Option to block certain security groups from being unassigned from spaces
freudl opened this issue · 2 comments
Is your feature request related to a problem? Please describe.
Using option --enable-unassign-security-groups will remove any ASG from space not configured in config.
However, service brokers might add ASGs once a user bound an service instance.
In such situation platform engineers cannot provide a per service instance ASG without integrating broker and cf-mgmt
Describe the solution you'd like
An option -skip-unassign-security-group-regex which enables platform engineers to exclude certain ASG names from being reconcilled.
Describe alternatives you've considered
- Disabling
--enable-unassign-security-groups- comes at the cost of maintaining ASG space relationships otherwise - Not taking advantage of per service instance based ASGs
Additional context
n/a
We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.
The labels on this github issue will be updated when the story is started.
Closing this as this feature should be delivered in https://github.com/vmware-tanzu-labs/cf-mgmt/releases/tag/v1.0.80