Skip to content

Commit

Permalink
fix: rework featureFlag function
Browse files Browse the repository at this point in the history
* update comment to be more descriptive.
* only look for global scope Lagoon variables.
* update documentation
  • Loading branch information
smlx committed Oct 28, 2021
1 parent 923d157 commit c85d083
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 19 deletions.
10 changes: 4 additions & 6 deletions docs/administering-lagoon/feature-flags.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,10 @@ This is designed to assist users and administrators to roll out new platform fea

The following environment variables can be set on an environment or project to toggle feature flags.

| Environment Variable Name | Active scope\* | Version introduced | Version removed | Default Value | Description |
| --- | --- | --- | --- | --- | --- |
| `LAGOON_FEATURE_FLAG_ROOTLESS_WORKLOAD` | `global` | 2.2.0 | - | `disabled` | Set to `enabled` to set a non-root pod security context on the pods in this environment or project.<br><br>This flag will eventually be deprecated, at which point non-root workloads will be enforced. |
| `LAGOON_FEATURE_FLAG_ISOLATION_NETWORK_POLICY` | `global` | 2.2.0 | - | `disabled` | Set to `enabled` to add a default namespace isolation network policy to each environment on deployment.<br><br>This flag will eventually be deprecated, at which point the namespace isolation network policy will be enforced.<br><br>NOTE: enabling and then disabling this feature will _not_ remove any existing network policy from previous deployments. Those must be removed manually. |

\* Active scope indicates whether the variable must be set as `build` or `runtime` scope to take effect. `global` sets the variable in both scopes, so that will work too.
| Environment Variable Name | Active scope | Version introduced | Version removed | Default Value | Description |
| --- | --- | --- | --- | --- | --- |
| `LAGOON_FEATURE_FLAG_ROOTLESS_WORKLOAD` | `global` | 2.2.0 | - | `disabled` | Set to `enabled` to set a non-root pod security context on the pods in this environment or project.<br><br>This flag will eventually be deprecated, at which point non-root workloads will be enforced. |
| `LAGOON_FEATURE_FLAG_ISOLATION_NETWORK_POLICY` | `global` | 2.2.0 | - | `disabled` | Set to `enabled` to add a default namespace isolation network policy to each environment on deployment.<br><br>This flag will eventually be deprecated, at which point the namespace isolation network policy will be enforced.<br><br>NOTE: enabling and then disabling this feature will _not_ remove any existing network policy from previous deployments. Those must be removed manually. |

## Cluster-level controls

Expand Down
27 changes: 14 additions & 13 deletions images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,22 +29,23 @@ function contains() {
# and order:
#
# 1. The cluster-force feature flag, prefixed with LAGOON_FEATURE_FLAG_FORCE_,
# in the build environment. This is set via a flag on the build-deploy
# controller. This overrides the other variables and allows policy
# enforcement at the cluster level.
# as a build pod environment variable. This is set via a flag on the
# build-deploy controller. This overrides the other variables and allows
# policy enforcement at the cluster level.
#
# 2. The regular feature flag, prefixed with LAGOON_FEATURE_FLAG_, in the
# Lagoon environment env-vars. This allows policy control at the environment
# level.
# Lagoon environment global scoped env-vars. This allows policy control at
# the environment level.
#
# 3. The regular feature flag, prefixed with LAGOON_FEATURE_FLAG_, in the
# Lagoon project env-vars. This allows policy control at the project level.
# Lagoon project global scoped env-vars. This allows policy control at the
# project level.
#
# 4. The cluster-default feature flag, prefixed with
# LAGOON_FEATURE_FLAG_DEFAULT_, in the build environment. This is set via a
# flag on the build-deploy controller. This allows default policy to be set
# at the cluster level, but maintains the ability to selectively override at
# the project or environment level.
# LAGOON_FEATURE_FLAG_DEFAULT_, as a build pod environment variable. This is
# set via a flag on the build-deploy controller. This allows default policy
# to be set at the cluster level, but maintains the ability to selectively
# override at the project or environment level.
#
# The value of the first variable found is printed to stdout. If the variable
# is not found, print an empty string. Additional arguments are ignored.
Expand All @@ -54,16 +55,16 @@ function featureFlag() {

local forceFlagVar defaultFlagVar flagVar

# check build environment for the force policy first
# check build pod environment for the force policy first
forceFlagVar="LAGOON_FEATURE_FLAG_FORCE_$1"
[ "${!forceFlagVar}" ] && echo "${!forceFlagVar}" && return

flagVar="LAGOON_FEATURE_FLAG_$1"
# check Lagoon environment variables
flagValue=$(jq -r '.[] | select((.scope as $scope | ["build", "global"] | index($scope)) and .name == "'"$flagVar"'") | .value' <<<"$LAGOON_ENVIRONMENT_VARIABLES")
flagValue=$(jq -r '.[] | select(.scope == "global" and .name == "'"$flagVar"'") | .value' <<<"$LAGOON_ENVIRONMENT_VARIABLES")
[ "$flagValue" ] && echo "$flagValue" && return
# check Lagoon project variables
flagValue=$(jq -r '.[] | select((.scope as $scope | ["build", "global"] | index($scope)) and .name == "'"$flagVar"'") | .value' <<<"$LAGOON_PROJECT_VARIABLES")
flagValue=$(jq -r '.[] | select(.scope == "global" and .name == "'"$flagVar"'") | .value' <<<"$LAGOON_PROJECT_VARIABLES")
[ "$flagValue" ] && echo "$flagValue" && return

# fall back to the default, if set.
Expand Down

0 comments on commit c85d083

Please sign in to comment.