[azure lfo] Detect existing LFO installs#4
Conversation
|
![datadog-official[bot]](https://avatars.githubusercontent.com/in/1358509?s=60&v=4){kind=small}
|
|
||
| set_subscription(config.control_plane_sub_id) | ||
| if existing_lfos: | ||
| # TODO AZINTS-3894: Report state of azure env to front end |
There was a problem hiding this comment.
🟡 Low: Code Quality Violation
| # TODO AZINTS-3894: Report state of azure env to front end | |
| # TODO(<owner>) AZINTS-3894: Report state of azure env to front end |
comments must have ownership (...read more)
When using TODO or FIXME, specify who write the annotation. It's a best practice to remind you who created the annotation and have potential context and information about this issue.
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
|
|
||
| set_subscription(config.control_plane_sub_id) | ||
| if existing_lfos: | ||
| # TODO AZINTS-3894: Report state of azure env to front end |
There was a problem hiding this comment.
🟡 Low: Code Quality Violation
| # TODO AZINTS-3894: Report state of azure env to front end | |
| # TODO(<owner>) AZINTS-3894: Report state of azure env to front end |
comments must have ownership (...read more)
When using TODO or FIXME, specify who write the annotation. It's a best practice to remind you who created the annotation and have potential context and information about this issue.
|
What's the deal with the corner case where the user running the script doesn't have "read" permission for an existing lfo? Mind adding a callout to the desc if that's still applicable? |
We discussed doing a DD logs query for any log with the tag |
Super super edge case... What if an LFO is set up but it is failing to forward logs/there are no logs to forward/logs have not yet been forwarded? |
|
@gpalmz |
Ok sounds good I think we can live with that. Hopefully we never have a support case with this scenario cause golly gee |
|
Yup, agreed. This gap exists in LFO today. The uninstall script can at least detect multiple LFO installs and let the user choose which one to remove. That would be our recommended action to the user. It still has the same limitation that it's constrained by the user's azure permissions, but we could at least get them out of the bad state by having one user run it. |
benjjs
left a comment
benjjs
left a comment
There was a problem hiding this comment.
Not sure if you were already planning this in a follow up PR, but we are interested in the filtering settings of existing LFOs as well, so that we can populate the interface when there is exactly one existing LFO and we are extending it.
|
@benjjs Good point, I can return the PII and tag filtering settings. Will add that in a follow-up PR. |
3 participants
Overview
Jira
These changes will detect and report existing LFOs in the LFO onboarding script based on the scopes chosen at onboarding time. The logic goes as follows:
resources-task. An LFO control plane will have this resource. The suffix of this function app is the control plane ID.MONITORED_SUBSCRIPTIONSenvironment variable. This env var contains the sub IDs that are being monitored for log forwarding. In the future, if the user decides to expand/contract their scopes, this env var will get updated.Testing
Edge Case Gap
There is a gap in this current setup where the LFO detection is limited by the user's permissions who is executing the script. If there is an existing LFO that lives in a place that the user doesn't have access to in Azure, this script won't be able to detect it. The team has discussed the front end doing a logs query on the Datadog side for LFO logs to mitigate this edge case.