Merge pull request #52 from bobh66/remove_tfstate_secret

Cleanup Secret and Lease objects from tfstate
crossplane-contrib · May 6, 2022 · ae5e665 · ae5e665
2 parents 2f080aa + 789dcf6
commit ae5e665
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 23 deletions.
diff --git a/internal/controller/workspace/workspace.go b/internal/controller/workspace/workspace.go
@@ -24,6 +24,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/spf13/afero"
+	coordv1 "k8s.io/api/coordination/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/workqueue"
@@ -39,10 +40,11 @@ import (
 	"github.com/crossplane/crossplane-runtime/pkg/reconciler/managed"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 
+	"github.com/hashicorp/go-getter"
+
 	"github.com/crossplane-contrib/provider-terraform/apis/v1alpha1"
 	"github.com/crossplane-contrib/provider-terraform/internal/terraform"
 	"github.com/crossplane-contrib/provider-terraform/internal/workdir"
-	getter "github.com/hashicorp/go-getter"
 )
 
 const (
@@ -51,22 +53,25 @@ const (
 	errGetPC        = "cannot get ProviderConfig"
 	errGetCreds     = "cannot get credentials"
 
-	errMkdir         = "cannot make Terraform configuration directory"
-	errRemoteModule  = "cannot get remote Terraform module"
-	errWriteCreds    = "cannot write Terraform credentials"
-	errWriteGitCreds = "cannot write .git-credentials to /tmp dir"
-	errWriteConfig   = "cannot write Terraform configuration " + tfConfig
-	errWriteMain     = "cannot write Terraform configuration " + tfMain
-	errInit          = "cannot initialize Terraform configuration"
-	errWorkspace     = "cannot select Terraform workspace"
-	errResources     = "cannot list Terraform resources"
-	errDiff          = "cannot diff (i.e. plan) Terraform configuration"
-	errOutputs       = "cannot list Terraform outputs"
-	errOptions       = "cannot determine Terraform options"
-	errApply         = "cannot apply Terraform configuration"
-	errDestroy       = "cannot apply Terraform configuration"
-	errVarFile       = "cannot get tfvars"
-
+	errMkdir               = "cannot make Terraform configuration directory"
+	errRemoteModule        = "cannot get remote Terraform module"
+	errWriteCreds          = "cannot write Terraform credentials"
+	errWriteGitCreds       = "cannot write .git-credentials to /tmp dir"
+	errWriteConfig         = "cannot write Terraform configuration " + tfConfig
+	errWriteMain           = "cannot write Terraform configuration " + tfMain
+	errInit                = "cannot initialize Terraform configuration"
+	errWorkspace           = "cannot select Terraform workspace"
+	errResources           = "cannot list Terraform resources"
+	errDiff                = "cannot diff (i.e. plan) Terraform configuration"
+	errOutputs             = "cannot list Terraform outputs"
+	errOptions             = "cannot determine Terraform options"
+	errApply               = "cannot apply Terraform configuration"
+	errDestroy             = "cannot apply Terraform configuration"
+	errVarFile             = "cannot get tfvars"
+	errListLeases          = "cannot get list of Lease objects"
+	errListSecrets         = "cannot get list of Secret objects"
+	errDeleteSecret        = "cannot delete Secret for Workspace"
+	errDeleteLease         = "cannot delete Least for Workspace"
 	gitCredentialsFilename = ".git-credentials"
 )
 
@@ -238,7 +243,7 @@ func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.E
 
 type external struct {
 	tf   tfclient
-	kube client.Reader
+	kube client.Client
 }
 
 func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.ExternalObservation, error) {
@@ -322,7 +327,31 @@ func (c *external) Delete(ctx context.Context, mg resource.Managed) error {
 		return errors.Wrap(err, errOptions)
 	}
 
-	return errors.Wrap(c.tf.Destroy(ctx, o...), errDestroy)
+	if err := c.tf.Destroy(ctx, o...); err != nil {
+		return errors.Wrap(err, errDestroy)
+	}
+	labels := map[string]string{"tfstate": "true", "tfstateWorkspace": cr.Name}
+	sl := &corev1.SecretList{}
+	if err := c.kube.List(ctx, sl, client.MatchingLabels(labels)); err != nil {
+		return errors.Wrap(err, errListSecrets)
+	}
+	for s := range sl.Items {
+		sec := sl.Items[s]
+		if err := c.kube.Delete(ctx, &sec); err != nil {
+			return errors.Wrap(err, errDeleteSecret)
+		}
+	}
+	ll := &coordv1.LeaseList{}
+	if err := c.kube.List(ctx, ll, client.MatchingLabels(labels)); err != nil {
+		return errors.Wrap(err, errListLeases)
+	}
+	for l := range ll.Items {
+		ls := ll.Items[l]
+		if err := c.kube.Delete(ctx, &ls); err != nil {
+			return errors.Wrap(err, errDeleteLease)
+		}
+	}
+	return nil
 }
 
 func (c *external) options(ctx context.Context, p v1alpha1.WorkspaceParameters) ([]terraform.Option, error) {

diff --git a/internal/controller/workspace/workspace_test.go b/internal/controller/workspace/workspace_test.go
@@ -476,7 +476,7 @@ func TestObserve(t *testing.T) {
 
 	type fields struct {
 		tf   tfclient
-		kube client.Reader
+		kube client.Client
 	}
 
 	type args struct {
@@ -694,7 +694,7 @@ func TestCreate(t *testing.T) {
 
 	type fields struct {
 		tf   tfclient
-		kube client.Reader
+		kube client.Client
 	}
 
 	type args struct {
@@ -888,7 +888,7 @@ func TestDelete(t *testing.T) {
 
 	type fields struct {
 		tf   tfclient
-		kube client.Reader
+		kube client.Client
 	}
 
 	type args struct {
@@ -984,7 +984,9 @@ func TestDelete(t *testing.T) {
 					MockDestroy: func(_ context.Context, _ ...terraform.Option) error { return nil },
 				},
 				kube: &test.MockClient{
-					MockGet: test.NewMockGetFn(nil),
+					MockDelete: test.NewMockDeleteFn(nil),
+					MockGet:    test.NewMockGetFn(nil),
+					MockList:   test.NewMockListFn(nil),
 				},
 			},
 			args: args{