crossplane
Add MustCreate management policy
Description of your changes
Added a MustCreate management policy that requires the external resource to NOT exist before the MR can create it.
Fixes #872
Tested using provider-kubernetes running a private branch of crossplane-runtime. Created a Secret and also an Object containing a Secret with the same name but different data, and managementPolicies: ['MustCreate', 'Observe', 'Update', 'LateInitialize', 'Delete'] and verified that when the Object was created the Secret remained unchanged and the Object reported an error that the Secret it was trying to create was already in existence.
Docs PR is https://github.com/crossplane/docs/pull/993
I have:
- [X] Read and followed Crossplane's contribution process.
- [X] Run
earthly +reviewableto ensure this PR is ready for review. - [X] Added or updated unit tests.
- [X] Linked a PR or a docs tracking issue to document this change.
~- [ ] Added
backport release-x.ylabels to auto-backport this PR.~
Need help with this checklist? See the cheat sheet.
Similarly to the comment on adding the Orphan management policy, I am vary of adding new policies to the management policies except for the primitives we have.
Adding MustCreate would be adding a flavour of Create, so I worry that if we go in this direction we would add more such flavours in the future and it could become unmanagable. Or imagine if we would later want to combine the Orphan policy ["Observe", "Create", "Update", "LateInitialize"] from the other PR, with MustCreate. Would we need to add OrphanMustCreate that translates to ["Observe", "MustCreate", "Update", "LateInitialize"]. Furthermore * would lose its meaning as it would not anymore map to ALL.
In general I think the basic policies should follow the methods of the external managed client.
However, I do understand where the issue is coming from and what we are trying to achive here, I just don't think adding a new management policy is the right way. I wonder should we introduce some management options field? We could add mustCreate there, and maybe move lateInitialize there at one point, or anything else that pops out?
