-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Goal Seeking Keyvaults #3357
Goal Seeking Keyvaults #3357
Conversation
var _ extensions.ARMResourceModifier = &VaultExtension{} | ||
|
||
const ( | ||
CreateMode_Default = "default" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we use the code-gen enums instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, we can't.
The enums only exist in the API variants, not the storage variants, and I don't want to couple this extension to a particular API version.
tc.T.Log(line) | ||
tc.T.Log(section) | ||
tc.T.Log(msg) | ||
tc.T.Log(line) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest something like below here to re-use the code:
// LogSection creates a distinctive header in the log to aid scanning
func (tc *KubePerTestContext) LogSectionf(section string, args ...any) {
tc.logf(subsection, "=", args)
}
// LogSection creates a distinctive header in the log to aid scanning
func (tc *KubePerTestContext) LogSubsectionf(subsection string, args ...any) {
tc.logf(subsection, "-", args)
}
func (tc *KubePerTestContext) logf(s string, r string, args ...any) {
msg := fmt.Sprintf(s, args...)
line := strings.Repeat(r, len(msg))
tc.T.Log(line)
tc.T.Log(msg)
tc.T.Log(line)
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
"context" | ||
"strings" | ||
|
||
keyvault "github.com/Azure/azure-service-operator/v2/api/keyvault/v1api20210401previewstorage" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: I think these two should go down below in the "local imports" section so that there are a total of 3 sections.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've been deliberately separating out the named imports from the vanilla ones; still respecting the stdlib/library/local order though, so I'll move these down.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved.
@@ -264,6 +264,38 @@ func (client *GenericClient) getByIDHandleResponse(resp *http.Response, resource | |||
return nil | |||
} | |||
|
|||
func (client *GenericClient) CreatePostRequest( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine with these being added but may not be needed if you follow the suggestion by @super-harsh to use the SDK for Go instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed, since we don't need them.
b27efb2
to
2b5a5da
Compare
@@ -264,6 +264,38 @@ func (client *GenericClient) getByIDHandleResponse(resp *http.Response, resource | |||
return nil | |||
} | |||
|
|||
func (client *GenericClient) CreatePostRequest( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we still use this method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, not anymore.
) error { | ||
// Find out whether a soft-deleted KeyVault with the same name exists | ||
exists, err := ex.checkForExistenceOfDeletedKeyVault(ctx, kv, resolver, vc, log) | ||
if err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since KV names should be globally unique - Not sure what happens in the case where the soft-deleted KV is in another subscription and it's just the name that is not available.
Just double-checking if the user would get the name not available
event/log anyway ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the existing KeyVault is in a different subscription, we can't recover nor purge it - and the user gets an appropriate error in the condition of the resource; this is unchanged.
Co-authored-by: Harshdeep Singh (harshdsingh) <38904804+super-harsh@users.noreply.github.com>
Codecov Report
@@ Coverage Diff @@
## main #3357 +/- ##
==========================================
- Coverage 54.37% 54.33% -0.05%
==========================================
Files 1544 1545 +1
Lines 649180 649311 +131
==========================================
- Hits 353016 352820 -196
- Misses 238722 239035 +313
- Partials 57442 57456 +14
|
What this PR does / why we need it:
Implements goal seeking for KeyVaults as described in our ADR.
We add two additional options to
createMode
:createOrRecover
- creates a new KeyVault, unless there's a soft-deleted one to recoverpurgeThenCreate
- any existing soft-deleted KeyVault is purged, then a new one created.Closes #1415
Special notes for your reviewer:
The option
purgeThenCreate
is dangerous because it results in ASO turning a soft-delete into a hard delete without warning and without the possibility of recovery. Our documentation will call this out.Prerequisites
How does this PR make you feel:
If applicable: