New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for reconcile policy #2060
Conversation
e72730b
to
44e519f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for coming around so quickly with this PR!
default: | ||
// Defaulting to skip. The user is attempting to configure policy but has done it wrong, | ||
// if we default to Run we may inadvertently modify their object | ||
return ReconcilePolicySkip, errors.Errorf("%q is not a known reconcile policy", policy) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
However, this also makes so that as soon as the serviceoperator.azure.com/reconcile-policy
annotation is present we skip, no matter the string value. That also makes the verb skip
unnecessary (as if it doesn't matter if I put skip
or sk1p
or piks
in there). I think this has great implications that as soon as the annotation is present, the operator skips reconcile.
That is fine, I would just be more explicit in the docs about that. Essentially there's three states:
- I don't set anything and the operator reconciles
- I set the
serviceoperator.azure.com/reconcile-policy
annotation with any value and the operator doesn't reconcile. - I set
serviceoperator.azure.com/reconcile-policy: skip-delete
and the operator reconciles but skips delete.
Given the name of the annotation however, I probably wouldn't expect that the operator skips reconciling as soon as the annotation is set. I'd probably expect that if the annotation was called serviceoperator.azure.com/skip-reconcile
. But since it's called serviceoperator.azure.com/reconcile-policy
, I'd probably expect that I have to set the correct policy to achieve the behavior I want (either skip
or skip-delete
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree that an empty reconcile-policy
doing skip
probably doesn't make sense. I'm going to change this behavior and default to manage
(aka behave normally). That seems to be the standard behavior if you get an annotation like this "wrong".
If we really want to enforce that people don't set an incorrect value here we could prevent it at the webhook level (which has the advantage of being able to actually tell them they did it wrong as opposed to just doing something they didn't expect), but that seems overkill for now. We could investigate doing that in the future if there's actual desire for it from users.
44e519f
to
641e54a
Compare
a234163
to
0d2a1e4
Compare
Codecov Report
@@ Coverage Diff @@
## main #2060 +/- ##
==========================================
+ Coverage 56.67% 56.69% +0.02%
==========================================
Files 481 484 +3
Lines 100338 100468 +130
==========================================
+ Hits 56863 56959 +96
- Misses 36456 36487 +31
- Partials 7019 7022 +3
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
0d2a1e4
to
779930e
Compare
/ok-to-test sha=779930e |
1 similar comment
/ok-to-test sha=779930e |
779930e
to
26f2ce0
Compare
/ok-to-test sha=26f2ce0 |
26f2ce0
to
ceb136c
Compare
/ok-to-test sha=ceb136c |
This closes Azure#1633. Adds support for a new reconcile-policy annotation that allows users to prevent all modifications to Azure resources (PUT, DELETE), or just all DELETE's.
ceb136c
to
823f0eb
Compare
/ok-to-test sha=823f0eb |
This closes #1633.
Adds support for a new reconcile-policy annotation that allows users to
prevent all modifications to Azure resources (PUT, DELETE), or just all
DELETE's.
If applicable: