Allow skipping delete if a resource (or its parent) has already been removed #5040
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
theunrepentantgeek
requested review from
davefellows,
jakjang,
juan-lee and
matthchr
as code owners
github-project-automation
bot
moved this to In Progress
in Azure Service Operator Roadmap
theunrepentantgeek
force-pushed
the
feature/check-before-deleting
branch
from
dc40981 to
bdff1a4
Compare
theunrepentantgeek
force-pushed
the
feature/check-before-deleting
branch
from
c365c26 to
0a1d433
Compare
theunrepentantgeek
changed the title
|
👋 Hi, I'm an automated AI code review bot. I ran some checks on this PR and found 1 point that might be worth attention (could be false positives, please use your judgment):
If you find these suggestions disruptive, you can reply "stop" , and I'll automatically skip this repository in the future. |
Member
Author
|
@juice928 stop. We welcome human contributors to ASO, and request that any AI contributions be human mediated/reviewed. |
matthchr
added a commit
to matthchr/azure-service-operator
that referenced
this pull request
Jan 28, 2026
Solves issue where the owner has stale state from Azure. * Removes owner from PreReconcileCheck. Owner checks must now always be done via PreReconcileOwnerCheck. This ensures that we only issue HTTP calls to Azure to refresh the owner state when we actually need the owner for something. * Resources that implement PreReconcileOwnerCheck now issue a GET on the owner ARM resource before calling the check, meaning that the check will always be acting on an up-to-date owner status + spec. * Remove possibility of owner being nil in PreReconcileOwnerCheck. We won't call that API at all if the owner is nil, which saves the individual check implementations from needing to always include a nil check. Test updates: * Updated Kuberentes version in tests and samples as the Kuberentes version we were using is now out of support. * Updated containerservice samples to use a different KeyVault name for each sample so that the KeyVault names don't collide when being recovered/purged. * Removed Test_Samples_CreationAndDeletion/Test_Dbforpostgresql_v20250801_CreationAndDeletion from the list of skipped samples. * Re-recorded required samples (containerservice and dbforpostgresql) Fixes Azure#5040.
matthchr
approved these changes
Jan 28, 2026
Member
matthchr
left a comment
matthchr
left a comment
There was a problem hiding this comment.
Approved with some comments I think you should take before merging
| if !skipDeletionPrecheck.Has(group) { | ||
| if _, _, err := r.getStatus(ctx, resourceID); err != nil { | ||
| if genericarmclient.IsNotFoundError(err) { | ||
| // Resource no longer exists |
Member
There was a problem hiding this comment.
We used to always have this log:
log.V(Info).Info("Successfully issued DELETE to Azure")
now, it's possible we won't get that far. Should we have a log here that says something like
log.V(Info).Info("Determined resource was already deleted in Azure - not issuing DELETE as it is not required")
or something like that?
| . "github.com/onsi/gomega" | ||
| ) | ||
|
|
||
| func Test_hideAppConfigurationKeySecrets(t *testing.T) { |
Member
There was a problem hiding this comment.
minor, style: Would it be better to test via the exported func (r *Redactor) HideRecordingData(s string) string { interface?
Feel like such a test scales better to testing the other redactions we have as well (good idea adding tests here btw).
| requeueDelay = 10 * time.Millisecond | ||
| minBackoff = 10 * time.Millisecond | ||
| maxBackoff = 10 * time.Millisecond | ||
| maxBackoff = 1000 * time.Millisecond |
Member
There was a problem hiding this comment.
Can you expand on why this needs to be here? It's not mentioned in the PR description, or maybe a code-comment here would be useful?
matthchr
added a commit
to matthchr/azure-service-operator
that referenced
this pull request
Jan 29, 2026
Solves issue where the owner has stale state from Azure. * Removes owner from PreReconcileCheck. Owner checks must now always be done via PreReconcileOwnerCheck. This ensures that we only issue HTTP calls to Azure to refresh the owner state when we actually need the owner for something. * Resources that implement PreReconcileOwnerCheck now issue a GET on the owner ARM resource before calling the check, meaning that the check will always be acting on an up-to-date owner status + spec. * Remove possibility of owner being nil in PreReconcileOwnerCheck. We won't call that API at all if the owner is nil, which saves the individual check implementations from needing to always include a nil check. Test updates: * Updated Kuberentes version in tests and samples as the Kuberentes version we were using is now out of support. * Updated containerservice samples to use a different KeyVault name for each sample so that the KeyVault names don't collide when being recovered/purged. * Removed Test_Samples_CreationAndDeletion/Test_Dbforpostgresql_v20250801_CreationAndDeletion from the list of skipped samples. * Re-recorded required samples (containerservice and dbforpostgresql) Fixes Azure#5040.
matthchr
added a commit
to matthchr/azure-service-operator
that referenced
this pull request
Jan 29, 2026
Solves issue where the owner has stale state from Azure. * Removes owner from PreReconcileCheck. Owner checks must now always be done via PreReconcileOwnerCheck. This ensures that we only issue HTTP calls to Azure to refresh the owner state when we actually need the owner for something. * Resources that implement PreReconcileOwnerCheck now issue a GET on the owner ARM resource before calling the check, meaning that the check will always be acting on an up-to-date owner status + spec. * Remove possibility of owner being nil in PreReconcileOwnerCheck. We won't call that API at all if the owner is nil, which saves the individual check implementations from needing to always include a nil check. Test updates: * Updated Kuberentes version in tests and samples as the Kuberentes version we were using is now out of support. * Updated containerservice samples to use a different KeyVault name for each sample so that the KeyVault names don't collide when being recovered/purged. * Removed Test_Samples_CreationAndDeletion/Test_Dbforpostgresql_v20250801_CreationAndDeletion from the list of skipped samples. * Re-recorded required samples (containerservice and dbforpostgresql) Fixes Azure#5040.
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does
Before issuing a DELETE to Azure, check to see if the resource has already been removed.
May resolve #5009 once all groups are migrated.
Special notes
Most groups are currently in a deny list (see
azure_generic_arm_reconciler_instance.go) so that we don't have to re-record all the groups at once. Tracking issue #5108 has been created for the follow-up tasks of removing groups from the deny-list.How does this PR make you feel?