Report each blocking dependent once on delete

[BergCyrill]

Summary

Currently the webhook reports the same resource multiple times depending on the registry and the existing dependencyRules.
This PR fixes both issues by deduping entries in the registry as well as in the webhook validator response.

Related issue

Fixes #106

Summary by CodeRabbit

• Bug Fixes
  • Removed duplicate dependent entries from DELETE-denial messages so each referenced blocker is listed only once.
  • Improved dependent blocker formatting to correctly distinguish namespaced vs cluster-scoped targets.
  • Prevented duplicate rule-key indexing when multiple indexed fields point to the same target, ensuring consistent FindByTargetGVR results.
• Tests
  • Added coverage for namespace-qualified blocker IDs, blocker deduplication behavior, and multi-field same-target rule indexing.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5833facf-fced-4341-a90f-548db026af9f

📥 Commits

Reviewing files that changed from the base of the PR and between 801b1a0 and 50a33f5.

📒 Files selected for processing (2)

• internal/webhook/deletion_validator.go
• internal/webhook/deletion_validator_test.go

---

📝 Walkthrough

Walkthrough

The webhook validator now deduplicates blocking dependents before denying deletes, and the rule registry now avoids repeating the same rule key for one target GVR. Tests cover target indexing, blocker formatting, and blocker deduplication.

Changes

Deletion deduplication

Layer / File(s)	Summary
Target index deduplication internal/webhook/rule_registry.go, internal/webhook/rule_registry_test.go	rebuildTargetIndex now skips repeated target GVR entries per rule key, and the registry test checks repeated field paths against the same GVR.
Blocker identity formatting internal/webhook/deletion_validator.go, internal/webhook/deletion_validator_test.go	listDependents now builds namespace-aware blocker IDs, and tests cover namespaced and cluster-scoped identity formatting.
Blocker list deduplication internal/webhook/deletion_validator.go, internal/webhook/deletion_validator_test.go	DeletionValidator.Handle deduplicates collected blockers before denial, and the table-driven test covers nil, repeated, and mixed blocker lists.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through the weeds so neat,
Duplicate blockers now retreat.
One name, one hop, one tidy trail,
No echo-rabbits in the denial mail.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 23.08% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: deduplicating blocking dependents reported on delete.
Linked Issues check	✅ Passed	The PR implements both required fixes: deduping registry target entries and deduping validator blockers before denial output.
Out of Scope Changes check	✅ Passed	The added namespace-qualified blocker IDs and tests are directly tied to the deletion-message deduplication work.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bugfix/106/dedupe-deletion-blockers

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/webhook/deletion_validator.go`:
- Around line 132-135: The blocker deduplication in dedupeBlockers is using the
rendered Kind/name string as the identity key, which can merge distinct
dependents that share a name across namespaces. Update listDependents and the
dedupeBlockers helper to deduplicate by a stable canonical object identity that
includes namespace and ideally GVR/UID, then format the human-readable Kind/name
message afterward. Keep the one-mention-per-dependent behavior intact while
avoiding collisions for cluster-scoped deletes and namespaced resources.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cdfca272-3b26-48f8-862b-a99e8c08972d

📥 Commits

Reviewing files that changed from the base of the PR and between 98e7cab and 801b1a0.

📒 Files selected for processing (4)

• internal/webhook/deletion_validator.go
• internal/webhook/deletion_validator_test.go
• internal/webhook/rule_registry.go
• internal/webhook/rule_registry_test.go