Skip Condition
Overview¶
The skip condition feature allows users to selectively execute tasks or hooks based on specific runtime conditions. By defining a condition script in both Resource Templates and Environment Templates, users can ensure that tasks like notifications, approvals, or workflow handlers are executed only when necessary, improving efficiency and reducing redundant executions.
Key Capabilities¶
- Conditional Task Execution: Users can configure tasks to run only when certain conditions are met, preventing unnecessary processing.
- Dynamic Evaluation: The execution context (
ctx) is analyzed in real time to determine whether a task should be skipped. - Enhanced Visibility: A
"reason"field in the skip condition provides insights into why a task was skipped, aiding in debugging and monitoring. - Use of Expressions: Expressions allow for dynamic evaluation based on context variables, enabling users to define conditions for skipping or executing tasks. They offer flexibility by enabling task execution control based on runtime values, such as action types or user information, ensuring that operations like deploys and destroys are handled correctly according to specific conditions. For more details on expressions, refer to this page.
Example 1: Skip Condition in a Resource Template¶
The following example demonstrates how to configure a skip condition in a ResourceTemplate to ensure that a task (task1) is skipped when the action is deploy and triggered by an SSO user.
apiVersion: eaas.envmgmt.io/v1
kind: ResourceTemplate
metadata:
name: demo-template
project: defaultproject
spec:
agents:
- name: scale-agent1
provider: custom
providerOptions:
custom:
tasks:
- agents:
- name: demoagent
name: task1
onFailure: unspecified
options: {}
skipConfig:
condition: |-
## script begin ##
def eval(**ctx):
return {
"skip": ctx["trigger"]["payload"]["action"] == "deploy" and ctx["trigger"]["payload"]["is_sso_user"] == True,
"reason": "Skipping this task during deploy when triggered by an SSO user"
}
## script end ##
type: workflowHandler
workflowHandler:
name: demoreturnresp
- agents:
- name: demoagent
name: task2
onFailure: unspecified
options: {}
type: workflowHandler
workflowHandler:
name: demoreturnresp
variables:
- name: testvar
options:
override:
type: allowed
required: true
valueType: text
version: v6
versionState: draft
Explanation:
task1is skipped if:- The action is deploy (
ctx["trigger"]["payload"]["action"] == "deploy") - The user is an SSO user (
ctx["trigger"]["payload"]["is_sso_user"] == True)
- The action is deploy (
- The
"reason"field logs why the task was skipped, helping with debugging. task2does not have askipConfig, so it runs as usual.
Example 2: Skip Condition in an OpenTofu Hook¶
The following example demonstrates how to configure skip conditions in OpenTofu hooks to:
- Skip a container-based hook during destroy actions
- Skip an HTTP-based hook during destroy actions using
skipOnDestroy
apiVersion: eaas.envmgmt.io/v1
kind: ResourceTemplate
metadata:
name: rautort1-904356
project: defaultproject
spec:
agents:
- name: rauto-eaas-agent-904356
contexts:
- name: rauto-ec2-config-config-context-904356
- name: rauto-aws-config-config-context-904356
- name: rauto-infra-config-config-context-904356
hooks:
provider:
openTofu:
deploy:
plan:
before:
- name: container
onFailure: continue
options:
container:
envvars:
DOWNLOAD_TOKEN: sealed://hook.openTofu.deploy.plan.before.container.options.container.env_vars.DOWNLOAD_TOKEN
DOWNLOAD_URL: sealed://hook.openTofu.deploy.plan.before.container.options.container.env_vars.DOWNLOAD_URL
REPO_PATH: sealed://hook.openTofu.deploy.plan.before.container.options.container.env_vars.REPO_PATH
image: registry.dev.rafay-edge.net/rafay/infracost:v1
successCondition: "if #status.container.exitCode == 0 { success: true } \nif #status.container.exitCode != 0 { failed: true }"
workingDirPath: /infracost/
skipConfig:
condition: "## script begin ##\ndef eval(**ctx):\n\treturn {\n\t\t'skip': ctx['trigger']['payload']['action'] == 'destroy'\n\t}\n## script end ##"
timeoutSeconds: 500
type: container
destroy:
plan:
before:
- name: destroyhookhttp
onFailure: continue
options:
http:
endpoint: https://htjuk.com/get
headers:
Accept-Language: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.Accept-Language
accept: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.accept
test1: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.test1
test2: sealed://hook.openTofu.destroy.plan.before.destroyhookhttp.options.http.headers.test2
method: GET
successCondition: |-
if #status.http.statusCode == 200 {
success: true
}
if #status.http.statusCode != 200 {
failed: true
reason: "url not reachable"
}
skipConfig:
skipOnDestroy: true
timeoutSeconds: 500
type: http
provider: opentofu
providerOptions:
openTofu:
backendConfigs:
- tmp/inputs/one.tfvars
backendType: custom
lock: false
repositoryOptions:
branch: master
directoryPath: workloads/eaas/terraform-guides/infrastructure-as-code/aws-ec2-instance/
name: rauto-repo-904356
secret:
name: file://artifacts/rautort1-904356/sealed-secret.yaml
version: version1-904356
versionState: active
Explanation:
-
Container Hook (
deploy.plan.before.container)- The skip condition ensures the hook is skipped if the action is "destroy":
def eval(**ctx): return { 'skip': ctx['trigger']['payload']['action'] == 'destroy' }- This prevents the container task from running during destroy actions.
- HTTP Hook (
destroy.plan.before.destroyhookhttp) - The
skipConfigusesskipOnDestroy: true, which means this hook will not execute during destroy actions without requiring a script.
ℹ️ Note: Users can edit, update, or delete the skip configuration on Day 2 based on the requirement.