additional obj specfically for deletion

pkg/controller/keyvault/ingress_secret_provider_class.go

@@ -117,14 +117,17 @@ func (i *IngressSecretProviderClassReconciler) Reconcile(ctx context.Context, re
 
 	logger.Info("cleaning unused managed spc for ingress")
 	logger.Info("getting secret provider class for ingress")
-	err = i.client.Get(ctx, client.ObjectKeyFromObject(spc), spc)
+
+	toCleanSPC := &secv1.SecretProviderClass{}
+
+	err = i.client.Get(ctx, client.ObjectKeyFromObject(spc), toCleanSPC)
 	if err != nil {
 		return result, client.IgnoreNotFound(err)
 	}
 
-	if manifests.HasTopLevelLabels(spc.Labels) {
+	if manifests.HasTopLevelLabels(toCleanSPC.Labels) {
 		logger.Info("removing secret provider class for ingress")
-		err = i.client.Delete(ctx, spc)
+		err = i.client.Delete(ctx, toCleanSPC)
 		return result, client.IgnoreNotFound(err)
 	}
 

pkg/controller/keyvault/placeholder_pod.go

@@ -116,13 +116,14 @@ func (p *PlaceholderPodController) Reconcile(ctx context.Context, req ctrl.Reque
 		logger.Info("cleaning unused placeholder pod deployment")
 
 		logger.Info("getting placeholder deployment")
-		if err = p.client.Get(ctx, client.ObjectKeyFromObject(dep), dep); err != nil {
-			return result, client.IgnoreNotFound(err)
 
+		toCleanDeployment := &appsv1.Deployment{}
+		if err = p.client.Get(ctx, client.ObjectKeyFromObject(dep), toCleanDeployment); err != nil {
+			return result, client.IgnoreNotFound(err)
 		}
-		if manifests.HasTopLevelLabels(dep.Labels) {
+		if manifests.HasTopLevelLabels(toCleanDeployment.Labels) {
 			logger.Info("deleting placeholder deployment")
-			err = p.client.Delete(ctx, dep)
+			err = p.client.Delete(ctx, toCleanDeployment)
 			return result, client.IgnoreNotFound(err)
 		}
 	}

pkg/controller/osm/ingress_backend_reconciler.go

@@ -127,20 +127,36 @@ func (i *IngressBackendReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 
 	controllerName, ok := i.ingressControllerNamer.IngressControllerName(ing)
 	logger = logger.WithValues("ingressController", controllerName)
-	if ing.Annotations == nil || ing.Annotations["kubernetes.azure.com/use-osm-mtls"] == "" || !ok {
-		logger.Info("Ingress does not have osm mtls annotation, cleaning up managed IngressBackend")
+	ok = i.buildBackend(backend, ing, controllerName)
+	if ok {
+		logger.Info("reconciling OSM ingress backend for ingress")
+		err = util.Upsert(ctx, i.client, backend)
+		return result, err
+	}
 
-		logger.Info("getting IngressBackend")
-		err = i.client.Get(ctx, client.ObjectKeyFromObject(backend), backend)
-		if err != nil {
-			return result, client.IgnoreNotFound(err)
-		}
+	logger.Info("Ingress does not have osm mtls annotation, cleaning up managed IngressBackend")
+	logger.Info("getting IngressBackend")
 
-		if manifests.HasTopLevelLabels(backend.Labels) {
-			logger.Info("deleting IngressBackend")
-			err = i.client.Delete(ctx, backend)
-			return result, client.IgnoreNotFound(err)
-		}
+	toCleanBackend := &policyv1alpha1.IngressBackend{}
+	err = i.client.Get(ctx, client.ObjectKeyFromObject(backend), toCleanBackend)
+	if err != nil {
+		return result, client.IgnoreNotFound(err)
+	}
+
+	if manifests.HasTopLevelLabels(toCleanBackend.Labels) {
+		logger.Info("deleting IngressBackend")
+		err = i.client.Delete(ctx, toCleanBackend)
+		return result, client.IgnoreNotFound(err)
+	}
+
+	logger.Info("reconciling OSM ingress backend for ingress")
+	err = util.Upsert(ctx, i.client, toCleanBackend)
+	return result, err
+}
+
+func (i *IngressBackendReconciler) buildBackend(backend *policyv1alpha1.IngressBackend, ing *netv1.Ingress, controllerName string) bool {
+	if ing.Annotations == nil || ing.Annotations["kubernetes.azure.com/use-osm-mtls"] == "" {
+		return false
 	}
 
 	backend.Spec = policyv1alpha1.IngressBackendSpec{
@@ -176,7 +192,5 @@ func (i *IngressBackendReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		}
 	}
 
-	logger.Info("reconciling OSM ingress backend for ingress")
-	err = util.Upsert(ctx, i.client, backend)
-	return result, err
+	return true
 }

pkg/controller/osm/ingress_backend_reconciler_test.go

@@ -32,10 +32,10 @@ import (
 )
 
 var (
-	env        *envtest.Environment
-	restConfig *rest.Config
-	err        error
-	ing        = &netv1.Ingress{
+	env            *envtest.Environment
+	restConfig     *rest.Config
+	err            error
+	backendTestIng = &netv1.Ingress{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:        "test-ingress",
 			Namespace:   "test-ns",
@@ -74,7 +74,7 @@ func TestMain(m *testing.M) {
 }
 
 func TestIngressBackendReconcilerIntegration(t *testing.T) {
-	ing := ing.DeepCopy()
+	ing := backendTestIng.DeepCopy()
 	c := fake.NewClientBuilder().WithObjects(ing).Build()
 	require.NoError(t, policyv1alpha1.AddToScheme(c.Scheme()))
 
@@ -139,7 +139,7 @@ func TestIngressBackendReconcilerIntegration(t *testing.T) {
 }
 
 func TestIngressBackendReconcilerIntegrationNoLabels(t *testing.T) {
-	ing := ing.DeepCopy()
+	ing := backendTestIng.DeepCopy()
 	c := fake.NewClientBuilder().WithObjects(ing).Build()
 	require.NoError(t, policyv1alpha1.AddToScheme(c.Scheme()))
 
@@ -202,15 +202,19 @@ func TestIngressBackendReconcilerIntegrationNoLabels(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, testutils.GetErrMetricCount(t, ingressBackendControllerName), beforeErrCount)
 	require.Greater(t, testutils.GetReconcileMetricCount(t, ingressBackendControllerName, metrics.LabelSuccess), beforeReconcileCount)
+
+	require.False(t, errors.IsNotFound(e.client.Get(ctx, client.ObjectKeyFromObject(backend), backend)))
+	assert.Equal(t, 0, len(backend.Labels))
 	_, err = e.Reconcile(ctx, req)
 	require.NoError(t, err)
+	assert.Equal(t, 0, len(backend.Labels))
 
 	// Prove the ingress backend was not cleaned up
 	require.False(t, errors.IsNotFound(e.client.Get(ctx, client.ObjectKeyFromObject(backend), backend)))
 }
 
 func TestNewIngressBackendReconciler(t *testing.T) {
-	ing := ing.DeepCopy()
+	ing := backendTestIng.DeepCopy()
 	m, err := manager.New(restConfig, manager.Options{Metrics: metricsserver.Options{BindAddress: ":0"}})
 	require.NoError(t, err)