Comments (3)
@InfoSec812 Applying/creating an object only once isn't the same as being "idempotent". By skipping it on consecutive runs basically means that no changes whatsoever will ever be applied beyond the first run (and hence rather than updating an object, it needs to be deleted and re-created). That's not how the openshift-applier
is designed to work. The recommendation here is to rather fix the cause for why it cannot be re-applied multiple times. As discussed on this particular issue, the secrets are re-generated because the template actually asked for them to be. Hence, if the template is "fixed" to not do so, it can be re-applied multiple times without causing the effect described as problems.
BTW: there's a new PR out that simplifies the overall openshift-applier
implementation and it allows for greater flexibility around the action - i.e.: apply
v.s. create
. Check it out: #102
from casl-ansible.
Do you have a suggested method to configure the template to not regenerate the secret? As far as I know, if the secret is present in the template without hard-coded parameter values, the secret will be regenerated. I suppose that we could hard-code those values, but that would put credentials into the inventory and the git repo (a bad practice).
from casl-ansible.
@InfoSec812 closing out this issue as done as PR #102 should take care of this. Please give the latest version of the openshift-applier
a try (please read the README carefully to understand the file_action
and template_action
change). If that doesn't meet the need for apply v.s. create, please let us know.
Also; another change is in progress re: a filter/tag (along the lines of the whitelist aspect Justin brought up), so that should benefit you as well.
from casl-ansible.
Related Issues (20)
- Review security port requirements on OSP
- Not all variables in group_vars supported HOT 3
- Update docs/PROVISIONING_*.md to use new installer image HOT 1
- Add role to be able to apply labels based on regular expression
- python-ovirt-engine-sdk4 needed in casl-ansible docker image for ovirt provisioner
- Add ovirt/rhv as a provider
- Update to use applier 2.0.6 HOT 1
- openshift_configure_container_storage is now required - it shouldn't be
- Add 8444/tcp to master SG in AWS HOT 1
- etcd nodes separate from masters in aws HOT 1
- etcd nodes separate from masters in aws HOT 1
- Unsupported parameters for (openshift_facts) HOT 2
- aws openshift provisioning failing with ssh unable to connect to hosts
- Boto3 aws regions HOT 2
- Dockerfile build of casl-ansible fails, http://rpm-repo-ci-op-gx9lsp9t.svc.ci.openshift.org/repodata/repomd.xml give a 503 error HOT 1
- Docs for OKD deployment
- Dead links
- Openshift-labels role due to missing param: namespace_param
- Update openshift-labels role documentation to indicate that it can be used to apply multiple labels
- Move support roles to casl-galaxy HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from casl-ansible.