mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
0c91e87bbb
* remove policy handler for updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove policy update handler from the ur controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * rework cleanup downstream on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix downstream deletion on data rule removal Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for clusterpolicy Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test for policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix name assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * delete downstream when deletes the clone source Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-source Signed-off-by: ShutingZhao <shuting@nirmata.com> * linter fixes Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-clone-sync-delete-downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl test pol-data-sync-modify-rule Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix labels Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy assertions Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix annotation missing names Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove dead code Signed-off-by: ShutingZhao <shuting@nirmata.com> * create unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * create more unique namespaces Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
83 lines
2.8 KiB
Go
83 lines
2.8 KiB
Go
package generate
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
|
"github.com/kyverno/kyverno/pkg/background/common"
|
|
"go.uber.org/multierr"
|
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
|
)
|
|
|
|
func (c *GenerateController) deleteDownstream(policy kyvernov1.PolicyInterface, ur *kyvernov1beta1.UpdateRequest) (err error) {
|
|
if !ur.Spec.DeleteDownstream {
|
|
return nil
|
|
}
|
|
|
|
// handle data policy/rule deletion
|
|
if ur.Status.GeneratedResources != nil {
|
|
c.log.V(4).Info("policy/rule no longer exists, deleting the downstream resource based on synchronize", "ur", ur.Name, "policy", ur.Spec.Policy, "rule", ur.Spec.Rule)
|
|
var errs []error
|
|
failedDownstreams := []kyvernov1.ResourceSpec{}
|
|
for _, e := range ur.Status.GeneratedResources {
|
|
if err := c.client.DeleteResource(context.TODO(), e.GetAPIVersion(), e.GetKind(), e.GetNamespace(), e.GetName(), false); err != nil && !apierrors.IsNotFound(err) {
|
|
failedDownstreams = append(failedDownstreams, e)
|
|
errs = append(errs, err)
|
|
}
|
|
}
|
|
|
|
if len(errs) != 0 {
|
|
c.log.Error(multierr.Combine(errs...), "failed to clean up downstream resources on policy deletion")
|
|
_, err = c.statusControl.Failed(ur.GetName(),
|
|
fmt.Sprintf("failed to clean up downstream resources on policy deletion: %v", multierr.Combine(errs...)),
|
|
failedDownstreams)
|
|
} else {
|
|
_, err = c.statusControl.Success(ur.GetName(), nil)
|
|
}
|
|
return
|
|
}
|
|
|
|
if policy == nil {
|
|
return nil
|
|
}
|
|
// handle clone source deletion
|
|
return c.deleteDownstreamForClone(policy, ur)
|
|
}
|
|
|
|
func (c *GenerateController) deleteDownstreamForClone(policy kyvernov1.PolicyInterface, ur *kyvernov1beta1.UpdateRequest) error {
|
|
if !ur.Spec.DeleteDownstream {
|
|
return nil
|
|
}
|
|
|
|
for _, rule := range policy.GetSpec().Rules {
|
|
if ur.Spec.Rule != rule.Name {
|
|
continue
|
|
}
|
|
|
|
downstreams, err := FindDownstream(c.client, policy, rule)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var errs []error
|
|
failedDownstreams := []kyvernov1.ResourceSpec{}
|
|
for _, downstream := range downstreams.Items {
|
|
if err := c.client.DeleteResource(context.TODO(), downstream.GetAPIVersion(), downstream.GetKind(), downstream.GetNamespace(), downstream.GetName(), false); err != nil && !apierrors.IsNotFound(err) {
|
|
failedDownstreams = append(failedDownstreams, common.ResourceSpecFromUnstructured(downstream))
|
|
errs = append(errs, err)
|
|
}
|
|
}
|
|
if len(errs) != 0 {
|
|
c.log.Error(multierr.Combine(errs...), "failed to clean up downstream resources on source deletion")
|
|
_, err = c.statusControl.Failed(ur.GetName(),
|
|
fmt.Sprintf("failed to clean up downstream resources on source deletion: %v", multierr.Combine(errs...)),
|
|
failedDownstreams)
|
|
} else {
|
|
_, err = c.statusControl.Success(ur.GetName(), nil)
|
|
}
|
|
return err
|
|
}
|
|
return nil
|
|
}
|