revert: grafana provisioning refactor — unsupported templated enum step field (AROSLSRE-1379)#5887
Conversation
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: janboll, raelga The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Pull request overview
This PR reverts #5843 by removing the new Grafana reconciliation pipeline/step wiring and rolling back multiple tooling dependencies/config values to earlier versions, while leaving Grafana-related infra temporarily paused (no-op outputs and commented pipeline steps).
Changes:
- Removed Grafana reconciliation pipeline entries and the
GrafanaManagestep execution path fromtemplatize. - Rolled back
github.com/Azure/ARO-Tools/*(and related Azure SDK) versions across several Go modules. - Paused Grafana outputs/steps in global pipelines and reverted Grafana major version configuration to
11.
Reviewed changes
Copilot reviewed 36 out of 46 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| topology.yaml | Removes the dev-only Grafana pipeline entry from the service topology list. |
| tooling/yamlwrap/go.sum | Rolls back ARO-Tools dependency checksums. |
| tooling/yamlwrap/go.mod | Rolls back ARO-Tools yamlwrap/testutil versions. |
| tooling/templatize/pkg/pipeline/run.go | Removes execution support for GrafanaManageStep. |
| tooling/templatize/pkg/pipeline/grafana_reconcile.go | Deletes the Grafana manage-step runner implementation. |
| tooling/templatize/go.sum | Rolls back ARO-Tools and related dependency checksums. |
| tooling/templatize/go.mod | Rolls back ARO-Tools module versions and drops indirect resourcegraph dep. |
| tooling/secret-sync/go.sum | Rolls back ARO-Tools dependency checksums. |
| tooling/secret-sync/go.mod | Rolls back ARO-Tools secret-sync and indirect deps. |
| tooling/pipeline-documentation/go.sum | Rolls back ARO-Tools pipelines checksum. |
| tooling/pipeline-documentation/go.mod | Rolls back ARO-Tools pipelines version. |
| tooling/helmtest/go.sum | Rolls back ARO-Tools dependency checksums. |
| tooling/helmtest/go.mod | Rolls back ARO-Tools config/pipelines/testutil and indirect deps. |
| tooling/hcpctl/go.sum | Rolls back cmdutils checksum and downgrades armresourcegraph checksum. |
| tooling/hcpctl/go.mod | Rolls back cmdutils and downgrades armresourcegraph to v0.9.0. |
| tooling/grafanactl/main.go | Removes the manage command from the grafanactl CLI wiring. |
| tooling/grafanactl/go.sum | Rolls back grafanactl/cmdutils checksums. |
| tooling/grafanactl/go.mod | Rolls back grafanactl and cmdutils dependencies. |
| tooling/aro-hcp-exporter/go.sum | Downgrades armresourcegraph checksums to v0.9.0. |
| tooling/aro-hcp-exporter/go.mod | Downgrades armresourcegraph to v0.9.0. |
| test/go.sum | Rolls back ARO-Tools and related dependency checksums for tests. |
| test/go.mod | Rolls back ARO-Tools config/prow-job-executor versions. |
| mgmt-agent/go.sum | Rolls back ARO-Tools testutil checksum. |
| mgmt-agent/go.mod | Rolls back ARO-Tools testutil version. |
| docs/pipelines.md | Removes documentation reference to the Grafana test pipeline. |
| dev-infrastructure/templates/output-grafana.bicep | Deletes the Grafana-specific output template. |
| dev-infrastructure/templates/output-global.bicep | Emits empty Grafana outputs to keep dependent steps as no-ops while paused. |
| dev-infrastructure/templates/grafana-roles.bicep | Deletes the Grafana role assignment template wrapper. |
| dev-infrastructure/templates/global-infra.bicep | Introduces (currently commented-out) Grafana reconciliation modules and related params. |
| dev-infrastructure/modules/grafana/integration-lookup.bicep | Adds a deployment-script module to look up existing Grafana integrations. |
| dev-infrastructure/modules/grafana/instance.bicep | Refactors Grafana module to create/manage the Grafana resource and role assignments. |
| dev-infrastructure/modules/grafana/grafanaIntegrationsLookup.ps1 | Adds a deployment-script PowerShell implementation for integration lookup. |
| dev-infrastructure/grafana-pipeline.yaml | Deletes the standalone Grafana test pipeline. |
| dev-infrastructure/global-pipeline.yaml | Removes Grafana reconcile/roles steps; comments out downstream Grafana steps. |
| dev-infrastructure/global-pipeline-stg.yaml | Removes Grafana reconcile/roles steps; comments out downstream Grafana steps. |
| dev-infrastructure/configurations/output-grafana.tmpl.bicepparam | Deletes Grafana output parameter template. |
| dev-infrastructure/configurations/grafana-roles.tmpl.bicepparam | Deletes Grafana roles parameter template. |
| dev-infrastructure/configurations/grafana-roles-stg.tmpl.bicepparam | Deletes STG Grafana roles parameter template. |
| dev-infrastructure/configurations/global-infra.tmpl.bicepparam | Adds Grafana-related params to global infra parameters. |
