Cleanup URs on trigger deletion (#3955)

* Clean URs on trigger deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * Make kyverno api import aliases consistent Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix gofumpt error Signed-off-by: ShutingZhao <shuting@nirmata.com> * Remove unused code Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2025-04-18 02:06:52 +00:00 · 2022-05-18 00:10:47 +08:00 · 2022-05-18 00:10:47 +08:00 · e7ccbb68d8
commit e7ccbb68d8
parent 572a76ce33
3 changed files with 26 additions and 77 deletions
--- a/pkg/background/generate/generate.go
+++ b/pkg/background/generate/generate.go
@ -103,14 +103,13 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
 	var precreatedResource bool
 	logger.Info("start processing UR", "ur", ur.Name, "resourceVersion", ur.GetResourceVersion())

-	// 1 - Check if the resource exists
+	// 1 - Check if the trigger exists
 	resource, err = common.GetResource(c.client, ur.Spec, c.log)
 	if err != nil {
 		// Don't update status
 		// re-queueing the UR by updating the annotation
 		// retry - 5 times
 		logger.V(3).Info("resource does not exist or is pending creation, re-queueing", "details", err.Error(), "retry")
-		updateAnnotation := true
 		urAnnotations := ur.Annotations

 		if len(urAnnotations) == 0 {
@ -126,7 +125,13 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {

 				sleepCountInt := int(sleepCountInt64) + 1
 				if sleepCountInt > 5 {
-					updateAnnotation = false
+					if err := deleteGeneratedResources(logger, c.client, *ur); err != nil {
+						return err
+					}
+					// - trigger-resource is deleted
+					// - generated-resources are deleted
+					// - > Now delete the UpdateRequest CR
+					return c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(contextdefault.TODO(), ur.Name, metav1.DeleteOptions{})
 				} else {
 					time.Sleep(time.Second * time.Duration(sleepCountInt))
 					incrementedCountString := strconv.Itoa(sleepCountInt)
@ -138,13 +143,11 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
 			}
 		}

-		if updateAnnotation {
-			ur.SetAnnotations(urAnnotations)
-			_, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(contextdefault.TODO(), ur, metav1.UpdateOptions{})
-			if err != nil {
-				logger.Error(err, "failed to update annotation in update request for the resource", "update request", ur.Name, "resourceVersion", ur.GetResourceVersion())
-				return err
-			}
+		ur.SetAnnotations(urAnnotations)
+		_, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(contextdefault.TODO(), ur, metav1.UpdateOptions{})
+		if err != nil {
+			logger.Error(err, "failed to update annotation in update request for the resource", "update request", ur.Name, "resourceVersion", ur.GetResourceVersion())
+			return err
 		}

 		return err
@ -624,3 +627,15 @@ func getUnstrRule(rule *kyvernov1.Generation) (*unstructured.Unstructured, error
 	}
 	return utils.ConvertToUnstructured(ruleData)
 }
+
+func deleteGeneratedResources(log logr.Logger, client dclient.Interface, ur kyvernov1beta1.UpdateRequest) error {
+	for _, genResource := range ur.Status.GeneratedResources {
+		err := client.DeleteResource("", genResource.Kind, genResource.Namespace, genResource.Name, false)
+		if err != nil && !apierrors.IsNotFound(err) {
+			return err
+		}
+
+		log.V(3).Info("generated resource deleted", "genKind", ur.Spec.Resource.Kind, "genNamespace", ur.Spec.Resource.Namespace, "genName", ur.Spec.Resource.Name)
+	}
+	return nil
+}
--- a/pkg/background/request_process.go
+++ b/pkg/background/request_process.go
@ -2,15 +2,12 @@ package background

 import (
 	"context"
-	"strconv"

