spinnaker.deployment.tasks.before.deleteManifest

Policy checks that run immediate before a task deletes a spinnaker manifest.

If your policy is for controlling deletion from within a pipeline, more information is available in policies written against the spinnaker.deployment.tasks.before.deployManifest package.

If your policy is for controlling manual deletion triggers from within the Armory Continuous Deployment UI that are not triggered via a pipeline, more information is available in policies written against the spinnaker.http.authz package.

Example Payload

Click to expand
{
  "input": {
    "deploy": {
      "account": "spinnaker",
      "allCoordinates": [],
      "credentials": "spinnaker",
      "events": [],
      "kinds": [],
      "labelSelectors": {
        "empty": true,
        "notEmpty": false,
        "selectors": []
      },
      "location": "staging",
      "manifestName": "deployment hostname",
      "options": {
        "apiVersion": null,
        "dryRun": null,
        "gracePeriodSeconds": 5,
        "kind": null,
        "orphanDependents": null,
        "preconditions": null,
        "propagationPolicy": null
      }
    }
  }
}

Example Policy

This example policy prevents deleteManifest tasks from running unless they provide a grace period of 30 seconds or more.

package spinnaker.deployment.tasks.before.deleteManifest

deny["A minimum 30 second grace period must be given when deleting a kubernetes manifest"] { 
  input.deploy.options.gracePeriodSeconds<30
}

Keys

KeyTypeDescription
input.deploy.accountstringThe account being deployed to.
input.deploy.credentialsstringThe credentials to use to access the account.
input.deploy.labelSelectors.emptyboolean
input.deploy.labelSelectors.notEmptyboolean
input.deploy.locationstringThe name of the namespace from which the manifest is being deleted.
input.deploy.manifestNamestringThe name of the manifest being deleted.
input.deploy.options.apiVersionstringThe API version in which the manifest’s kind is defined.
input.deploy.options.dryRunbooleanIf true then the manifest is not actually deleted. if false it is.
input.deploy.options.gracePeriodSecondsnumberHow many seconds should the resource being deleted be given to shut down gracefully before being forcefully shut down.
input.deploy.options.kindstringThe kind of manifest that is being deleted.
input.deploy.options.orphanDependentsbooleanWhen set, delete all resources managed by this resource as well (all pods owned by a replica set). When unset, this may orphan resources.
input.deploy.options.preconditions
input.deploy.options.propagationPolicystringThere are three different ways to delete a Kubernetes object:
Foreground: The object itself cannot be deleted unless the objects that it owns have already been deleted.
Background: The object itself is deleted, then the objects that it owned are automatically deleted.
Orphan: The object itself is deleted. Any objects it owns are “orphaned.”

Last modified August 18, 2023: (02b163b7)