Store dependencies in ConfigMap

[sedkis]

Need to store the dependencies between the different objects in ConfigMaps, so that object delete requests can be checked in O(1) fashion. currently, we are iteratively doing it by combing through all Policies & Apis and doing comparisons. Not ideal and also hard to visually see the dependencies this way.

• [ ] (1) API can't be deleted if a security policy contains it, will continue to reconcile
• [ ] (2) API can't be created if references policy that does not exist (chicken and egg, how to handle scenario where API has policy (such as OIDC case), and both are created at same time? How does reconciler work?)
• [ ] (3) Webhook cant be deleted if an API contains it, will continue to reconcile
• [ ] (4) SecurityPolicy can't be created if references API that does not exist
• [ ] (5) None of the above can be created without Organization

2 ConfigMaps (per namespace), example:

- tyk_object_dependencies
---- webhooks/my-sample-webhook = ["my-httpbin-api"]
---- api/my-httpbin-api = ["my-security-policy-httpbin"]

example flow of API (1)

1. create API
2. create security policy which reference that api
3. attempt to delete api A) operator checks api in the map, sees api/my-httpbin-api = ["my-security-policy-httpbin"], turns out this API is being used in a policy, cannot be deleted. need to delete policy first

example flow of API (2)

1. create API with JWT where default policy is one that does not exist should fail creation and requeue

example flow of (3)

1. create webhook
2. create APi which reference that webhook
3. attempt to delete webhook A) operator checks webhook in the map, sees webhooks/my-sample-webhook = ["my-httpbin-api"], turns out this webhook is being used, cannot be deleted. need to delete webhook first

[asoorm]

@sedkis can we close this?

[sedkis]

Yes