cli: output coordinator policy on generate #125
Conversation
I think we should enable this by default, even if we did not previously inject a default policy hash into the CLI. This way, people can already check the policy hash by setting it via flag, and we can move our workflow to use the policy hash from the get output instead of using the yq script. |
cli/policies.go
Outdated
| } | ||
| for _, deployment := range policies { | ||
| if deployment.role == "coordinator" && deployment.policy.Hash().String() != DefaultCoordinatorPolicyHash { | ||
| fmt.Fprintf(os.Stderr, "WARNING: Unexpected coordinator policy hash. Pass --coordinator-policy-hash=%s to set and verify.\n", deployment.policy.Hash()) |
There was a problem hiding this comment.
We should not just print to os.Stderr, but rather hand in an io.Writer so we can use cmd.ErrOrStderr.
Might be even better to just return (hash string, ok bool) so we can keep the user interaction in the command. Also, we might want to write the hash to stdout instead, so it can be easily processed.
There was a problem hiding this comment.
Thanks for the suggestion, sounds much better.
Instead of outputting from |
I think that would blur the lines of what the manifest currently is meant to be (the thing that the coordinator uses to verify pods). |
I'm not sure we should go into this direction. Anyway out of scope of this PR, as this needs proper design discussion. |
|
Agreed to the purpose of the manifest. For this PR here, should we stick to passing the hash via stdout then? Maybe we could at least offer a machine-readable output variant (say |
I don't see an immediate need for that as long as we are only outputting a single value. |
burgerdev
force-pushed
the
burgerdev/warn-policy-hash
branch
2 times, most recently
from
3abff83 to
6756166
Compare
|
I updated the PR description with the changed rationale. |
burgerdev
changed the title
burgerdev
force-pushed
the
burgerdev/warn-policy-hash
branch
from
6756166 to
4f14501
Compare
As soon as we embed a default coordinator policy into the CLI, the set and verify subcommands will stop working if the coordinator policy does not match expectations. Thus, we need to make users aware if we detect a non-default coordinator among the deployments. If the CLI encounters an unexpected coordinator policy in the input YAML, it prints the policy hash to stdout and warns on stderr. This provides the user with two choices, depending on their workflow: 1. Users that don't expect changes to the coordinator policy can abort right away to check why the policy changed. But even if they ignore the output entirely, set will still fail closed. 2. Users that deliberately changed the coordinator but want to verify it nonetheless. These users need to pass the output to the set command, if it was not empty. Co-authored-by: Paul Meyer <[email protected]>
burgerdev
force-pushed
the
burgerdev/warn-policy-hash
branch
from
f1db525 to
9babab1
Compare
As soon as we embed a default coordinator policy into the CLI, the set
and verify subcommands will stop working if the coordinator policy does
not match expectations. Thus, we need to make users aware if we detect a
non-default coordinator among the deployments.
If the CLI encounters an unexpected coordinator policy in the input
YAML, it prints the policy hash to stdout and warns on stderr. This
provides the user with two choices, depending on their workflow:
right away to check why the policy changed. But even if they ignore
the output entirely, set will still fail closed.
nonetheless. These users need to pass the output to the set command,
if it was not empty.
Implementation note: I decided to add a field to the
deploymenttype so that we don't need to do the check inpoliciesFromKubeResources, which is called by bothgenerateandset.