search

loft-sh / jspolicy

jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
https://www.jspolicy.com
Apache License 2.0
353 stars 35 forks source link

Mutate object in DELETE operation #114

Closed AmirRezaSobhdel closed 4 months ago

AmirRezaSobhdel commented 8 months ago

I have set a finalizer to my resource and this resource will not be deleted before its finalizer is removed in my operator's reconciler. (I am not using jspolicy controller, Im using go-operator-SDK for this purpose). For UPDATE and CREATE operations Im using a jspolicy mutation to add request.userInfo.username to the annotations in metadata. I am then using this annotation in my operator reconciler.

*** But for DELETE operation its not possible to mutate the object. The resource is still not deleted because it has a finalizer set to it. I want to achieve the same functionality for the delete operation. am I missing something? can you add mutate support for DELETE operation?

FabianKramm commented 8 months ago

@AmirRezaSobhdel thanks for creating this issue! Since DELETE does not modify the object besides setting the metadata.deletionTimestamp, this won't work with a mutating webhook according to my knowledge.

An alternative is to have a jspolicy controller that watches for deleted objects that have a certain finalizer and then remove those finalizers automatically.

alexandradragodan commented 7 months ago

@AmirRezaSobhdel did you get to try out the controller solution Fabian suggested above?

alexandradragodan commented 4 months ago

Closing this issue due to inactivity atm. @AmirRezaSobhdel feel free to reach back out with more details in case it pops up again.