fix(admin): harden stream_route superior_id dependency checks#13672
Merged
shreemaan-abhishek merged 1 commit intoJul 8, 2026
Merged
Conversation
Follow-up to apache#12794. Make the superior/subordinate dependency checks robust against edge cases: - reject a route that references itself as superior_id (self-reference would otherwise pass the protocol-match check on update) - fail closed on json decode errors instead of silently skipping, so a malformed record can not hide a live superior_id reference or bypass the protocol-mismatch check - return an explicit 503 on etcd fetch failure in delete_checker so the admin API responds with a proper status code instead of nil Add self-reference and force-delete test cases.
nic-6443
approved these changes
Jul 8, 2026
AlinsRan
approved these changes
Jul 8, 2026
membphis
approved these changes
Jul 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Follow-up to #12794, which added dependency-protocol checking and delete protection for stream routes. This PR hardens those checks against a few edge cases:
protocol.superior_idwould otherwise pass the protocol-match check on update (it matches itself). Now rejected at write time.core.json.decodereturnsnil, erron malformed data. Previously a decode failure silently skipped the record, which could hide a livesuperior_idreference (allowing deletion of an in-use route) or bypass the protocol-mismatch check. Now it returns an error instead of continuing.delete_checkerreturnednilas the status code on an etcd fetch failure, which surfaces as an unexpected error path. Now returns503.Tests
Added two cases to
t/admin/stream-routes-subordinate.t:Existing cases are unchanged.