squakez commented on code in PR #6695:
URL: https://github.com/apache/camel-k/pull/6695#discussion_r3450255225
##########
pkg/trait/toleration.go:
##########
@@ -57,6 +60,7 @@ func (t *tolerationTrait) Configure(e *Environment) (bool,
*TraitCondition, erro
}
func (t *tolerationTrait) Apply(e *Environment) error {
+ t.filterTaints()
Review Comment:
Nitpick: we should move this into the Configure func instead.
##########
pkg/trait/toleration.go:
##########
@@ -73,3 +77,33 @@ func (t *tolerationTrait) Apply(e *Environment) error {
return nil
}
+
+// filterTaints removes taint entries whose key is not in the
operator-configured allow list.
+// When TOLERATION_TAINTS_ALLOWED_KEYS is unset or empty all taints are kept.
+func (t *tolerationTrait) filterTaints() {
+ allowList := platform.TolerationTaintsAllowList()
+ if len(allowList) == 0 || len(t.Taints) == 0 {
+ return
+ }
+ kept := make([]string, 0, len(t.Taints))
+ for _, taint := range t.Taints {
+ key := taintKey(taint)
+ if slices.Contains(allowList, key) {
+ kept = append(kept, taint)
+ } else {
+ t.L.Info("toleration.taints key is not in the allowed
list and will be ignored",
+ "key", key, "allowedKeys", allowList)
+ }
+ }
+ t.Taints = kept
+}
+
+// taintKey extracts the key from a taint string of the form
Key[=Value]:Effect[:Seconds].
+func taintKey(taint string) string {
+ if k, _, found := strings.Cut(taint, "="); found {
+ return k
+ }
+ k, _, _ := strings.Cut(taint, ":")
Review Comment:
Ditto
##########
pkg/trait/toleration.go:
##########
@@ -73,3 +77,33 @@ func (t *tolerationTrait) Apply(e *Environment) error {
return nil
}
+
+// filterTaints removes taint entries whose key is not in the
operator-configured allow list.
+// When TOLERATION_TAINTS_ALLOWED_KEYS is unset or empty all taints are kept.
+func (t *tolerationTrait) filterTaints() {
+ allowList := platform.TolerationTaintsAllowList()
+ if len(allowList) == 0 || len(t.Taints) == 0 {
+ return
+ }
+ kept := make([]string, 0, len(t.Taints))
+ for _, taint := range t.Taints {
+ key := taintKey(taint)
+ if slices.Contains(allowList, key) {
+ kept = append(kept, taint)
+ } else {
+ t.L.Info("toleration.taints key is not in the allowed
list and will be ignored",
+ "key", key, "allowedKeys", allowList)
+ }
+ }
+ t.Taints = kept
+}
+
+// taintKey extracts the key from a taint string of the form
Key[=Value]:Effect[:Seconds].
+func taintKey(taint string) string {
+ if k, _, found := strings.Cut(taint, "="); found {
Review Comment:
Why don't use split instead? Ideally we need to make sure just one "="
exists, otherwise that's a potential error.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
