diff --git a/pkg/cleanup/cleanup.go b/pkg/cleanup/cleanup.go deleted file mode 100644 index 755290a4..00000000 --- a/pkg/cleanup/cleanup.go +++ /dev/null @@ -1,57 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright 2023 Authors of Nimbus - -package cleanup - -/* -import ( - "context" - - "github.com/go-logr/logr" - "sigs.k8s.io/controller-runtime/pkg/client" - - intentv1 "github.com/5GSEC/nimbus/pkg/api/v1" - general "github.com/5GSEC/nimbus/pkg/controllers/general" - policy "github.com/5GSEC/nimbus/pkg/controllers/policy" -) - -// Cleanup is a function to clean up SecurityIntent resources. -// It removes all policies associated with each SecurityIntent before deleting the SecurityIntent itself. -func Cleanup(ctx context.Context, k8sClient client.Client, logger logr.Logger) error { - - // Logging the start of the cleanup process. - logger.Info("Performing cleanup") - - var securityIntentBindings intentv1.SecurityIntentBindingList - if err := k8sClient.List(ctx, &securityIntentBindings); err != nil { - logger.Error(err, "Unable to list SecurityIntentBinding resources for cleanup") - return err - } - - if len(securityIntentBindings.Items) == 0 { - logger.Info("No SecurityIntentBinding resources found for cleanup") - return nil - } - - npc := policy.NewNetworkPolicyController(k8sClient, nil) - - // Iterating over each SecurityIntent to delete associated policies. - for _, binding := range securityIntentBindings.Items { - bindingCopy := binding - bindingInfo := &general.BindingInfo{ - Binding: &bindingCopy, - } - - // Deleting network policies associated with the current SecurityIntent. - if err := npc.DeletePolicy(ctx, bindingInfo); err != nil { - logger.Error(err, "Failed to delete network policy for SecurityIntentBinding", "Name", bindingCopy.Name) - return err - } - if err := k8sClient.Delete(ctx, &bindingCopy); err != nil { - logger.Error(err, "Failed to delete SecurityIntentBinding", "Name", bindingCopy.Name) - continue - } - } - return nil -} -*/ diff --git a/pkg/receiver/securityintentbinding/securityintentbinding_controller.go b/pkg/receiver/securityintentbinding/securityintentbinding_controller.go index 0b5562d3..789c47fc 100644 --- a/pkg/receiver/securityintentbinding/securityintentbinding_controller.go +++ b/pkg/receiver/securityintentbinding/securityintentbinding_controller.go @@ -7,7 +7,9 @@ import ( "context" "fmt" + "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" @@ -76,6 +78,23 @@ func (r *SecurityIntentBindingReconciler) Reconcile(ctx context.Context, req ctr log.Info("SecurityIntentBinding resource found", "Name", req.Name, "Namespace", req.Namespace) } else { log.Info("SecurityIntentBinding resource not found", "Name", req.Name, "Namespace", req.Namespace) + + // Delete associated NimbusPolicy if exists + nimbusPolicy := &v1.NimbusPolicy{} + err := r.Get(ctx, types.NamespacedName{Name: req.Name, Namespace: req.Namespace}, nimbusPolicy) + if err != nil && !errors.IsNotFound(err) { + log.Error(err, "Failed to get NimbusPolicy for deletion") + return ctrl.Result{}, err + } + if err == nil { + // NimbusPolicy exists, delete it + if err := r.Delete(ctx, nimbusPolicy); err != nil { + log.Error(err, "Failed to delete NimbusPolicy") + return ctrl.Result{}, err + } + log.Info("Deleted NimbusPolicy due to SecurityIntentBinding deletion", "NimbusPolicy", req.NamespacedName) + } + return ctrl.Result{}, nil } // Call the MatchAndBindIntents function to generate the binding information. diff --git a/scripts/cleanup.sh b/scripts/cleanup.sh new file mode 100755 index 00000000..547cbbf7 --- /dev/null +++ b/scripts/cleanup.sh @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright 2023 Authors of Nimbus + +#!/bin/bash + +# Delete all SecurityIntent resources +kubectl delete securityintents --all --all-namespaces + +# Delete all SecurityIntentBinding resources +kubectl delete securityintentbindings --all --all-namespaces + +# Delete all NimbusPolicy resources +kubectl delete nimbuspolicies --all --all-namespaces + +echo "All resources have been successfully deleted." \ No newline at end of file