Ansible Operator proxy now fails requests when virtual resource can't be determined (#3112)

* proxy now returns a 500 when we fail to determine if a resource is virtual

* Add changelog

Author: fabianvf

changelog/fragments/ansible-fail-if-cant-determine-vr.yaml

@@ -0,0 +1,11 @@
+entries:
+  - description: >
+      The Ansible Operator proxy will now return a 500 if it cannot determine whether
+      a resource is virtual or not, instead of continuing on and skipping the cache.
+      This will prevent resources that should have ownerReferences injected from
+      being created without them, which would leave the user in a state that cannot be
+      recovered without manual intervention.
+
+    kind: "bugfix"
+
+    breaking: false

pkg/ansible/proxy/inject_owner.go

@@ -81,9 +81,14 @@ func (i *injectOwnerReferenceHandler) ServeHTTP(w http.ResponseWriter, req *http
 		// Determine if the resource is virtual. If it is then we should not attempt to use cache
 		isVR, err := i.apiResources.IsVirtualResource(k)
 		if err != nil {
-			// break here in case we can not understand if virtual resource or not
-			log.Error(err, "Unable to determine if virtual resource", "gvk", k)
-			break
+			// Fail if we can't determine whether it's a virtual resource or not.
+			// Otherwise we might create a resource without an ownerReference, which will prevent
+			// dependentWatches from being re-established and garbage collection from deleting the
+			// resource, unless a user manually adds the ownerReference.
+			m := "Unable to determine if virtual resource"
+			log.Error(err, m, "gvk", k)
+			http.Error(w, m, http.StatusInternalServerError)
+			return
 		}
 
 		if isVR {