[BOP-912] manage only resources(certs,issuers) that are created by BOP (

#79) * manage only resources(certs,issuers) that are created by BOP * fix e2e tests
Mirantis · Jul 12, 2024 · 2e231e7 · 2e231e7
1 parent b6e495c
commit 2e231e7
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 4 deletions.
diff --git a/controllers/blueprint_controller.go b/controllers/blueprint_controller.go
@@ -235,6 +235,9 @@ func issuerObject(issuer boundlessv1alpha1.Issuer) client.Object {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      issuer.Name,
 			Namespace: issuer.Namespace,
+			Labels: map[string]string{
+				"app.kubernetes.io/managed-by": "blueprint-operator",
+			},
 		},
 		Spec: issuer.Spec,
 	}
@@ -248,6 +251,9 @@ func clusterIssuerObject(issuer boundlessv1alpha1.ClusterIssuer) client.Object {
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name: issuer.Name,
+			Labels: map[string]string{
+				"app.kubernetes.io/managed-by": "blueprint-operator",
+			},
 		},
 		Spec: issuer.Spec,
 	}
@@ -262,6 +268,9 @@ func certificateObject(certificate boundlessv1alpha1.Certificate) client.Object
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      certificate.Name,
 			Namespace: certificate.Namespace,
+			Labels: map[string]string{
+				"app.kubernetes.io/managed-by": "blueprint-operator",
+			},
 		},
 		Spec: certificate.Spec,
 	}

diff --git a/controllers/objects.go b/controllers/objects.go
@@ -45,6 +45,16 @@ func listInstalledObjects(ctx context.Context, logger logr.Logger, apiClient cli
 
 func deleteObjects(ctx context.Context, logger logr.Logger, apiClient client.Client, objectsToUninstall map[string]client.Object) error {
 	for _, o := range objectsToUninstall {
+		// Only delete the resources(cert/issuer) that are managed by BOP.
+		// This check can be removed once we add the label in all
+		// the objects created by BOP (https://mirantis.jira.com/browse/BOP-919).
+		if o.GetObjectKind().GroupVersionKind().Kind == "Certificate" || o.GetObjectKind().GroupVersionKind().Kind == "Issuer" {
+			if o.GetLabels()["app.kubernetes.io/managed-by"] != "blueprint-operator" {
+				logger.Info("Skipping deletion of ", "Kind", o.GetObjectKind().GroupVersionKind().Kind)
+				continue
+			}
+		}
+
 		logger.Info("Removing object", "Name", o.GetName(), "Namespace", o.GetNamespace())
 		if err := apiClient.Delete(ctx, o, client.PropagationPolicy(metav1.DeletePropagationBackground)); client.IgnoreNotFound(err) != nil {
 			logger.Error(err, "Failed to remove object", "Name", o.GetName())

diff --git a/test/e2e/common.go b/test/e2e/common.go
@@ -40,6 +40,7 @@ func newIssuer(i metav1.ObjectMeta) *certmanager.Issuer {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      i.Name,
 			Namespace: i.Namespace,
+			Labels:    i.Labels,
 		},
 	}
 }
@@ -65,6 +66,7 @@ func newCertificate(cert metav1.ObjectMeta) *certmanager.Certificate {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      cert.Name,
 			Namespace: cert.Namespace,
+			Labels:    cert.Labels,
 		},
 	}
 }

diff --git a/test/e2e/install_certs_test.go b/test/e2e/install_certs_test.go
@@ -20,12 +20,30 @@ import (
 func TestInstallCerts(t *testing.T) {
 	dir := filepath.Join(curDir, "manifests", "certs")
 
-	i1 := newIssuer(metav1.ObjectMeta{Name: "test-issuer-1", Namespace: "test-issuer-ns-1"})
-	i2 := newIssuer(metav1.ObjectMeta{Name: "test-issuer-2", Namespace: "test-issuer-ns-1"})
+	i1 := newIssuer(metav1.ObjectMeta{
+		Name:      "test-issuer-1",
+		Namespace: "test-issuer-ns-1",
+		Labels: map[string]string{
+			"app.kubernetes.io/managed-by": "blueprint-operator",
+		},
+	})
+	i2 := newIssuer(metav1.ObjectMeta{
+		Name:      "test-issuer-2",
+		Namespace: "test-issuer-ns-1",
+		Labels: map[string]string{
+			"app.kubernetes.io/managed-by": "blueprint-operator",
+		},
+	})
 
 	ci1 := newClusterIssuer(metav1.ObjectMeta{Name: "test-cluster-issuer-1"})
 
-	cert1 := newCertificate(metav1.ObjectMeta{Name: "test-cert-1", Namespace: "test-issuer-ns-1"})
+	cert1 := newCertificate(metav1.ObjectMeta{
+		Name:      "test-cert-1",
+		Namespace: "test-issuer-ns-1",
+		Labels: map[string]string{
+			"app.kubernetes.io/managed-by": "blueprint-operator",
+		},
+	})
 	cert1Specs := certmanager.CertificateSpec{
 		CommonName: "test-cert-1",
 		IsCA:       true,
@@ -35,7 +53,13 @@ func TestInstallCerts(t *testing.T) {
 			Kind: "Issuer",
 		},
 	}
-	cert2 := newCertificate(metav1.ObjectMeta{Name: "test-cert-2", Namespace: "test-cert-ns-1"})
+	cert2 := newCertificate(metav1.ObjectMeta{
+		Name:      "test-cert-2",
+		Namespace: "test-cert-ns-1",
+		Labels: map[string]string{
+			"app.kubernetes.io/managed-by": "blueprint-operator",
+		},
+	})
 	cert2Specs := certmanager.CertificateSpec{
 		CommonName: "test-cert-2",
 		IsCA:       false,