-	"github.com/go-logr/logr"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"github.com/kyverno/kyverno/pkg/background/common"
 	"github.com/kyverno/kyverno/pkg/background/generate"
 	"github.com/kyverno/kyverno/pkg/background/mutate"
 	"github.com/kyverno/kyverno/pkg/config"
-	dclient "github.com/kyverno/kyverno/pkg/dclient"
 	jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
 	"github.com/pkg/errors"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -84,64 +81,3 @@ func (c *Controller) PatchHandler(ur *kyvernov1beta1.UpdateRequest, val string)
 	}
 	return updateUR, nil
 }
-
-func (c *Controller) HandleDeleteUR(ur kyvernov1beta1.UpdateRequest) error {
-	logger := c.log.WithValues("kind", ur.Kind, "namespace", ur.Namespace, "name", ur.Name)
-	// 1- Corresponding policy has been deleted
-	// then we don't delete the generated resources
-
-	// 2- The trigger resource is deleted, then delete the generated resources
-	if !ownerResourceExists(logger, c.client, ur) {
-		deleteUR := false
-		// check retry count in annotaion
-		urAnnotations := ur.Annotations
-		if val, ok := urAnnotations["generate.kyverno.io/retry-count"]; ok {
-			retryCount, err := strconv.ParseUint(val, 10, 32)
-			if err != nil {
-				logger.Error(err, "unable to convert retry-count")
-				return err
-			}
-
-			if retryCount >= 5 {
-				deleteUR = true
-			}
-		}
-
-		if deleteUR {
-			if err := deleteGeneratedResources(logger, c.client, ur); err != nil {
-				return err
-			}
-			// - trigger-resource is deleted
-			// - generated-resources are deleted
-			// - > Now delete the UpdateRequest CR
-			return c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), ur.Name, metav1.DeleteOptions{})
-		}
-	}
-	return nil
-}
-
-func ownerResourceExists(log logr.Logger, client dclient.Interface, ur kyvernov1beta1.UpdateRequest) bool {
-	_, err := client.GetResource("", ur.Spec.Resource.Kind, ur.Spec.Resource.Namespace, ur.Spec.Resource.Name)
-	// trigger resources has been deleted
-	if apierrors.IsNotFound(err) {
-		return false
-	}
-	if err != nil {
-		log.Error(err, "failed to get resource", "genKind", ur.Spec.Resource.Kind, "genNamespace", ur.Spec.Resource.Namespace, "genName", ur.Spec.Resource.Name)
-	}
-	// if there was an error while querying the resources we don't delete the generated resources
-	// but expect the deletion in next reconciliation loop
-	return true
-}
-
-func deleteGeneratedResources(log logr.Logger, client dclient.Interface, ur kyvernov1beta1.UpdateRequest) error {
-	for _, genResource := range ur.Status.GeneratedResources {
-		err := client.DeleteResource("", genResource.Kind, genResource.Namespace, genResource.Name, false)
-		if err != nil && !apierrors.IsNotFound(err) {
-			return err
-		}
-
-		log.V(3).Info("generated resource deleted", "genKind", ur.Spec.Resource.Kind, "genNamespace", ur.Spec.Resource.Namespace, "genName", ur.Spec.Resource.Name)
-	}
-	return nil
-}
--- a/pkg/background/update_request_controller.go
+++ b/pkg/background/update_request_controller.go
@ -204,9 +204,7 @@ func (c *Controller) syncUpdateRequest(key string) error {

 	logger.V(3).Info("UR is marked successfully", "ur", ur.GetName(), "resourceVersion", ur.GetResourceVersion())
 	if err := c.ProcessUR(ur); err != nil {
-		logger.Info("failed to process the UR, triggering handle delete operation", "handler", ur.Status.Handler, "ur", ur.GetName(), "err", err)
-		err = c.HandleDeleteUR(*ur)
-		return fmt.Errorf("failed to process delete UR %s: %v", key, err)
+		return fmt.Errorf("failed to process UR %s: %v", key, err)
 	}

 	if err = c.UnmarkUR(ur); err != nil {