Skip Condition
Skip Condition: Controlling Task Execution Dynamically¶
The skip condition feature allows users to selectively execute tasks or hooks based on specific runtime conditions. By defining a condition script in both Resource Templates and Environment Templates, users can ensure that tasks like notifications, approvals, or workflow handlers are executed only when necessary, improving efficiency and reducing redundant executions.
Did you know?
Skip conditions can be managed using three (3) methods:
Key Capabilities¶
- Conditional Task Execution: Users can configure tasks to run only when certain conditions are met, preventing unnecessary processing.
- Dynamic Evaluation: The execution context (
ctx) is analyzed in real time to determine whether a task should be skipped. - Enhanced Visibility: A
"reason"field in the skip condition provides insights into why a task was skipped, aiding in debugging and monitoring. - Use of Expressions: Expressions allow for dynamic evaluation based on context variables, enabling users to define conditions for skipping or executing tasks. They offer flexibility by enabling task execution control based on runtime values, such as action types or user information, ensuring that operations like deploys and destroys are handled correctly according to specific conditions. For more details on expressions, refer to this page.
Managing Hooks with Skip Conditions in Environment and Resource Templates¶
Scenario¶
Environment and resource templates are used to automate the deployment and deprovisioning of cloud environments. Hooks are configured to run during the publish workflow but must either be skipped or conditionally bypassed during the destroy workflow to prevent unnecessary operations.
Requirement¶
- Deploy Workflow: Hooks should execute as expected without any skipping.
- Destroy Workflow: Hooks may either be completely skipped or skipped under specific conditions to avoid redundant executions.
Implementation¶
Skip on Destroy Enabled¶
- A security audit hook runs during publish, verifying compliance before deployment.
- When Skip on Destroy is enabled while adding a hook in an Environment Template or Resource Template, the hook is bypassed during the destroy workflow, reducing unnecessary checks.
Skip Conditions Applied¶
- A backup cleanup hook is triggered during destroy to remove related artifacts.
- If a condition is set (e.g., skip when backup status is active), the hook is skipped only when the specified condition is met, ensuring backups are preserved when still in use.
Outcome¶
By configuring Skip on Destroy and conditional skipping, workflow automation is optimized by reducing redundant operations while ensuring critical actions execute only when necessary.
Skip Conditions via UI¶
When defining a skip condition in a hook, a script can be used to dynamically determine whether the hook should execute. The script in the image follows this structure:
## script begin ##
def eval(**ctx):
return {"skip": ctx["trigger"]["payload"]["action"] == "destroy", "reason": "skip if action is destroy"}
## script end ##
Function Definition (def eval(**ctx):)¶
- The function eval(
**ctx) is defined to evaluate the hook’s execution condition. - The
ctx(context) parameter contains execution details, including workflow triggers. - Checking the Action (
ctx["trigger"]["payload"]["action"])- The script inspects the trigger payload to determine the workflow action.
- Conditional Skip (
if action == "destroy")- If the workflow action is
"destroy", the script returns{"skip": True, "reason": "skip if action is destroy"}.
- If the workflow action is
- Skipping the Hook (
return {"skip": True, "reason": ...})- The hook is skipped when the destroy action is detected.
- The
"reason"field provides visibility into why the hook was skipped.
Use Case Explanation¶
- Scenario: A hook is added in an environment or resource template for both publish and destroy workflows.
- Normal Execution: Hooks run as usual when executing a publish workflow.
- Skip on Destroy: If Skip on Destroy is enabled, the hook is skipped entirely during destroy operations, regardless of other conditions.
- Conditional Skipping: When a skip condition is set using a script (as in the example), the hook is only skipped when the specified condition is met.
- In this case, the script checks if the workflow action is
"destroy". - If
ctx["trigger"]["payload"]["action"] == "destroy", the function returns{"skip": True}, "reason": "skip if action is destroy"}, preventing hook execution. - Otherwise, the hook runs normally.
- In this case, the script checks if the workflow action is
This method allows precise control over hook execution, ensuring that workflows only trigger when necessary while allowing conditional skipping based on workflow actions.
Skip Condition via RCTL¶
Example 1: Skip Condition in a Resource Template¶
The following example demonstrates how to configure a skip condition in a ResourceTemplate to ensure that a task (task1) is skipped when the action is deploy and triggered by an SSO user.
apiVersion: eaas.envmgmt.io/v1
kind: ResourceTemplate
metadata:
name: demo-template
project: defaultproject
spec:
agents:
- name: scale-agent1
provider: custom
providerOptions:
custom:
tasks:
- agents:
- name: demoagent
name: task1
onFailure: unspecified
options: {}
skipConfig:
condition: |-
## script begin ##
def eval(**ctx):
return {
"skip": ctx["trigger"]["payload"]["action"] == "deploy" and ctx["trigger"]["payload"]["is_sso_user"] == True,
"reason": "Skipping this task during deploy when triggered by an SSO user"
}
## script end ##
type: workflowHandler
workflowHandler:
name: demoreturnresp
- agents:
- name: demoagent
name: task2
onFailure: unspecified
options: {}
type: workflowHandler
workflowHandler:
name: demoreturnresp
variables:
- name: testvar
options:
override:
type: allowed
required: true
valueType: text
version: v6
versionState: draft
Explanation:
task1is skipped if:- The action is deploy (
ctx["trigger"]["payload"]["action"] == "deploy") - The user is an SSO user (
ctx["trigger"]["payload"]["is_sso_user"] == True)
- The action is deploy (
- The
"reason"field logs why the task was skipped, helping with debugging. task2does not have askipConfig, so it runs as usual.
Example 2: Skip Condition in an OpenTofu Hook¶
The following example demonstrates how to configure skip conditions in OpenTofu hooks to:
- Skip a container-based hook during destroy actions
- Skip an HTTP-based hook during destroy actions using
skipOnDestroy
apiVersion: eaas.envmgmt.io/v1
kind: ResourceTemplate
metadata:
name: rautort1-904356
project: defaultproject
spec:
agents:
- name: rauto-eaas-agent-904356
contexts:
- name: rauto-ec2-config-config-context-904356
- name: rauto-aws-config-config-context-904356
- name: rauto-infra-config-config-context-904356
hooks:
provider:
openTofu:
deploy:
plan:
before:
- name: container
onFailure: continue
options:
container:
envvars:
DOWNLOAD_TOKEN: sealed://hook.openTofu.deploy.plan.before.container.options.container.env_vars.DOWNLOAD_TOKEN
DOWNLOAD_URL: sealed://hook.openTofu.deploy.plan.before.container.options.container.env_vars.DOWNLOAD_URL
REPO_PATH: sealed://hook.openTofu.deploy.plan.before.container.options.container.env_vars.REPO_PATH
image: registry.dev.rafay-edge.net/rafay/infracost:v1
successCondition: "if #status.container.exitCode == 0 { success: true } \nif #status.container.exitCode != 0 { failed: true }"
workingDirPath: /infracost/
skipConfig:
condition: "## script begin ##\ndef eval(**ctx):\n\treturn {\n\t\t'skip': ctx['trigger']['payload']['action'] == 'destroy'\n\t}\n## script end ##"
timeoutSeconds: 500
type: container
destroy:
plan:
before:
- name: destroyhookhttp
onFailure: continue
options:
http:
endpoint: https://htjuk.com/get
headers:
Accept-Language: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.Accept-Language
accept: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.accept
test1: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.test1
test2: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.test2
method: GET
successCondition: |-
if #status.http.statusCode == 200 {
success: true
}
if #status.http.statusCode != 200 {
failed: true
reason: "url not reachable"
}
skipConfig:
skipOnDestroy: true
timeoutSeconds: 500
type: http
provider: opentofu
providerOptions:
openTofu:
backendConfigs:
- tmp/inputs/one.tfvars
backendType: custom
lock: false
repositoryOptions:
branch: master
directoryPath: workloads/eaas/terraform-guides/infrastructure-as-code/aws-ec2-instance/
name: rauto-repo-904356
secret:
name: file://artifacts/rautort1-904356/sealed-secret.yaml
version: version1-904356
versionState: active
Explanation:
-
Container Hook (
deploy.plan.before.container)- The skip condition ensures the hook is skipped if the action is "destroy":
def eval(**ctx): return { 'skip': ctx['trigger']['payload']['action'] == 'destroy' }- This prevents the container task from running during destroy actions.
- HTTP Hook (
destroy.plan.before.destroyhookhttp) - The
skipConfigusesskipOnDestroy: true, which means this hook will not execute during destroy actions without requiring a script.