Added the ability to create a node reset marker for unmanaged hosts

rdoxenham · web-flow · commit 59204c5cb8c3 · 2024-05-22T09:37:33.000+02:00
Signed-off-by: Rhys Oxenham (rhys.oxenham@suse.com) (cherry picked from commit 7c71dc9)
diff --git a/controllers/machineinventory_controller.go b/controllers/machineinventory_controller.go
@@ -53,6 +53,7 @@ import (
 const adoptionTimeout = 5
 
 const LocalResetPlanPath = "/oem/reset-cloud-config.yaml"
+const LocalResetUnmanagedMarker = "/var/lib/elemental/.unmanaged_reset"
 
 // MachineInventoryReconciler reconciles a MachineInventory object.
 type MachineInventoryReconciler struct {
@@ -187,8 +188,7 @@ func (r *MachineInventoryReconciler) reconcileResetPlanSecret(ctx context.Contex
 	logger.Info("Reconciling Reset plan")
 
 	resettable, resettableFound := mInventory.Annotations[elementalv1.MachineInventoryResettableAnnotation]
-	unmanaged, unmanagedFound := mInventory.Annotations[elementalv1.MachineInventoryOSUnmanagedAnnotation]
-	if (!resettableFound || resettable != "true") || (unmanagedFound && unmanaged == "true") {
+	if !resettableFound || resettable != "true" {
 		logger.V(log.DebugDepth).Info("Machine Inventory does not need reset. Removing finalizer.")
 		controllerutil.RemoveFinalizer(mInventory, elementalv1.MachineInventoryFinalizer)
 		return nil
@@ -234,7 +234,17 @@ func (r *MachineInventoryReconciler) updatePlanSecretWithReset(ctx context.Conte
 
 	logger.Info("Updating Secret with Reset plan")
 
-	checksum, resetPlan, err := r.newResetPlan(ctx)
+	var checksum string
+	var resetPlan []byte
+	var err error
+
+	unmanaged, unmanagedFound := mInventory.Annotations[elementalv1.MachineInventoryOSUnmanagedAnnotation]
+	if unmanagedFound && unmanaged == "true" {
+		checksum, resetPlan, err = r.newUnmanagedResetPlan(ctx)
+	} else {
+		checksum, resetPlan, err = r.newResetPlan(ctx)
+	}
+
 	if err != nil {
 		return fmt.Errorf("getting new reset plan: %w", err)
 	}
@@ -334,6 +344,35 @@ func (r *MachineInventoryReconciler) newResetPlan(ctx context.Context) (string,
 	return checksum, plan, nil
 }
 
+func (r *MachineInventoryReconciler) newUnmanagedResetPlan(ctx context.Context) (string, []byte, error) {
+	logger := ctrl.LoggerFrom(ctx)
+
+	logger.Info("Creating new Unmanaged Reset plan secret")
+
+	// This is the remote plan that should trigger the creation of a node reset marker with current timestamp
+	timeStamp := time.Now().Format("2006-01-02 15:04:05")
+	resetPlan := applyinator.Plan{
+		Files: []applyinator.File{
+			{
+				Content:     base64.StdEncoding.EncodeToString([]byte(timeStamp)),
+				Path:        LocalResetUnmanagedMarker,
+				Permissions: "0600",
+			},
+		},
+	}
+
+	var buf bytes.Buffer
+	if err := json.NewEncoder(&buf).Encode(resetPlan); err != nil {
+		return "", nil, fmt.Errorf("failed to encode plan: %w", err)
+	}
+
+	plan := buf.Bytes()
+
+	checksum := util.PlanChecksum(plan)
+
+	return checksum, plan, nil
+}
+
 func (r *MachineInventoryReconciler) createPlanSecret(ctx context.Context, mInventory *elementalv1.MachineInventory) error {
 	logger := ctrl.LoggerFrom(ctx)
 
diff --git a/controllers/machineinventory_controller_test.go b/controllers/machineinventory_controller_test.go
@@ -562,43 +562,154 @@ var _ = Describe("handle finalizer", func() {
 		Expect(apierrors.IsNotFound(err)).To(BeTrue())
 	})
 
