deleting vapb on constraint delete

Signed-off-by: Jaydip Gabani <[email protected]>
open-policy-agent · Nov 20, 2024 · 3b6c0b9 · 3b6c0b9
1 parent 5f6e647
commit 3b6c0b9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 29 deletions.
diff --git a/pkg/controller/constraint/constraint_controller.go b/pkg/controller/constraint/constraint_controller.go
@@ -361,6 +361,20 @@ func (r *ReconcileConstraint) Reconcile(ctx context.Context, request reconcile.R
 				return reconcile.Result{}, err
 			}
 		}
+		isAPIEnabled, groupVersion := transform.IsVapAPIEnabled(&log)
+		if isAPIEnabled {
+			currentVapBinding, err := vapBindingForVersion(*groupVersion)
+			if err != nil {
+				return reconcile.Result{}, err
+			}
+			vapBindingName := fmt.Sprintf("gatekeeper-%s", instance.GetName())
+			currentVapBinding.SetName(vapBindingName)
+			if err := r.writer.Delete(ctx, currentVapBinding); err != nil {
+				if !apierrors.IsNotFound(err) {
+					return reconcile.Result{}, err
+				}
+			}
+		}
 	}
 	return reconcile.Result{}, nil
 }

diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go
@@ -683,11 +683,7 @@ func TestReconcile(t *testing.T) {
 			if vapBindingCreationTime.Before(blockTime) {
 				return fmt.Errorf("VAPBinding should be created after default wait")
 			}
-
-			if err := c.Delete(ctx, cstr); err != nil {
-				return err
-			}
-			return c.Delete(ctx, vapBinding)
+			return nil
 		})
 		if err != nil {
 			t.Fatal(err)
@@ -816,10 +812,7 @@ func TestReconcile(t *testing.T) {
 			if vapBindingCreationTime.Before(blockTime) {
 				return fmt.Errorf("VAPBinding should not be created before the timestamp")
 			}
-			if err := c.Delete(ctx, cstr); err != nil {
-				return err
-			}
-			return c.Delete(ctx, vapBinding)
+			return nil
 		})
 		if err != nil {
 			t.Fatal(err)
@@ -877,16 +870,6 @@ func TestReconcile(t *testing.T) {
 			t.Log(cfClient.Dump(ctx))
 			t.Fatalf("want 1 result, got %v", gotResults)
 		}
-
-		err = retry.OnError(testutils.ConstantRetry, func(_ error) bool {
-			return true
-		}, func() error {
-			return c.Delete(ctx, cstr)
-		})
-		if err != nil {
-			logger.Error(err, "delete cstr")
-			t.Fatal(err)
-		}
 	})
 
 	t.Run("Constraint with scoped enforcement actions is marked as enforced", func(t *testing.T) {
@@ -940,16 +923,6 @@ func TestReconcile(t *testing.T) {
 			t.Log(cfClient.Dump(ctx))
 			t.Fatalf("want 1 result, got %v", gotResults)
 		}
-
-		err = retry.OnError(testutils.ConstantRetry, func(_ error) bool {
-			return true
-		}, func() error {
-			return c.Delete(ctx, cstr)
-		})
-		if err != nil {
-			logger.Error(err, "delete cstr")
-			t.Fatal(err)
-		}
 	})
 
 	t.Run("Constraint with different ep than client and review should not be part of the review", func(t *testing.T) {