Bug 1981732

Summary: [GSS][RFE][Add admission controller webhooks to the Noobaa CR]
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: nravinas
Component: Multi-Cloud Object GatewayAssignee: Utkarsh Srivastava <usrivast>
Status: CLOSED ERRATA QA Contact: krishnaram Karthick <kramdoss>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.7CC: belimele, bmesegue, etamir, nbecker, ocs-bugs, odf-bz-bot, tdesala, usrivast
Target Milestone: ---Keywords: FutureFeature
Target Release: ODF 4.12.0   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: 4.12.0-55 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-31 00:19:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 11 krishnaram Karthick 2022-12-05 13:52:13 UTC 
verified the bug with v4.12.0-125 build

# oc delete noobaa noobaa -n openshift-storage
Error from server: admission webhook "admissionwebhook.noobaa.io" denied the request: Noobaa cleanup policy is not set, blocking Noobaa deletion


# oc get csv --show-labels -n openshift-storage

NAME                                         DISPLAY                       VERSION             REPLACES   PHASE       LABELS
mcg-operator.v4.12.0-125.stable              NooBaa Operator               4.12.0-125.stable              Succeeded   operators.coreos.com/mcg-operator.openshift-storage=
ocs-operator.v4.12.0-125.stable              OpenShift Container Storage   4.12.0-125.stable              Succeeded   full_version=4.12.0-125,operatorframework.io/arch.amd64=supported,operatorframework.io/arch.ppc64le=supported,operatorframework.io/arch.s390x=supported,operators.coreos.com/ocs-operator.openshift-storage=
odf-csi-addons-operator.v4.12.0-125.stable   CSI Addons                    4.12.0-125.stable              Succeeded   operators.coreos.com/odf-csi-addons-operator.openshift-storage=
odf-operator.v4.12.0-125.stable              OpenShift Data Foundation     4.12.0-125.stable              Succeeded   full_version=4.12.0-125,operatorframework.io/arch.amd64=supported,operatorframework.io/arch.ppc64le=supported,operatorframework.io/arch.s390x=supported,operators.coreos.com/odf-operator.openshift-storage=
Comment 17 errata-xmlrpc 2023-01-31 00:19:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenShift Data Foundation 4.12.0 enhancement and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:0551
Comment 18 bmesegue 2023-06-27 09:14:40 UTC 
I still see this problem occurring as described.

I'm using an OCP 4.12.12

And using ODP Operator 4.12.4-rhodf, using the stable-4.12 channel.
Comment 19 Utkarsh Srivastava 2023-06-27 09:46:18 UTC 
Hi,

Do you mean that you can still delete NooBaa CR and admission controller is _not_ preventing the deletions for you? If it is not preventing the deletion can you please confirm that in the NooBaa CR `cleanupPolicy.allowNoobaaDeletion` is set to `false`?

Regards,
Utkarsh Srivastava
Comment 20 bmesegue 2023-06-27 09:56:54 UTC 
I'm not sure I understand the question.
What I mean is that I can't delete the NooBaa instance, I'm getting the following error back:

(I copied from description, It's hard to test because I need to sacrifice an environment I need)
"Error from server: admission webhook "admissionwebhook.noobaa.io" denied the request: Noobaa cleanup policy is not set, blocking Noobaa deletion"

I'm trying to delete the resource from an ansible script, but that's the same error I get.
Comment 21 Utkarsh Srivastava 2023-06-27 10:02:52 UTC 
Ah, I see. Actually that is in fact the desired behaviour. This BZ was created for us to add this __feature__. We wanted to prevent accidental deletions of NooBaa which results in data loss.

If you want to be able to delete it anyway, you will have to set `cleanupPolicy.allowNoobaaDeletion: true` in your NooBaa CR. In order to do so from ansible script, just send a merge patch with previously mentioned attribute set. Once that is in place, noobaa's admission controller will no longer prevent the deletion.


Regards,
Utkarsh Srivastava
Comment 22 bmesegue 2023-06-27 10:50:44 UTC 
Thanks Utkarsh,
I'll try that !