compile out gofuzz from prod binaries

[BenTheElder]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespace from that line:

/kind api-change
/kind bug

/kind cleanup

/kind deprecation
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #14460

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

A new `nofuzz` go build tag now disables gofuzz support. Release binaries enable this.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[BenTheElder]

Here's a quick prototype of eliminating the fuzzer from our binaries, closing the oldest open SIG testing bug in this repo.
/cc @dims @liggitt @thockin

This sort of thing is also unfortunately not available under bazel, we probably care most about this in releases anyhow.
EDIT: and we'll see no regression to those builds, it will continue to be compiled in.

I have not yet audited where else we need to do this, I plan to do that once the approach is cleared.

We do use a similar approach already for the providerless build KEP and dockershim-less building.
However, those tags are not enabled by default. This one is.

We could alternatively have a positive tag, and require our tests enable it, but that's a breaking change for external consumers of types like this. This way the change only affects our binaries and doesn't break bazel, similar to the opt-in "compile out cloud providers" providerless tag.

[BenTheElder]

/retest

[liggitt]

if we want this to stick we need a check that the built binaries don't include gofuzz symbols

[liggitt]

I'm not very familiar with why gofuzz is problematic to have built into binaries... does it actually cause problems or is this just a representative "should be test-only" dependency? if the latter, do we want fuzz-specific build tags or do we really want a "notest" build tag?

[BenTheElder]

As far as I can tell just because it should be test, it's harder than other test code because for a type to define fuzzing for itself it has to implement an interface method involving a concrete gofuzz type parameter. I'm not sure that we have something else like this with other packages. I'm also not sure how important it is that this stick. I beleive this is just about avoiding the smell / binary bloat of linking in the fuzzer runtime used only at (unit) test time in prod.

…

On Thu, Jun 25, 2020, 07:08 Jordan Liggitt ***@***.***> wrote: I'm not very familiar with why gofuzz is problematic to have built into binaries... does it actually cause problems or is this just a representative "should be test-only" dependency? if the latter, do we want fuzz-specific build tags or do we really want a "notest" build tag? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#92491 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAHADK4C4IIV5HKC72GNXXLRYNK6BANCNFSM4OHNBCPA> .

[thockin]

The reason the bug was filed was definitely "we shouldn't compile test code into prod" binaries. How important is that? I don't know. There are other places where the FakeFoo is in the same file or same packages as the Foo, too.

I don't hate the pattern. I'm flummoxed why Go doesn't have this handled by default. The natural approach would be to decorate these as +build testonly but that requires anyone who runs go test to get it right. Given that releases are well-controlled, that seems like the right path, so i concur with your approach.

I like the idea of generalizing this to something like not-for-prod, so maybe +build !for_prod or something?

[thockin]

I'm used to seeing this RIGHT at the top of the file - I would not think to look for it anywhere else.

[BenTheElder]

ack.

[BenTheElder]

I like the idea of generalizing this to something like not-for-prod, so maybe +build !for_prod or something

I don't have super strong opinions on this, but I was thinking the only reason anyone else should toggle this is if they're consuming this code from another repo and either want access to the fuzzing behavior, or want to avoid the dependency.

FWIW nofuzz as a name is inspired by gofuzz's //+build gofuzz sample code.
EDIT: with above reasons for it being a negative tag instead, to avoid a breaking change unless you somehow happen to be setting this tag already (???)

I don't hate the pattern. I'm flummoxed why Go doesn't have this handled by default. The natural approach would be to decorate these as +build testonly but that requires anyone who runs go test to get it right. Given that releases are well-controlled, that seems like the right path, so i concur with your approach.

I should have mentioned, I actually looked into this but it's been brought up in go and shot down, repeatedly. golang/go#21360 golang/go#14668

[fejta-bot]

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

[BenTheElder]

/retest

[BenTheElder]

/retest

[liggitt]

this looks reasonable to me

[BenTheElder]

/priority backlog
will circle back to this in the 1.20 timeframe

[dims]

/assign @thockin
/uncc

[thockin]

I still don't know why Go doesn't have a test build-tag built in.
/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: BenTheElder, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• hack/OWNERS [BenTheElder,thockin]
• staging/src/k8s.io/apimachinery/pkg/OWNERS [thockin]
• staging/src/k8s.io/apimachinery/pkg/apis/OWNERS [thockin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment