Remove orphaned network policy resource (#49)

Fixes: #48

This PR aims to address an issue introduced in release 2.0.1, where the
logic for generating network policy resources by the operator was
changed. From version 2.0.1 onwards, the operator no longer generates
network policies for Redis but failed to remove existing policies
generated prior to this version. This PR introduces a check and removal
process for that leftover network policiy.

---------

Co-authored-by: Ben Langfeld <[email protected]>
Co-authored-by: Aaron Kuehler <[email protected]>

Author: 3 people

CHANGELOG.md

@@ -9,6 +9,10 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator
 
 ## Unreleased
 
+### Fixed
+
+- [In version 2.0.1, the approach to generating network policy by the operator was modified. From v2.0.1 onwards, the operator no longer creates network policy for redis but continues to do it for sentinels. This fix automatically removes any leftover network policy from the namespace, eliminating the need for manual intervention](https://github.com/powerhome/redis-operator/pull/49)
+
 ### Changed
 
 - Add default haproxy image #47

mocks/operator/redisfailover/service/RedisFailoverClient.go

@@ -25,6 +25,10 @@ func (w *RedisFailoverHandler) Ensure(rf *redisfailoverv1.RedisFailover, labels
 		}
 	}
 
+	if err := w.rfService.DestroydOrphanedRedisNetworkPolicy(rf); err != nil {
+		return err
+	}
+
 	if rf.Spec.Haproxy != nil {
 		if err := w.rfService.EnsureHAProxyRedisMasterService(rf, labels, or); err != nil {
 			return err

operator/redisfailover/ensurer.go

@@ -151,6 +151,8 @@ func TestEnsure(t *testing.T) {
 			mrfs.On("EnsureRedisReadinessConfigMap", rf, mock.Anything, mock.Anything).Once().Return(nil)
 			mrfs.On("EnsureRedisStatefulset", rf, mock.Anything, mock.Anything).Once().Return(nil)
 
+			mrfs.On("DestroydOrphanedRedisNetworkPolicy", rf, mock.Anything, mock.Anything).Once().Return(nil)
+
 			// Create the Kops client and call the valid logic.
 			handler := rfOperator.NewRedisFailoverHandler(config, mrfs, mrfc, mrfh, mk, metrics.Dummy, log.Dummy)
 			err := handler.Ensure(rf, map[string]string{}, []metav1.OwnerReference{}, metrics.Dummy)

operator/redisfailover/ensurer_test.go

@@ -38,6 +38,8 @@ type RedisFailoverClient interface {
 
 	DestroySentinelResources(rFailover *redisfailoverv1.RedisFailover) error
 	UpdateStatus(rFailover *redisfailoverv1.RedisFailover) (*redisfailoverv1.RedisFailover, error)
+
+	DestroydOrphanedRedisNetworkPolicy(rFailover *redisfailoverv1.RedisFailover) error
 }
 
 // RedisFailoverKubeClient implements the required methods to talk with kubernetes
@@ -212,6 +214,22 @@ func (r *RedisFailoverKubeClient) DestroySentinelResources(rf *redisfailoverv1.R
 	return err
 }
 
+func (r *RedisFailoverKubeClient) DestroydOrphanedRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover) error {
+
+	name := GetRedisNetworkPolicyName(rf)
+
+	if _, err := r.K8SService.GetNetworkPolicy(rf.Namespace, name); err != nil {
+		if errors.IsNotFound(err) {
+			return nil
+		} else {
+			return err
+		}
+	}
+
+	err := r.K8SService.DeleteNetworkPolicy(rf.Namespace, name)
+	return err
+}
+
 // EnsureRedisStatefulset makes sure the redis statefulset exists in the desired state
 func (r *RedisFailoverKubeClient) EnsureRedisStatefulset(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error {
 	if !rf.Spec.Redis.DisablePodDisruptionBudget {