27960114680

Committed 22 Jun 2026 02:27PM UTC coverage: 75.422% (+0.02%) from 75.403%

Build # 27960114680

Build Type

push

github

Committed by

web-flow

Commit Message

fix(deps): update dependencies (minor) (#635)

> ℹ️ **Note**
> 
> This PR body was truncated due to platform limits.

This PR contains the following updates:

| Package | Type | Update | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|---|---|
|
[cert-manager/cert-manager](https://redirect.github.com/cert-manager/cert-manager)
| | minor | `v1.19.1` → `v1.20.2` |
![age](https://developer.mend.io/api/mc/badges/age/github-releases/cert-manager%2fcert-manager/v1.20.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/cert-manager%2fcert-manager/v1.19.1/v1.20.2?slim=true)
|
|
[cert-manager/trust-manager](https://redirect.github.com/cert-manager/trust-manager)
| | minor | `v0.20.2` → `v0.23.0` |
![age](https://developer.mend.io/api/mc/badges/age/github-releases/cert-manager%2ftrust-manager/v0.23.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/cert-manager%2ftrust-manager/v0.20.2/v0.23.0?slim=true)
|
| [ginkgo](https://redirect.github.com/onsi/ginkgo) | | minor |
`v2.29.0` → `v2.31.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fonsi%2fginkgo%2fv2%2fginkgo/v2.31.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fonsi%2fginkgo%2fv2%2fginkgo/v2.29.0/v2.31.0?slim=true)
|
|
[github.com/coreos/go-oidc/v3](https://redirect.github.com/coreos/go-oidc)
| require | minor | `v3.17.0` → `v3.19.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcoreos%2fgo-oidc%2fv3/v3.19.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcoreos%2fgo-oidc%2fv3/v3.17.0/v3.19.0?slim=true)
|
| [github.com/onsi/ginkgo/v2](https://redirect.github.com/onsi/ginkgo) |
require | minor | `v2.29.0` → `v2.31.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fons... (continued)

Coverage Stats

4020 of 5330 relevant lines covered (75.42%)

49.45 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

73.13

/pkg/controller/registrybinding_controller.go

// Copyright 2026 BWI GmbH and Solution Arsenal contributors
// SPDX-License-Identifier: Apache-2.0

package controller

import (
        "context"
        "slices"

        apierrors "k8s.io/apimachinery/pkg/api/errors"
        "k8s.io/apimachinery/pkg/runtime"
        "k8s.io/apimachinery/pkg/types"
        ctrl "sigs.k8s.io/controller-runtime"
        "sigs.k8s.io/controller-runtime/pkg/client"

        solarv1alpha1 "go.opendefense.cloud/solar/api/solar/v1alpha1"
)

// RegistryBindingReconciler manages the deletion-protection finalizer on the Registry referenced
// by each RegistryBinding, preventing Registry deletion while RegistryBindings exist.
type RegistryBindingReconciler struct {
        client.Client
        Scheme *runtime.Scheme
        // WatchNamespace restricts reconciliation to this namespace.
        // Should be empty in production (watches all namespaces).
        // Intended for use in integration tests only.
        WatchNamespace string
}

//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registrybindings,verbs=get;list;watch;update;patch
//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registrybindings/finalizers,verbs=update
//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registries,verbs=get;list;watch;update;patch
//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registries/finalizers,verbs=update

func (r *RegistryBindingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
        log := ctrl.LoggerFrom(ctx)

        log.V(1).Info("RegistryBinding is being reconciled", "req", req)

        if r.WatchNamespace != "" && req.Namespace != r.WatchNamespace {
                return ctrl.Result{}, nil
        }

        rb := &solarv1alpha1.RegistryBinding{}
        if err := r.Get(ctx, req.NamespacedName, rb); err != nil {
                if apierrors.IsNotFound(err) {
                        return ctrl.Result{}, nil
                }

                return ctrl.Result{}, errLogAndWrap(log, err, "failed to get RegistryBinding")
        }

        // Handle deletion: remove registryRefFinalizer from Registry if no other active referencer exists.
        if !rb.DeletionTimestamp.IsZero() {
                if rb.Spec.RegistryRef.Name != "" {
                        registry := &solarv1alpha1.Registry{}
                        if err := r.Get(ctx, types.NamespacedName{Name: rb.Spec.RegistryRef.Name, Namespace: rb.Namespace}, registry); err != nil {
                                if !apierrors.IsNotFound(err) {
                                        return ctrl.Result{}, errLogAndWrap(log, err, "failed to get Registry for finalizer cleanup")
                                }
                        } else if err := r.removeRegistryRefFinalizer(ctx, rb, registry); err != nil {
                                return ctrl.Result{}, err
                        }
                }

