patch-operator icon indicating copy to clipboard operation
patch-operator copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

oc apply on existing resource doesn't lookup variables

Open gwiersma opened this issue 3 years ago • 2 comments

Hi,

I have tested the operator with the following ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: complex-injection-test
  annotations:
    "redhat-cop.redhat.io/patch": |
       data:
         route: "{{ (lookup "route.openshift.io/v1" "Route" "test" "test").spec.host }}"
         kleine: "{{ (lookup "v1" "Secret" "test" "geheim").data.name | b64dec }}"
data:
  kleine: dwerg
  route: leer

At this point the ConfigMap doesn't exist. When i create the CM with oc apply -f, the CM is created succesfully and the values are being injected:

apiVersion: v1
data:
  kleine: rita
  route: test-test.apps.<domain>.com
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"kleine":"dwerg","route":"leer"},"kind":"ConfigMap","metadata":{"annotations":{"redhat-cop.redhat.io/patch":"data:\n  route: \"{{ (lookup \"route.openshift.io/v1\" \"Route\" \"test\" \"test\").spec.host }}\"\n  kleine: \"{{ (lookup \"v1\" \"Secret\" \"test\" \"geheim\").data.name | b64dec }}\"\n"},"name":"complex-injection-test","namespace":"test"}}
    redhat-cop.redhat.io/patch: |
      data:
        route: "{{ (lookup "route.openshift.io/v1" "Route" "test" "test").spec.host }}"
        kleine: "{{ (lookup "v1" "Secret" "test" "geheim").data.name | b64dec }}"
  creationTimestamp: "2022-06-30T13:40:21Z"
  name: complex-injection-test
  namespace: test
  resourceVersion: "44040538"
  uid: 612d4a6b-e95c-400a-8200-0205091fefc9

When i apply the same CM again with an oc apply, the values are overwritten with the default values in the CM. No lookups are being executed:

After apply:

apiVersion: v1
data:
  kleine: dwerg
  route: leer
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"kleine":"dwerg","route":"leer"},"kind":"ConfigMap","metadata":{"annotations":{"redhat-cop.redhat.io/patch":"data:\n  route: \"{{ (lookup \"route.openshift.io/v1\" \"Route\" \"test\" \"test\").spec.host }}\"\n  kleine: \"{{ (lookup \"v1\" \"Secret\" \"test\" \"geheim\").data.name | b64dec }}\"\n"},"name":"complex-injection-test","namespace":"test"}}
    redhat-cop.redhat.io/patch: |
      data:
        route: "{{ (lookup "route.openshift.io/v1" "Route" "test" "test").spec.host }}"
        kleine: "{{ (lookup "v1" "Secret" "test" "geheim").data.name | b64dec }}"
  creationTimestamp: "2022-06-30T13:40:21Z"
  name: complex-injection-test
  namespace: test
  resourceVersion: "44042975"
  uid: 612d4a6b-e95c-400a-8200-0205091fefc9

Is this a bug or is this normal behaviour?

gwiersma avatar Jun 30 '22 13:06 gwiersma

It works when you don't specify anything in .data, it does work. But this doesn't match the docs.

gwiersma avatar Jul 04 '22 09:07 gwiersma

@gwiersma this is the expected behavior of creation-time patches, which only operate on resource creation (CREATE operation in the MutatingWebhookConfiguration). If you really need to operator on resource updates too, you should consider using a runtime patch which works on resources no matter they are newly created or updated and enforces the values from your patch, which seems to be your goal.

QuingKhaos avatar Aug 03 '22 12:08 QuingKhaos