def run(dry_run, print_only=False,
enable_deletion=False, io_dir='throughput/',
thread_pool_size=10, internal=None, use_jump_host=True,
light=False, vault_output_path='',
account_name=None, defer=None):
ri, oc_map, tf = \
setup(dry_run, print_only, thread_pool_size, internal,
use_jump_host, account_name)
if not dry_run:
defer(lambda: oc_map.cleanup())
if print_only:
cleanup_and_exit()
if tf is None:
err = True
cleanup_and_exit(tf, err)
if not light:
deletions_detected, err = tf.plan(enable_deletion)
if err:
cleanup_and_exit(tf, err)
if deletions_detected:
if enable_deletion:
tf.dump_deleted_users(io_dir)
else:
cleanup_and_exit(tf, deletions_detected)
if dry_run:
cleanup_and_exit(tf)
if not light:
err = tf.apply()
if err:
cleanup_and_exit(tf, err)
# Temporary skip apply secret for running tf-r per account locally.
# The integration running on the cluster will manage the secret
# after any manual running.
# Will refactor with caller for further operator implement.
if account_name:
cleanup_and_exit(tf)
tf.populate_desired_state(ri, oc_map)
ob.realize_data(dry_run, oc_map, ri)
disable_keys(dry_run, thread_pool_size,
disable_service_account_keys=True)
if vault_output_path:
write_outputs_to_vault(vault_output_path, ri)
if ri.has_error_registered():
sys.exit(1)
cleanup_and_exit(tf)
def run(dry_run=False, print_only=False,
enable_deletion=False, io_dir='throughput/',
thread_pool_size=10, internal=None, use_jump_host=True,
light=False, vault_output_path='', defer=None):
try:
ri, oc_map, tf = \
setup(print_only, thread_pool_size, internal, use_jump_host)
defer(lambda: oc_map.cleanup())
if print_only:
cleanup_and_exit()
if tf is None:
err = True
cleanup_and_exit(tf, err)
if not light:
deletions_detected, err = tf.plan(enable_deletion)
if err:
cleanup_and_exit(tf, err)
if deletions_detected:
if enable_deletion:
tf.dump_deleted_users(io_dir)
else:
cleanup_and_exit(tf, deletions_detected)
if dry_run:
cleanup_and_exit(tf)
if not light:
err = tf.apply()
if err:
cleanup_and_exit(tf, err)
tf.populate_desired_state(ri, oc_map)
ob.realize_data(dry_run, oc_map, ri)
disable_keys(dry_run, thread_pool_size,
disable_service_account_keys=True)
if vault_output_path:
write_outputs_to_vault(vault_output_path, ri)
if ri.has_error_registered():
sys.exit(1)
except Exception as e:
msg = 'There was problem running terraform resource reconcile.'
msg += ' Exception: {}'
msg = msg.format(str(e))
logging.error(msg)
sys.exit(1)
cleanup_and_exit(tf)
def run(dry_run, print_only=False,
enable_deletion=False, io_dir='throughput/',
thread_pool_size=10, internal=None, use_jump_host=True,
light=False, vault_output_path='',
account_name=None, extra_labels=None, defer=None):
ri, oc_map, tf, tf_namespaces = \
setup(dry_run, print_only, thread_pool_size, internal,
use_jump_host, account_name, extra_labels)
if not dry_run:
defer(lambda: oc_map.cleanup())
if print_only:
cleanup_and_exit()
if tf is None:
err = True
cleanup_and_exit(tf, err)
if not light:
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
cleanup_and_exit(tf, err)
tf.dump_deleted_users(io_dir)
if disabled_deletions_detected:
cleanup_and_exit(tf, disabled_deletions_detected)
if dry_run:
cleanup_and_exit(tf)
if not light:
err = tf.apply()
if err:
cleanup_and_exit(tf, err)
tf.populate_desired_state(ri, oc_map, tf_namespaces, account_name)
actions = ob.realize_data(dry_run, oc_map, ri, caller=account_name)
disable_keys(dry_run, thread_pool_size,
disable_service_account_keys=True,
account_name=account_name)
if actions and vault_output_path:
write_outputs_to_vault(vault_output_path, ri)
if ri.has_error_registered():
err = True
cleanup_and_exit(tf, err)
cleanup_and_exit(tf)
def run(dry_run, print_only=False,
enable_deletion=False, io_dir='throughput/',
thread_pool_size=10, internal=None, use_jump_host=True,
light=False, vault_output_path='', defer=None):
ri, oc_map, tf = \
setup(print_only, thread_pool_size, internal, use_jump_host)
defer(lambda: oc_map.cleanup())
if print_only:
cleanup_and_exit()
if tf is None:
err = True
cleanup_and_exit(tf, err)
if not light:
deletions_detected, err = tf.plan(enable_deletion)
if err:
cleanup_and_exit(tf, err)
if deletions_detected:
if enable_deletion:
tf.dump_deleted_users(io_dir)
else:
cleanup_and_exit(tf, deletions_detected)
if dry_run:
cleanup_and_exit(tf)
if not light:
err = tf.apply()
if err:
cleanup_and_exit(tf, err)
tf.populate_desired_state(ri, oc_map)
ob.realize_data(dry_run, oc_map, ri)
disable_keys(dry_run, thread_pool_size,
disable_service_account_keys=True)
if vault_output_path:
write_outputs_to_vault(vault_output_path, ri)
if ri.has_error_registered():
sys.exit(1)
cleanup_and_exit(tf)
def run(dry_run,
print_only=False,
enable_deletion=False,
io_dir='throughput/',
thread_pool_size=10,
internal=None,
use_jump_host=True,
light=False,
vault_output_path='',
account_name=None,
defer=None):
ri, oc_map, tf, tf_namespaces = \
setup(dry_run, print_only, thread_pool_size, internal,
use_jump_host, account_name)
if not dry_run:
defer(lambda: oc_map.cleanup())
if print_only:
cleanup_and_exit()
if tf is None:
err = True
cleanup_and_exit(tf, err)
if not light:
disabled_deletions_detected, err = tf.plan(enable_deletion)
if err:
cleanup_and_exit(tf, err)
tf.dump_deleted_users(io_dir)
if disabled_deletions_detected:
cleanup_and_exit(tf, disabled_deletions_detected)
if dry_run:
cleanup_and_exit(tf)
if not light:
err = tf.apply()
if err:
cleanup_and_exit(tf, err)
# Temporary skip apply secret for running tf-r per account locally.
# The integration running on the cluster will manage the secret
# after any manual running.
# Will refactor with caller for further operator implement.
if account_name:
cleanup_and_exit(tf)
tf.populate_desired_state(ri, oc_map, tf_namespaces)
# temporarily not allowing resources to be deleted
# or for pods to be recycled
# this should be removed after we gained confidence
# following the terraform 0.13 upgrade
actions = ob.realize_data(dry_run, oc_map, ri)
disable_keys(dry_run, thread_pool_size, disable_service_account_keys=True)
if actions and vault_output_path:
write_outputs_to_vault(vault_output_path, ri)
if ri.has_error_registered():
err = True
cleanup_and_exit(tf, err)
cleanup_and_exit(tf)
