Forbid to remove TemplateManagement

eromanova · Sep 25, 2024 · d3ab30a · d3ab30a
1 parent e360dc5
commit d3ab30a
Show file tree

Hide file tree

Showing 5 changed files with 87 additions and 11 deletions.
diff --git a/api/v1alpha1/management_types.go b/api/v1alpha1/management_types.go
@@ -25,6 +25,7 @@ const (
 
 	CoreCAPIName = "capi"
 
+	ManagementKind         = "Management"
 	ManagementName         = "hmc"
 	ManagementFinalizer    = "hmc.mirantis.com/management"
 	TemplateManagementName = "hmc"

diff --git a/internal/controller/templatemanagement_controller_test.go b/internal/controller/templatemanagement_controller_test.go
@@ -198,14 +198,8 @@ var _ = Describe("Template Management Controller", func() {
 				Expect(k8sClient.Delete(ctx, ns)).To(Succeed())
 			}
 
-			tm := &hmcmirantiscomv1alpha1.TemplateManagement{}
-			err := k8sClient.Get(ctx, types.NamespacedName{Name: tmName}, tm)
-			Expect(err).NotTo(HaveOccurred())
-			By("Cleanup the specific resource instance TemplateManagement")
-			Expect(k8sClient.Delete(ctx, tm)).To(Succeed())
-
 			ctChain := &hmcmirantiscomv1alpha1.ClusterTemplateChain{}
-			err = k8sClient.Get(ctx, types.NamespacedName{Name: ctChainName}, ctChain)
+			err := k8sClient.Get(ctx, types.NamespacedName{Name: ctChainName}, ctChain)
 			Expect(err).NotTo(HaveOccurred())
 			By("Cleanup the specific resource instance ClusterTemplateChain")
 			Expect(k8sClient.Delete(ctx, ctChain)).To(Succeed())

diff --git a/internal/webhook/templatemanagement_webhook.go b/internal/webhook/templatemanagement_webhook.go
@@ -16,12 +16,13 @@ package webhook
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"sort"
 	"strings"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -32,6 +33,8 @@ import (
 	"github.com/Mirantis/hmc/internal/templateutil"
 )
 
+var errTemplateManagementDeletionForbidden = errors.New("TemplateManagement deletion is forbidden")
+
 type TemplateManagementValidator struct {
 	client.Client
 	SystemNamespace string
@@ -53,7 +56,7 @@ var (
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
 func (v *TemplateManagementValidator) ValidateCreate(ctx context.Context, _ runtime.Object) (admission.Warnings, error) {
-	itemsList := &v1.PartialObjectMetadataList{}
+	itemsList := &metav1.PartialObjectMetadataList{}
 	gvk := v1alpha1.GroupVersion.WithKind(v1alpha1.TemplateManagementKind)
 	itemsList.SetGroupVersionKind(gvk)
 	if err := v.List(ctx, itemsList); err != nil {
@@ -123,7 +126,20 @@ func getManagedClustersForTemplate(ctx context.Context, cl client.Client, namesp
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
-func (*TemplateManagementValidator) ValidateDelete(context.Context, runtime.Object) (admission.Warnings, error) {
+func (v *TemplateManagementValidator) ValidateDelete(ctx context.Context, _ runtime.Object) (admission.Warnings, error) {
+	partialList := &metav1.PartialObjectMetadataList{}
+	gvk := v1alpha1.GroupVersion.WithKind(v1alpha1.ManagementKind)
+	partialList.SetGroupVersionKind(gvk)
+	err := v.List(ctx, partialList)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list Management objects: %v", err)
+	}
+	if len(partialList.Items) > 0 {
+		mgmt := partialList.Items[0]
+		if mgmt.DeletionTimestamp == nil {
+			return nil, errTemplateManagementDeletionForbidden
+		}
+	}
 	return nil, nil
 }
 

diff --git a/internal/webhook/templatemanagement_webhook_test.go b/internal/webhook/templatemanagement_webhook_test.go
@@ -28,6 +28,7 @@ import (
 	"github.com/Mirantis/hmc/api/v1alpha1"
 	"github.com/Mirantis/hmc/internal/utils"
 	"github.com/Mirantis/hmc/test/objects/managedcluster"
+	"github.com/Mirantis/hmc/test/objects/management"
 	"github.com/Mirantis/hmc/test/objects/template"
 	chain "github.com/Mirantis/hmc/test/objects/templatechain"
 	tm "github.com/Mirantis/hmc/test/objects/templatemanagement"
@@ -255,3 +256,60 @@ func TestTemplateManagementValidateUpdate(t *testing.T) {
 		})
 	}
 }
+
+func TestTemplateManagementValidateDelete(t *testing.T) {
+	g := NewWithT(t)
+
+	ctx := context.Background()
+
+	tmName := "test"
+
+	tests := []struct {
+		name            string
+		tm              *v1alpha1.TemplateManagement
+		existingObjects []runtime.Object
+		err             string
+		warnings        admission.Warnings
+	}{
+		{
+			name:            "should fail if Management object exists and was not deleted",
+			tm:              tm.NewTemplateManagement(tm.WithName(tmName)),
+			existingObjects: []runtime.Object{management.NewManagement()},
+			err:             "TemplateManagement deletion is forbidden",
+		},
+		{
+			name: "should succeed if Management object is not found",
+			tm:   tm.NewTemplateManagement(tm.WithName(tmName)),
+		},
+		{
+			name:            "should succeed if Management object was deleted",
+			tm:              tm.NewTemplateManagement(tm.WithName(tmName)),
+			existingObjects: []runtime.Object{management.NewManagement(management.WithDeletionTimestamp(metav1.Now()))},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := fake.NewClientBuilder().
+				WithScheme(scheme.Scheme).
+				WithRuntimeObjects(tt.existingObjects...).
+				WithIndex(&v1alpha1.ManagedCluster{}, v1alpha1.TemplateKey, v1alpha1.ExtractTemplateName).
+				Build()
+			validator := &TemplateManagementValidator{Client: c, SystemNamespace: utils.DefaultSystemNamespace}
+			warn, err := validator.ValidateDelete(ctx, tt.tm)
+			if tt.err != "" {
+				g.Expect(err).To(HaveOccurred())
+				if err.Error() != tt.err {
+					t.Fatalf("expected error '%s', got error: %s", tt.err, err.Error())
+				}
+			} else {
+				g.Expect(err).To(Succeed())
+			}
+			if len(tt.warnings) > 0 {
+				g.Expect(warn).To(Equal(tt.warnings))
+			} else {
+				g.Expect(warn).To(BeEmpty())
+			}
+		})
+	}
+}
diff --git a/test/objects/management/management.go b/test/objects/management/management.go
@@ -29,7 +29,8 @@ type Opt func(management *v1alpha1.Management)
 func NewManagement(opts ...Opt) *v1alpha1.Management {
 	p := &v1alpha1.Management{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: DefaultName,
+			Name:       DefaultName,
+			Finalizers: []string{v1alpha1.ManagementFinalizer},
 		},
 	}
 
@@ -45,6 +46,12 @@ func WithName(name string) Opt {
 	}
 }
 
+func WithDeletionTimestamp(deletionTimestamp metav1.Time) Opt {
+	return func(p *v1alpha1.Management) {
+		p.DeletionTimestamp = &deletionTimestamp
+	}
+}
+
 func WithCoreComponents(core *v1alpha1.Core) Opt {
 	return func(p *v1alpha1.Management) {
 		p.Spec.Core = core