Merge pull request openshift#15142 from liggitt/role-controller-cleanup

Merged by openshift-bot

Author: OpenShift Bot

pkg/authorization/controller/authorizationsync/origin_to_rbac_clusterrole_controller.go

@@ -70,7 +70,11 @@ func (c *OriginClusterRoleToRBACClusterRoleController) syncClusterRole(name stri
 	// if the origin role doesn't exist, just delete the rbac role
 	if apierrors.IsNotFound(originErr) {
 		// orphan on delete to minimize fanout.  We ought to clean the rest via controller too.
-		return c.rbacClient.ClusterRoles().Delete(name, nil)
+		deleteErr := c.rbacClient.ClusterRoles().Delete(name, nil)
+		if apierrors.IsNotFound(deleteErr) {
+			return nil
+		}
+		return deleteErr
 	}
 
 	// determine if we need to create, update or do nothing
@@ -133,15 +137,17 @@ func (c *OriginClusterRoleToRBACClusterRoleController) clusterPolicyEventHandler
 				tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
+					return
 				}
 				originContainerObj, ok = tombstone.Obj.(*authorizationapi.ClusterPolicy)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Tombstone contained object that is not a runtime.Object %#v", obj))
+					return
 				}
 			}
 
 			for _, originObj := range originContainerObj.Roles {
-				c.originIndexer.Add(originObj)
+				c.originIndexer.Delete(originObj)
 				key, err := controller.KeyFunc(originObj)
 				if err != nil {
 					utilruntime.HandleError(err)

pkg/authorization/controller/authorizationsync/origin_to_rbac_clusterrolebinding_controller.go

@@ -70,7 +70,11 @@ func (c *OriginClusterRoleBindingToRBACClusterRoleBindingController) syncCluster
 	// if the origin roleBinding doesn't exist, just delete the rbac roleBinding
 	if apierrors.IsNotFound(originErr) {
 		// orphan on delete to minimize fanout.  We ought to clean the rest via controller too.
-		return c.rbacClient.ClusterRoleBindings().Delete(name, nil)
+		deleteErr := c.rbacClient.ClusterRoleBindings().Delete(name, nil)
+		if apierrors.IsNotFound(deleteErr) {
+			return nil
+		}
+		return deleteErr
 	}
 
 	// determine if we need to create, update or do nothing
@@ -133,15 +137,17 @@ func (c *OriginClusterRoleBindingToRBACClusterRoleBindingController) clusterPoli
 				tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
+					return
 				}
 				originContainerObj, ok = tombstone.Obj.(*authorizationapi.ClusterPolicyBinding)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Tombstone contained object that is not a runtime.Object %#v", obj))
+					return
 				}
 			}
 
 			for _, originObj := range originContainerObj.RoleBindings {
-				c.originIndexer.Add(originObj)
+				c.originIndexer.Delete(originObj)
 				key, err := controller.KeyFunc(originObj)
 				if err != nil {
 					utilruntime.HandleError(err)

pkg/authorization/controller/authorizationsync/origin_to_rbac_role_controller.go

@@ -75,7 +75,11 @@ func (c *OriginRoleToRBACRoleController) syncRole(key string) error {
 	// if the origin role doesn't exist, just delete the rbac role
 	if apierrors.IsNotFound(originErr) {
 		// orphan on delete to minimize fanout.  We ought to clean the rest via controller too.
-		return c.rbacClient.Roles(namespace).Delete(name, nil)
+		deleteErr := c.rbacClient.Roles(namespace).Delete(name, nil)
+		if apierrors.IsNotFound(deleteErr) {
+			return nil
+		}
+		return deleteErr
 	}
 
 	// determine if we need to create, update or do nothing
@@ -138,15 +142,17 @@ func (c *OriginRoleToRBACRoleController) policyEventHandler() cache.ResourceEven
 				tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
+					return
 				}
 				originContainerObj, ok = tombstone.Obj.(*authorizationapi.Policy)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Tombstone contained object that is not a runtime.Object %#v", obj))
+					return
 				}
 			}
 
 			for _, originObj := range originContainerObj.Roles {
-				c.originIndexer.Add(originObj)
+				c.originIndexer.Delete(originObj)
 				key, err := controller.KeyFunc(originObj)
 				if err != nil {
 					utilruntime.HandleError(err)

pkg/authorization/controller/authorizationsync/origin_to_rbac_rolebinding_controller.go

@@ -75,7 +75,11 @@ func (c *OriginRoleBindingToRBACRoleBindingController) syncRoleBinding(key strin
 	// if the origin roleBinding doesn't exist, just delete the rbac roleBinding
 	if apierrors.IsNotFound(originErr) {
 		// orphan on delete to minimize fanout.  We ought to clean the rest via controller too.
-		return c.rbacClient.RoleBindings(namespace).Delete(name, nil)
+		deleteErr := c.rbacClient.RoleBindings(namespace).Delete(name, nil)
+		if apierrors.IsNotFound(deleteErr) {
+			return nil
+		}
+		return deleteErr
 	}
 
 	// determine if we need to create, update or do nothing
@@ -138,15 +142,17 @@ func (c *OriginRoleBindingToRBACRoleBindingController) policyBindingEventHandler
 				tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Couldn't get object from tombstone %#v", obj))
+					return
 				}
 				originContainerObj, ok = tombstone.Obj.(*authorizationapi.PolicyBinding)
 				if !ok {
 					utilruntime.HandleError(fmt.Errorf("Tombstone contained object that is not a runtime.Object %#v", obj))
+					return
 				}
 			}
 
 			for _, originObj := range originContainerObj.RoleBindings {
-				c.originIndexer.Add(originObj)
+				c.originIndexer.Delete(originObj)
 				key, err := controller.KeyFunc(originObj)
 				if err != nil {
 					utilruntime.HandleError(err)