Удаление IEAgAg ghfdbk

gozdan-lordz · gozdan-lordz · commit bb8362cce4c3 · 2025-05-30T16:33:39.000+03:00
Сообщения в хуках сервиса и алиас
diff --git a/internal/controller/rules2s_controller.go b/internal/controller/rules2s_controller.go
@@ -72,15 +72,59 @@ func (r *RuleS2SReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		return ctrl.Result{}, err
 	}
 
+	// Add finalizer if it doesn't exist
+	if !controllerutil.ContainsFinalizer(ruleS2S, "netguard.sgroups.io/finalizer") {
+		logger.Info("Adding finalizer to RuleS2S", "name", ruleS2S.Name)
+		controllerutil.AddFinalizer(ruleS2S, "netguard.sgroups.io/finalizer")
+		if err := UpdateWithRetry(ctx, r.Client, ruleS2S, DefaultMaxRetries); err != nil {
+			logger.Error(err, "Failed to add finalizer to RuleS2S")
+			return ctrl.Result{}, err
+		}
+		// Return to avoid processing the same object twice in one reconciliation
+		return ctrl.Result{}, nil
+	}
+
 	// Check if the resource is being deleted
 	if !ruleS2S.DeletionTimestamp.IsZero() {
 		// Delete related IEAgAgRules
 		if err := r.deleteRelatedIEAgAgRules(ctx, ruleS2S); err != nil {
+			// Check if this is our custom error type
+			if failedErr, ok := err.(*FailedToDeleteRulesError); ok {
+				// Update status with error condition
+				errorMsg := fmt.Sprintf("Cannot delete RuleS2S because some IEAgAgRules could not be deleted: %s",
+					strings.Join(failedErr.FailedRules, ", "))
+
+				meta.SetStatusCondition(&ruleS2S.Status.Conditions, metav1.Condition{
+					Type:    netguardv1alpha1.ConditionReady,
+					Status:  metav1.ConditionFalse,
+					Reason:  "FailedToDeleteRules",
+					Message: errorMsg,
+				})
+
+				if updateErr := UpdateStatusWithRetry(ctx, r.Client, ruleS2S, DefaultMaxRetries); updateErr != nil {
+					logger.Error(updateErr, "Failed to update RuleS2S status")
+				}
+
+				logger.Error(err, "Failed to delete all related IEAgAgRules",
+					"failedRules", strings.Join(failedErr.FailedRules, ", "))
+
+				return ctrl.Result{}, nil
+			}
+
+			// For other errors, log and return the error
 			logger.Error(err, "Failed to delete related IEAgAgRules")
 			return ctrl.Result{}, err
 		}
 
-		// Resource is being deleted, no need to do anything else
+		// All related IEAgAgRules have been deleted, now remove the finalizer
+		logger.Info("Removing finalizer from RuleS2S", "name", ruleS2S.Name)
+		controllerutil.RemoveFinalizer(ruleS2S, "netguard.sgroups.io/finalizer")
+		if err := UpdateWithRetry(ctx, r.Client, ruleS2S, DefaultMaxRetries); err != nil {
+			logger.Error(err, "Failed to remove finalizer from RuleS2S")
+			return ctrl.Result{}, err
+		}
+
+		// Resource is being deleted and finalizer has been removed
 		return ctrl.Result{}, nil
 	}
 
@@ -854,7 +898,18 @@ func (r *RuleS2SReconciler) getExistingIEAgAgRules(ctx context.Context, ruleS2S
 	return relatedRules, nil
 }
 
+// FailedToDeleteRulesError is a custom error type for failed rule deletions
+type FailedToDeleteRulesError struct {
+	FailedRules []string
+}
+
+// Error implements the error interface
+func (e *FailedToDeleteRulesError) Error() string {
+	return fmt.Sprintf("failed to delete the following IEAgAgRules: %s", strings.Join(e.FailedRules, ", "))
+}
+
 // deleteRelatedIEAgAgRules deletes all IEAgAgRules that have an OwnerReference to the given RuleS2S
+// Returns a FailedToDeleteRulesError if any rules could not be deleted
 func (r *RuleS2SReconciler) deleteRelatedIEAgAgRules(ctx context.Context, ruleS2S *netguardv1alpha1.RuleS2S) error {
 	logger := log.FromContext(ctx)
 
