Skip to content
This repository has been archived by the owner on Oct 13, 2021. It is now read-only.

Prevent deleting all deployed resources when GitTrack resources deleted #98

Open
sebastianrosch opened this issue Mar 12, 2019 · 0 comments
Open

Prevent deleting all deployed resources when GitTrack resources deleted #98

sebastianrosch opened this issue Mar 12, 2019 · 0 comments

Comments

@sebastianrosch
Copy link
Contributor

Accidentally or by any other means deleting the GitTrack resource would result in all deployed resources managed by Faros being deleted. As the default behaviour is --cascade=true, we consider this a high risk and would like to prevent this from happening (especially in production).

Proposal:
Config option (in GitTrack or cmd option) to prevent Faros from creating ownerReferences but use other means to identify the parent->child relationship between GitTrack and GitTrackObjects.

We have tested this with a faros.pusher.com/owner-reference annotation, which allows Faros to continue operating without the risk of using an ownerReference. Here is the code that I used to test this:

const ownerReferenceAnnotation = "faros.pusher.com/owner-reference"
const ownerReferenceAnnotationFormat = "%s.%s.%s/%s"
...

func (r *ReconcileGitTrack) listObjectsByName(owner *farosv1alpha1.GitTrack) (map[string]farosv1alpha1.GitTrackObjectInterface, error) {
...

    for _, gto := range gtos.Items {
	if farosflags.CreateOwnerReference {
	    if metav1.IsControlledBy(&gto, owner) {
		result[gto.GetNamespacedName()] = gto.DeepCopy()
	    }
	} else {
	    if isOwnedBy(&gto, owner) {
		result[gto.GetNamespacedName()] = gto.DeepCopy()
	    }
	}
    }
...
}

// isOwnedBy checks if the GitTrackObject is owned by owner by checking its annotations
func isOwnedBy(obj *farosv1alpha1.GitTrackObject, owner *farosv1alpha1.GitTrack) bool {
    annotations := obj.GetAnnotations()
    if annotations != nil {
	compare := fmt.Sprintf(ownerReferenceAnnotationFormat, owner.Name, owner.Kind, owner.TypeMeta.GroupVersionKind().Group, owner.GroupVersionKind().Version)
	if annotations[ownerReferenceAnnotation] == compare {
	    return true
	}
    }
    return false
}

...

func (r *ReconcileGitTrack) handleObject(u *unstructured.Unstructured, owner *farosv1alpha1.GitTrack) result {
...

    if farosflags.CreateOwnerReference {
        // Creating an owner reference, as before.
        if err = controllerutil.SetControllerReference(owner, gto, r.scheme); err != nil {
           return errorResult(gto.GetNamespacedName(), err)
        }
    } else {
        // Add an annotation to identify the Faros owner of this GitTrackObject
	annotations := gto.GetAnnotations()
	if annotations == nil {
	    annotations = make(map[string]string)
	}
	annotations[ownerReferenceAnnotation] = fmt.Sprintf(ownerReferenceAnnotationFormat, owner.Name, owner.Kind, owner.TypeMeta.GroupVersionKind().Group, owner.GroupVersionKind().Version)
	gto.SetAnnotations(annotations)
    }
...
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sebastianrosch