Merge pull request #31 from vshn/deletion-policy

Add deletion policy to remove all existing objects in a bucket
vshn · Aug 5, 2022 · 6b29166 · 6b29166
2 parents e607cae + 0b1cb2d
commit 6b29166
Show file tree

Hide file tree

Showing 20 changed files with 127 additions and 1,164 deletions.
diff --git a/Makefile.vars.mk b/Makefile.vars.mk
@@ -7,6 +7,7 @@ PROJECT_OWNER ?= vshn
 
 ## BUILD:go
 BIN_FILENAME ?= provider-cloudscale
+GOPATH ?= $(shell go env GOPATH)
 
 ## BUILD:docker
 DOCKER_CMD ?= docker

diff --git a/apis/cloudscale/v1/bucket_types.go b/apis/cloudscale/v1/bucket_types.go
@@ -16,6 +16,16 @@ const (
 	SecretAccessKeyName = "AWS_SECRET_ACCESS_KEY"
 )
 
+const (
+	// DeleteIfEmpty only deletes the bucket if the bucket is empty.
+	DeleteIfEmpty BucketDeletionPolicy = "DeleteIfEmpty"
+	// DeleteAll recursively deletes all objects in the bucket and then removes it.
+	DeleteAll BucketDeletionPolicy = "DeleteAll"
+)
+
+// BucketDeletionPolicy determines how buckets should be deleted when a Bucket is deleted.
+type BucketDeletionPolicy string
+
 // BucketParameters are the configurable fields of a Bucket.
 type BucketParameters struct {
 	// +kubebuilder:validation:Required
@@ -44,6 +54,15 @@ type BucketParameters struct {
 	// The region must be available in the S3 endpoint.
 	// Cannot be changed after bucket is created.
 	Region string `json:"region"`
+
+	// +kubebuilder:validation:Enum=DeleteIfEmpty;DeleteAll
+	// +kubebuilder:default="DeleteIfEmpty"
+
+	// BucketDeletionPolicy determines how buckets should be deleted when Bucket is deleted.
+	//  `DeleteIfEmpty` only deletes the bucket if the bucket is empty.
+	//  `DeleteAll` recursively deletes all objects in the bucket and then removes it.
+	// To skip deletion of the bucket (orphan it) set `spec.deletionPolicy=Orphan`.
+	BucketDeletionPolicy BucketDeletionPolicy `json:"bucketDeletionPolicy,omitempty"`
 }
 
 // BucketSpec defines the desired state of a Bucket.

diff --git a/generate_sample.go b/generate_sample.go
@@ -91,9 +91,10 @@ func newBucketSample() *cloudscalev1.Bucket {
 					Name:      "my-cloudscale-user-credentials",
 					Namespace: "default",
 				},
-				EndpointURL: "objects.rma.cloudscale.ch",
-				BucketName:  "my-provider-test-bucket",
-				Region:      "rma",
+				EndpointURL:          "objects.rma.cloudscale.ch",
+				BucketName:           "my-provider-test-bucket",
+				Region:               "rma",
+				BucketDeletionPolicy: cloudscalev1.DeleteAll,
 			},
 		},
 	}

diff --git a/operator/bucketcontroller/delete.go b/operator/bucketcontroller/delete.go
@@ -2,11 +2,13 @@ package bucketcontroller
 
 import (
 	"context"
+	"fmt"
 
 	pipeline "github.com/ccremer/go-command-pipeline"
 	"github.com/crossplane/crossplane-runtime/pkg/errors"
 	"github.com/crossplane/crossplane-runtime/pkg/event"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
+	"github.com/minio/minio-go/v7"
 	cloudscalev1 "github.com/vshn/provider-cloudscale/apis/cloudscale/v1"
 	"github.com/vshn/provider-cloudscale/operator/steps"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -21,13 +23,48 @@ func (p *ProvisioningPipeline) Delete(ctx context.Context, mg resource.Managed)
 	bucket := fromManaged(mg)
 	pipe := pipeline.NewPipeline().WithBeforeHooks(steps.DebugLogger(ctx)).
 		WithSteps(
+			pipeline.If(hasDeleteAllPolicy(bucket),
+				pipeline.NewStepFromFunc("delete all objects", p.deleteAllObjectsFn(bucket)),
+			),
 			pipeline.NewStepFromFunc("delete bucket", p.deleteS3BucketFn(bucket)),
 			pipeline.NewStepFromFunc("emit event", p.emitDeletionEventFn(bucket)),
 		)
 	result := pipe.RunWithContext(ctx)
 	return errors.Wrap(result.Err(), "cannot deprovision bucket")
 }
 
