CLOUDP-148453: Add finalizer to teams CRs (#830)

* Use finalizer to prevent removal of assigned teams CR

Author: helderjs

pkg/controller/atlasdeployment/atlasdeployment_controller.go

@@ -49,10 +49,6 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/kube"
 )
 
-const (
-	finalizer = "mongodbatlas/finalizer"
-)
-
 // AtlasDeploymentReconciler reconciles an AtlasDeployment object
 type AtlasDeploymentReconciler struct {
 	watch.ResourceWatcher
@@ -148,13 +144,13 @@ func (r *AtlasDeploymentReconciler) Reconcile(context context.Context, req ctrl.
 	r.verifyNonTenantCase(deployment)
 
 	if deployment.GetDeletionTimestamp().IsZero() {
-		if !haveFinalizer(deployment, finalizer) {
+		if !customresource.HaveFinalizer(deployment, customresource.FinalizerLabel) {
 			err = r.Client.Get(context, kube.ObjectKeyFromObject(deployment), deployment)
 			if err != nil {
 				result = workflow.Terminate(workflow.Internal, err.Error())
 				return result.ReconcileResult(), nil
 			}
-			deployment.SetFinalizers(append(deployment.GetFinalizers(), finalizer))
+			customresource.SetFinalizer(deployment, customresource.FinalizerLabel)
 			if err = r.Client.Update(context, deployment); err != nil {
 				result = workflow.Terminate(workflow.Internal, err.Error())
 				log.Errorw("Failed to add finalizer", "error", err)
@@ -164,7 +160,7 @@ func (r *AtlasDeploymentReconciler) Reconcile(context context.Context, req ctrl.
 	}
 
 	if !deployment.GetDeletionTimestamp().IsZero() {
-		if haveFinalizer(deployment, finalizer) {
+		if customresource.HaveFinalizer(deployment, customresource.FinalizerLabel) {
 			if customresource.ResourceShouldBeLeftInAtlas(deployment) {
 				log.Infof("Not removing Atlas Deployment from Atlas as the '%s' annotation is set", customresource.ResourcePolicyAnnotation)
 			} else {
@@ -202,15 +198,6 @@ func (r *AtlasDeploymentReconciler) Reconcile(context context.Context, req ctrl.
 	return workflow.OK().ReconcileResult(), nil
 }
 
-func haveFinalizer(deployment *mdbv1.AtlasDeployment, finalizer string) bool {
-	for _, f := range deployment.Finalizers {
-		if f == finalizer {
-			return true
-		}
-	}
-	return false
-}
-
 func (r *AtlasDeploymentReconciler) verifyNonTenantCase(deployment *mdbv1.AtlasDeployment) {
 	var pSettings *mdbv1.ProviderSettingsSpec
 	var deploymentType string
@@ -598,21 +585,12 @@ func (r *AtlasDeploymentReconciler) removeDeletionFinalizer(context context.Cont
 	if err != nil {
 		return fmt.Errorf("cannot get AtlasDeployment while adding finalizer: %w", err)
 	}
-	deployment.Finalizers = removeString(deployment.Finalizers, finalizer)
+
+	customresource.UnsetFinalizer(deployment, customresource.FinalizerLabel)
 	if err = r.Client.Update(context, deployment); err != nil {
 		return fmt.Errorf("failed to remove deletion finalizer from %s: %w", deployment.GetDeploymentName(), err)
 	}
 	return nil
 }
 