@@ -867,29 +922,57 @@ func (r *RuleS2SReconciler) deleteRelatedIEAgAgRules(ctx context.Context, ruleS2
 	logger.Info("Deleting IEAgAgRules")
 	logger.Info("Deleting rule", "ruleName", ruleS2S.GetName(), "uuid", ruleS2S.GetUID())
 	logger.Info("ieAgAgRuleList", "listNumber", len(ieAgAgRuleList.Items))
+
+	var failedRules []string
+
 	// Check each rule for an OwnerReference to this RuleS2S
 	for _, rule := range ieAgAgRuleList.Items {
 		for _, ownerRef := range rule.GetOwnerReferences() {
-			logger.Info("Deleting rule", "Kind", ownerRef.Kind, "uuid", ownerRef.UID)
+			logger.Info("Checking rule", "Kind", ownerRef.Kind, "uuid", ownerRef.UID)
 			if ownerRef.UID == ruleS2S.GetUID() &&
 				ownerRef.Kind == "RuleS2S" &&
 				ownerRef.APIVersion == netguardv1alpha1.GroupVersion.String() {
 
 				// Found a rule that references this RuleS2S
 				logger.Info("Deleting related IEAgAgRule", "name", rule.Name, "namespace", rule.Namespace)
 
-				// Delete the rule
-				if err := r.Delete(ctx, &rule); err != nil {
+				// First, remove the finalizer if it exists
+				ruleCopy := rule.DeepCopy()
+				if controllerutil.ContainsFinalizer(ruleCopy, "provider.sgroups.io/finalizer") {
+					logger.Info("Removing finalizer from IEAgAgRule", "name", ruleCopy.Name, "namespace", ruleCopy.Namespace)
+					controllerutil.RemoveFinalizer(ruleCopy, "provider.sgroups.io/finalizer")
+
+					// Update the rule to remove the finalizer with retry
+					if err := UpdateWithRetry(ctx, r.Client, ruleCopy, DefaultMaxRetries); err != nil {
+						if !errors.IsNotFound(err) {
+							logger.Error(err, "Failed to remove finalizer from IEAgAgRule",
+								"name", ruleCopy.Name, "namespace", ruleCopy.Namespace)
+							// Continue with deletion attempt even if finalizer removal fails
+						}
+					}
+				}
+
+				// Then delete the rule
+				if err := r.Delete(ctx, ruleCopy); err != nil {
 					if !errors.IsNotFound(err) {
 						logger.Error(err, "Failed to delete related IEAgAgRule",
-							"name", rule.Name, "namespace", rule.Namespace)
-						return err
+							"name", ruleCopy.Name, "namespace", ruleCopy.Namespace)
+						// Add to failed rules list instead of returning immediately
+						failedRules = append(failedRules, fmt.Sprintf("%s/%s", ruleCopy.Namespace, ruleCopy.Name))
 					}
 				}
 			}
 		}
 	}
 
+	// If any rules failed to delete, return a custom error
+	if len(failedRules) > 0 {
+		logger.Error(fmt.Errorf("failed to delete some IEAgAgRules"),
+			"Some IEAgAgRules could not be deleted",
+			"failedRules", strings.Join(failedRules, ", "))
+		return &FailedToDeleteRulesError{FailedRules: failedRules}
+	}
+
 	return nil
 }
 
diff --git a/internal/webhook/v1alpha1/service_webhook.go b/internal/webhook/v1alpha1/service_webhook.go
@@ -206,15 +206,15 @@ func (v *ServiceCustomValidator) ValidateDelete(ctx context.Context, obj runtime
 			if rule.Spec.ServiceLocalRef.Name == alias.Name &&
 				rule.Namespace == alias.Namespace {
 				aliasesWithRules[alias.Name] = append(aliasesWithRules[alias.Name],
-					fmt.Sprintf("RuleS2S '%s' (as local service)", rule.Name))
+					fmt.Sprintf("RuleS2S '%s' in namespace '%s' (as local service)", rule.Name, rule.Namespace))
 			}
 
