raft: return error when ConfChange is rejected due to pending change #355
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: SherlockShemol The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Hi @SherlockShemol. Thanks for your PR. I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
SherlockShemol
force-pushed
the
fix/confchange-silent-failure
branch
from
009daef to
b438a7c
Compare
Previously, when a ConfChange proposal was rejected (e.g., due to an existing pending config change), the proposal was silently converted to a no-op entry without returning any error. This silent failure could lead to security issues where administrators believe a configuration change succeeded when it was actually ignored. This commit adds error notification while preserving the original behavior of appending a no-op entry for log consistency: 1. When a ConfChange is rejected, it is still converted to a no-op (maintaining backward compatibility and log consistency) 2. BUT now returns ErrProposalDropped to notify the caller This allows callers to: - Detect when their ConfChange was rejected - Take appropriate action (e.g., wait and retry) - Log warnings or alerts The fix is conservative: it maintains full backward compatibility with existing log structures while adding explicit error notification. Signed-off-by: SherlockShemol <[email protected]>
SherlockShemol
force-pushed
the
fix/confchange-silent-failure
branch
from
b438a7c to
dc771c5
Compare
2 participants
Previously, when a ConfChange proposal was rejected (e.g., due to an existing pending config change), the proposal was silently converted to a no-op entry without returning any error. This silent failure could lead to security issues where administrators believe a configuration change succeeded when it was actually ignored.
This commit adds error notification while preserving the original behavior of appending a no-op entry for log consistency:
This allows callers to:
The fix is conservative: it maintains full backward compatibility with existing log structures while adding explicit error notification.
#354