-func removeString(slice []string, s string) (result []string) {
-	for _, item := range slice {
-		if item == s {
-			continue
-		}
-		result = append(result, item)
-	}
-	return result
-}
-
 type deploymentHandlerFunc func(ctx *workflow.Context, project *mdbv1.AtlasProject, deployment *mdbv1.AtlasDeployment, req reconcile.Request) (workflow.Result, error)

pkg/controller/atlasproject/atlasproject_controller.go

@@ -181,16 +181,16 @@ func (r *AtlasProjectReconciler) ensureDeletionFinalizer(ctx *workflow.Context,
 	log := ctx.Log
 
 	if project.GetDeletionTimestamp().IsZero() {
-		if !isDeletionFinalizerPresent(project) {
-			log.Debugw("Add deletion finalizer", "name", getFinalizerName())
+		if !customresource.HaveFinalizer(project, customresource.FinalizerLabel) {
+			log.Debugw("Add deletion finalizer", "name", customresource.FinalizerLabel)
 			if err := r.addDeletionFinalizer(context, project); err != nil {
 				return workflow.Terminate(workflow.Internal, err.Error())
 			}
 		}
 	}
 
 	if !project.GetDeletionTimestamp().IsZero() {
-		if isDeletionFinalizerPresent(project) {
+		if customresource.HaveFinalizer(project, customresource.FinalizerLabel) {
 			if customresource.ResourceShouldBeLeftInAtlas(project) {
 				log.Infof("Not removing the Atlas Project from Atlas as the '%s' annotation is set", customresource.ResourcePolicyAnnotation)
 			} else {
@@ -334,7 +334,7 @@ func (r *AtlasProjectReconciler) addDeletionFinalizer(ctx context.Context, p *md
 	if err != nil {
 		return fmt.Errorf("failed to get project before adding deletion finalizer: %w", err)
 	}
-	p.Finalizers = append(p.GetFinalizers(), getFinalizerName())
+	customresource.SetFinalizer(p, customresource.FinalizerLabel)
 	if err := r.Client.Update(ctx, p); err != nil {
 		return fmt.Errorf("failed to add deletion finalizer for %s: %w", p.Name, err)
 	}
@@ -346,38 +346,13 @@ func (r *AtlasProjectReconciler) removeDeletionFinalizer(ctx context.Context, p
 	if err != nil {
 		return fmt.Errorf("failed to get project before removing deletion finalizer: %w", err)
 	}
-	finalizers := p.GetFinalizers()
-	finalizers = removeString(finalizers, getFinalizerName())
-	p.SetFinalizers(finalizers)
+	customresource.UnsetFinalizer(p, customresource.FinalizerLabel)
 	if err = r.Client.Update(ctx, p); err != nil {
 		return fmt.Errorf("failed to remove deletion finalizer from %s: %w", p.Name, err)
 	}
 	return nil
 }
 
-func getFinalizerName() string {
-	return "mongodbatlas/finalizer"
-}
-
-func isDeletionFinalizerPresent(project *mdbv1.AtlasProject) bool {
-	for _, finalizer := range project.GetFinalizers() {
-		if finalizer == getFinalizerName() {
-			return true
-		}
-	}
-	return false
-}
-
-func removeString(slice []string, s string) (result []string) {
-	for _, item := range slice {
-		if item == s {
-			continue
-		}
-		result = append(result, item)
-	}
-	return result
-}
-
 // setCondition sets the condition from the result and logs the warnings
 func setCondition(ctx *workflow.Context, condition status.ConditionType, result workflow.Result) {
 	ctx.SetConditionFromResult(condition, result)

pkg/controller/atlasproject/team_reconciler.go

@@ -3,6 +3,7 @@ package atlasproject
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net/http"
 	"sync"
 
@@ -28,13 +29,16 @@ func (r *AtlasProjectReconciler) teamReconcile(
 	return func(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
 		log := r.Log.With("atlasteam", req.NamespacedName)
 
-		// TODO(helderjs): Add finalizers to avoid delete assigned teams
-		// TODO(helderjs): Add skip reconciliation annotation
 		result := customresource.PrepareResource(r.Client, req, team, log)
 		if !result.IsOk() {
 			return result.ReconcileResult(), nil
 		}
 
