Remove the RBAC once the last sidecar from the namespace is removed

2023-02-21 20:48:59 +01:00 · 2023-02-21 20:48:59 +01:00 · 0c2d2d8f54
commit 0c2d2d8f54
parent cfea083594
2 changed files with 35 additions and 20 deletions
--- a/controllers/backupconfiguration_controller.go
+++ b/controllers/backupconfiguration_controller.go
@ -64,6 +64,7 @@ func (r *BackupConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.
 		if controllerutil.ContainsFinalizer(&backupConf, finalizerName) {
 			_ = r.DeleteSidecar(backupConf)
 			_ = r.DeleteCronJob(backupConf)
+			_ = r.deleteRBACSidecar(backupConf.Namespace)
 			controllerutil.RemoveFinalizer(&backupConf, finalizerName)
 			if err := r.Update(ctx, &backupConf); err != nil {
 				r.Log.Error(err, "unable to remove finalizer")
@ -96,16 +97,15 @@ func (r *BackupConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.
 	for _, target := range backupConf.Spec.Targets {
 		switch target.BackupType {
 		case formolv1alpha1.OnlineKind:
-			// TODO: add a sidecar to the pod with the target.Containers[].Paths mounted
 			if err := r.addOnlineSidecar(backupConf, target); err != nil {
 				r.Log.Error(err, "unable to add online sidecar")
 				return ctrl.Result{}, err
 			}
 			backupConf.Status.ActiveSidecar = true
 		case formolv1alpha1.JobKind:
-			// TODO: add a sidecar to the pod with a shared
+			// TODO: add a sidecar to the pod with a shared volume
 		case formolv1alpha1.SnapshotKind:
-			// TOD: add a sidecar to run the steps
+			// TODO: add a sidecar to run the steps
 		}
 	}

--- a/controllers/backupconfiguration_controller_helpers.go
+++ b/controllers/backupconfiguration_controller_helpers.go
@ -336,24 +336,39 @@ func (r *BackupConfigurationReconciler) addOnlineSidecar(backupConf formolv1alph
 	return
 }

+func (r *BackupConfigurationReconciler) deleteRBACSidecar(namespace string) error {
+	podList := corev1.PodList{}
+	if err := r.List(r.Context, &podList, &client.ListOptions{
+		Namespace: namespace,
+	}); err != nil {
+		r.Log.Error(err, "unable to get the list of pods", "namespace", namespace)
+		return err
+	}
+	for _, pod := range podList.Items {
+		for _, container := range pod.Spec.Containers {
+			for _, env := range container.Env {
+				if env.Name == formolv1alpha1.SIDECARCONTAINER_NAME {
+					// There is still a sidecar in the namespace.
+					// cannot delete the sidecar role
+					return nil
+				}
+			}
+		}
+	}
+	role := rbacv1.Role{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: namespace,
+			Name:      FORMOL_SIDECAR_ROLE,
+		},
+	}
+	if err := r.Delete(r.Context, &role); err != nil {
+		r.Log.Error(err, "unable to delete sidecar role")
+		return err
+	}
+	return nil
+}
+
 func (r *BackupConfigurationReconciler) createRBACSidecar(sa corev1.ServiceAccount) error {
-	//	sa := corev1.ServiceAccount {}
-	//	if err := r.Get(r.Context, client.ObjectKey {
-	//		Namespace: backupConf.Namespace,
-	//		Name: FORMOL_SA,
-	//	}, &sa); err != nil && errors.IsNotFound(err) {
-	//		sa = corev1.ServiceAccount {
-	//			ObjectMeta: metav1.ObjectMeta {
-	//				Namespace: backupConf.Namespace,
-	//				Name: FORMOL_SA,
-	//			},
-	//		}
-	//		r.Log.V(0).Info("Creating formol service account", "sa", sa)
-	//		if err = r.Create(r.Context, &sa); err != nil {
-	//			r.Log.Error(err, "unable to create service account")
-	//			return err
-	//		}
-	//	}
 	if sa.Name == "" {
 		sa.Name = "default"
 	}