fix: maintain agent mutate even when already mutated #3166
Conversation
Signed-off-by: Allen Conlon <software@conlon.dev>
✅ Deploy Preview for zarf-docs canceled.
|
Codecov ReportAttention: Patch coverage is
|
So the thought process in why I added the tests for patching even if they already have the labels is so that it leaves some tests for future developers to not remove that functionality... I can remove the tests if you would still like |
|
@a1994sc Yeah we should delete the tests related to the Zarf agent patch. We don't want to test code that isn't there. One thing I originally didn't consider was that as the code is right now for the Helm repo and OCI repo it will not be idempotent. This is because after the original mutation occurs, we will have another mutation. Because Zarf adds a checksum to repos and images that it points to, we would re-mutate the url and add another, now incorrect, checksum. There is logic in the argocd, and flux-gitrepo webhooks to address this zarf/src/internal/agent/hooks/flux-gitrepo.go Lines 67 to 72 in a21ed41 As an example, this is the test you would add to the {
name: "should not mutate URL if it has the same hostname as Zarf state",
admissionReq: createFluxGitRepoAdmissionRequest(t, v1.Update, &flux.GitRepository{
Spec: flux.GitRepositorySpec{
URL: "https://git-server.com/a-push-user/podinfo-1646971829.git",
},
}),
patch: []operations.PatchOperation{
operations.ReplacePatchOperation(
"/spec/url",
"https://git-server.com/a-push-user/podinfo-1646971829.git",
),
operations.AddPatchOperation(
"/spec/secretRef",
fluxmeta.LocalObjectReference{Name: config.ZarfGitServerSecretName},
),
operations.ReplacePatchOperation(
"/metadata/labels",
map[string]string{
"zarf-agent": "patched",
},
),
},
code: http.StatusOK,
}, |
|
Thank you Austin, I will update the PR to apply the changes! |
Signed-off-by: Allen Conlon <software@conlon.dev>
|
@AustinAbro321 Hey, updated the PR to remove the extra tests and added the logic for checking the url against the zarf state registry url. Let me know if that is good |
Description
Removes the checks on the agent webhook for effecting already patched gitops related resources:
fluxcd-oci-repofluxcd-helm-repofluxcd-git-repoargocd-repositoryargocd-applicationThe reasoning for removing the this check is that during the regular lifecycle of gitops tools is that they will re-apply the manifests to make sure the cluster reflects the correct state; this means that fluxcd will override the mutated repos to point to something outside of
zarf's control, e.i. clear web endpoints that might not be accessible.Note
So I did not add tests for removing the check on pods... My logic is that pods are static through their lifecycle once they start, so
zarfwould only need to mutate them once.Related Issue
Fixes #3146
Checklist before merging