+		if shouldSkip := customresource.ReconciliationShouldBeSkipped(team); shouldSkip {
+			log.Infow(fmt.Sprintf("-> Skipping AtlasTeam reconciliation as annotation %s=%s", customresource.ReconciliationPolicyAnnotation, customresource.ReconciliationPolicySkip), "spec", team.Spec)
+			return workflow.OK().ReconcileResult(), nil
+		}
+
 		teamCtx, err := createTeamContextFromParent(team, r.Client, connection, r.AtlasDomain, log)
 		if err != nil {
 			teamCtx.SetConditionFalse(status.ReadyType)
@@ -69,13 +73,35 @@ func (r *AtlasProjectReconciler) teamReconcile(
 			return result.ReconcileResult(), nil
 		}
 
+		if team.GetDeletionTimestamp().IsZero() {
+			if len(team.Status.Projects) > 0 {
+				log.Debugw("Adding deletion finalizer", "name", customresource.FinalizerLabel)
+				customresource.SetFinalizer(team, customresource.FinalizerLabel)
+			} else {
+				log.Debugw("Removing deletion finalizer", "name", customresource.FinalizerLabel)
+				customresource.UnsetFinalizer(team, customresource.FinalizerLabel)
+			}
+
+			if err = r.Client.Update(ctx, team); err != nil {
+				result = workflow.Terminate(workflow.Internal, err.Error())
+				log.Errorw("Failed to update finalizer", "error", err)
+				return result.ReconcileResult(), nil
+			}
+		}
+
 		if !team.GetDeletionTimestamp().IsZero() {
-			log.Infow("-> Starting AtlasTeam deletion", "spec", team.Spec)
-			_, err := teamCtx.Client.Projects.Delete(ctx, team.Status.ID)
-			var apiError *mongodbatlas.ErrorResponse
-			if errors.As(err, &apiError) && apiError.ErrorCode == atlas.NotInGroup {
-				log.Infow("team does not exist", "projectID", team.Status.ID)
-				return workflow.Terminate(workflow.TeamDoesNotExist, err.Error()).ReconcileResult(), nil
+			if customresource.HaveFinalizer(team, customresource.FinalizerLabel) {
+				log.Warnf("team %s is assigned to a project. Remove it from all projects before delete", team.Name)
+			} else if customresource.ResourceShouldBeLeftInAtlas(team) {
+				log.Infof("Not removing the Atlas Team from Atlas as the '%s' annotation is set", customresource.ResourcePolicyAnnotation)
+			} else {
+				log.Infow("-> Starting AtlasTeam deletion", "spec", team.Spec)
+				_, err := teamCtx.Client.Teams.RemoveTeamFromOrganization(ctx, teamCtx.Connection.OrgID, team.Status.ID)
+				var apiError *mongodbatlas.ErrorResponse
+				if errors.As(err, &apiError) && apiError.ErrorCode == atlas.NotInGroup {
+					log.Infow("team does not exist", "projectID", team.Status.ID)
+					return workflow.Terminate(workflow.TeamDoesNotExist, err.Error()).ReconcileResult(), nil
+				}
 			}
 		}
 

pkg/controller/customresource/finalizer.go

@@ -0,0 +1,37 @@
+package customresource
+
+import (
+	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
+)
+
+const FinalizerLabel = "mongodbatlas/finalizer"
+
+func HaveFinalizer(resource mdbv1.AtlasCustomResource, finalizer string) bool {
+	for _, f := range resource.GetFinalizers() {
+		if f == finalizer {
+			return true
+		}
+	}
+
+	return false
+}
+
+// SetFinalizer Add the given finalizer to the list of resource finalizer
+func SetFinalizer(resource mdbv1.AtlasCustomResource, finalizer string) {
+	if !HaveFinalizer(resource, finalizer) {
+		resource.SetFinalizers(append(resource.GetFinalizers(), finalizer))
+	}
+}
+
+// UnsetFinalizer remove the given finalizer from the list of resource finalizer
+func UnsetFinalizer(resource mdbv1.AtlasCustomResource, finalizer string) {
+	finalizers := make([]string, 0, len(resource.GetFinalizers()))
+
+	for _, f := range resource.GetFinalizers() {
+		if f != finalizer {
+			finalizers = append(finalizers, f)
+		}
+	}
+
+	resource.SetFinalizers(finalizers)
+}