search

zarf-dev / zarf

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
Apache License 2.0
1.37k stars 164 forks source link

Use variables for Zarf package remove #1801

Open UncleGedd opened 1 year ago

UncleGedd commented 1 year ago

Is your feature request related to a problem? Please describe.

I'd like to have more control over the remove cycle of Zarf packages through the use of variables.

For example, I need to control the deletion of a KMS key that encrypts an S3 bucket based on the "force delete" config of the S3 bucket, noting that the "force delete" config is set as a Zarf variable during package deployment.

Describe the solution you'd like

Given a zarf-config.yaml I'd like to add variables to be used during the remove, for example something like:

package:
  deploy:
    set:
      foo: bar
  remove: 
    set:
      foo: baz

And then I'd like to use ZARF_VAR_FOO in an onRemove action

UncleGedd commented 1 year ago

Another interesting idea is to be able to use the ZARF_VAR_FOO that was set as a deploy variable in the zarf-config.yaml inside of the onRemove action without having to set package.remove.set.foo in the zarf-config.yaml

Noxsios commented 1 year ago

@YrrepNoj call me crazy, but don't we save variables set on deploy time into the package's secret? Can we not just re-inject them into the onRemove actions?

wirewc commented 1 year ago

Is there a way to see if the deployment has a chart in onDeploy is there a way to allow re-injecting the variables when there is an onRemove action? I think this is only an issue for Zarf actions when a cluster is not in scope for the deployment.