Merge pull request openshift#8699 from tsmetana/filestore-destroy-again

STOR-1353: Attempt to cleanup GCP Filestore instances on destroy

Author: openshift-merge-bot[bot]

pkg/asset/installconfig/gcp/validation.go

@@ -444,7 +444,8 @@ func ValidateEnabledServices(ctx context.Context, client API, project string) er
 		"servicemanagement.googleapis.com",
 		"deploymentmanager.googleapis.com",
 		"storage-api.googleapis.com",
-		"storage-component.googleapis.com")
+		"storage-component.googleapis.com",
+		"file.googleapis.com")
 	projectServices, err := client.GetEnabledServices(ctx, project)
 	if err != nil {
 		if IsForbidden(err) {

pkg/destroy/gcp/filestore.go

@@ -0,0 +1,95 @@
+package gcp
+
+import (
+	"context"
+	"fmt"
+
+	"google.golang.org/api/file/v1"
+
+	gcpconsts "github.com/openshift/installer/pkg/constants/gcp"
+)
+
+func (o *ClusterUninstaller) filestoreParentPath() string {
+	return fmt.Sprintf("projects/%s/locations/-", o.ProjectID)
+}
+
+func (o *ClusterUninstaller) clusterFilestoreLabelFilter() string {
+	return fmt.Sprintf("labels.%s = \"owned\"", fmt.Sprintf(gcpconsts.ClusterIDLabelFmt, o.ClusterID))
+}
+
+func (o *ClusterUninstaller) listFilestores(ctx context.Context) ([]cloudResource, error) {
+	o.Logger.Debug("Listing filestores")
+	result := []cloudResource{}
+
+	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
+	defer cancel()
+	instSvc := file.NewProjectsLocationsInstancesService(o.fileSvc)
+	lCall := instSvc.List(o.filestoreParentPath()).Context(ctx).Filter(o.clusterFilestoreLabelFilter())
+
+	nextPageToken := "pageToken"
+	for nextPageToken != "" {
+		instances, err := lCall.Do()
+		if err != nil {
+			return nil, fmt.Errorf("error retrieving filestore instances: %w", err)
+		}
+
+		for _, activeInstance := range instances.Instances {
+			o.Logger.Debugf("Found filestore %s", activeInstance.Name)
+			result = append(result, cloudResource{
+				name:     activeInstance.Name,
+				typeName: "filestore",
+			})
+		}
+
+		nextPageToken = instances.NextPageToken
+		lCall.PageToken(nextPageToken)
+	}
+	return result, nil
+}
+
+func (o *ClusterUninstaller) deleteFilestore(ctx context.Context, item cloudResource) error {
+	o.Logger.Debugf("Deleting filestore %s", item.name)
+
+	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
+	defer cancel()
+	instSvc := file.NewProjectsLocationsInstancesService(o.fileSvc)
+	_, err := instSvc.Delete(item.name).Context(ctx).Do()
+	if err != nil && isForbidden(err) {
+		o.deletePendingItems(item.typeName, []cloudResource{item})
+		return fmt.Errorf("insufficient permissions to delete filestore %s", item.name)
+	}
+	if err != nil && !isNoOp(err) {
+		o.resetRequestID(item.typeName, item.name)
+		return fmt.Errorf("failed to delete filestore %s", item.name)
+	}
+	if err != nil && isNoOp(err) {
+		o.resetRequestID(item.typeName, item.name)
+		o.deletePendingItems(item.typeName, []cloudResource{item})
+		o.Logger.Infof("Deleted filestore %s", item.name)
+	}
+
+	return nil
+}
+
+func (o *ClusterUninstaller) destroyFilestores(ctx context.Context) error {
+	found, err := o.listFilestores(ctx)
+	if err != nil {
+		if isForbidden(err) {
+			o.Logger.Warning("Skipping deletion of filestores: insufficient Filestore API permissions or API disabled")
+			return nil
+		}
+		return err
+	}
+	items := o.insertPendingItems("filestore", found)
+	for _, item := range items {
+		err := o.deleteFilestore(ctx, item)
+		if err != nil {
+			o.errorTracker.suppressWarning(item.key, err, o.Logger)
+		}
+	}
+	if items = o.getPendingItems("filestore"); len(items) > 0 {
+		return fmt.Errorf("%d items pending", len(items))
+	}
+
+	return nil
+}

pkg/destroy/gcp/gcp.go

@@ -13,6 +13,7 @@ import (
 	resourcemanager "google.golang.org/api/cloudresourcemanager/v3"
 	"google.golang.org/api/compute/v1"
 	"google.golang.org/api/dns/v1"
+	"google.golang.org/api/file/v1"
 	"google.golang.org/api/googleapi"
 	"google.golang.org/api/iam/v1"
 	"google.golang.org/api/option"
@@ -63,6 +64,7 @@ type ClusterUninstaller struct {
 	dnsSvc     *dns.Service
 	storageSvc *storage.Service
 	rmSvc      *resourcemanager.Service
+	fileSvc    *file.Service
 
 	// cpusByMachineType caches the number of CPUs per machine type, used in quota
 	// calculations on deletion
@@ -147,6 +149,11 @@ func (o *ClusterUninstaller) Run() (*types.ClusterQuota, error) {
 		return nil, errors.Wrap(err, "failed to create resourcemanager service")
 	}
 
+	o.fileSvc, err = file.NewService(ctx, options...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create filestore service: %w", err)
+	}
+
 	err = wait.PollImmediateInfinite(
 		time.Second*10,
 		o.destroyCluster,
@@ -187,6 +194,7 @@ func (o *ClusterUninstaller) destroyCluster() (bool, error) {
 		{name: "Routers", execute: o.destroyRouters},
 		{name: "Subnetworks", execute: o.destroySubnetworks},
 		{name: "Networks", execute: o.destroyNetworks},
+		{name: "Filestores", execute: o.destroyFilestores},
 	}}
 
 	// create the main Context, so all stages can accept and make context children
@@ -259,6 +267,18 @@ func (o *ClusterUninstaller) clusterLabelOrClusterIDFilter() string {
 	return fmt.Sprintf("(%s) OR (%s)", o.clusterIDFilter(), o.clusterLabelFilter())
 }
 
+func isForbidden(err error) bool {
+	if err == nil {
+		return false
+	}
+	var ae *googleapi.Error
+	if errors.As(err, &ae) {
+		return ae.Code == http.StatusForbidden
+	}
+
+	return false
+}
+
 func isNoOp(err error) bool {
 	if err == nil {
 		return false