chore: retention mechanism for synchronized Kubernetes objects (#2052)

tolusha · web-flow · commit 19e9b357d16f · 2025-10-15T10:43:00.000+02:00
Signed-off-by: Anatolii Bazko &lt;abazko@redhat.com&gt;
diff --git a/controllers/workspaceconfig/configmap2sync.go b/controllers/workspaceconfig/configmap2sync.go
@@ -56,12 +56,17 @@ func (p *configMap2Sync) newDstObject() client.Object {
 }
 
 func (p *configMap2Sync) getSrcObjectVersion() string {
-	if len(p.version) == 0 {
-		return p.cm.GetResourceVersion()
+	if p.version != "" {
+		return p.version
 	}
-	return p.version
+
+	return p.cm.GetResourceVersion()
 }
 
 func (p *configMap2Sync) hasROSpec() bool {
 	return false
 }
+
+func (p *configMap2Sync) defaultRetention() bool {
+	return false
+}
diff --git a/controllers/workspaceconfig/configmap2sync_test.go b/controllers/workspaceconfig/configmap2sync_test.go
@@ -479,3 +479,128 @@ func TestSyncConfigMapShouldRemoveSomeLabels(t *testing.T) {
 	assert.Empty(t, cm.Labels["argocd.argoproj.io/instance"])
 	assert.Empty(t, cm.Labels["argocd.argoproj.io/managed-by"])
 }
+
+func TestSyncConfigMapShouldRetainIfAnnotationSetTrue(t *testing.T) {
+	deployContext := test.NewCtxBuilder().WithObjects(
+		&corev1.ConfigMap{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "ConfigMap",
+				APIVersion: "v1",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      objectName,
+				Namespace: eclipseCheNamespace,
+				Labels: map[string]string{
+					constants.KubernetesPartOfLabelKey:    constants.CheEclipseOrg,
+					constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
+				},
+				Annotations: map[string]string{
+					syncRetainOnDeleteAnnotation: "true",
+				},
+			},
+		}).Build()
+
+	workspaceConfigReconciler := NewWorkspacesConfigReconciler(
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Scheme,
+		&namespacecache.NamespaceCache{
+			Client: deployContext.ClusterAPI.Client,
+			KnownNamespaces: map[string]namespacecache.NamespaceInfo{
+				userNamespace: {
+					IsWorkspaceNamespace: true,
+					Username:             "user",
+					CheCluster:           &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"},
+				},
+			},
+			Lock: sync.Mutex{},
+		})
+
+	// Sync ConfigMap
+	err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
+
+	// Check ConfigMap in a user namespace is created
+	cm := &corev1.ConfigMap{}
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, cm)
+	assert.Nil(t, err)
+	assert.Equal(t, "true", cm.Annotations[syncRetainOnDeleteAnnotation])
+
+	// Delete src ConfigMap
+	err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInCheNs, &corev1.ConfigMap{})
+	assert.Nil(t, err)
+
+	// Sync ConfigMap
+	err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 0, v1ConfigMapGKV)
+
+	// Check that destination ConfigMap in a user namespace NOT is deleted
+	cm = &corev1.ConfigMap{}
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, cm)
+	assert.NoError(t, err)
+}
+
+func TestSyncConfigMapShouldNotRetainIfAnnotationSetFalse(t *testing.T) {
+	deployContext := test.NewCtxBuilder().WithObjects(
+		&corev1.ConfigMap{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "ConfigMap",
+				APIVersion: "v1",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      objectName,
+				Namespace: eclipseCheNamespace,
+				Labels: map[string]string{
+					constants.KubernetesPartOfLabelKey:    constants.CheEclipseOrg,
+					constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
+				},
+				Annotations: map[string]string{
+					syncRetainOnDeleteAnnotation: "false",
+				},
+			},
+		}).Build()
+
+	workspaceConfigReconciler := NewWorkspacesConfigReconciler(
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Scheme,
+		&namespacecache.NamespaceCache{
+			Client: deployContext.ClusterAPI.Client,
+			KnownNamespaces: map[string]namespacecache.NamespaceInfo{
+				userNamespace: {
+					IsWorkspaceNamespace: true,
+					Username:             "user",
+					CheCluster:           &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"},
+				},
+			},
+			Lock: sync.Mutex{},
+		})
+
+	// Sync ConfigMap
+	err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
+
+	// Check ConfigMap in a user namespace is created
+	cm := &corev1.ConfigMap{}
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, cm)
+	assert.Nil(t, err)
+	assert.Equal(t, "false", cm.Annotations[syncRetainOnDeleteAnnotation])
+
+	// Delete src ConfigMap
+	err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInCheNs, &corev1.ConfigMap{})
+	assert.Nil(t, err)
+
+	// Sync ConfigMap
+	err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 0, v1ConfigMapGKV)
+
+	// Check that destination ConfigMap in a user namespace is deleted
+	cm = &corev1.ConfigMap{}
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, cm)
+	assert.NotNil(t, err)
+	assert.True(t, errors.IsNotFound(err))
+}
diff --git a/controllers/workspaceconfig/object2sync_factory.go b/controllers/workspaceconfig/object2sync_factory.go
@@ -16,7 +16,7 @@ import (
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/eclipse-che/che-operator/pkg/common/utils"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -35,7 +35,7 @@ var (
 	v1PvcGKV       = corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim")
 )
 
