Fix bug where IPs were assigned from affine blocks of disabled pools. #806
Conversation
lib/ipam/ipam.go
Outdated
| // Get all the configured pools. | ||
| enabledPools, err := c.pools.GetEnabledPools(version.Number) | ||
| if err != nil { | ||
| log.WithError(err).Errorf("Error reading configured pools") |
There was a problem hiding this comment.
We create a context logger just a little bit below - I think you should move that above and then make sure all the logs are using logCtx
lib/ipam/ipam.go
Outdated
|
|
||
| // Start by trying to assign from one of the host-affine blocks. We | ||
| // Get all the configured pools. |
There was a problem hiding this comment.
Probably worth encapsulating the pool determination logic into its own function for easier testing and to clean up the autoAssign code a bit.
There was a problem hiding this comment.
This code then becomes:
pools, err := c.determinePools(requestedPools)
if err != nil { ... }
lib/ipam/ipam.go
Outdated
| // If no pools were requested, default to all enabled pools. | ||
| pools = enabledPools | ||
| } | ||
| log.Debugf("Finding an unclaimed block from pools: %v", pools) |
There was a problem hiding this comment.
This log is wrong now - we're not finding an unclaimed block yet (we might use an already claimed one)
lib/ipam/ipam.go
Outdated
| for _, rp := range requestedPools { | ||
| if _, ok := pm[rp.String()]; !ok { | ||
| // The requested pool doesn't exist. | ||
| return nil, fmt.Errorf("the given pool (%s) does not exist, or is not enabled", rp.IPNet.String()) |
There was a problem hiding this comment.
@caseydavenport I'm wondering if erroring here is a bit harsh. We could just drop any pools that do not exist, just like we drop any pools that aren't enabled.
There was a problem hiding this comment.
Actually, I'm thinking this code is duplicate of the above comparison. Let me look into it further...
ozdanborne
force-pushed
the
fix-disabled-pools-rebased
branch
4 times, most recently
from
d7bda94 to
1b54a08
Compare
lib/ipam/ipam.go
Outdated
| pools = append(pools, rp) | ||
| } | ||
| } | ||
| } else { |
There was a problem hiding this comment.
Just a personal preference, but I'd drop the "else" branch here and do something like this:
if len(requestedPools) > 0 {
// Build a map
...
// Make sure each pool exists
...
// Return the requested pools.
return requestedPools
}
return enabledPools
I think it makes the code a bit easier to follow.
There was a problem hiding this comment.
Neat. Way cleaner. Fixed
ozdanborne
force-pushed
the
fix-disabled-pools-rebased
branch
from
1b54a08 to
8089f94
Compare
lib/ipam/ipam.go
Outdated
| } | ||
| } | ||
|
|
||
| return pools, nil |
There was a problem hiding this comment.
One more nit here - it's bad to mix named and unnamed return values.
I'd suggest removing the named return value from above, and simply returning requestedPools if we don't hit an error in the loop above.
That's nice because ultimately this function will always return either the requested pools, or all enabled pools and it becomes more obvious with that change.
There was a problem hiding this comment.
e.g. something like this:
for _, rp := range requestedPools{
if !ok {
ERROR!
}
}
// Requested pools are valid
return requestedPools, nil
lib/ipam/ipam.go
Outdated
| if _, ok := pm[rp.String()]; !ok { | ||
| // The requested pool doesn't exist. | ||
| return nil, fmt.Errorf("the given pool (%s) does not exist, or is not enabled", rp.IPNet.String()) | ||
| } else { |
There was a problem hiding this comment.
nit: don't need the else here
(not reviewing but I was flying by and saw this)
ozdanborne
force-pushed
the
fix-disabled-pools-rebased
branch
from
eae77f0 to
b7657b4
Compare
Description
Fixes #689 .
Of course, this change will need to be pulled into projectcalico/cni-plugin before we see any results.
Todos
Release Note