Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add Preflight Validate API support #4329

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

add Preflight Validate API support #4329

wants to merge 22 commits into from

Conversation

hemarina
Copy link
Contributor

@hemarina hemarina commented Sep 17, 2024
edited
Loading

Adds support for Preflight Validate API.

TODO:

  • Tests

Questions

What is Preflight?

Preflight API validates whether the specified template is syntactically correct and will be accepted by Azure Resource Manager. More information on preflight wiki.

Why do we implement Validate API?

There’re two preflight API: Validate API and Deployment API. We implemented deployment API. However, deployment API creates a scenario where specific resource fails at preflight API and stops its deployment where some resources are already created. For example, resources are created at an unsupported location. This will cause more dev-test loop for cleaning resources and re-deploy. Adding Validate API support before provisioning to azure solves this situation.

What are Preflight Validate API limitations?

  1. Around 60% applicable resource types are enabled with preflight. Check preflight coverage dashboard.
  2. Preflight is not able to validate nested resources with parameters referencing runtime functions.

Example Test Error Message

Standard deployments

image

Deployment stack

image

hemarina and others added 6 commits August 14, 2024 16:04
@hemarina
add preflight validation api for testing
4b4f6a3
@hemarina
go error
4c267fd
@ellismg @hemarina
exec: Don't depend on internals of os.Process (Azure#4233)
1dd2246 
To assign the process to the job object after we create it, we need
the `windows.Handle` that backs the process we started with `os/exec`.
This was not exported and so we used some gnarly casting to cast the
`os.Process` to a structure we authored that had the same layout of
`os.Process` so we could grab the handle property.

This is unsafe if the layout of the `os.Process` changes, which it did
in Go 1.23.

Move to code that doesn't depend on the internals of `os.Process` by
using the exported Pid to call `windows.OpenProcess` to get a handle and
then pass that along to `windows.AssignProcessToJobObject`.
@hemarina
update error message
24bef4f
@hemarina
Merge branch 'main' of https://github.com/Azure/azure-dev into preflight
7392da7
@hemarina
apply changes due to stack deployments
5fd5d08
@hemarina hemarina self-assigned this Sep 17, 2024
@hemarina hemarina marked this pull request as ready for review September 20, 2024 21:57
@rajeshkamal5050 rajeshkamal5050 mentioned this pull request Sep 24, 2024
Open
2 tasks
wbreza
wbreza reviewed Oct 7, 2024
View reviewed changes
Copy link
Contributor

@wbreza wbreza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the expectation for templates with nested deployments? For example, I used our Todo AKS template, specified an invalid K8s version parameter and expected that this would fail at our own preflight check call.

Instead the preflight from azd passes, but then we get a preflight failure during ARM deployment.

Preflight validation check for resource(s) for container service aks-oc3hr2l7nqlee in resource group rg-wabrez-todo-aks-swed failed. Message: Web application routing requires at least Kubernetes 1.22. Details: 

 (Code: WebAppRoutingUnsupportedK8SVersion)

Failing Deployment Example

If it is not going to catch preflight errors on nested deployments I question whether it is valuable to add at this point.

@hemarina hemarina requested review from wbreza and weikanglim November 1, 2024 21:27
@hemarina
Copy link
Contributor Author

@weikanglim @wbreza @vhvb1989 @ellismg Could you take another pass of this PR?

@hemarina
Copy link
Contributor Author

hemarina commented Nov 20, 2024
edited
Loading

What is the expectation for templates with nested deployments? For example, I used our Todo AKS template, specified an invalid K8s version parameter and expected that this would fail at our own preflight check call.

Instead the preflight from azd passes, but then we get a preflight failure during ARM deployment.

Preflight validation check for resource(s) for container service aks-oc3hr2l7nqlee in resource group rg-wabrez-todo-aks-swed failed. Message: Web application routing requires at least Kubernetes 1.22. Details: 

 (Code: WebAppRoutingUnsupportedK8SVersion)

Failing Deployment Example

If it is not going to catch preflight errors on nested deployments I question whether it is valuable to add at this point.

We have discussed about this matter during standup. This is because of nested deployments with parameters referencing runtime functions are not supported by preflight API. The current changes will help users with their custom templates if they're not using nested resources. Jonny from preflight validate API team is working on the fixes of skipped validation on nested deployment, and he expects to release the fix "sometime within this semester".

@hemarina
Copy link
Contributor Author

hemarina commented Nov 20, 2024
edited
Loading

Rechecking about the templates with current use case, we might want to wait to merge the PR after preflight team's fix. There're templates like Azure-Samples/cosmos-db-nosql-go-quickstart that directly using main.bicep but the bicep file is still using module which will cause a validation skip on preflight api. Then, the current use case for this PR will be for users who only using single bicep file without nested resources and this is very rare case.

@hemarina hemarina added the hold label Nov 21, 2024
@hemarina
Copy link
Contributor Author

hemarina commented Nov 21, 2024
edited
Loading

We had discussion about future action of this PR between hold the preflight PR, merge the preflight PR but not refer it until fix is released from preflight team or add it in alpha feature. And we decided to hold the preflight PR and merge it after preflight team released their fix on nested resources.

Summary of why we hold the PR:
Current issue: preflight API skip validation for nested resources and the release of fix from preflight team is planned before March ("sometime in this semester").
Pros: Allows users to run validation check if they are not using nested resources
Cons: For most cases, users won't get benefits because most deployments usually have nested resources. The API adds average 10 seconds of provision process.
Result: Merging the PR or adding it as alpha feature won't benefit users much since users usually use nested resources and it will cause a validation skip on preflight.

cc @rajeshkamal5050

@rajeshkamal5050 rajeshkamal5050 mentioned this pull request Dec 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ellismg ellismg Awaiting requested review from ellismg ellismg is a code owner

@vhvb1989 vhvb1989 Awaiting requested review from vhvb1989 vhvb1989 is a code owner

@wbreza wbreza Awaiting requested review from wbreza wbreza is a code owner

@weikanglim weikanglim Awaiting requested review from weikanglim weikanglim is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@hemarina hemarina

Labels
hold
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Spike] Preflight Checks API integration
4 participants
@hemarina @weikanglim @wbreza @ellismg