bug fix prune detached obj

Description of problem: When Pod security policy is created and the status is changed from inform to enforce, the status is toggling. Not able to enforce pod security policy. How to fix Set default value when Kube API value omitted ref: https://issues.redhat.com/browse/ACM-3109 Signed-off-by: Yi Rae Kim <yikim@redhat.com>
open-cluster-management-io · Mar 31, 2023 · 1201692 · 1201692
1 parent e868a2b
commit 1201692
Show file tree

Hide file tree

Showing 18 changed files with 1,046 additions and 58 deletions.
diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go
@@ -1136,14 +1136,15 @@ func (r *ConfigurationPolicyReconciler) handleObjectTemplates(plc policyv1.Confi
 func (r *ConfigurationPolicyReconciler) checkRelatedAndUpdate(
 	plc policyv1.ConfigurationPolicy, related, oldRelated []policyv1.RelatedObject, sendEvent bool,
 ) {
-	sortRelatedObjectsAndUpdate(&plc, related, oldRelated, r.EnableMetrics)
+	r.sortRelatedObjectsAndUpdate(&plc, related, oldRelated, r.EnableMetrics)
 	// An update always occurs to account for the lastEvaluated status field
 	r.addForUpdate(&plc, sendEvent)
 }
 
 // helper function to check whether related objects has changed
-func sortRelatedObjectsAndUpdate(
-	plc *policyv1.ConfigurationPolicy, related, oldRelated []policyv1.RelatedObject, collectMetrics bool,
+func (r *ConfigurationPolicyReconciler) sortRelatedObjectsAndUpdate(
+	plc *policyv1.ConfigurationPolicy, related, oldRelated []policyv1.RelatedObject,
+	collectMetrics bool,
 ) {
 	sort.SliceStable(related, func(i, j int) bool {
 		if related[i].Object.Kind != related[j].Object.Kind {
@@ -1156,8 +1157,6 @@ func sortRelatedObjectsAndUpdate(
 		return related[i].Object.Metadata.Name < related[j].Object.Metadata.Name
 	})
 
-	update := false
-
 	// Instantiate found objects for the related object metric
 	found := map[string]bool{}
 
@@ -1215,19 +1214,34 @@ func sortRelatedObjectsAndUpdate(
 		}
 	}
 
-	if len(oldRelated) == len(related) {
-		for i, entry := range oldRelated {
-			if !gocmp.Equal(entry, related[i]) {
-				update = true
-			}
+	if !gocmp.Equal(related, oldRelated) {
+		r.deleteDetachedObj(*plc, related, oldRelated)
+		plc.Status.RelatedObjects = related
+	}
+}
+
+// helper function to delete unconnected objs
+func (r *ConfigurationPolicyReconciler) deleteDetachedObj(plc policyv1.ConfigurationPolicy,
+	related, oldRelated []policyv1.RelatedObject,
+) []policyv1.RelatedObject {
+	objShouldRemoved := []policyv1.RelatedObject{}
+	// Pick out only obj should be removed in oldRelated
+	for _, oldR := range oldRelated {
+		isContain := containRelated(related, oldR)
+
+		if !isContain {
+			objShouldRemoved = append(objShouldRemoved, oldR)
 		}
-	} else {
-		update = true
 	}
 
-	if update {
-		plc.Status.RelatedObjects = related
+	plc.Status.RelatedObjects = objShouldRemoved
+
+	// removed objs which are not related(detached) anymore
+	if r != nil {
+		r.cleanUpChildObjects(plc)
 	}
+	// For now this is for unit test
+	return objShouldRemoved
 }
 
 // helper function that appends a condition (violation or compliant) to the status of a configurationpolicy