delete if it's "our turn--" i.e. only if the finalizer we care about is at the head of the finalizers list. 5c1d9b8 Update OSB client (openshift#1085) a6e80ea Only do work for instances from a single queue (openshift#1074) 2bd85d6 Merge branch 'pr/1076' e324287 Tweaks to the walkthrough for local-up-cluster d8b7899 Add a note to the walkthrough about getting bindings when using the aggregator (openshift#1078) ea44cf1 msg on Environment Variables to set for e2e (openshift#1070) d15554a Merge branch 'pr/1017' faf966e Add comment re: async race condition in integration tests ed2e096 v0.0.14 (openshift#1071) fc84ffd more PR feedback 283bed4 Add integration tests and some error checking; PR feedback 903a7a7 Add terminal condition for instance and do not retry failed provisions REVERT: 8f07b7b origin: add required patches git-subtree-dir: cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog git-subtree-split: 7e650e7e39c3fc79a8ecc061cce2a70e899406ff
Creates a policy cache and uses it to evaluate policy and access reviews. This should help policy decision performance.
@derekwaynecarr @liggitt @smarterclayton