Handle delition of PolicyExceptions with MatchingLabels

giantswarm · Jan 31, 2025 · 0b4e0d3 · 0b4e0d3
1 parent de7d51a
commit 0b4e0d3
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/internal/controller/policymanifest_controller.go b/internal/controller/policymanifest_controller.go
@@ -68,7 +68,16 @@ func (r *PolicyManifestReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 
 	// Check if the PolicyManifest has any exceptions defined before creation
 	if len(polman.Spec.Exceptions) == 0 && len(polman.Spec.AutomatedExceptions) == 0 {
-		// TODO: Cleanup exceptions if they exist
+		// Create label selector
+		labelSelector := client.MatchingLabels{
+			GSPolicy:  polman.ObjectMeta.Labels[GSPolicy],
+			ManagedBy: ComponentName,
+		}
+		// Delete Exception
+		if err := r.DeleteAllOf(ctx, &kyvernov2beta1.PolicyException{}, labelSelector); err != nil {
+			log.Log.Error(err, fmt.Sprintf("unable to delete PolicyException for %s", polman.ObjectMeta.Name))
+			return ctrl.Result{}, nil
+		}
 		// Exit since there are no exceptions
 		return utils.JitterRequeue(DefaultRequeueDuration, r.MaxJitterPercent, r.Log), nil
 	}
@@ -80,7 +89,7 @@ func (r *PolicyManifestReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	kyvernoPolicyException.Name = fmt.Sprintf("gs-kpo-%s-exceptions", polman.ObjectMeta.Name)
 	// Set labels.
 	kyvernoPolicyException.Labels = generateLabels()
-	kyvernoPolicyException.Labels["policy.giantswarm.io/policy"] = polman.ObjectMeta.Labels["policy.giantswarm.io/policy"]
+	kyvernoPolicyException.Labels[GSPolicy] = polman.ObjectMeta.Labels[GSPolicy]
 
 	kyvernoPolicyException.Spec.Background = &r.Background