Add secret deletion and tests (#192)

Author: LimKianAn

api/v1/postgres_types.go

@@ -24,7 +24,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/yaml"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 )
 
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
@@ -317,7 +316,6 @@ func (p *Postgres) ToPeripheralResourceName() string {
 func (p *Postgres) ToUserPasswordsSecret(src *corev1.SecretList, scheme *runtime.Scheme) (*corev1.Secret, error) {
 	secret := &corev1.Secret{}
 	secret.Namespace = p.Namespace
-	// todo: Consider `p.Name + "-passwords", so the`
 	secret.Name = p.ToUserPasswordsSecretName()
 	secret.Type = corev1.SecretTypeOpaque
 	secret.Data = map[string][]byte{}
@@ -327,11 +325,6 @@ func (p *Postgres) ToUserPasswordsSecret(src *corev1.SecretList, scheme *runtime
 		secret.Data[string(v.Data["username"])] = v.Data["password"]
 	}
 
-	// Set the owner of the secret
-	if err := controllerutil.SetControllerReference(p, secret, scheme); err != nil {
-		return nil, err
-	}
-
 	return secret, nil
 }
 

controllers/postgres_controller.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/go-logr/logr"
 	zalando "github.com/zalando/postgres-operator/pkg/apis/acid.zalan.do/v1"
+	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/tools/record"
 
@@ -119,6 +120,10 @@ func (r *PostgresReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 			return ctrl.Result{}, fmt.Errorf("error while uninstalling operator: %w", err)
 		}
 
+		if err := r.deleteUserPasswordsSecret(ctx, instance); err != nil {
+			return ctrl.Result{}, err
+		}
+
 		instance.RemoveFinalizer(pg.PostgresFinalizerName)
 		if err := r.CtrlClient.Update(ctx, instance); err != nil {
 			r.recorder.Eventf(instance, "Warning", "Self-Reconcilation", "failed to remove finalizer: %v", err)
@@ -232,6 +237,19 @@ func (r *PostgresReconciler) createOrUpdateZalandoPostgresql(ctx context.Context
 	return nil
 }
 
+func (r *PostgresReconciler) deleteUserPasswordsSecret(ctx context.Context, instance *pg.Postgres) error {
+	secret := &corev1.Secret{}
+	secret.Namespace = instance.Namespace
+	secret.Name = instance.ToUserPasswordsSecretName()
+	if err := r.CtrlClient.Delete(ctx, secret); err != nil {
+		msgWithFormat := "failed to delete user passwords secret: %w"
+		r.recorder.Eventf(instance, "Warning", "Error", msgWithFormat, err)
+		return fmt.Errorf(msgWithFormat, err)
+	}
+
+	return nil
+}
+
 // ensureZalandoDependencies makes sure Zalando resources are installed in the service-cluster.
 func (r *PostgresReconciler) ensureZalandoDependencies(ctx context.Context, p *pg.Postgres) error {
 	namespace := p.ToPeripheralResourceNamespace()

controllers/postgres_controller_test.go

@@ -7,8 +7,6 @@
 package controllers
 
 import (
-	"time"
-
 	pg "github.com/fi-ts/postgreslet/api/v1"
 	firewall "github.com/metal-stack/firewall-controller/api/v1"
 	. "github.com/onsi/ginkgo"
@@ -20,12 +18,6 @@ import (
 )
 
 var _ = Describe("postgres controller", func() {
-	const (
-		// duration = time.Second * 10
-		interval = time.Second * 2
-		timeout  = time.Second * 30
-	)
-
 	BeforeEach(func() {})
 	AfterEach(func() {})
 
@@ -79,6 +71,15 @@ var _ = Describe("postgres controller", func() {
 				}, &firewall.ClusterwideNetworkPolicy{}) == nil
 			}, timeout, interval).Should(BeTrue())
 		})
+
+		It("should create user-passwords-secret in control-plane-cluster", func() {
+			Eventually(func() bool {
+				return ctrlClusterClient.Get(newCtx(), types.NamespacedName{
+					Namespace: instance.Namespace,
+					Name:      instance.ToUserPasswordsSecretName(),
+				}, &corev1.Secret{}) == nil
+			}, timeout, interval).Should(BeTrue())
+		})
 	})
 
 	Context("postgres instance being deleted", func() {
@@ -107,5 +108,14 @@ var _ = Describe("postgres controller", func() {
 				return svcClusterClient.Get(newCtx(), instance.ToPeripheralResourceLookupKey(), z) == nil
 			}, timeout, interval).ShouldNot(BeTrue())
 		})
+
+		It("should delete user-passwords-secret in control-plane-cluster", func() {
+			Eventually(func() bool {
+				return ctrlClusterClient.Get(newCtx(), types.NamespacedName{
+					Namespace: instance.Namespace,
+					Name:      instance.ToUserPasswordsSecretName(),
+				}, &corev1.Secret{}) == nil
+			}, timeout, interval).ShouldNot(BeTrue())
+		})
 	})
 })

controllers/suite_test.go

@@ -11,6 +11,7 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+	"time"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -38,6 +39,12 @@ import (
 // These tests use Ginkgo (BDD-style Go testing framework). Refer to
 // http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
 
+const (
+	// duration = time.Second * 10
+	interval = time.Second * 2
+	timeout  = time.Second * 30
+)
+
 var (
 	ctrlClusterCfg     *rest.Config
 	ctrlClusterClient  client.Client
@@ -161,10 +168,12 @@ func createCredentialSecrets() {
 		s := &core.Secret{}
 		Expect(yaml.Unmarshal(bytes, s)).Should(Succeed())
 
-		s.Namespace = instance.Namespace
+		s.Namespace = instance.ToPeripheralResourceNamespace()
 		s.Name = users[i] + "." + instance.Name + ".credentials"
-		s.Labels = instance.ToUserPasswordSecretMatchingLabels()
-		Expect(ctrlClusterClient.Create(newCtx(), s)).Should(Succeed())
+		s.Labels = instance.ToZalandoPostgresqlMatchingLabels()
+		Eventually(func() bool {
+			return svcClusterClient.Create(newCtx(), s) == nil
+		}, timeout, interval).Should(BeTrue())
 	}
 }