Add ability to custom handle redirects

[abogdanov37]

#5675

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: abogdanov37 (de1f38e, e39cf04, cf92cd8, f8e3e74)

[k8s-ci-robot]

Welcome @abogdanov37!

It looks like this is your first PR to kubernetes-sigs/kustomize 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/kustomize has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @abogdanov37. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: abogdanov37
Once this PR has been reviewed and has the lgtm label, please assign knverey for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[abogdanov37]

@koba1t @varshaprasad96 Please, check the task may be it has more simple solution than thit PR!

[koba1t]

Hi @abogdanov37
Thanks for your contribution!

I think looks good to me for your codebase.
I add a few comments. Please check that.

So, I think we need to add some tests that check to fix the problem.
Please add some test scenarios to check this problem!

[abogdanov37]

Hi @abogdanov37 Thanks for your contribution!

I think looks good to me for your codebase. I add a few comments. Please check that.

So, I think we need to add some tests that check to fix the problem. Please add some test scenarios to check this problem!

Ok. Next week I'll add tests and work on comments!
Thanks for feedback!

[k8s-ci-robot]

This PR has multiple commits, and the default merge method is: merge.
You can request commits to be squashed using the label: tide/merge-method-squash

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[abogdanov37]

Hi @abogdanov37 Thanks for your contribution!
I think looks good to me for your codebase. I add a few comments. Please check that.
So, I think we need to add some tests that check to fix the problem. Please add some test scenarios to check this problem!

Ok. Next week I'll add tests and work on comments! Thanks for feedback!

Hi @koba1t! I have been add test for fileloader. Skip localizer and kusttarget because have no idea how to test override loader there. If you have any idea please share it I'll try to implement

[koba1t]

It looks like redirect.com is owned by a company.
I understand this fakeHttpClient won't access the global internet, but I prefer to use a reserved example domain instead of something that someone else owns.

   Domain Name: REDIRECT.COM
   Registry Domain ID: 32687398_DOMAIN_COM-VRSN
   Registrar WHOIS Server: Whois.bigrock.com
   Registrar URL: https://www.bigrock.com
   Updated Date: 2023-06-20T20:24:31Z
   Creation Date: 2000-08-10T10:33:16Z
   Registry Expiry Date: 2024-08-10T10:33:15Z
   Registrar: BigRock Solutions Ltd
   Registrar IANA ID: 1495
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: +1.832-295-1535
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS-1118.AWSDNS-11.ORG
   Name Server: NS-1717.AWSDNS-22.CO.UK
   Name Server: NS-320.AWSDNS-40.COM
   Name Server: NS-918.AWSDNS-50.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-06-30T18:22:52Z <<<

[abogdanov37]

Ок. I'll fix it!

[koba1t]

Thank you for adding a test!

So, it looks like your test only checks that the location needs to redirect. I think it's preferable to add a check to ensure that redirect doesn't happen.

[abogdanov37]

Thank you for adding a test!

So, it looks like your test only checks that the location needs to redirect. I think it's preferable to add a check to ensure that redirect doesn't happen.

I think that another tests check behavior if redirect is not happened.

[abogdanov37]

I plan fix all issues today. Thanks for review!

[abogdanov37]

Hi @koba1t. All highlited issues have been fixed!

[koba1t]

I tried to run CI on GitHub Actions

[koba1t]

/ok-to-test

[koba1t]

I think this code is using redirect Location path directly.
I am worried that newPath will be used by no check.
like the redirected path requires redirecting more, or the redirected path is missing contents.

[abogdanov37]

I investigated in these scenarious

1. new loader works only with directory and git repo because of that all checks will be done in common way in

   kustomize/api/internal/loader/fileloader.go

   Line 152 in cc9dd34

   func (fl *FileLoader) New(path string) (ifc.Loader, error) {

2. If newPath will be a simple url in new loader it will be treated as directory and kustomize finish work with error in common way
3. If some redirects (301 to 309 http codes) will happen in loading process

   kustomize/api/internal/loader/fileloader.go

   Line 314 in cc9dd34

   resp, err := hc.Get(path)

   They will be processed by http client out of the box
   Following this points I think that all possible checks have been done

[koba1t]

Sorry, Maybe I explained it wrong.

The scenario I was concerned about that the redErr.NewPath address returning a 300 status code.

[abogdanov37]

I have understood! Sorry ((( I does not implement this case to avoid recursion. If you think that this case should be implemented I'll do it.

[koba1t]

Hi @abogdanov37
I'm so sorry to delay the review.

I add comments for implements. Please check and write your comment if you think my worries are trivial matter.

[koba1t]

Maybe That is better to solve redirects here than return RedirectionError and a new path.

[abogdanov37]

Hi! It does not work in all cases. For example if I return redirect to git. In that case httpClient has no credentials for download content

[koba1t]

For example if I return redirect to git. In that case httpClient has no credentials for download content

Sorry, I couldn't understand about this sentence.
In my understanding, that repo uses the HTTPS protocol to download when HTTP redirects to git.

[abogdanov37]

My explanation was not clear. Sorry for that. I'll try again.
Example
We get next url in resource section https://example.com/apps/app1?version=1.1.0
When kustomize (in build proccess) go to that url, it get Redirect 300 with newPath https://customgit.org/somegrop/project-app1.git?refs=1.1.0. The repository is PRIVATE.
In this case if we go to that git repo using httpClient we get page with ask for credential (((
But if we create a new loader kustomize will use console git which already have credentials and can clone repository

[abogdanov37]

Hi @abogdanov37 I'm so sorry to delay the review.

I add comments for implements. Please check and write your comment if you think my worries are trivial matter.

Hi @koba1t.
It's ok.
I add comments for your issues.
Thanks for review

[abogdanov37]

Hi @koba1t! Any other issues in my pr? May be I can help some how to force PR merge?

[koba1t]

Hi @abogdanov37

Sorry for the delayed response.
I have added a few replies. Please check my comments!

[abogdanov37]

Hi @abogdanov37

Sorry for the delayed response. I have added a few replies. Please check my comments!

Hi @koba1t! Thanks for explanations. I post answers.