From 48b7a68733fa741f03b11f9e385fe1fb7dd578d4 Mon Sep 17 00:00:00 2001
From: Shivam Kumar <122988410+ShivamJha2436@users.noreply.github.com>
Date: Fri, 27 Sep 2024 20:15:09 +0530
Subject: [PATCH] Added propagationPolicy to TTL controller for resource
 deletion (#11207)

* Added propagationPolicy to TTL controller for resource deletion

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

* Added per-resource deletion policy with optional global default

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

* Fix: Added nil check for annotations to prevent runtime errors

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

* Fix: Moved logic for retrieving propagation policy from annotations to a dedicated function

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

* Fix: Resolve merge conflict in controller.go and update propagation policy handling
- Added missing gvr field from main branch
- Improved annotation naming as per team discussion
- Moved propagation policy logic closer to usage

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

* Simplified propagation policy logic

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

* Add unit tests for controller.go

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

* Removed the test file for controller.go and fixed the lint error

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>

---------

Signed-off-by: ShivamJha2436 <shivamkumar87148@gmail.com>
---
 api/kyverno/constants.go          | 11 ++++++-----
 pkg/controllers/ttl/controller.go | 33 ++++++++++++++++++++++++++++++-
 2 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/api/kyverno/constants.go b/api/kyverno/constants.go
index 8eeb1ffbb8..a5b764bd5d 100644
--- a/api/kyverno/constants.go
+++ b/api/kyverno/constants.go
@@ -9,11 +9,12 @@ const (
 	LabelCleanupTtl       = "cleanup.kyverno.io/ttl"
 	LabelWebhookManagedBy = "webhook.kyverno.io/managed-by"
 	// Well known annotations
-	AnnotationAutogenControllers = "pod-policies.kyverno.io/autogen-controllers"
-	AnnotationImageVerify        = "kyverno.io/verify-images"
-	AnnotationPolicyCategory     = "policies.kyverno.io/category"
-	AnnotationPolicyScored       = "policies.kyverno.io/scored"
-	AnnotationPolicySeverity     = "policies.kyverno.io/severity"
+	AnnotationAutogenControllers       = "pod-policies.kyverno.io/autogen-controllers"
+	AnnotationImageVerify              = "kyverno.io/verify-images"
+	AnnotationPolicyCategory           = "policies.kyverno.io/category"
+	AnnotationPolicyScored             = "policies.kyverno.io/scored"
+	AnnotationPolicySeverity           = "policies.kyverno.io/severity"
+	AnnotationCleanupPropagationPolicy = "cleanup.kyverno.io/propagation-policy"
 	// Well known values
 	ValueKyvernoApp        = "kyverno"
 	ValueTtlDateTimeLayout = "2006-01-02T150405Z"
diff --git a/pkg/controllers/ttl/controller.go b/pkg/controllers/ttl/controller.go
index f064cb099a..eb6647d575 100644
--- a/pkg/controllers/ttl/controller.go
+++ b/pkg/controllers/ttl/controller.go
@@ -118,6 +118,34 @@ func (c *controller) deregisterEventHandlers() {
 	c.logger.V(3).Info("deregistered event handlers")
 }
 
+// Function to determine the deletion propagation policy
+func (c *controller) determinePropagationPolicy(metaObj metav1.Object, logger logr.Logger) *metav1.DeletionPropagation {
+	annotations := metaObj.GetAnnotations()
+	var policy *metav1.DeletionPropagation
+
+	if annotations != nil {
+		annotationPolicy := annotations["kyverno.AnnotationCleanupPropagationPolicy"]
+		if annotationPolicy == "" {
+			switch annotationPolicy {
+			case "Foreground":
+				fg := metav1.DeletePropagationForeground
+				policy = &fg
+			case "Background":
+				bg := metav1.DeletePropagationBackground
+				policy = &bg
+			case "Orphan":
+				orphan := metav1.DeletePropagationOrphan
+				policy = &orphan
+			case "":
+				return nil
+			default:
+				logger.Info("Unknown propagationPolicy annotation, no global policy found", "policy", annotationPolicy)
+			}
+		}
+	}
+	return policy
+}
+
 func (c *controller) reconcile(ctx context.Context, logger logr.Logger, itemKey string, _, _ string) error {
 	namespace, name, err := cache.SplitMetaNamespaceKey(itemKey)
 	if err != nil {
@@ -164,7 +192,10 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, itemKey
 		return nil
 	}
 	if time.Now().After(deletionTime) {
-		err = c.client.Namespace(namespace).Delete(context.Background(), metaObj.GetName(), metav1.DeleteOptions{})
+		deleteOptions := metav1.DeleteOptions{
+			PropagationPolicy: c.determinePropagationPolicy(metaObj, logger),
+		}
+		err = c.client.Namespace(namespace).Delete(context.Background(), metaObj.GetName(), deleteOptions)
 		if err != nil {
 			logger.Error(err, "failed to delete resource")
 			if c.metrics.ttlFailureTotal != nil {