mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
cmd/gitops-pusher: ignore previous etag if local acls match control (#13068)
In a situation when manual edits are made on the admin panel, around the GitOps process, the pusher will be stuck if `--fail-on-manual-edits` is set, as expected. To recover from this, there are 2 options: 1. revert the admin panel changes to get back in sync with the code 2. check in the manual edits to code The former will work well, since previous and local ETags will match control ETag again. The latter will still fail, since local and control ETags match, but previous does not. For this situation, check the local ETag against control first and ignore previous when things are already in sync. Updates https://github.com/tailscale/corp/issues/22177 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
This commit is contained in:
parent
ad038f4046
commit
c0c4791ce7
@ -66,6 +66,12 @@ func apply(cache *Cache, client *http.Client, tailnet, apiKey string) func(conte
|
|||||||
log.Printf("local: %s", localEtag)
|
log.Printf("local: %s", localEtag)
|
||||||
log.Printf("cache: %s", cache.PrevETag)
|
log.Printf("cache: %s", cache.PrevETag)
|
||||||
|
|
||||||
|
if controlEtag == localEtag {
|
||||||
|
cache.PrevETag = localEtag
|
||||||
|
log.Println("no update needed, doing nothing")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
if cache.PrevETag != controlEtag {
|
if cache.PrevETag != controlEtag {
|
||||||
if err := modifiedExternallyError(); err != nil {
|
if err := modifiedExternallyError(); err != nil {
|
||||||
if *failOnManualEdits {
|
if *failOnManualEdits {
|
||||||
@ -76,12 +82,6 @@ func apply(cache *Cache, client *http.Client, tailnet, apiKey string) func(conte
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if controlEtag == localEtag {
|
|
||||||
cache.PrevETag = localEtag
|
|
||||||
log.Println("no update needed, doing nothing")
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := applyNewACL(ctx, client, tailnet, apiKey, *policyFname, controlEtag); err != nil {
|
if err := applyNewACL(ctx, client, tailnet, apiKey, *policyFname, controlEtag); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -113,6 +113,11 @@ func test(cache *Cache, client *http.Client, tailnet, apiKey string) func(contex
|
|||||||
log.Printf("local: %s", localEtag)
|
log.Printf("local: %s", localEtag)
|
||||||
log.Printf("cache: %s", cache.PrevETag)
|
log.Printf("cache: %s", cache.PrevETag)
|
||||||
|
|
||||||
|
if controlEtag == localEtag {
|
||||||
|
log.Println("no updates found, doing nothing")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
if cache.PrevETag != controlEtag {
|
if cache.PrevETag != controlEtag {
|
||||||
if err := modifiedExternallyError(); err != nil {
|
if err := modifiedExternallyError(); err != nil {
|
||||||
if *failOnManualEdits {
|
if *failOnManualEdits {
|
||||||
@ -123,11 +128,6 @@ func test(cache *Cache, client *http.Client, tailnet, apiKey string) func(contex
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if controlEtag == localEtag {
|
|
||||||
log.Println("no updates found, doing nothing")
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := testNewACLs(ctx, client, tailnet, apiKey, *policyFname); err != nil {
|
if err := testNewACLs(ctx, client, tailnet, apiKey, *policyFname); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user