Introduce spec.code.sha256 field to help with s3 code changes
#88
Conversation
ack-prow
bot
added
the
do-not-merge/work-in-progress
|
@Vandita2020 needs a rebase :) |
Vandita2020
force-pushed
the
s3_codeSHA
branch
4 times, most recently
from
6be63ca
to
8a16e84
Compare
Vandita2020
force-pushed
the
s3_codeSHA
branch
13 times, most recently
from
74a6bde
to
b5e00b0
Compare
There was a problem hiding this comment.
@Vandita2020 are you able to run e2e tests locally? I think it would be an easier/tighter development iteration if you did so instead of relying on the CI system. On your local workstation, check out the github.com/aws-controllers-k8s/test-infra repository, cp test_config.example.yaml test_config.yaml, edit test_config.yaml with the IAM Role ARN you can use for testing (typically an Isengard role) and do make kind-test SERVICE=lambda.
Also left a couple comments inline for you to address. The way this code currently works will result in an endless loop of controller errors...
generator.yaml
Outdated
| CodeS3SHA256: | ||
| type: String | ||
| compare: | ||
| is_ignored: true |
There was a problem hiding this comment.
@Vandita2020 I'm struggling to understand why there is a need for an additional Spec.CodeS3SHA256 field here when there is already a Status.CodeSHA256 field that can be used to compare checksums with?
There was a problem hiding this comment.
We have added this field in our Spec to see if the code has changed. Since the Function APIs don't store the current S3.Bucket or S3.Key, there is no way to identify if the change has made when the user changes these fields, leading to no update for the deployment package. SHA256 helps identifying the update, given the user has to provide the updated SHA256 along with the new deployment package.
pkg/resource/function/hooks.go
Outdated
| @@ -416,6 +413,19 @@ func customPreCompare( | |||
| delta.Add("Spec.Code.ImageURI", a.ko.Spec.Code.ImageURI, b.ko.Spec.Code.ImageURI) | |||
| } | |||
| } | |||
| expected, _ := json.Marshal(a.ko.Spec.CodeS3SHA256) | |||
There was a problem hiding this comment.
I'm not seeing where Spec.CodeS3SHA256 is ever being set to a value. How about calculating the S3 content's SHA256 manually and comparing it to Status.CodeSHA256 to determine if the function's S3-backed code has changed?
There was a problem hiding this comment.
When the user provides the updated deployment package they have to manually calculate the CodeSHA256 for their code, which they can do by running this command sha256sum filename.zip |cut -f1 -d\ | xxd -r -p | base64. We then use this provided CodeSHA256 and compare it with Status.CodeSHA256 to see the changes/update.
Hey Jay @jaypipes , |
Vandita2020
force-pushed
the
s3_codeSHA
branch
2 times, most recently
from
ed60093
to
84d5125
Compare
|
Can someone give the lgmt label, please? This will be very beneficial for our use case too! |
|
@ayanevbg This is on our radar. We just extended the code-generator to help supporting this feature. @Vandita2020 and I will merge this soon |
Vandita2020
force-pushed
the
s3_codeSHA
branch
2 times, most recently
from
55e2af9
to
8082723
Compare
|
@Vandita2020: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
| @@ -476,35 +476,44 @@ func customPreCompare( | |||
| if ackcompare.HasNilDifference(a.ko.Spec.Code, b.ko.Spec.Code) { | |||
| delta.Add("Spec.Code", a.ko.Spec.Code, b.ko.Spec.Code) | |||
| } else if a.ko.Spec.Code != nil && b.ko.Spec.Code != nil { | |||
There was a problem hiding this comment.
Should we consider removing this customPreCompare, generate all this code, and then rely on the custom update function to lookup *a.ko.Spec.PackageType == "Image"|"Zip"
There was a problem hiding this comment.
I think it would be better to generate this code for Code.S3Bucket, Code.S3Key and Code.ImageURI, but we will still need this custom compare code for Code.SHA256, as that is not auto-generated and we need to check if it has been changes in order to let ACK know that deployment package has been changed.
a-hilaly
changed the title
spec.code.sha256 field to help with s3 code changes
pkg/resource/function/hooks.go
Outdated
| @@ -114,24 +113,17 @@ func (rm *resourceManager) customUpdateFunction( | |||
| // UpdateFunctionCode because both of them can put the function in a | |||
| // Pending state. | |||
| switch { | |||
| case delta.DifferentAt("Spec.Code"): | |||
| case delta.DifferentAt("Spec.Code") || delta.DifferentAt("Spec.Code.SHA256"): | |||
| err = rm.updateFunctionCode(ctx, desired, delta) | |||
There was a problem hiding this comment.
Another question that I have is: what if the user provides the wrong sha256? how does the controller behave?
There was a problem hiding this comment.
We consider this to be customer's responsibility to pass the correct sha256, and the reason being we cannot calculate the sha for their package to see if everything is correct, given the size of their package could be big and we would need to download it and then calculate the sha for it. However to answer your question, if the user passes wrong sha256 but correct s3.key and s3.bucket, the deployment package would be updated without any error.
…llers-k8s#87) ---------- * ACK code-generator `v0.25.0` [release notes](https://github.com/aws-controllers-k8s/code-generator/releases/tag/v0.25.0) * ACK runtime `v0.25.0` [release notes](https://github.com/aws-controllers-k8s/runtime/releases/tag/v0.25.0) ---------- NOTE: This PR increments the release version of service controller from `v0.1.6` to `v0.1.7` Once this PR is merged, release `v0.1.7` will be automatically created for `lambda-controller` **Please close this PR, if you do not want the new patch release for `lambda-controller`** ---------- ``` building ack-generate ... ok. ==== building lambda-controller ==== Copying common custom resource definitions into lambda Building Kubernetes API objects for lambda Generating deepcopy code for lambda Generating custom resource definitions for lambda Building service controller for lambda Generating RBAC manifests for lambda Running gofmt against generated code for lambda Updating additional GitHub repository maintenance files ==== building lambda-controller release artifacts ==== Building release artifacts for lambda-v0.1.7 Generating common custom resource definitions Generating custom resource definitions for lambda Generating RBAC manifests for lambda ``` ---------- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
| if latest.ko.Spec.PackageType != nil && *latest.ko.Spec.PackageType == "Image" { | ||
| input.ImageUri = latest.ko.Spec.Code.ImageURI |
There was a problem hiding this comment.
I think we only need to update the image if the ImageURI changed
There was a problem hiding this comment.
This code is for passing code values if there is change in Architecture field. To update Architecture field we need to pass the code again too, this handles case that even if there is no change in code, it will just pass the current values of it along with updated architecture field.
|
/unhold |
ack-prow
bot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: a-hilaly, Vandita2020 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Issue #
#1550
Description
This PR adds the feature to update the
Spec.Code.S3variables. The issue arises as Lambda API does not keep record ofSpec.Codevariables, because of which ACK is not being able to compare the changes in the state forSpec.Code(ex: change inSpec.Code.S3Key) and thus fails to recognize the changes.Thus we have added a new field
Spec.Code.SHA256, the user has to manually calculate the SHA256 for their code, they can do this by running this commandsha256sum filename.zip |cut -f1 -d\ | xxd -r -p | base64. This field will then be compared with current SHA256 taken fromStatus.CodeSHA256and will determine if the update has been made for deployment package.Acknowledgment
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.