| config/rendered/dev/pers/westus3.yaml | Reverts rendered Grafana major version to 11. |
| config/rendered/dev/perf/westus3.yaml | Reverts rendered Grafana major version to 11. |
| config/rendered/dev/dev/westus3.yaml | Reverts rendered Grafana major version to 11. |
| config/rendered/dev/cspr/westus3.yaml | Reverts rendered Grafana major version to 11. |
| config/rendered/dev/ci01/centralus.yaml | Reverts rendered Grafana major version to 11. |
| config/rendered/dev/ci00/centralus.yaml | Reverts rendered Grafana major version to 11. |
| config/config.yaml | Reverts configured Grafana major version to 11. |
| // | ||
|
|
||
| // why do we read the registered workspace IDs and feed it into grafana creation again? | ||
| // becaue the grafana ARM resource expects the list to be provided or otherwise wipes the |
| # Ensure the Az.ResourceGraph module is available | ||
| if (-not (Get-Module -ListAvailable -Name Az.ResourceGraph)) { | ||
| Write-Output "Az.ResourceGraph module not found. Installing..." | ||
| Install-Module -Name Az.ResourceGraph -Force -Scope CurrentUser | ||
| Import-Module Az.ResourceGraph | ||
| } |
| $result = Search-AzGraph -Query $query | ||
|
|
||
| if (-not $result) { | ||
| # Grafana does not exist, return empty array | ||
| Write-Output "No Grafana integrations found or Grafana does not exist." | ||
| $output = @() | ||
| } else { | ||
| # Extract workspace IDs from the azureMonitorWorkspaceIntegrations list | ||
| Write-Output "Grafana integrations found: $($result | ConvertTo-Json -Depth 10)" | ||
| $output = @() | ||
| foreach ($item in $result.grafanaIntegrations) { | ||
| if ($item.azureMonitorWorkspaceResourceId) { | ||
| $output += $item.azureMonitorWorkspaceResourceId | ||
| } | ||
| } | ||
| } |
|
/retest |
|
Force-merge justification This is a clean revert. The tide queue itself is healthy — this FM is not to rescue a stuck queue; it's to expedite a rollout-blocking revert so it doesn't sit behind long E2E while int/stg/prod stays blocked. It meets all four FM criteria: 1. int/stg/prod is blocked by the problem. Blocked in sdp-pipelines build 170669006 (PR https://dev.azure.com/msazure/AzureRedHatOpenShift/_git/sdp-pipelines/pullrequest/16296188). This is a schema/manifest-gen failure, not an environmental flake — it fails on every rollout attempt. The GitHub merge queue is not materially disrupted, so FM'ing this revert won't jump ahead of contended batch testing: the Prow batch view for this repo (https://prow.ci.openshift.org/?repo=Azure%2FARO-HCP&type=batch&job=*e2e-p*) shows no 2. High confidence the revert fixes the problem. 3. The revert builds and passes all fast testing. 4. The revert is clean. Durable fix in flight: Grafana provisioning returns to the Bicep path where the same values are passed as simple field-access bicepparams (aligned with ARO-27904 / #5863). Any future re-refactor onto a pipeline action must use literal enum step fields, not config templates, and will go through the queue normally. |
Reverts #5843
ARO-27904 · AROSLSRE-1379
What
Reverts "fix: Refactor grafana provisioning" (#5843), restoring Grafana provisioning via the Bicep deployment (
global-infra.bicep+global-infra.tmpl.bicepparam) instead of theGrafanaManagepipeline action.Why
#5843 moved Grafana provisioning into a
GrafanaManagepipeline action whose values are declared as pipeline step fields sourced from config templates:This breaks EV2 manifest generation. During
aro ev2 manifests generate, the pipeline is precompiled with dunder sentinels substituted for every config value, then validated strictly againstpipeline.schema.v1.json:zoneRedundancyis a strict enum (Enabled/Disabled), so the substituted sentinel__monitoring.grafanaZoneRedundantMode__fails validation:This fails regardless of the config value — it is not a missing-default problem. (
majorVersion/grafanaNameare plaintype: string, so their sentinels pass, which is why onlyzoneRedundancyerrored.) Surfaced in sdp-pipelines build 170669006 / PR #16296188.You cannot source a strict-enum pipeline step field from a
{{ }}config template. Reverting to Bicep provisioning restores the supported pattern: the same values flow through.tmpl.bicepparamas simple field-access substitutions, rendered with real values at deploy time and type-checked by Bicep — never validated as pipeline step fields. This is consistent with ARO-27904 / #5863 ("logic lives in config; bicepparam templates are simple field access").Testing
public/intno longer hits thezoneRedundancyenum failure once theGrafanaManagestep is removed.param grafanaZoneRedundantMode = '{{ .monitoring.grafanaZoneRedundantMode }}', etc.) are simple field access, compliant with the ARO-27904 / feat(templatize): enforce simple field access in bicepparam templates #5863 validator.Special notes for your reviewer
PR Checklist