-func createObject2SyncFromRaw(
+func createObject2SyncFromRawData(
 	raw []byte,
 	userName string,
 	namespaceName string) (Object2Sync, error) {
@@ -89,12 +89,11 @@ func createObject2SyncFromRaw(
 
 	return &unstructured2Sync{
 		srcObj:  srcObj,
-		dstObj:  srcObj,
 		version: hash,
 	}, nil
 }
 
-func createObject2SyncFromRuntimeObject(obj runtime.Object) Object2Sync {
+func createObject2SyncFromObject(obj client.Object) Object2Sync {
 	gkv := obj.GetObjectKind().GroupVersionKind()
 	switch gkv {
 	case v1ConfigMapGKV:
@@ -110,5 +109,7 @@ func createObject2SyncFromRuntimeObject(obj runtime.Object) Object2Sync {
 		return &pvc2Sync{pvc: pvc}
 	}
 
-	return nil
+	return &unstructured2Sync{
+		srcObj: obj,
+	}
 }
diff --git a/controllers/workspaceconfig/pvc2sync.go b/controllers/workspaceconfig/pvc2sync.go
@@ -49,12 +49,17 @@ func (p *pvc2Sync) newDstObject() client.Object {
 }
 
 func (p *pvc2Sync) getSrcObjectVersion() string {
-	if len(p.version) == 0 {
-		return p.pvc.GetResourceVersion()
+	if p.version != "" {
+		return p.version
 	}
-	return p.version
+
+	return p.pvc.GetResourceVersion()
 }
 
 func (p *pvc2Sync) hasROSpec() bool {
 	return true
 }
+
+func (p *pvc2Sync) defaultRetention() bool {
+	return true
+}
diff --git a/controllers/workspaceconfig/pvc2sync_test.go b/controllers/workspaceconfig/pvc2sync_test.go
@@ -18,14 +18,13 @@ import (
 	"testing"
 
 	"github.com/eclipse-che/che-operator/controllers/namespacecache"
+	"k8s.io/apimachinery/pkg/api/errors"
 
 	"k8s.io/apimachinery/pkg/types"
 
-	"github.com/eclipse-che/che-operator/pkg/deploy"
-	"k8s.io/apimachinery/pkg/api/errors"
-
 	"github.com/eclipse-che/che-operator/pkg/common/constants"
 	"github.com/eclipse-che/che-operator/pkg/common/test"
+	"github.com/eclipse-che/che-operator/pkg/deploy"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -133,9 +132,135 @@ func TestSyncPVC(t *testing.T) {
 	assert.Nil(t, err)
 	assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV)
 
