Nit fix

oracle · Aug 2, 2023 · 2830184 · 2830184
1 parent dda5df4
commit 2830184
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 26 deletions.
diff --git a/pkg/controllers/ingressclass/ingressclass.go b/pkg/controllers/ingressclass/ingressclass.go
@@ -277,10 +277,7 @@ func (c *Controller) ensureLoadBalancer(ic *networkingv1.IngressClass) error {
 
 	if *lb.Id != util.GetIngressClassLoadBalancerId(ic) {
 		klog.InfoS("Adding load balancer id to ingress class", "lbId", *lb.Id, "ingressClass", klog.KObj(ic))
-
-		patchBytes := []byte(fmt.Sprintf(`{"metadata":{"annotations":{"%s":"%s"}}}`, util.IngressClassLoadBalancerIdAnnotation, *lb.Id))
-
-		patchError, done := c.patchIngressClass(ic, patchBytes)
+		patchError, done := util.PatchIngressClassWithAnnotation(c.client, ic, util.IngressClassLoadBalancerIdAnnotation, *lb.Id)
 		if done {
 			return patchError
 		}
@@ -298,32 +295,14 @@ func (c *Controller) ensureLoadBalancer(ic *networkingv1.IngressClass) error {
 	return nil
 }
 
-func (c *Controller) patchIngressClass(ic *networkingv1.IngressClass, patchBytes []byte) (error, bool) {
-	err := retry.RetryOnConflict(retry.DefaultBackoff, func() error {
-		_, err := c.client.NetworkingV1().IngressClasses().Patch(context.TODO(), ic.Name, types.StrategicMergePatchType, patchBytes, metav1.PatchOptions{})
-		return err
-	})
-
-	if apierrors.IsConflict(err) {
-		return errors.Wrapf(err, "updateMaxRetries(%d) limit was reached while attempting to add load balancer id annotation", retry.DefaultBackoff.Steps), true
-	}
-
-	if err != nil {
-		return err, true
-	}
-	return nil, false
-}
-
 func (c *Controller) setupWebApplicationFirewall(ic *networkingv1.IngressClass, icp *v1beta1.IngressClassParameters, lb *ociloadbalancer.LoadBalancer) error {
-	firewall, err, err2, done := c.wafClient.GetFireWallId(ic, icp, lb, c.defaultCompartmentId)
+	firewall, err, err2, done := c.wafClient.GetFireWallId(c.client, ic, icp, lb, c.defaultCompartmentId)
 	if done {
 		return err2
 	}
 	// update to ingressclass
 	if err == nil && firewall.GetId() != nil {
-		patchBytes := []byte(fmt.Sprintf(`{"metadata":{"annotations":{"%s":"%s"}}}`, util.IngressClassFireWallIdAnnotation, *firewall.GetId()))
-
-		patchError, done := c.patchIngressClass(ic, patchBytes)
+		patchError, done := util.PatchIngressClassWithAnnotation(c.client, ic, util.IngressClassFireWallIdAnnotation, *firewall.GetId())
 		if done {
 			return patchError
 		}

diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -10,10 +10,10 @@
 package util
 
 import (
+	"context"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@@ -23,11 +23,18 @@ import (
 	ociloadbalancer "github.com/oracle/oci-go-sdk/v65/loadbalancer"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes"
 	corelisters "k8s.io/client-go/listers/core/v1"
 	networkinglisters "k8s.io/client-go/listers/networking/v1"
+	"k8s.io/client-go/util/retry"
 	"k8s.io/klog/v2"
 
+	"github.com/pkg/errors"
+
 	"github.com/oracle/oci-native-ingress-controller/api/v1beta1"
 )
 
@@ -409,3 +416,22 @@ func GetCurrentTimeInUnixMillis() int64 {
 func GetTimeDifferenceInSeconds(startTime, endTime int64) float64 {
 	return float64(endTime-startTime) / 1000
 }
+
+func PatchIngressClassWithAnnotation(client kubernetes.Interface, ic *networkingv1.IngressClass, annotationName string, annotationValue string) (error, bool) {
+
+	patchBytes := []byte(fmt.Sprintf(`{"metadata":{"annotations":{"%s":"%s"}}}`, annotationName, annotationValue))
+
+	err := retry.RetryOnConflict(retry.DefaultBackoff, func() error {
+		_, err := client.NetworkingV1().IngressClasses().Patch(context.TODO(), ic.Name, types.StrategicMergePatchType, patchBytes, metav1.PatchOptions{})
+		return err
+	})
+
+	if apierrors.IsConflict(err) {
+		return errors.Wrapf(err, "updateMaxRetries(%d) limit was reached while attempting to add load balancer id annotation", retry.DefaultBackoff.Steps), true
+	}
+
+	if err != nil {
+		return err, true
+	}
+	return nil, false
+}
diff --git a/pkg/waf/waf.go b/pkg/waf/waf.go
@@ -13,6 +13,7 @@ import (
 	"github.com/oracle/oci-native-ingress-controller/pkg/util"
 	networkingv1 "k8s.io/api/networking/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
 )
 
@@ -49,14 +50,16 @@ func (W Client) CreateFirewall(lbId *string, compartmentID *string, policyId *st
 	return r, err
 }
 
-func (W Client) GetFireWallId(ic *networkingv1.IngressClass, icp *v1beta1.IngressClassParameters, lb *ociloadbalancer.LoadBalancer, c string) (waf.CreateWebAppFirewallResponse, error, error, bool) {
+func (W Client) GetFireWallId(kubeClient kubernetes.Interface, ic *networkingv1.IngressClass, icp *v1beta1.IngressClassParameters, lb *ociloadbalancer.LoadBalancer, c string) (waf.CreateWebAppFirewallResponse, error, error, bool) {
 	policyId := util.GetIngressClassWafPolicy(ic)
 	fireWallId := util.GetIngressClassFireWallId(ic)
 	compartmentId := common.String(util.GetIngressClassCompartmentId(icp, c))
 	if policyId == "" {
 		if fireWallId != "" {
 			// cleanup firewall
 			W.DeleteWebAppFirewallWithId(fireWallId)
+			util.PatchIngressClassWithAnnotation(kubeClient, ic, util.IngressClassFireWallIdAnnotation, "")
+			klog.Infof("Web Firewall cleaned up %s", fireWallId)
 		}
 		return waf.CreateWebAppFirewallResponse{}, nil, nil, true
 	}