mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-10 18:06:55 +00:00
56d32e93e7
* fix: stop mutation policies when autogen internals is enabled (#4004) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commitc9f8a68d8a) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use background helper in ur generator (#4009) * fix: stop mutating cached resource in ur controller (#4003) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commitdac733755b) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use background helper in ur generator Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commit3a3556919f) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: move label helper utils from policy package to background package (#3996) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commit1712dfa947) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
71 lines
2.4 KiB
Go
71 lines
2.4 KiB
Go
package cleanup
|
|
|
|
import (
|
|
"strconv"
|
|
|
|
"github.com/go-logr/logr"
|
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
|
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
|
)
|
|
|
|
func (c *Controller) processUR(ur kyvernov1beta1.UpdateRequest) error {
|
|
logger := c.log.WithValues("kind", ur.Kind, "namespace", ur.Namespace, "name", ur.Name)
|
|
// 1- Corresponding policy has been deleted
|
|
// then we don't delete the generated resources
|
|
|
|
// 2- The trigger resource is deleted, then delete the generated resources
|
|
if !ownerResourceExists(logger, c.client, ur) {
|
|
deleteUR := false
|
|
// check retry count in annotaion
|
|
urAnnotations := ur.Annotations
|
|
if val, ok := urAnnotations[kyvernov1beta1.URGenerateRetryCountAnnotation]; ok {
|
|
retryCount, err := strconv.ParseUint(val, 10, 32)
|
|
if err != nil {
|
|
logger.Error(err, "unable to convert retry-count")
|
|
return err
|
|
}
|
|
|
|
if retryCount >= 5 {
|
|
deleteUR = true
|
|
}
|
|
}
|
|
|
|
if deleteUR {
|
|
if err := deleteGeneratedResources(logger, c.client, ur); err != nil {
|
|
return err
|
|
}
|
|
// - trigger-resource is deleted
|
|
// - generated-resources are deleted
|
|
// - > Now delete the UpdateRequest CR
|
|
return c.control.Delete(ur.Name)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func ownerResourceExists(log logr.Logger, client dclient.Interface, ur kyvernov1beta1.UpdateRequest) bool {
|
|
_, err := client.GetResource("", ur.Spec.Resource.Kind, ur.Spec.Resource.Namespace, ur.Spec.Resource.Name)
|
|
// trigger resources has been deleted
|
|
if apierrors.IsNotFound(err) {
|
|
return false
|
|
}
|
|
if err != nil {
|
|
log.Error(err, "failed to get resource", "genKind", ur.Spec.Resource.Kind, "genNamespace", ur.Spec.Resource.Namespace, "genName", ur.Spec.Resource.Name)
|
|
}
|
|
// if there was an error while querying the resources we don't delete the generated resources
|
|
// but expect the deletion in next reconciliation loop
|
|
return true
|
|
}
|
|
|
|
func deleteGeneratedResources(log logr.Logger, client dclient.Interface, ur kyvernov1beta1.UpdateRequest) error {
|
|
for _, genResource := range ur.Status.GeneratedResources {
|
|
err := client.DeleteResource("", genResource.Kind, genResource.Namespace, genResource.Name, false)
|
|
if err != nil && !apierrors.IsNotFound(err) {
|
|
return err
|
|
}
|
|
|
|
log.V(3).Info("generated resource deleted", "genKind", ur.Spec.Resource.Kind, "genNamespace", ur.Spec.Resource.Namespace, "genName", ur.Spec.Resource.Name)
|
|
}
|
|
return nil
|
|
}
|