csviri opened a new pull request, #695:
URL: https://github.com/apache/spark-kubernetes-operator/pull/695
### What changes were proposed in this pull request?
This PR makes the dynamic-config ConfigMap **name** an explicit,
configurable property and enforces it in the reconciler:
1. Adds a new config option `spark.kubernetes.operator.dynamicConfig.name`
(default: `spark-kubernetes-operator-dynamic-configuration`) in
`SparkOperatorConf`.
2. In `SparkOperatorConfigMapReconciler#reconcile`, short-circuits with
`UpdateControl.noUpdate()` when the incoming ConfigMap's name does not match
the configured value — so only the operator's intended ConfigMap can mutate
`SparkOperatorConfManager` state and trigger a watched-namespace update.
3. Documents the new property in `docs/config_properties.md`.
4. Adds unit tests covering the new check (positive, negative, and
custom-name path).
### Why are the changes needed?
Previously the reconciler trusted any ConfigMap that matched the label
selector configured via `spark.kubernetes.operator.dynamicConfig.selector` in
the operator namespace. A user with `create configmap` permission in the
operator namespace (but no broader operator privileges) could create a
ConfigMap that matches the selector to:
- Override `spark.kubernetes.operator.watchedNamespaces` and force the
operator to start watching/reconciling namespaces it should not have access to.
- More generally, override any dynamic-overridable operator property at
runtime.
Pinning the reconciler to a specific, configurable ConfigMap name closes
this privilege-escalation path: a rogue ConfigMap with the right labels but a
different name is now ignored.
### Does this PR introduce _any_ user-facing change?
Yes (configuration). A new property is added:
| Key | Default |
| --- | --- |
| `spark.kubernetes.operator.dynamicConfig.name` |
`spark-kubernetes-operator-dynamic-configuration` |
Operators that previously relied on a differently-named ConfigMap matching
the dynamic-config selector must either rename their ConfigMap to the default
value or set `spark.kubernetes.operator.dynamicConfig.name` to the
existing name. The default matches the name used by the project's Helm
chart, so standard deployments are unaffected.
### How was this patch tested?
Added unit tests in `SparkOperatorConfigMapReconcilerTest`:
- `reconcileSkipsConfigMapWithNonMatchingName` — a ConfigMap with a
non-matching name is reconciled; verifies neither `namespaceUpdater` nor
`watchedNamespacesGetter` are invoked and the rogue data does not leak into
`SparkOperatorConfManager.configOverrides`.
- `reconcileRefreshesConfigForMatchingName` — a ConfigMap with the
configured name triggers the refresh path and the namespace-update callbacks;
verifies the override is applied.
- `reconcileHonorsCustomConfiguredConfigMapName` — when
`dynamicConfig.name` is set to a custom value, the default-named ConfigMap is
rejected and the custom-named one is processed.
- The existing integration test (`sanityTest`, using
`EnableKubeAPIServer`) was updated to use the matching ConfigMap name so it
continues to exercise the end-to-end refresh path.
### Was this patch authored or co-authored using generative AI tooling?
Generated-by: Claude Code (Opus 4.7)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]