From 8bdcc1d5c4b3fb9418b3e735fe36fbf672cfff12 Mon Sep 17 00:00:00 2001
From: Maxim Patlasov <mpt@redhat.com>
Date: Tue, 9 Jul 2024 14:46:58 -0700
Subject: [PATCH] Support deletion of ValidatingWebhookConfiguration

---
 .../resourceapply/admissionregistration.go    | 12 ++++
 .../admissionregistration_test.go             | 64 +++++++++++++++++++
 .../resource/resourceapply/generic.go         |  6 ++
 3 files changed, 82 insertions(+)

diff --git a/pkg/operator/resource/resourceapply/admissionregistration.go b/pkg/operator/resource/resourceapply/admissionregistration.go
index da3539a029..b6bcad5e0b 100644
--- a/pkg/operator/resource/resourceapply/admissionregistration.go
+++ b/pkg/operator/resource/resourceapply/admissionregistration.go
@@ -152,6 +152,18 @@ func ApplyValidatingWebhookConfigurationImproved(ctx context.Context, client adm
 	return actual, true, nil
 }
 
+func DeleteValidatingWebhookConfiguration(ctx context.Context, client admissionregistrationclientv1.ValidatingWebhookConfigurationsGetter, recorder events.Recorder, required *admissionregistrationv1.ValidatingWebhookConfiguration) (*admissionregistrationv1.ValidatingWebhookConfiguration, bool, error) {
+	err := client.ValidatingWebhookConfigurations().Delete(ctx, required.Name, metav1.DeleteOptions{})
+	if err != nil && apierrors.IsNotFound(err) {
+		return nil, false, nil
+	}
+	if err != nil {
+		return nil, false, err
+	}
+	reportDeleteEvent(recorder, required, err)
+	return nil, true, nil
+}
+
 // copyValidatingWebhookCABundle populates webhooks[].clientConfig.caBundle fields from existing resource if it was set before
 // and is not set in present. This provides upgrade compatibility with service-ca-bundle operator.
 func copyValidatingWebhookCABundle(from, to *admissionregistrationv1.ValidatingWebhookConfiguration) {
diff --git a/pkg/operator/resource/resourceapply/admissionregistration_test.go b/pkg/operator/resource/resourceapply/admissionregistration_test.go
index 01bf7d45c5..e509dd410e 100644
--- a/pkg/operator/resource/resourceapply/admissionregistration_test.go
+++ b/pkg/operator/resource/resourceapply/admissionregistration_test.go
@@ -382,6 +382,70 @@ func TestApplyValidatingConfiguration(t *testing.T) {
 	}
 }
 
+func TestDeleteValidatingConfiguration(t *testing.T) {
+	defaultHook := &admissionregistrationv1.ValidatingWebhookConfiguration{}
+	defaultHook.SetName("test")
+	deleteEvent := "ValidatingWebhookConfigurationDeleted"
+
+	tests := []struct {
+		name           string
+		expectModified bool
+		existing       func() *admissionregistrationv1.ValidatingWebhookConfiguration
+		input          func() *admissionregistrationv1.ValidatingWebhookConfiguration
+		expectedEvents []string
+	}{
+		{
+			name:           "Should delete webhook if it exists",
+			expectModified: true,
+			input: func() *admissionregistrationv1.ValidatingWebhookConfiguration {
+				hook := defaultHook.DeepCopy()
+				return hook
+			},
+			existing: func() *admissionregistrationv1.ValidatingWebhookConfiguration {
+				hook := defaultHook.DeepCopy()
+				return hook
+			},
+			expectedEvents: []string{deleteEvent},
+		},
+		{
+			name:           "Should do nothing if webhook does not exist",
+			expectModified: false,
+			input: func() *admissionregistrationv1.ValidatingWebhookConfiguration {
+				hook := defaultHook.DeepCopy()
+				return hook
+			},
+			expectedEvents: []string{},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			existingHooks := []runtime.Object{}
+			if test.existing != nil {
+				existingHooks = append(existingHooks, test.existing())
+			}
+			client := fake.NewSimpleClientset(existingHooks...)
+			recorder := events.NewInMemoryRecorder("test")
+
+			testApply := func(expectModify bool) {
+				updatedHook, modified, err := DeleteValidatingWebhookConfiguration(
+					context.TODO(),
+					client.AdmissionregistrationV1(),
+					recorder, test.input())
+				if err != nil {
+					t.Fatal(err)
+				}
+				if expectModify != modified {
+					t.Errorf("expected modified to be equal %v, got %v: %#v", expectModify, modified, updatedHook)
+				}
+			}
+
+			testApply(test.expectModified)
+			assertEvents(t, test.name, test.expectedEvents, recorder.Events())
+		})
+	}
+}
+
 func TestApplyValidatingAdmissionPolicyConfiguration(t *testing.T) {
 	defaultPolicy := &admissionregistrationv1beta1.ValidatingAdmissionPolicy{}
 	defaultPolicy.SetName("test")
diff --git a/pkg/operator/resource/resourceapply/generic.go b/pkg/operator/resource/resourceapply/generic.go
index 087893e029..d812254dc7 100644
--- a/pkg/operator/resource/resourceapply/generic.go
+++ b/pkg/operator/resource/resourceapply/generic.go
@@ -335,6 +335,12 @@ func DeleteAll(ctx context.Context, clients *ClientHolder, recorder events.Recor
 			} else {
 				_, result.Changed, result.Error = DeleteStorageClass(ctx, clients.kubeClient.StorageV1(), recorder, t)
 			}
+		case *admissionregistrationv1.ValidatingWebhookConfiguration:
+			if clients.kubeClient == nil {
+				result.Error = fmt.Errorf("missing kubeClient")
+			} else {
+				_, result.Changed, result.Error = DeleteValidatingWebhookConfiguration(ctx, clients.kubeClient.AdmissionregistrationV1(), recorder, t)
+			}
 		case *storagev1.CSIDriver:
 			if clients.kubeClient == nil {
 				result.Error = fmt.Errorf("missing kubeClient")