Skip to content

Commit

Permalink
unexpectedly deleted when pruneObjectBehavior is None
Browse files Browse the repository at this point in the history
Signed-off-by: Yi Rae Kim <yikim@redhat.com>
  • Loading branch information
yiraeChristineKim committed Jun 14, 2023
1 parent f96afe5 commit ca93716
Show file tree
Hide file tree
Showing 6 changed files with 134 additions and 420 deletions.
60 changes: 29 additions & 31 deletions controllers/configurationpolicy_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -506,10 +506,30 @@ func (r *ConfigurationPolicyReconciler) getObjectTemplateDetails(
return templateObjs, selectedNamespaces, false, nil
}

func (r *ConfigurationPolicyReconciler) cleanUpChildObjects(plc policyv1.ConfigurationPolicy) []string {
func (r *ConfigurationPolicyReconciler) cleanUpChildObjects(plc policyv1.ConfigurationPolicy,
newRelated []policyv1.RelatedObject,
) []string {
deletionFailures := []string{}
objsToDelete := plc.Status.RelatedObjects

for _, object := range plc.Status.RelatedObjects {
// When spec is updated and new related objects are created
if len(newRelated) != 0 {
log.Info("preparing to delete detached objects...")

var objShouldRemoved []policyv1.RelatedObject

for _, oldR := range objsToDelete {
exist := containRelated(newRelated, oldR)

if !exist {
objShouldRemoved = append(objShouldRemoved, oldR)
}
}

objsToDelete = objShouldRemoved
}

for _, object := range objsToDelete {
// set up client for object deletion
gvk := schema.FromAPIVersionAndKind(object.Object.APIVersion, object.Object.Kind)

Expand Down Expand Up @@ -558,7 +578,7 @@ func (r *ConfigurationPolicyReconciler) cleanUpChildObjects(plc policyv1.Configu
if strings.EqualFold(string(plc.Spec.RemediationAction), "enforce") {
if string(plc.Spec.PruneObjectBehavior) == "DeleteAll" {
needsDelete = true
} else {
} else if string(plc.Spec.PruneObjectBehavior) == "DeleteIfCreated" {
// if prune behavior is DeleteIfCreated, we need to check whether createdByPolicy
// is true and the UID is not stale
uid, uidFound, err := unstructured.NestedString(existing.Object, "metadata", "uid")
Expand All @@ -571,6 +591,8 @@ func (r *ConfigurationPolicyReconciler) cleanUpChildObjects(plc policyv1.Configu
object.Properties.UID == uid {
needsDelete = true
}
} else { // None or not
needsDelete = false
}
}

Expand Down Expand Up @@ -618,7 +640,7 @@ func (r *ConfigurationPolicyReconciler) cleanUpChildObjects(plc policyv1.Configu
continue
}

log.Info("Object successfully deleted as part of child object pruning")
log.Info("Object successfully deleted as part of child object pruning or detached objects")
}
}
}
Expand Down Expand Up @@ -767,7 +789,8 @@ func (r *ConfigurationPolicyReconciler) handleObjectTemplates(plc policyv1.Confi
if plc.ObjectMeta.DeletionTimestamp != nil {
log.V(1).Info("Config policy has been deleted, handling child objects")

failures := r.cleanUpChildObjects(plc)
// At here, relatedObjects is always []
failures := r.cleanUpChildObjects(plc, relatedObjects)

if len(failures) == 0 {
log.V(1).Info("Objects have been successfully cleaned up, removing finalizer")
Expand Down Expand Up @@ -1302,39 +1325,14 @@ func (r *ConfigurationPolicyReconciler) sortRelatedObjectsAndUpdate(
}

if !gocmp.Equal(related, oldRelated) {
// When it is hub or managed template parse error, it should not remove previous objects
if deleteDetachedObjs {
r.deleteDetachedObj(*plc, related, oldRelated)
r.cleanUpChildObjects(*plc, related)
}

plc.Status.RelatedObjects = related
}
}

// helper function to delete unconnected objs
func (r *ConfigurationPolicyReconciler) deleteDetachedObj(plc policyv1.ConfigurationPolicy,
related, oldRelated []policyv1.RelatedObject,
) []policyv1.RelatedObject {
objShouldRemoved := []policyv1.RelatedObject{}
// Pick out only obj should be removed in oldRelated
for _, oldR := range oldRelated {
isContain := containRelated(related, oldR)

if !isContain {
objShouldRemoved = append(objShouldRemoved, oldR)
}
}

plc.Status.RelatedObjects = objShouldRemoved

// removed objs which are not related(detached) anymore
if r != nil {
r.cleanUpChildObjects(plc)
}
// For now this is for unit test
return objShouldRemoved
}

// helper function that appends a condition (violation or compliant) to the status of a configurationpolicy
// Set the index to -1 to signal that the status should be cleared.
func addConditionToStatus(
Expand Down
Loading

0 comments on commit ca93716

Please sign in to comment.