implement delete path of mcp controller

Author: Diaphteiros

api/clusters/v1alpha1/constants/reasons.go

@@ -15,4 +15,6 @@ const (
 	ReasonWaitingForClusterRequest = "WaitingForClusterRequest"
 	// ReasonWaitingForAccessRequest indicates that something is waiting for an AccessRequest to become ready.
 	ReasonWaitingForAccessRequest = "WaitingForAccessRequest"
+	// ReasonWaitingForServices indicates that something is waiting for one or more service providers to do something.
+	ReasonWaitingForServices = "WaitingForServices"
 )

api/core/v2alpha1/constants.go

@@ -8,10 +8,21 @@ const (
 const (
 	MCPLabel          = GroupName + "/mcp"
 	OIDCProviderLabel = GroupName + "/oidc-provider"
+
+	MCPFinalizer = MCPLabel
+
+	// ServiceDependencyFinalizerPrefix is the prefix for the dependency finalizers that are added to MCP resources by associated services.
+	ServiceDependencyFinalizerPrefix = "services.openmcp.cloud/"
+	// ClusterRequestFinalizerPrefix is the prefix for the finalizers that are added to MCP resources for cluster requests.
+	ClusterRequestFinalizerPrefix = "request.clusters.openmcp.cloud/"
 )
 
 const (
-	ConditionClusterRequestReady   = "ClusterRequestReady"
-	ConditionPrefixOIDCAccessReady = "OIDCAccessReady_"
-	ConditionAllAccessReady        = "AllAccessReady"
+	ConditionMeta = "Meta"
+
+	ConditionClusterRequestReady       = "ClusterRequestReady"
+	ConditionPrefixOIDCAccessReady     = "OIDCAccessReady_"
+	ConditionAllAccessReady            = "AllAccessReady"
+	ConditionAllServicesDeleted        = "AllServicesDeleted"
+	ConditionAllClusterRequestsDeleted = "AllClusterRequestsDeleted"
 )

internal/controllers/managedcontrolplane/access.go

@@ -11,7 +11,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
-	"github.com/openmcp-project/controller-utils/pkg/conditions"
 	ctrlutils "github.com/openmcp-project/controller-utils/pkg/controller"
 	errutils "github.com/openmcp-project/controller-utils/pkg/errors"
 	"github.com/openmcp-project/controller-utils/pkg/logging"
@@ -25,41 +24,40 @@ import (
 )
 
 // manageAccessRequests aligns the existing AccessRequests for the MCP with the currently configured OIDC providers.
-// It uses the given createCon function to create conditions for AccessRequests and removes outdated AccessRequest related conditions directly from the MCP status.
+// It uses the given createCon function to create conditions for AccessRequests and returns a set of conditions that should be removed from the MCP status.
 // The bool return value specifies whether everything related to MCP access is in the desired state or not. If 'false', it is recommended to requeue the MCP.
-func (r *ManagedControlPlaneReconciler) manageAccessRequests(ctx context.Context, mcp *corev2alpha1.ManagedControlPlane, cr *clustersv1alpha1.ClusterRequest, createCon func(conType string, status metav1.ConditionStatus, reason, message string)) (bool, errutils.ReasonableError) {
+func (r *ManagedControlPlaneReconciler) manageAccessRequests(ctx context.Context, mcp *corev2alpha1.ManagedControlPlane, cr *clustersv1alpha1.ClusterRequest, createCon func(conType string, status metav1.ConditionStatus, reason, message string)) (bool, sets.Set[string], errutils.ReasonableError) {
 	updatedAccessRequests, rerr := r.createOrUpdateDesiredAccessRequests(ctx, mcp, cr, createCon)
 	if rerr != nil {
-		return false, rerr
+		return false, nil, rerr
 	}
 
 	accessRequestsInDeletion, rerr := r.deleteUndesiredAccessRequests(ctx, mcp, updatedAccessRequests, createCon)
 	if rerr != nil {
-		return false, rerr
+		return false, nil, rerr
 	}
 
 	allAccessReady, rerr := r.syncAccessSecrets(ctx, mcp, updatedAccessRequests, createCon)
 	if rerr != nil {
-		return false, rerr
+		return false, nil, rerr
 	}
 
 	accessSecretsInDeletion, rerr := r.deleteUndesiredAccessSecrets(ctx, mcp, updatedAccessRequests, createCon)
 	if rerr != nil {
-		return false, rerr
+		return false, nil, rerr
 	}
 
