Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Deleting EventingAuth #6

Merged
merged 3 commits into from
Apr 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,10 @@ func main() {
}

// TODO: Replace dummy values with values from secret
iasClient, err := ias.NewIasClient("dummy", "dummy", "dummy")
url := os.Getenv("TEST_EVENTING_AUTH_IAS_URL")
user := os.Getenv("TEST_EVENTING_AUTH_IAS_USER")
pw := os.Getenv("TEST_EVENTING_AUTH_IAS_PASSWORD")
iasClient, err := ias.NewIasClient(url, user, pw)
if err != nil {
setupLog.Error(err, "unable to create ias client", "controller", "EventingAuth")
os.Exit(1)
Expand Down
73 changes: 69 additions & 4 deletions controllers/eventingauth_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,14 @@ package controllers
import (
"context"
"fmt"
"github.com/google/uuid"
"github.com/kyma-project/eventing-auth-manager/internal/ias"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/controller-runtime/pkg/log"
"time"

Expand All @@ -37,6 +37,7 @@ const (
requeueAfterError = time.Minute * 1
applicationSecretName = "eventing-auth-application"
applicationSecretNamespace = "kyma-system"
eventingAuthFinalizerName = "eventingauth.operator.kyma-project.io/finalizer"
)

// eventingAuthReconciler reconciles a EventingAuth object
Expand Down Expand Up @@ -65,8 +66,24 @@ func (r *eventingAuthReconciler) Reconcile(ctx context.Context, req ctrl.Request

cr, err := fetchEventingAuth(ctx, r.Client, req.NamespacedName)
if err != nil {
logger.Info("EventingAuth not found", "name", req.Name, "namespace", req.Namespace)
return ctrl.Result{}, err
return ctrl.Result{}, client.IgnoreNotFound(err)
}

// check DeletionTimestamp to determine if object is under deletion
if cr.ObjectMeta.DeletionTimestamp.IsZero() {
if err = r.addFinalizer(ctx, &cr); err != nil {
return ctrl.Result{
RequeueAfter: requeueAfterError,
}, err
}
} else {
if err = r.handleDeletion(ctx, &cr); err != nil {
return ctrl.Result{
RequeueAfter: requeueAfterError,
}, err
}
// Stop reconciliation as the item is being deleted
return ctrl.Result{}, nil
}

// TODO: Use correct pointing to the target cluster
Expand All @@ -81,7 +98,7 @@ func (r *eventingAuthReconciler) Reconcile(ctx context.Context, req ctrl.Request
if !appSecretExists {

// TODO: Name of the IAS application should be taken from Kyma CR owner reference
iasApplication, err := r.IasClient.CreateApplication(ctx, fmt.Sprintf("eventing-auth-manager-%s", uuid.New()))
iasApplication, err := r.IasClient.CreateApplication(ctx, cr.Name)
if err != nil {
logger.Error(err, "Failed to create IAS application", "eventingAuth", cr.Name, "eventingAuthNamespace", cr.Namespace)
return ctrl.Result{
Expand Down Expand Up @@ -111,6 +128,39 @@ func (r *eventingAuthReconciler) Reconcile(ctx context.Context, req ctrl.Request
return ctrl.Result{}, nil
}

// Adds the finalizer if none exists
func (r *eventingAuthReconciler) addFinalizer(ctx context.Context, cr *operatorv1alpha1.EventingAuth) error {
if !controllerutil.ContainsFinalizer(cr, eventingAuthFinalizerName) {
controllerutil.AddFinalizer(cr, eventingAuthFinalizerName)
if err := r.Update(ctx, cr); err != nil {
return fmt.Errorf("failed to add finalizer: %v", err)
}
}
return nil
}

// Deletes the secret and IAS app. Finally, removes the finalizer.
func (r *eventingAuthReconciler) handleDeletion(ctx context.Context, cr *operatorv1alpha1.EventingAuth) error {
// The object is being deleted
if controllerutil.ContainsFinalizer(cr, eventingAuthFinalizerName) {
// TODO: Replace the client with the client pointing to the target cluster
// delete k8s secret
if err := deleteSecret(ctx, r.Client); err != nil {
muralov marked this conversation as resolved.
Show resolved Hide resolved
return fmt.Errorf("failed to delete secret: %v", err)
}
// delete IAS application clean-up
if err := r.IasClient.DeleteApplication(ctx, cr.Name); err != nil {
return fmt.Errorf("failed to delete IAS Application: %v", err)
}
// remove our finalizer from the list and update it.
controllerutil.RemoveFinalizer(cr, eventingAuthFinalizerName)
if err := r.Update(ctx, cr); err != nil {
return fmt.Errorf("failed to remove finalizer: %v", err)
}
}
return nil
}

func fetchEventingAuth(ctx context.Context, c client.Client, name types.NamespacedName) (operatorv1alpha1.EventingAuth, error) {
var cr operatorv1alpha1.EventingAuth
err := c.Get(ctx, name, &cr)
Expand Down Expand Up @@ -138,6 +188,21 @@ func hasTargetClusterApplicationSecret(ctx context.Context, c client.Client) (bo
return true, nil
}

func deleteSecret(ctx context.Context, c client.Client) error {
var s v1.Secret
if err := c.Get(ctx, client.ObjectKey{
Name: applicationSecretName,
Namespace: applicationSecretNamespace,
}, &s); err != nil {
return client.IgnoreNotFound(err)
}

if err := c.Delete(ctx, &s); err != nil {
return err
}
return nil
}

// SetupWithManager sets up the controller with the Manager.
func (r *eventingAuthReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
Expand Down