                if slices.Contains(rb.Finalizers, registryBindingFinalizer) {
                        latest := &solarv1alpha1.RegistryBinding{}
                        if err := r.Get(ctx, req.NamespacedName, latest); err != nil {
                                return ctrl.Result{}, errLogAndWrap(log, err, "failed to get latest RegistryBinding for finalizer removal")
                        }
                        original := latest.DeepCopy()
                        latest.Finalizers = slices.DeleteFunc(latest.Finalizers, func(s string) bool { return s == registryBindingFinalizer })
                        if err := r.Patch(ctx, latest, client.MergeFrom(original)); err != nil {
                                return ctrl.Result{}, errLogAndWrap(log, err, "failed to remove finalizer from RegistryBinding")
                        }
                }

                return ctrl.Result{}, nil
        }

        // Ensure self-finalizer exists.
        if !slices.Contains(rb.Finalizers, registryBindingFinalizer) {
                latest := &solarv1alpha1.RegistryBinding{}
                if err := r.Get(ctx, req.NamespacedName, latest); err != nil {
                        return ctrl.Result{}, errLogAndWrap(log, err, "failed to get latest RegistryBinding for finalizer addition")
                }
                if !slices.Contains(latest.Finalizers, registryBindingFinalizer) {
                        original := latest.DeepCopy()
                        latest.Finalizers = append(latest.Finalizers, registryBindingFinalizer)
                        if err := r.Patch(ctx, latest, client.MergeFrom(original)); err != nil {
                                return ctrl.Result{}, errLogAndWrap(log, err, "failed to add finalizer to RegistryBinding")
                        }
                }
        }

        // Protect the referenced Registry from deletion.
        if rb.Spec.RegistryRef.Name != "" {
                registry := &solarv1alpha1.Registry{}
                if err := r.Get(ctx, types.NamespacedName{Name: rb.Spec.RegistryRef.Name, Namespace: rb.Namespace}, registry); err != nil {
                        if !apierrors.IsNotFound(err) {
                                return ctrl.Result{}, errLogAndWrap(log, err, "failed to get Registry for protection finalizer")
                        }
                } else if !slices.Contains(registry.Finalizers, registryRefFinalizer) {
                        latest := registry.DeepCopy()
                        latest.Finalizers = append(latest.Finalizers, registryRefFinalizer)
                        if err := r.Patch(ctx, latest, client.MergeFromWithOptions(registry, client.MergeFromWithOptimisticLock{})); err != nil {
                                return ctrl.Result{}, errLogAndWrap(log, err, "failed to add protection finalizer to Registry")
                        }
                }
        }

        return ctrl.Result{}, nil
}

// removeRegistryRefFinalizer removes registryRefFinalizer from registry when no other active
// Target or RegistryBinding (excluding the deleting RegistryBinding) still references it.
func (r *RegistryBindingReconciler) removeRegistryRefFinalizer(ctx context.Context, deletingRB *solarv1alpha1.RegistryBinding, registry *solarv1alpha1.Registry) error {
        return removeRegistryRefFinalizer(ctx, r.Client, nil, deletingRB, registry)
}

// SetupWithManager sets up the controller with the Manager.
func (r *RegistryBindingReconciler) SetupWithManager(mgr ctrl.Manager) error {
        return ctrl.NewControllerManagedBy(mgr).
                For(&solarv1alpha1.RegistryBinding{}).
                Complete(r)
}