-	It("should delete by removing finalizer when unmanaged annotation is true", func() {
-		// Manually enable os.unmanaged annotation
+	It("should delete by removing finalizer when up for deletion", func() {
+		// 6. Manually remove finalizer
 		Expect(cl.Get(ctx, client.ObjectKey{
 			Name:      mInventory.Name,
 			Namespace: mInventory.Namespace,
 		}, mInventory)).To(Succeed())
-		mInventory.Annotations[elementalv1.MachineInventoryOSUnmanagedAnnotation] = "true"
+		controllerutil.RemoveFinalizer(mInventory, elementalv1.MachineInventoryFinalizer)
 		Expect(cl.Update(ctx, mInventory)).To(Succeed())
 
-		// Reconcile to trigger finalizer removal
+		// Check MachineInventory was actually deleted
+		err := cl.Get(ctx, client.ObjectKey{
+			Name:      mInventory.Name,
+			Namespace: mInventory.Namespace,
+		}, mInventory)
+		Expect(apierrors.IsNotFound(err)).To(BeTrue())
+	})
+
+	AfterEach(func() {
+		Expect(test.CleanupAndWait(ctx, cl, mInventory, planSecret)).To(Succeed())
+	})
+})
+
+var _ = Describe("handle unmanaged finalizer", func() {
+	var r *MachineInventoryReconciler
+	var mInventory *elementalv1.MachineInventory
+	var planSecret *corev1.Secret
+
+	BeforeEach(func() {
+		r = &MachineInventoryReconciler{
+			Client: cl,
+		}
+
+		mInventory = &elementalv1.MachineInventory{
+			ObjectMeta: metav1.ObjectMeta{
+				DeletionTimestamp: &metav1.Time{Time: time.Now()},
+				Annotations:       map[string]string{elementalv1.MachineInventoryResettableAnnotation: "true", elementalv1.MachineInventoryOSUnmanagedAnnotation: "true"},
+				Finalizers:        []string{elementalv1.MachineInventoryFinalizer},
+				Name:              "machine-inventory-suite-finalizer",
+				Namespace:         "default",
+			},
+		}
+
+		planSecret = &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      mInventory.Name,
+				Namespace: mInventory.Namespace,
+			},
+		}
+
+		// 1. Create initial MachineInventory
+		Expect(cl.Create(ctx, mInventory)).To(Succeed())
+		// 2. Create initial plan Secret
 		_, err := r.Reconcile(ctx, reconcile.Request{
 			NamespacedName: types.NamespacedName{
 				Namespace: mInventory.Namespace,
 				Name:      mInventory.Name,
 			},
 		})
 		Expect(err).ToNot(HaveOccurred())
+		// 3. Update meta.DeletionTimestamp
+		Expect(cl.Delete(ctx, mInventory)).To(Succeed())
+		// 4. Update secret with reset plan
+		_, err = r.Reconcile(ctx, reconcile.Request{
+			NamespacedName: types.NamespacedName{
+				Namespace: mInventory.Namespace,
+				Name:      mInventory.Name,
+			},
+		})
+		Expect(err).ToNot(HaveOccurred())
+		// 5. Update MachineInventory plan status
+		_, err = r.Reconcile(ctx, reconcile.Request{
+			NamespacedName: types.NamespacedName{
+				Namespace: mInventory.Namespace,
+				Name:      mInventory.Name,
+			},
+		})
+		Expect(err).ToNot(HaveOccurred())
+	})
 
-		// Check MachineInventory was actually deleted
-		err = cl.Get(ctx, client.ObjectKey{
+	It("should update secret with reset plan when unmanaged annotation is true", func() {
+		// Manually enable os.unmanaged annotation
+		Expect(cl.Get(ctx, client.ObjectKey{
+			Name:      planSecret.Name,
+			Namespace: planSecret.Namespace,
+		}, planSecret)).To(Succeed())
+		Expect(cl.Get(ctx, client.ObjectKey{
 			Name:      mInventory.Name,
 			Namespace: mInventory.Namespace,
-		}, mInventory)
-		Expect(apierrors.IsNotFound(err)).To(BeTrue())
-	})
+		}, mInventory)).To(Succeed())
+		mInventory.Annotations[elementalv1.MachineInventoryOSUnmanagedAnnotation] = "true"
+		Expect(cl.Update(ctx, mInventory)).To(Succeed())
 
-	It("should delete by removing finalizer when up for deletion", func() {
-		// 6. Manually remove finalizer
+		wantChecksum, wantPlan, err := r.newUnmanagedResetPlan(ctx)
+		Expect(err).ToNot(HaveOccurred())
+
+		// Check Plan status
+		Expect(mInventory.Status.Plan.Checksum).To(Equal(wantChecksum))
+		Expect(mInventory.Status.Plan.PlanSecretRef.Name).To(Equal(planSecret.Name))
+		Expect(mInventory.Status.Plan.PlanSecretRef.Namespace).To(Equal(planSecret.Namespace))
+		Expect(mInventory.Status.Plan.State).To(Equal(elementalv1.PlanState("")))
+
+		// Check MachineInventory status
+		Expect(mInventory.Status.Conditions[0].Type).To(Equal(elementalv1.ReadyCondition))
+		Expect(mInventory.Status.Conditions[0].Reason).To(Equal(elementalv1.WaitingForPlanReason))
+		Expect(mInventory.Status.Conditions[0].Status).To(Equal(metav1.ConditionFalse))
+		Expect(mInventory.Status.Conditions[0].Message).To(Equal("waiting for plan to be applied"))
+
+		// Check plan secret was updated
+		Expect(planSecret.Annotations[elementalv1.PlanTypeAnnotation]).To(Equal(elementalv1.PlanTypeReset))
+		Expect(planSecret.Data["plan"]).To(Equal(wantPlan))
+		Expect(planSecret.Data["applied-checksum"]).To(Equal([]byte("")))
+		Expect(planSecret.Data["failed-checksum"]).To(Equal([]byte("")))
+
+		// Check we are holding on the MachineInventory (preventing actual deletion)
+		_, err = r.Reconcile(ctx, reconcile.Request{
+			NamespacedName: types.NamespacedName{
+				Namespace: mInventory.Namespace,
+				Name:      mInventory.Name,
+			},
+		})
+		Expect(err).ToNot(HaveOccurred())
 		Expect(cl.Get(ctx, client.ObjectKey{
 			Name:      mInventory.Name,
 			Namespace: mInventory.Namespace,
 		}, mInventory)).To(Succeed())
-		controllerutil.RemoveFinalizer(mInventory, elementalv1.MachineInventoryFinalizer)
-		Expect(cl.Update(ctx, mInventory)).To(Succeed())
+	})
+
+	It("should remove finalizer on unmanaged reset plan applied", func() {
+		// 6. Mark the reset plan as applied
+		Expect(cl.Get(ctx, client.ObjectKey{
+			Name:      mInventory.Name,
+			Namespace: mInventory.Namespace,
+		}, planSecret)).To(Succeed())
+		mInventory.Annotations[elementalv1.MachineInventoryOSUnmanagedAnnotation] = "true"
+		planSecret.Data["applied-checksum"] = []byte("applied")
+		Expect(cl.Update(ctx, planSecret)).To(Succeed())
+
+		// 7. Trigger finalizer removal
+		_, err := r.Reconcile(ctx, reconcile.Request{
+			NamespacedName: types.NamespacedName{
+				Namespace: mInventory.Namespace,
+				Name:      mInventory.Name,
+			},
+		})
+		Expect(err).ToNot(HaveOccurred())
 
 		// Check MachineInventory was actually deleted
-		err := cl.Get(ctx, client.ObjectKey{
+		err = cl.Get(ctx, client.ObjectKey{
 			Name:      mInventory.Name,
 			Namespace: mInventory.Namespace,
 		}, mInventory)