-	// Check that destination PersistentVolumeClaim in a user namespace is deleted
+	// Check that destination PersistentVolumeClaim in a user namespace is NOT deleted
 	pvc = &corev1.PersistentVolumeClaim{}
 	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, pvc)
+	assert.Nil(t, err)
+}
+
+func TestSyncPVCShouldRetainIfAnnotationSetTrue(t *testing.T) {
+	deployContext := test.NewCtxBuilder().WithObjects(
+		&corev1.PersistentVolumeClaim{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "PersistentVolumeClaim",
+				APIVersion: "v1",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      objectName,
+				Namespace: eclipseCheNamespace,
+				Labels: map[string]string{
+					constants.KubernetesPartOfLabelKey:    constants.CheEclipseOrg,
+					constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
+				},
+				Annotations: map[string]string{
+					syncRetainOnDeleteAnnotation: "true",
+				},
+			},
+		}).Build()
+
+	workspaceConfigReconciler := NewWorkspacesConfigReconciler(
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Scheme,
+		&namespacecache.NamespaceCache{
+			Client: deployContext.ClusterAPI.Client,
+			KnownNamespaces: map[string]namespacecache.NamespaceInfo{
+				userNamespace: {
+					IsWorkspaceNamespace: true,
+					Username:             "user",
+					CheCluster:           &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"},
+				},
+			},
+			Lock: sync.Mutex{},
+		})
+
+	assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV)
+
+	// Sync PVC to a user namespace
+	err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV)
+
+	// Check if PVC in a user namespace is created
+	pvc := &corev1.PersistentVolumeClaim{}
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, pvc)
+	assert.Nil(t, err)
+	assert.Equal(t, "true", pvc.Annotations[syncRetainOnDeleteAnnotation])
+
+	// Delete src PVC
+	err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInCheNs, &corev1.PersistentVolumeClaim{})
+	assert.Nil(t, err)
+
+	// Sync PVC
+	err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV)
+
+	// Check that destination PVC in a user namespace is NOT deleted
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, &corev1.PersistentVolumeClaim{})
+	assert.NoError(t, err)
+}
+
+func TestSyncPVCShouldNotRetainIfAnnotationSetFalse(t *testing.T) {
+	deployContext := test.NewCtxBuilder().WithObjects(
+		&corev1.PersistentVolumeClaim{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "PersistentVolumeClaim",
+				APIVersion: "v1",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      objectName,
+				Namespace: eclipseCheNamespace,
+				Labels: map[string]string{
+					constants.KubernetesPartOfLabelKey:    constants.CheEclipseOrg,
+					constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
+				},
+				Annotations: map[string]string{
+					syncRetainOnDeleteAnnotation: "false",
+				},
+			},
+		}).Build()
+
+	workspaceConfigReconciler := NewWorkspacesConfigReconciler(
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Client,
+		deployContext.ClusterAPI.Scheme,
+		&namespacecache.NamespaceCache{
+			Client: deployContext.ClusterAPI.Client,
+			KnownNamespaces: map[string]namespacecache.NamespaceInfo{
+				userNamespace: {
+					IsWorkspaceNamespace: true,
+					Username:             "user",
+					CheCluster:           &types.NamespacedName{Name: "eclipse-che", Namespace: "eclipse-che"},
+				},
+			},
+			Lock: sync.Mutex{},
+		})
+
+	assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV)
+
+	// Sync PVC to a user namespace
+	err := workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV)
+
+	// Check if PVC in a user namespace is created
+	pvc := &corev1.PersistentVolumeClaim{}
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, pvc)
+	assert.Nil(t, err)
+	assert.Equal(t, "false", pvc.Annotations[syncRetainOnDeleteAnnotation])
+
+	// Delete src PVC
+	err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInCheNs, &corev1.PersistentVolumeClaim{})
+	assert.Nil(t, err)
+
+	// Sync PVC
+	err = workspaceConfigReconciler.syncNamespace(context.TODO(), eclipseCheNamespace, userNamespace)
+	assert.Nil(t, err)
+	assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV)
+
+	// Check that destination PVC in a user namespace is deleted
+	err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, &corev1.PersistentVolumeClaim{})
 	assert.NotNil(t, err)
 	assert.True(t, errors.IsNotFound(err))
 }
diff --git a/controllers/workspaceconfig/secret2sync.go b/controllers/workspaceconfig/secret2sync.go
@@ -56,12 +56,17 @@ func (p *secret2Sync) newDstObject() client.Object {
 }
 
