chore: allow tenant cleanup script to skip control plane if tenant not found#7290
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 4 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="backend/scripts/tenant_cleanup/no_bastion_cleanup_tenants.py">
<violation number="1" location="backend/scripts/tenant_cleanup/no_bastion_cleanup_tenants.py:494">
P1: Missing `tenant_not_found_in_control_plane = True` in interactive mode. When user confirms to continue after "tenant not found in control plane", the flag remains False, causing Step 3 to unnecessarily attempt control plane cleanup which will fail or have unexpected behavior.</violation>
</file>
<file name="backend/scripts/tenant_cleanup/cleanup_tenants.py">
<violation number="1" location="backend/scripts/tenant_cleanup/cleanup_tenants.py:476">
P2: Missing `tenant_not_found_in_control_plane = True` after user confirms to continue. In non-force mode, if the user acknowledges the tenant wasn't found and confirms to continue, the flag should also be set so Step 3 skips control plane cleanup (matching force mode behavior).</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
jmelahman
left a comment
jmelahman
left a comment
There was a problem hiding this comment.
many small nits and I think they're all optional. Please do at least read them though
| except TenantNotFoundInControlPlaneError as e: | ||
| # Tenant/table not found in control plane | ||
| error_str = str(e) | ||
| print(f"⚠️ WARNING: Tenant not found in control plane: {error_str}") |
There was a problem hiding this comment.
this is fine, but it's probably preferred to use a logger for these so they're sent to stderr by default. slightly less likely to be missed that way
| from pathlib import Path | ||
|
|
||
|
|
||
| class TenantNotFoundInControlPlaneError(Exception): |
There was a problem hiding this comment.
this is fine, but very nitpicky: it's nice to keep exceptions in a dedicated module. that's much more important with public interfaces though which this isn't really
| error_msg = e.stderr if e.stderr else str(e) | ||
| print( | ||
| f"✗ Failed to get tenant status for {tenant_id}: {e}", | ||
| f"✗ Failed to get tenant status for {tenant_id}: {error_msg}", |
There was a problem hiding this comment.
nit: while you're here wanna convert to an emoji for visibility (ideally just a colored logger imo but im boring)
| print( | ||
| "Usage: PYTHONPATH=. python scripts/tenant_cleanup/" | ||
| "no_bastion_mark_connectors.py <tenant_id> [--force] [--concurrency N]" | ||
| "no_bastion_mark_connectors.py <tenant_id> \\" |
There was a problem hiding this comment.
i know you're not introducing these prints, but the python argparser is pretty extensible and supports custom long messages. this is like a decades old pattern left over from shell scripting
| cmd = ["kubectl", "get", "po"] | ||
| if context: | ||
| cmd.extend(["--context", context]) | ||
| cmd = ["kubectl", "get", "po", "--context", context] |
There was a problem hiding this comment.
optional nitpick, but this would be so much better with a KubectlHelper class that stored the "kubectl" (preferably as /usr/bin/kubectl) command and context as private variables.
| "Error: --data-plane-context is required", | ||
| file=sys.stderr, | ||
| ) | ||
| sys.exit(1) |
There was a problem hiding this comment.
nit: i personally prefer raise SystemExit(1)
| if confirm_step( | ||
| # Step 3: Clean up control plane (skip if tenant not found in control plane with --force) | ||
| if tenant_not_found_in_control_plane: | ||
| print(f"\n{'=' * 80}") |
There was a problem hiding this comment.
nit: I feel like this would be safer without an f-string
| sys.exit(1) | ||
|
|
||
| # Parse contexts | ||
| # Parse contexts (required) |
There was a problem hiding this comment.
nitttt: these really should be required by the argparser and the corresponding types should not be optional
|
|
||
|
|
||
| def setup_scripts_on_pod(pod_name: str, context: str | None = None) -> None: | ||
| def setup_scripts_on_pod(pod_name: str, context: str) -> None: |
There was a problem hiding this comment.
its hard to tell if this was required for this change, but would have been really nice as a separate change so the behavioral changes related to skipping the control plane were more prominent
There was a problem hiding this comment.
This was required. The intention of this script is to do actions in both planes, but the script would attempt to access control plane via data plane pods (which is impossible).
wenxi-onyx
deleted the
whuang/allow-tenant-cleanup-force-to-skip-control-plane
branch
2 participants
Description
How Has This Been Tested?
Additional Options
Summary by cubic
Allow tenant cleanup and connector-marking scripts to skip control plane steps when the tenant is not found in the control plane. In force mode, we continue with data plane only; otherwise we prompt.
New Features
Migration
Written for commit 3e7ce56. Summary will update on new commits.