 	// remove conditions for AccessRequests that are neither required nor in deletion (= have been deleted already)
-	cu := conditions.ConditionUpdater(mcp.Status.Conditions, false).WithEventRecorder(r.eventRecorder, conditions.EventPerChange)
+	removeConditions := sets.New[string]()
 	for _, con := range mcp.Status.Conditions {
 		if !strings.HasPrefix(con.Type, corev2alpha1.ConditionPrefixOIDCAccessReady) {
 			continue
 		}
 		providerName := strings.TrimPrefix(con.Type, corev2alpha1.ConditionPrefixOIDCAccessReady)
 		if _, ok := updatedAccessRequests[providerName]; !ok && !accessRequestsInDeletion.Has(providerName) {
-			cu.RemoveCondition(corev2alpha1.ConditionPrefixOIDCAccessReady + providerName)
+			removeConditions.Insert(con.Type)
 		}
 	}
-	mcp.Status.Conditions, _ = cu.Record(mcp).Conditions()
 
 	everythingReady := accessRequestsInDeletion.Len() == 0 && accessSecretsInDeletion.Len() == 0 && allAccessReady
 	if everythingReady {
@@ -68,7 +66,7 @@ func (r *ManagedControlPlaneReconciler) manageAccessRequests(ctx context.Context
 		createCon(corev2alpha1.ConditionAllAccessReady, metav1.ConditionFalse, cconst.ReasonWaitingForAccessRequest, "Not all accesses are ready")
 	}
 
-	return everythingReady, nil
+	return everythingReady, removeConditions, nil
 }
 
 // createOrUpdateDesiredAccessRequests creates/updates all AccessRequests that are desired according to the ManagedControlPlane's configured OIDC providers.

internal/controllers/managedcontrolplane/clusters.go

@@ -0,0 +1,93 @@
+package managedcontrolplane
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/util/sets"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	errutils "github.com/openmcp-project/controller-utils/pkg/errors"
+	"github.com/openmcp-project/controller-utils/pkg/logging"
+
+	clustersv1alpha1 "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1"
+	cconst "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1/constants"
+	corev2alpha1 "github.com/openmcp-project/openmcp-operator/api/core/v2alpha1"
+	libutils "github.com/openmcp-project/openmcp-operator/lib/utils"
+)
+
+func (r *ManagedControlPlaneReconciler) deleteRelatedClusterRequests(ctx context.Context, mcp *corev2alpha1.ManagedControlPlane) (sets.Set[string], errutils.ReasonableError) {
+	log := logging.FromContextOrPanic(ctx)
+
+	// delete depending cluster requests, if any
+	crNames := sets.New[string]()
+
+	if mcp == nil {
+		log.Debug("MCP is nil, no need to check for cluster requests")
+		return crNames, nil
+	}
+
+	// identify cluster request finalizers
+	for _, fin := range mcp.Finalizers {
+		if strings.HasPrefix(fin, corev2alpha1.ClusterRequestFinalizerPrefix) {
+			crNames.Insert(strings.TrimPrefix(fin, corev2alpha1.ClusterRequestFinalizerPrefix))
+		}
+	}
+
+	if crNames.Len() == 0 {
+		log.Debug("No cluster request finalizers found on MCP")
+		return crNames, nil
+	}
+
+	// fetch cluster requests, if any exist
+	namespace := libutils.StableRequestNamespace(mcp.Namespace)
+	resources := map[string]*clustersv1alpha1.ClusterRequest{}
+	errs := errutils.NewReasonableErrorList()
+	for crName := range crNames {
+		cr := &clustersv1alpha1.ClusterRequest{}
+		cr.SetName(crName)
+		cr.SetNamespace(namespace)
+		if err := r.PlatformCluster.Client().Get(ctx, client.ObjectKeyFromObject(cr), cr); err != nil {
+			if !apierrors.IsNotFound(err) {
+				errs.Append(errutils.WithReason(fmt.Errorf("error getting ClusterRequest '%s/%s': %w", namespace, crName, err), cconst.ReasonPlatformClusterInteractionProblem))
+			}
+			continue
+		}
+		resources[crName] = cr
+	}
+	if rerr := errs.Aggregate(); rerr != nil {
+		return sets.KeySet(resources), rerr
+	}
+
+	// delete cluster requests
+	errs = errutils.NewReasonableErrorList()
+	for crName, cr := range resources {
+		if crName == mcp.Name && len(resources) > 1 {
+			// skip the MCP's main ClusterRequest for now
+			// we want to make sure that all other ClusterRequests are deleted first
+			// in case the corresponding clusters are hosting resources that depend on the MCP cluster
+			log.Debug("Skipping deletion of MCP's primary ClusterRequest, because there are other ClusterRequests to delete first", "crName", crName, "namespace", cr.GetNamespace())
+			continue
+		}
+		if !cr.GetDeletionTimestamp().IsZero() {
+			log.Debug("ClusterRequest resource already marked for deletion", "crName", crName, "namespace", cr.GetNamespace())
+			continue
+		}
+		log.Info("Deleting ClusterRequest", "crName", crName, "namespace", cr.GetNamespace())
+		if err := r.PlatformCluster.Client().Delete(ctx, cr); err != nil {
+			if !apierrors.IsNotFound(err) {
+				errs.Append(errutils.WithReason(fmt.Errorf("error deleting ClusterRequest '%s/%s': %w", namespace, crName, err), cconst.ReasonPlatformClusterInteractionProblem))
+			} else {
+				log.Debug("ClusterRequest not found during deletion", "crName", crName, "namespace", cr.GetNamespace())
+				delete(resources, crName) // remove from resources if not found
+			}
+		}
+	}
+	if rerr := errs.Aggregate(); rerr != nil {
+		return sets.KeySet(resources), rerr
+	}
+
+	return sets.KeySet(resources), nil
+}