 func (p *secret2Sync) getSrcObjectVersion() string {
-	if len(p.version) == 0 {
-		return p.secret.GetResourceVersion()
+	if p.version != "" {
+		return p.version
 	}
-	return p.version
+
+	return p.secret.GetResourceVersion()
 }
 
 func (p *secret2Sync) hasROSpec() bool {
 	return false
 }
+
+func (p *secret2Sync) defaultRetention() bool {
+	return false
+}
diff --git a/controllers/workspaceconfig/unstructured2sync.go b/controllers/workspaceconfig/unstructured2sync.go
diff --git a/controllers/workspaceconfig/unstructured2sync_test.go b/controllers/workspaceconfig/unstructured2sync_test.go
diff --git a/controllers/workspaceconfig/workspaces_config_controller.go b/controllers/workspaceconfig/workspaces_config_controller.go

Original file line number	Diff line number	Diff line change
`@@ -56,12 +56,17 @@ func (p *configMap2Sync) newDstObject() client.Object {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`func (p *configMap2Sync) getSrcObjectVersion() string {`
`59`		`- if len(p.version) == 0 {`
`60`		`- return p.cm.GetResourceVersion()`
	`59`	`+ if p.version != "" {`
	`60`	`+ return p.version`
`61`	`61`	`}`
`62`		`- return p.version`
	`62`	`+`
	`63`	`+ return p.cm.GetResourceVersion()`
`63`	`64`	`}`
`64`	`65`
`65`	`66`	`func (p *configMap2Sync) hasROSpec() bool {`
`66`	`67`	`return false`
`67`	`68`	`}`
	`69`	`+`
	`70`	`+func (p *configMap2Sync) defaultRetention() bool {`
	`71`	`+ return false`
	`72`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -49,12 +49,17 @@ func (p *pvc2Sync) newDstObject() client.Object {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`func (p *pvc2Sync) getSrcObjectVersion() string {`
`52`		`- if len(p.version) == 0 {`
`53`		`- return p.pvc.GetResourceVersion()`
	`52`	`+ if p.version != "" {`
	`53`	`+ return p.version`
`54`	`54`	`}`
`55`		`- return p.version`
	`55`	`+`
	`56`	`+ return p.pvc.GetResourceVersion()`
`56`	`57`	`}`
`57`	`58`
`58`	`59`	`func (p *pvc2Sync) hasROSpec() bool {`
`59`	`60`	`return true`
`60`	`61`	`}`
	`62`	`+`
	`63`	`+func (p *pvc2Sync) defaultRetention() bool {`
	`64`	`+ return true`
	`65`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -56,12 +56,17 @@ func (p *secret2Sync) newDstObject() client.Object {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`func (p *secret2Sync) getSrcObjectVersion() string {`
`59`		`- if len(p.version) == 0 {`
`60`		`- return p.secret.GetResourceVersion()`
	`59`	`+ if p.version != "" {`
	`60`	`+ return p.version`
`61`	`61`	`}`
`62`		`- return p.version`
	`62`	`+`
	`63`	`+ return p.secret.GetResourceVersion()`
`63`	`64`	`}`
`64`	`65`
`65`	`66`	`func (p *secret2Sync) hasROSpec() bool {`
`66`	`67`	`return false`
`67`	`68`	`}`
	`69`	`+`
	`70`	`+func (p *secret2Sync) defaultRetention() bool {`
	`71`	`+ return false`
	`72`	`+}`