1	// Copyright 2026 BWI GmbH and Solution Arsenal contributors
2	// SPDX-License-Identifier: Apache-2.0
3
4	package controller
5
6	import (
7	"context"
8	"slices"
9
10	apierrors "k8s.io/apimachinery/pkg/api/errors"
11	"k8s.io/apimachinery/pkg/runtime"
12	"k8s.io/apimachinery/pkg/types"
13	ctrl "sigs.k8s.io/controller-runtime"
14	"sigs.k8s.io/controller-runtime/pkg/client"
15
16	solarv1alpha1 "go.opendefense.cloud/solar/api/solar/v1alpha1"
17	)
18
19	// RegistryBindingReconciler manages the deletion-protection finalizer on the Registry referenced
20	// by each RegistryBinding, preventing Registry deletion while RegistryBindings exist.
21	type RegistryBindingReconciler struct {
22	client.Client
23	Scheme *runtime.Scheme
24	// WatchNamespace restricts reconciliation to this namespace.
25	// Should be empty in production (watches all namespaces).
26	// Intended for use in integration tests only.
27	WatchNamespace string
28	}
29
30	//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registrybindings,verbs=get;list;watch;update;patch
31	//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registrybindings/finalizers,verbs=update
32	//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registries,verbs=get;list;watch;update;patch
33	//+kubebuilder:rbac:groups=solar.opendefense.cloud,resources=registries/finalizers,verbs=update
34
35	func (r *RegistryBindingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {	44✔
36	log := ctrl.LoggerFrom(ctx)	44✔
37		44✔
38	log.V(1).Info("RegistryBinding is being reconciled", "req", req)	44✔
39		44✔
40	if r.WatchNamespace != "" && req.Namespace != r.WatchNamespace {	58✔
41	return ctrl.Result{}, nil	14✔
42	}	14✔
43
44	rb := &solarv1alpha1.RegistryBinding{}	30✔
45	if err := r.Get(ctx, req.NamespacedName, rb); err != nil {	34✔
46	if apierrors.IsNotFound(err) {	8✔
47	return ctrl.Result{}, nil	4✔
48	}	4✔
49
50	return ctrl.Result{}, errLogAndWrap(log, err, "failed to get RegistryBinding")	×
51	}
52
53	// Handle deletion: remove registryRefFinalizer from Registry if no other active referencer exists.
54	if !rb.DeletionTimestamp.IsZero() {	30✔
55	if rb.Spec.RegistryRef.Name != "" {	8✔
56	registry := &solarv1alpha1.Registry{}	4✔
57	if err := r.Get(ctx, types.NamespacedName{Name: rb.Spec.RegistryRef.Name, Namespace: rb.Namespace}, registry); err != nil {	4✔
58	if !apierrors.IsNotFound(err) {	×
59	return ctrl.Result{}, errLogAndWrap(log, err, "failed to get Registry for finalizer cleanup")	×
60	}	×
61	} else if err := r.removeRegistryRefFinalizer(ctx, rb, registry); err != nil {	4✔
62	return ctrl.Result{}, err	×
63	}	×
64	}
65
66	if slices.Contains(rb.Finalizers, registryBindingFinalizer) {	8✔
67	latest := &solarv1alpha1.RegistryBinding{}	4✔
68	if err := r.Get(ctx, req.NamespacedName, latest); err != nil {	4✔
69	return ctrl.Result{}, errLogAndWrap(log, err, "failed to get latest RegistryBinding for finalizer removal")	×
70	}	×
71	original := latest.DeepCopy()	4✔
72	latest.Finalizers = slices.DeleteFunc(latest.Finalizers, func(s string) bool { return s == registryBindingFinalizer })	8✔
73	if err := r.Patch(ctx, latest, client.MergeFrom(original)); err != nil {	4✔
74	return ctrl.Result{}, errLogAndWrap(log, err, "failed to remove finalizer from RegistryBinding")	×
75	}	×
76	}
77
78	return ctrl.Result{}, nil	4✔
79	}
80
81	// Ensure self-finalizer exists.
82	if !slices.Contains(rb.Finalizers, registryBindingFinalizer) {	33✔
83	latest := &solarv1alpha1.RegistryBinding{}	11✔
84	if err := r.Get(ctx, req.NamespacedName, latest); err != nil {	11✔
85	return ctrl.Result{}, errLogAndWrap(log, err, "failed to get latest RegistryBinding for finalizer addition")	×
86	}	×
87	if !slices.Contains(latest.Finalizers, registryBindingFinalizer) {	22✔
88	original := latest.DeepCopy()	11✔
89	latest.Finalizers = append(latest.Finalizers, registryBindingFinalizer)	11✔
90	if err := r.Patch(ctx, latest, client.MergeFrom(original)); err != nil {	11✔
91	return ctrl.Result{}, errLogAndWrap(log, err, "failed to add finalizer to RegistryBinding")	×
92	}	×
93	}
94	}
95
96	// Protect the referenced Registry from deletion.
97	if rb.Spec.RegistryRef.Name != "" {	44✔
98	registry := &solarv1alpha1.Registry{}	22✔
99	if err := r.Get(ctx, types.NamespacedName{Name: rb.Spec.RegistryRef.Name, Namespace: rb.Namespace}, registry); err != nil {	24✔
100	if !apierrors.IsNotFound(err) {	2✔
101	return ctrl.Result{}, errLogAndWrap(log, err, "failed to get Registry for protection finalizer")	×
102	}	×
103	} else if !slices.Contains(registry.Finalizers, registryRefFinalizer) {	29✔
104	latest := registry.DeepCopy()	9✔
105	latest.Finalizers = append(latest.Finalizers, registryRefFinalizer)	9✔
106	if err := r.Patch(ctx, latest, client.MergeFromWithOptions(registry, client.MergeFromWithOptimisticLock{})); err != nil {	9✔
107	return ctrl.Result{}, errLogAndWrap(log, err, "failed to add protection finalizer to Registry")	×
108	}	×
109	}
110	}
111
112	return ctrl.Result{}, nil	22✔
113	}
114
115	// removeRegistryRefFinalizer removes registryRefFinalizer from registry when no other active
116	// Target or RegistryBinding (excluding the deleting RegistryBinding) still references it.
117	func (r RegistryBindingReconciler) removeRegistryRefFinalizer(ctx context.Context, deletingRB solarv1alpha1.RegistryBinding, registry *solarv1alpha1.Registry) error {	4✔
118	return removeRegistryRefFinalizer(ctx, r.Client, nil, deletingRB, registry)	4✔
119	}	4✔
120
121	// SetupWithManager sets up the controller with the Manager.
122	func (r *RegistryBindingReconciler) SetupWithManager(mgr ctrl.Manager) error {	1✔
123	return ctrl.NewControllerManagedBy(mgr).	1✔
124	For(&solarv1alpha1.RegistryBinding{}).	1✔
125	Complete(r)	1✔
126	}	1✔

opendefensecloud / solution-arsenal / 27960114680

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous