Skip to content

fix(console): enforce JSON request contracts#190

Merged
GatewayJ merged 4 commits into
rustfs:mainfrom
GatewayJ:fix/console-json-contract
Jul 19, 2026
Merged

fix(console): enforce JSON request contracts#190
GatewayJ merged 4 commits into
rustfs:mainfrom
GatewayJ:fix/console-json-contract

Conversation

@GatewayJ

@GatewayJ GatewayJ commented Jul 18, 2026

Copy link
Copy Markdown
Member

Type of Change

  • New Feature
  • Bug Fix
  • Documentation
  • Performance Improvement
  • Test/CI
  • Refactor
  • Other:

Related Issues

N/A

Summary of Changes

  • normalize JSON extractor failures for all 12 Console write routes into the standard Console error envelope, including POST /api/v1/tenants/yaml added by fix(operator): support restricted pod security #186
  • distinguish malformed JSON, payload-too-large, unsupported-content-type, and semantic JSON errors as 400/413/415/422 responses
  • cap reflected JSON rejection details at 1,024 bytes without splitting UTF-8 code points
  • reject unknown encryption fields and unsupported backend values instead of silently treating them as local encryption
  • replace the complete encryption configuration with resourceVersion optimistic concurrency and bounded conflict attempts, clearing stale backend and omitted optional fields
  • preserve unrelated concurrent Tenant changes by re-reading the latest resource after a conflict
  • narrow the Console Web encryption backend type to the supported local | vault contract
  • document JSON rejection responses and the existing encryption and security-context endpoints in OpenAPI
  • add Router-level rejection tests, OpenAPI contract tests, encryption wire-contract tests, and mocked Kubernetes conflict-retry tests

Checklist

  • I have read and followed the CONTRIBUTING.md guidelines
  • Passed make pre-commit (fmt-check + clippy + test + console-lint + console-fmt-check)
  • Added/updated necessary tests
  • Documentation updated (if needed)
  • CHANGELOG.md updated under [Unreleased] (if user-visible change)
  • CI/CD passed (if applicable)

Impact

  • Breaking change (CRD/API compatibility)
  • Requires doc/config/deployment update
  • Other impact: Invalid or misspelled encryption backend values and unknown encryption request fields now return 422 instead of being ignored or falling back to the local backend. Valid existing payloads remain compatible. Encryption updates now remove stale fields omitted from the replacement request.

Verification

make pre-commit

Additional Notes

  • Rebased onto main after fix(operator): support restricted pod security #186 merged; ConsoleJson, Router, and OpenAPI coverage now include POST /api/v1/tenants/yaml.
  • Encryption persistence uses Kubernetes replace with the latest resourceVersion; each conflict triggers a fresh GET before the next of three total attempts.
  • Mocked Kubernetes API tests verify that retries preserve unrelated concurrent Tenant image and annotation updates and return the final 409 after attempts are exhausted.
  • Live Kubernetes Console tests remain opt-in through make e2e-live-run; all non-live checks pass.
  • The repository does not currently contain a CHANGELOG.md.

Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.

@GatewayJ
GatewayJ marked this pull request as ready for review July 19, 2026 04:49
@GatewayJ

Copy link
Copy Markdown
Member Author

@codex

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Chef's kiss.

Reviewed commit: 8496bdd8b6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@GatewayJ
GatewayJ force-pushed the fix/console-json-contract branch from 8496bdd to 62bdfc6 Compare July 19, 2026 05:44
@GatewayJ
GatewayJ added this pull request to the merge queue Jul 19, 2026
Merged via the queue into rustfs:main with commit 1b96a3f Jul 19, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant