Fix BackendConfig.securityPolicy is not removed after config updates

kubernetes · Jul 26, 2022 · a5bbb02 · a5bbb02
1 parent d5436d7
commit a5bbb02
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/pkg/backends/features/securitypolicy.go b/pkg/backends/features/securitypolicy.go
@@ -31,20 +31,23 @@ import (
 // EnsureSecurityPolicy ensures the security policy link on backend service.
 // TODO(mrhohn): Emit event when attach/detach security policy to backend service.
 func EnsureSecurityPolicy(cloud *gce.Cloud, sp utils.ServicePort, be *composite.BackendService) error {
-	if sp.BackendConfig.Spec.SecurityPolicy == nil {
-		return nil
-	}
-
 	if be.Scope != meta.Global {
 		return fmt.Errorf("cloud armor security policies not supported for %s backend service %s", be.Scope, be.Name)
 	}
 
+	var desiredPolicyName string
+	if sp.BackendConfig.Spec.SecurityPolicy != nil {
+		desiredPolicyName = sp.BackendConfig.Spec.SecurityPolicy.Name
+	} else {
+		desiredPolicyName = ""
+	}
+
 	existingPolicyName, err := utils.KeyName(be.SecurityPolicy)
 	// The parser returns error for empty values.
 	if be.SecurityPolicy != "" && err != nil {
 		return err
 	}
-	desiredPolicyName := sp.BackendConfig.Spec.SecurityPolicy.Name
+
 	if existingPolicyName == desiredPolicyName {
 		return nil
 	}