faros icon indicating copy to clipboard operation
faros copied to clipboard

Published 20 hours ago verified publisher icon pusher

Prevent deleting all deployed resources when GitTrack resources deleted

Open sebastianrosch opened this issue 5 years ago • 0 comments

Accidentally or by any other means deleting the GitTrack resource would result in all deployed resources managed by Faros being deleted. As the default behaviour is --cascade=true, we consider this a high risk and would like to prevent this from happening (especially in production).

Proposal: Config option (in GitTrack or cmd option) to prevent Faros from creating ownerReferences but use other means to identify the parent->child relationship between GitTrack and GitTrackObjects.

We have tested this with a faros.pusher.com/owner-reference annotation, which allows Faros to continue operating without the risk of using an ownerReference. Here is the code that I used to test this:


const ownerReferenceAnnotation = "faros.pusher.com/owner-reference"
const ownerReferenceAnnotationFormat = "%s.%s.%s/%s"
...

func (r *ReconcileGitTrack) listObjectsByName(owner *farosv1alpha1.GitTrack) (map[string]farosv1alpha1.GitTrackObjectInterface, error) {
...

    for _, gto := range gtos.Items {
	if farosflags.CreateOwnerReference {
	    if metav1.IsControlledBy(&gto, owner) {
		result[gto.GetNamespacedName()] = gto.DeepCopy()
	    }
	} else {
	    if isOwnedBy(&gto, owner) {
		result[gto.GetNamespacedName()] = gto.DeepCopy()
	    }
	}
    }
...
}

// isOwnedBy checks if the GitTrackObject is owned by owner by checking its annotations
func isOwnedBy(obj *farosv1alpha1.GitTrackObject, owner *farosv1alpha1.GitTrack) bool {
    annotations := obj.GetAnnotations()
    if annotations != nil {
	compare := fmt.Sprintf(ownerReferenceAnnotationFormat, owner.Name, owner.Kind, owner.TypeMeta.GroupVersionKind().Group, owner.GroupVersionKind().Version)
	if annotations[ownerReferenceAnnotation] == compare {
	    return true
	}
    }
    return false
}

...

func (r *ReconcileGitTrack) handleObject(u *unstructured.Unstructured, owner *farosv1alpha1.GitTrack) result {
...

    if farosflags.CreateOwnerReference {
        // Creating an owner reference, as before.
        if err = controllerutil.SetControllerReference(owner, gto, r.scheme); err != nil {
           return errorResult(gto.GetNamespacedName(), err)
        }
    } else {
        // Add an annotation to identify the Faros owner of this GitTrackObject
	annotations := gto.GetAnnotations()
	if annotations == nil {
	    annotations = make(map[string]string)
	}
	annotations[ownerReferenceAnnotation] = fmt.Sprintf(ownerReferenceAnnotationFormat, owner.Name, owner.Kind, owner.TypeMeta.GroupVersionKind().Group, owner.GroupVersionKind().Version)
	gto.SetAnnotations(annotations)
    }
...
}

sebastianrosch avatar Mar 12 '19 11:03 sebastianrosch