fix: maintain agent mutate even when already mutated #3166
Conversation
Signed-off-by: Allen Conlon <[email protected]>
✅ Deploy Preview for zarf-docs canceled.
|
Codecov ReportAttention: Patch coverage is
🚨 Try these New Features:
|
So the thought process in why I added the tests for patching even if they already have the labels is so that it leaves some tests for future developers to not remove that functionality... I can remove the tests if you would still like |
|
@a1994sc Yeah we should delete the tests related to the Zarf agent patch. We don't want to test code that isn't there. One thing I originally didn't consider was that as the code is right now for the Helm repo and OCI repo it will not be idempotent. This is because after the original mutation occurs, we will have another mutation. Because Zarf adds a checksum to repos and images that it points to, we would re-mutate the url and add another, now incorrect, checksum. There is logic in the argocd, and flux-gitrepo webhooks to address this zarf/src/internal/agent/hooks/flux-gitrepo.go Lines 67 to 72 in a21ed41 As an example, this is the test you would add to the {
name: "should not mutate URL if it has the same hostname as Zarf state",
admissionReq: createFluxGitRepoAdmissionRequest(t, v1.Update, &flux.GitRepository{
Spec: flux.GitRepositorySpec{
URL: "https://git-server.com/a-push-user/podinfo-1646971829.git",
},
}),
patch: []operations.PatchOperation{
operations.ReplacePatchOperation(
"/spec/url",
"https://git-server.com/a-push-user/podinfo-1646971829.git",
),
operations.AddPatchOperation(
"/spec/secretRef",
fluxmeta.LocalObjectReference{Name: config.ZarfGitServerSecretName},
),
operations.ReplacePatchOperation(
"/metadata/labels",
map[string]string{
"zarf-agent": "patched",
},
),
},
code: http.StatusOK,
}, |
|
Thank you Austin, I will update the PR to apply the changes! |
Signed-off-by: Allen Conlon <[email protected]>
|
@AustinAbro321 Hey, updated the PR to remove the extra tests and added the logic for checking the url against the zarf state registry url. Let me know if that is good |
No problem! I figured it was a medium sized change so it is all good to get more eyes on things |
| isPatched bool | ||
|
|
||
| isCreate = r.Operation == v1.Create | ||
| isUpdate = r.Operation == v1.Update |
There was a problem hiding this comment.
Define these variables where they are first used rather than at the top of the function.
There was a problem hiding this comment.
I followed the pattern found in src/internal/agent/hooks/flux-gitrepo.go
var (
patches []operations.PatchOperation
isPatched bool
isCreate = r.Operation == v1.Create
isUpdate = r.Operation == v1.Update
)
ref but I can update and get that up tonight
|
Small change otherwise things look good. |
Signed-off-by: Allen Conlon <[email protected]>
|
@AustinAbro321 and @phillebaba I updated the PR per @phillebaba comments |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Signed-off-by: Allen Conlon <[email protected]> Signed-off-by: NevinAragam <[email protected]>
Description
Removes the checks on the agent webhook for effecting already patched gitops related resources:
fluxcd-oci-repofluxcd-helm-repoThe reasoning for removing the this check is that during the regular lifecycle of gitops tools is that they will re-apply the manifests to make sure the cluster reflects the correct state; this means that fluxcd will override the mutated repos to point to something outside of
zarf's control, e.i. clear web endpoints that might not be accessible.Note
So I did not add tests for removing the check on pods... My logic is that pods are static through their lifecycle once they start, so
zarfwould only need to mutate them once.Related Issue
Fixes #3146
Checklist before merging