+func hasDeleteAllPolicy(bucket *cloudscalev1.Bucket) pipeline.Predicate {
+	return func(ctx context.Context) bool {
+		return bucket.Spec.ForProvider.BucketDeletionPolicy == cloudscalev1.DeleteAll
+	}
+}
+
+func (p *ProvisioningPipeline) deleteAllObjectsFn(bucket *cloudscalev1.Bucket) func(ctx context.Context) error {
+	return func(ctx context.Context) error {
+		log := controllerruntime.LoggerFrom(ctx)
+		bucketName := bucket.Status.AtProvider.BucketName
+
+		objectsCh := make(chan minio.ObjectInfo)
+
+		// Send object names that are needed to be removed to objectsCh
+		go func() {
+			defer close(objectsCh)
+			for object := range p.minio.ListObjects(ctx, bucketName, minio.ListObjectsOptions{Recursive: true}) {
+				if object.Err != nil {
+					log.V(1).Info("warning: cannot list object", "key", object.Key, "error", object.Err)
+					continue
+				}
+				objectsCh <- object
+			}
+		}()
+
+		for obj := range p.minio.RemoveObjects(ctx, bucketName, objectsCh, minio.RemoveObjectsOptions{GovernanceBypass: true}) {
+			return fmt.Errorf("object %q cannot be removed: %w", obj.ObjectName, obj.Err)
+		}
+		return nil
+	}
+}
+
 // deleteS3BucketFn deletes the bucket.
 // NOTE: The removal fails if there are still objects in the bucket.
 // This func does not recursively delete all objects beforehand.

diff --git a/operator/bucketcontroller/update.go b/operator/bucketcontroller/update.go
@@ -11,7 +11,7 @@ import (
 // Update implements managed.ExternalClient.
 func (p *ProvisioningPipeline) Update(ctx context.Context, mg resource.Managed) (managed.ExternalUpdate, error) {
 	log := controllerruntime.LoggerFrom(ctx)
-	log.Info("Updating resource", "res", mg.GetName())
+	log.V(1).Info("Updating resource", "res", mg.GetName())
 
 	return managed.ExternalUpdate{}, nil
 }
diff --git a/package/crds/cloudscale.crossplane.io_buckets.yaml b/package/crds/cloudscale.crossplane.io_buckets.yaml
@@ -72,6 +72,17 @@ spec:
               forProvider:
                 description: BucketParameters are the configurable fields of a Bucket.
                 properties:
+                  bucketDeletionPolicy:
+                    default: DeleteIfEmpty
+                    description: BucketDeletionPolicy determines how buckets should
+                      be deleted when Bucket is deleted. `DeleteIfEmpty` only deletes
+                      the bucket if the bucket is empty. `DeleteAll` recursively deletes
+                      all objects in the bucket and then removes it. To skip deletion
+                      of the bucket (orphan it) set `spec.deletionPolicy=Orphan`.
+                    enum:
+                    - DeleteIfEmpty
+                    - DeleteAll
+                    type: string
                   bucketName:
                     description: BucketName is the name of the bucket to create. Defaults
                       to `metadata.name` if unset. Cannot be changed after bucket

diff --git a/samples/admission.k8s.io_admissionreview.json b/samples/admission.k8s.io_admissionreview.json
@@ -46,7 +46,8 @@
           },
           "endpointURL": "objects.rma.cloudscale.ch",
           "bucketName": "another",
-          "region": "rma"
+          "region": "rma",
+          "bucketDeletionPolicy": "DeleteAll"
         }
       },
       "status": {
@@ -68,7 +69,8 @@
           },
           "endpointURL": "objects.rma.cloudscale.ch",
           "bucketName": "my-provider-test-bucket",
-          "region": "rma"
+          "region": "rma",
+          "bucketDeletionPolicy": "DeleteAll"
         }
       },
       "status": {

diff --git a/samples/cloudscale.crossplane.io_bucket.yaml b/samples/cloudscale.crossplane.io_bucket.yaml
@@ -5,6 +5,7 @@ metadata:
   name: bucket
 spec:
   forProvider:
+    bucketDeletionPolicy: DeleteAll
     bucketName: my-provider-test-bucket
     credentialsSecretRef:
       name: my-cloudscale-user-credentials

diff --git a/test/e2e/go.mod b/test/e2e/go.mod