nebari icon indicating copy to clipboard operation
nebari copied to clipboard
verified publisher icon nebari-dev

Refactor role creation for upgrade command path

Open viniciusdc opened this issue 1 year ago • 2 comments

Reference Issues or PRs

closes #2766

What does this implement/fix?

This issue is a patching fix for the upgrade command present in the previous release, currently the upgrade logic when requesting the user to perform the role creation (more details see linked issue), assumes the presence of the role when assigning it to the legacy groups. However, this leads to errors when the role does not exist or is within Terraform if the user attempts to manually address the missing role to continue the upgrade.

This PRs includes a new section in the previous code logic to create the role, and to avoid conflicts with terraform, I adopted a "legacy" prefix to the role name with a befitting description for future reference when the amdins manages keycloak in the future.

Put a x in the boxes that apply

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds a feature)
  • [ ] Breaking change (fix or feature that would cause existing features not to work as expected)
  • [ ] Documentation Update
  • [ ] Code style update (formatting, renaming)
  • [ ] Refactoring (no functional changes, no API changes)
  • [ ] Build related changes
  • [ ] Other (please describe):

Testing

  • [ ] Did you test the pull request locally?
  • [ ] Did you add new tests?

How to test this PR?

Any other comments?

viniciusdc avatar Oct 24 '24 14:10 viniciusdc

There are no tests for this yet, and I would like to have this tested to help us avoid this situation in the future. I hope we get #2780 merged before this to extend the testing suit.

viniciusdc avatar Oct 24 '24 14:10 viniciusdc

I will be testing this during the afternoon

viniciusdc avatar Oct 24 '24 15:10 viniciusdc

Let's disable the 2024.9.1 upgrade step as part of this @viniciusdc

dcmcand avatar Oct 28 '24 14:10 dcmcand

It was tested on a local deployment, moving from 2024.7.1 directly to 2024.9.2 (will need to test again since this now changed to 2024.11.1):

  • Group created on the previous version: Captura de tela de 2024-10-28 10 29 23
  • After upgrade command:
    • legacy role is included to existing groups: Captura de tela de 2024-10-28 10 46 53
    • after deployment, both roles now exist (no terraform conflict) Captura de tela de 2024-10-28 10 57 00
    • previous behavior of mounted groups folders is preserved Captura de tela de 2024-10-28 10 57 21

viniciusdc avatar Oct 29 '24 13:10 viniciusdc

This needs to be re-tested to ensure the upgrade will run now that we moved it to 2024.11.1

viniciusdc avatar Oct 29 '24 15:10 viniciusdc

Re-tested with the recent changes: Captura de tela de 2024-10-30 14 01 33 image

viniciusdc avatar Oct 30 '24 19:10 viniciusdc

These tests are failing only for DO, and it might be related to its decommissioning process. So, we can disregard it for now, I've created a separated issue for this so that it does not become a blocker #2810

viniciusdc avatar Oct 30 '24 22:10 viniciusdc