Skip to content

Commit

Permalink
fix: ur not cleaned up when deleting namespaced policy
Browse files Browse the repository at this point in the history
Signed-off-by: Sandesh More <[email protected]>
  • Loading branch information
sandeshlmore committed Oct 31, 2022
1 parent 2c4a2da commit 1fbb596
Showing 1 changed file with 45 additions and 1 deletion.
46 changes: 45 additions & 1 deletion pkg/background/update_request_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ func NewController(
})
polInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
UpdateFunc: c.updatePolicy,
DeleteFunc: c.deletePolicy,
DeleteFunc: c.deleteNSPolicy,
})

c.informersSynced = []cache.InformerSynced{cpolInformer.Informer().HasSynced, polInformer.Informer().HasSynced, urInformer.Informer().HasSynced, namespaceInformer.Informer().HasSynced, podInformer.Informer().HasSynced}
Expand Down Expand Up @@ -370,6 +370,50 @@ func (c *controller) deletePolicy(obj interface{}) {
}
}

func (c *controller) deleteNSPolicy(obj interface{}) {
p, ok := kubeutils.GetObjectWithTombstone(obj).(*kyvernov1.Policy)
if !ok {
logger.Info("Failed to get deleted object", "obj", obj)
return
}

logger.V(4).Info("deleting policy", "name", p.Name)
key, err := cache.MetaNamespaceKeyFunc(kubeutils.GetObjectWithTombstone(obj))
if err != nil {
logger.Error(err, "failed to load policy key")
} else {
logger.V(4).Info("updating policy", "key", key)

// check if deleted policy is clone generate policy
generatePolicyWithClone := pkgCommon.ProcessDeletePolicyForCloneGenerateRule(p, c.client, c.kyvernoClient, c.urLister, p.GetName(), logger)

// get the generated resource name from update request
selector := labels.SelectorFromSet(labels.Set(map[string]string{
kyvernov1beta1.URGeneratePolicyLabel: p.Name,
}))

urList, err := c.urLister.List(selector)
if err != nil {
logger.Error(err, "failed to get update request for the resource", "labels-selector", kyvernov1beta1.URGeneratePolicyLabel)
return
}

if !generatePolicyWithClone {
// re-evaluate the UR as the policy was updated
for _, ur := range urList {
logger.V(4).Info("enqueue the ur for cleanup", "ur name", ur.Name)
c.enqueueUpdateRequest(ur)
}
} else {
for _, ur := range urList {
for _, generatedResource := range ur.Status.GeneratedResources {
logger.V(4).Info("retaining resource for cloned policy", "apiVersion", generatedResource.APIVersion, "kind", generatedResource.Kind, "name", generatedResource.Name, "namespace", generatedResource.Namespace)
}
}
}
}
}

func (c *controller) addUR(obj interface{}) {
ur := obj.(*kyvernov1beta1.UpdateRequest)
c.enqueueUpdateRequest(ur)
Expand Down

0 comments on commit 1fbb596

Please sign in to comment.