feat(cf): add location filtering to cloudfoundry #5088
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chore(logs): allow anonymous front50 artifact fetching (#5066)
kevinawoo
approved these changes
Nov 12, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a new feature for cloudfoundry accounts. This is similar to how the k8 provider has a namespace filter at the account credentials layer. The idea is that one can re-use the same underlying credentials that communicate with CF, and filter the results on the spinnaker side. This does two things: allows CF infrastructure teams to not have to manage the individual spinnaker accounts, and adds performance improvements because accounts (and their caching agents) will now only cache items in the locations they care about.
locationFilter is a
Map<String, Set<String>>. For the account, it would look something like this:This example covers the main two use-cases. First, a user would provide an Organization and a subset of Spaces for that org (org1 & space1/space2). Space1 and Space2 would be the filter applied across various functions in spinnaker. Meaning, the resources in those spaces are the only resources seen by the account. Second, a user would just provide an Organization with an empty list and spinnaker treats all the spaces under this Org as the filter. This is to help the situation in which all spaces under the org need to be added, but it's burdensome to statically type all of them.
In the example above, if space2 is deleted from the CF platform, spinnaker will continue to carry-on regardless. However, if a user tries to deploy to a space thats non-existent, they may receive an error message unless the space caching agent catches the deletion before the user tries the operation. The same goes for Organizations. The only time CD will fail is if the locationFilter has items in it, but it wasn't able to construct a filter object with any spaces. Meaning, the account had filters but CD couldn't find any spaces. In this situation, the inverse operation to allow all, would be problematic so its okay to fail.
NOTE: locationFilter was changed in favor of spaceFilter