 			// Check if the rule references this alias as target service
 			targetNamespace := rule.Spec.ServiceRef.ResolveNamespace(rule.Namespace)
 			if rule.Spec.ServiceRef.Name == alias.Name &&
 				targetNamespace == alias.Namespace {
 				aliasesWithRules[alias.Name] = append(aliasesWithRules[alias.Name],
-					fmt.Sprintf("RuleS2S '%s' (as target service)", rule.Name))
+					fmt.Sprintf("RuleS2S '%s' in namespace '%s' (as target service)", rule.Name, rule.Namespace))
 			}
 		}
 	}
diff --git a/internal/webhook/v1alpha1/servicealias_webhook.go b/internal/webhook/v1alpha1/servicealias_webhook.go
@@ -160,25 +160,39 @@ func (v *ServiceAliasCustomValidator) ValidateDelete(ctx context.Context, obj ru
 
 		// Format local service references
 		if len(localServiceRefs) > 0 {
-			var localRules []string
+			var localRulesWithNamespace []string
 			for ruleName := range localServiceRefs {
-				localRules = append(localRules, ruleName)
+				// Find the rule to get its namespace
+				for _, rule := range ruleS2SList.Items {
+					if rule.Name == ruleName {
+						localRulesWithNamespace = append(localRulesWithNamespace,
+							fmt.Sprintf("%s in namespace %s", ruleName, rule.Namespace))
+						break
+					}
+				}
 			}
 			errorMsg += fmt.Sprintf("Cannot delete ServiceAlias %s: it is referenced by RuleS2S as local service:\n%s",
-				serviceAlias.Name, strings.Join(localRules, "\n"))
+				serviceAlias.Name, strings.Join(localRulesWithNamespace, "\n"))
 		}
 
 		// Format target service references
 		if len(targetServiceRefs) > 0 {
 			if errorMsg != "" {
 				errorMsg += "\n\n"
 			}
-			var targetRules []string
+			var targetRulesWithNamespace []string
 			for ruleName := range targetServiceRefs {
-				targetRules = append(targetRules, ruleName)
+				// Find the rule to get its namespace
+				for _, rule := range ruleS2SList.Items {
+					if rule.Name == ruleName {
+						targetRulesWithNamespace = append(targetRulesWithNamespace,
+							fmt.Sprintf("%s in namespace %s", ruleName, rule.Namespace))
+						break
+					}
+				}
 			}
 			errorMsg += fmt.Sprintf("Cannot delete ServiceAlias %s: it is referenced by RuleS2S as target service:\n%s",
-				serviceAlias.Name, strings.Join(targetRules, "\n"))
+				serviceAlias.Name, strings.Join(targetRulesWithNamespace, "\n"))
 		}
 
 		servicealiaslog.Info("Cannot delete ServiceAlias: it is referenced by RuleS2S",

Original file line number	Diff line number	Diff line change
`@@ -206,15 +206,15 @@ func (v *ServiceCustomValidator) ValidateDelete(ctx context.Context, obj runtime`
`206`	`206`	`if rule.Spec.ServiceLocalRef.Name == alias.Name &&`
`207`	`207`	`rule.Namespace == alias.Namespace {`
`208`	`208`	`aliasesWithRules[alias.Name] = append(aliasesWithRules[alias.Name],`
`209`		`- fmt.Sprintf("RuleS2S '%s' (as local service)", rule.Name))`
	`209`	`+ fmt.Sprintf("RuleS2S '%s' in namespace '%s' (as local service)", rule.Name, rule.Namespace))`
`210`	`210`	`}`
`211`	`211`
`212`	`212`	`// Check if the rule references this alias as target service`
`213`	`213`	`targetNamespace := rule.Spec.ServiceRef.ResolveNamespace(rule.Namespace)`
`214`	`214`	`if rule.Spec.ServiceRef.Name == alias.Name &&`
`215`	`215`	`targetNamespace == alias.Namespace {`
`216`	`216`	`aliasesWithRules[alias.Name] = append(aliasesWithRules[alias.Name],`
`217`		`- fmt.Sprintf("RuleS2S '%s' (as target service)", rule.Name))`
	`217`	`+ fmt.Sprintf("RuleS2S '%s' in namespace '%s' (as target service)", rule.Name, rule.Namespace))`
`218`	`218`	`}`
`219`	`219`	`}`
`220`	`220`	`}`