Delete secrets on cluster removal (#177)

vasilevp · web-flow · commit ad5813509418 · 2021-03-25T13:31:04.000+03:00
diff --git a/pkg/controller/atlascluster/atlascluster_controller.go b/pkg/controller/atlascluster/atlascluster_controller.go
@@ -34,6 +34,7 @@ import (
 	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlas"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/customresource"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/statushandler"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/watch"
@@ -176,7 +177,7 @@ func (r *AtlasClusterReconciler) Delete(e event.DeleteEvent) error {
 			}
 
 			if err != nil {
-				log.Errorw("cannot delete Atlas cluster", "error", err)
+				log.Errorw("Cannot delete Atlas cluster", "error", err)
 				time.Sleep(workflow.DefaultRetry)
 				continue
 			}
@@ -187,5 +188,17 @@ func (r *AtlasClusterReconciler) Delete(e event.DeleteEvent) error {
 
 		log.Error("Failed to delete Atlas cluster in time")
 	}()
+
+	secrets, err := connectionsecret.ListByClusterName(r.Client, cluster.Namespace, project.ID(), cluster.Spec.Name)
+	if err != nil {
+		return fmt.Errorf("failed to find connection secrets for the user: %w", err)
+	}
+
+	for i := range secrets {
+		if err := r.Client.Delete(context.Background(), &secrets[i]); err != nil {
+			log.Errorw("Failed to delete secret", "secretName", secrets[i].Name, "error", err)
+		}
+	}
+
 	return nil
 }
diff --git a/test/int/cluster_test.go b/test/int/cluster_test.go
@@ -392,6 +392,46 @@ var _ = Describe("AtlasCluster", func() {
 			})
 		})
 	})
+
+	Describe("Create cluster, user, delete cluster and check secrets are removed", func() {
+		It("Should Succeed", func() {
+			createdCluster = mdbv1.DefaultGCPCluster(namespace.Name, createdProject.Name)
+			By(fmt.Sprintf("Creating the Cluster %s", kube.ObjectKeyFromObject(createdCluster)), func() {
+				Expect(k8sClient.Create(context.Background(), createdCluster)).ToNot(HaveOccurred())
+
+				Eventually(testutil.WaitFor(k8sClient, createdCluster, status.TrueCondition(status.ReadyType), validateClusterCreatingFunc()),
+					1800, interval).Should(BeTrue())
+
+				doCommonChecks()
+				checkAtlasState()
+			})
+
+			passwordSecret := buildPasswordSecret(UserPasswordSecret, DBUserPassword)
+			Expect(k8sClient.Create(context.Background(), &passwordSecret)).To(Succeed())
+
+			createdDBUser := mdbv1.DefaultDBUser(namespace.Name, "test-db-user", createdProject.Name).WithPasswordSecret(UserPasswordSecret)
+			By(fmt.Sprintf("Creating the Database User %s", kube.ObjectKeyFromObject(createdDBUser)), func() {
+				Expect(k8sClient.Create(context.Background(), createdDBUser)).ToNot(HaveOccurred())
+
+				Eventually(testutil.WaitFor(k8sClient, createdDBUser, status.TrueCondition(status.ReadyType)),
+					80, interval).Should(BeTrue())
+			})
+
+			By("Removing Atlas Cluster "+createdCluster.Name, func() {
+				Expect(k8sClient.Delete(context.Background(), createdCluster)).To(Succeed())
+				Eventually(checkAtlasClusterRemoved(createdProject.Status.ID, createdCluster.Spec.Name), 600, interval).Should(BeTrue())
+			})
+
+			By("Checking that Secrets got removed", func() {
+				secretNames := []string{kube.NormalizeIdentifier(fmt.Sprintf("%s-%s-%s", createdProject.Spec.Name, createdCluster.Spec.Name, createdDBUser.Spec.Username))}
+				Eventually(checkSecretsDontExist(namespace.Name, secretNames), 50, interval).Should(BeTrue())
+				checkNumberOfConnectionSecrets(k8sClient, *createdProject, 0)
+			})
+
+			// prevent cleanup from failing due to cluster already deleted
+			createdCluster = nil
+		})
+	})
 })
 
 func validateClusterCreatingFunc() func(a mdbv1.AtlasCustomResource) {
