[Bug] Kubevirt resource transform not removing namespace resource

[usrbinkat]

Problem

Trying to eliminate a built in namespace resource from a remote k8s.core.v1.ConfigFile manifest using transformations.

Logging indicates the condition is correctly detected but the namespace resource is still deployed.

Code permalink

    # Define the transformation to remove Namespace creation and ensure correct namespace for other resources
    # TODO: fix transformation to remove namespace creation (currently producing duplicate namespace resource)
    def remove_namespace_transform(args):
        if args['kind'] == "Namespace":
            pulumi.log.info(f"Skipping creation of duplicate Namespace: {args['metadata']['name']}")
            return None  # Skip the creation of this resource if it's a duplicate
        else:
            if 'metadata' in args:
                args['metadata']['namespace'] = ns_name
        pulumi.log.info(f"Transforming resource of namespace/kind: {ns_name}/{args['kind']}")
        return args

Bash

Kargo on  mvp/usrbinkat/refactor [!] via  usrbinkat@ci via 🐍 v3.10.12 
🐋 ❯ pulumi up --skip-preview --refresh=true
Updating (ci)

View in Browser (Ctrl+O): https://app.pulumi.com/usrbinkat/kargo/ci/updates/165

     Type                                                                  Name                                    Status              Info
     pulumi:pulumi:Stack                                                   kargo-ci                                                    4 messages
     ├─ pulumi:providers:kubernetes                                        k8sProvider                                                 
     ├─ kubernetes:core/v1:Namespace                                       cert-manager                                                
     │  └─ kubernetes:helm.sh/v3:Release                                   cert-manager                                                
     │     └─ kubernetes:cert-manager.io/v1:ClusterIssuer                  cluster-selfsigned-issuer-root                              [diff: ~metadata]
     │        └─ kubernetes:cert-manager.io/v1:Certificate                 cluster-selfsigned-issuer-ca                                
     │           └─ kubernetes:cert-manager.io/v1:ClusterIssuer            cluster-selfsigned-issuer                                   [diff: ~metadata]
     ├─ kubernetes:core/v1:Namespace                                       kubevirt                                                    
     │  └─ kubernetes:yaml:ConfigFile                                      kubevirt-operator                                           
     │     ├─ kubernetes:rbac.authorization.k8s.io/v1:ClusterRole          kubevirt/kubevirt-operator                                  [diff: ~metadata]
     │     ├─ kubernetes:core/v1:ServiceAccount                            kubevirt/kubevirt-operator                                  
     │     ├─ kubernetes:kubevirt.io/v1:KubeVirt                           kubevirt                                                    
     │     ├─ kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding   kubevirt/kubevirt-operator                                  [diff: ~metadata]
     │     ├─ kubernetes:apps/v1:Deployment                                kubevirt/virt-operator                                      
     │     ├─ kubernetes:core/v1:Namespace                                 kubevirt                                                    
     │     ├─ kubernetes:scheduling.k8s.io/v1:PriorityClass                kubevirt/kubevirt-cluster-critical                          [diff: ~metadata]
     │     ├─ kubernetes:rbac.authorization.k8s.io/v1:ClusterRole          kubevirt/kubevirt.io:operator                               [diff: ~metadata]
     │     ├─ kubernetes:rbac.authorization.k8s.io/v1:RoleBinding          kubevirt/kubevirt-operator-rolebinding                      
     │     ├─ kubernetes:rbac.authorization.k8s.io/v1:Role                 kubevirt/kubevirt-operator                                  
     │     └─ kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition  kubevirt/kubevirts.kubevirt.io                              [diff: ~metadata]
 ~   ├─ kubernetes:core/v1:Endpoints                                       kubernetes                              refresh (0.13s)     [diff: +apiVersion,kind,metadata]
     └─ custom:x:KubernetesApiEndpointIp                                   kubernetes-endpoint-service-address                         

Diagnostics:
  pulumi:pulumi:Stack (kargo-ci):
    Using helm release version: cert-manager/1.14.5
    Using KubeVirt version: kubevirt/1.2.0
    Using emulation for KubeVirt in developer mode
    Skipping creation of duplicate Namespace: kubevirt

Outputs:
    kubernetes-endpoint-service-address: "172.18.0.2"

Resources:
    21 unchanged

Duration: 10s

[usrbinkat]

implemented workaround by writing transformed manifest with removed namespace resources to disk path and executing ConfigFile against the transformed manifest on disk.

[usrbinkat]

On further investigation, it was conclusively determined that transformations currently have no support for resource removal, only transformation.