fix tenant cleanup

aleoli · adamjensenbot · commit 05b16dbb0d85 · 2024-10-01T09:25:55.000+02:00
diff --git a/cmd/liqoctl/cmd/unpeer.go b/cmd/liqoctl/cmd/unpeer.go
@@ -66,6 +66,7 @@ func newUnpeerCommand(ctx context.Context, f *factory.Factory) *cobra.Command {
 
 	cmd.PersistentFlags().DurationVar(&options.Timeout, "timeout", 120*time.Second, "Timeout for unpeering completion")
 	cmd.PersistentFlags().BoolVar(&options.Wait, "wait", true, "Wait for resource to be deleted before returning")
+	cmd.PersistentFlags().BoolVar(&options.KeepNamespaces, "keep-namespaces", false, "Keep tenant namespaces after unpeering")
 
 	options.LocalFactory.AddFlags(cmd.PersistentFlags(), cmd.RegisterFlagCompletionFunc)
 	options.RemoteFactory.AddFlags(cmd.PersistentFlags(), cmd.RegisterFlagCompletionFunc)
diff --git a/pkg/liqo-controller-manager/authentication/tenant-controller/tenant_controller.go b/pkg/liqo-controller-manager/authentication/tenant-controller/tenant_controller.go
@@ -28,7 +28,6 @@ import (
 	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	authv1beta1 "github.com/liqotech/liqo/apis/authentication/v1beta1"
 	"github.com/liqotech/liqo/pkg/consts"
@@ -215,21 +214,6 @@ func (r *TenantReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 
 	tenant.Status.AuthParams = authParams
 
-	// own the tenant namespace
-
-	err = controllerutil.SetOwnerReference(tenant, tenantNamespace, r.Scheme)
-	if err != nil {
-		klog.Errorf("Unable to set the OwnerReference for the TenantNamespace %q: %s", tenantNamespace.Name, err)
-		r.EventRecorder.Event(tenant, corev1.EventTypeWarning, "OwnerReferenceFailed", err.Error())
-		return ctrl.Result{}, err
-	}
-
-	if err = r.Client.Update(ctx, tenantNamespace); err != nil {
-		klog.Errorf("Unable to set the OwnerReference for the TenantNamespace %q: %s", tenantNamespace.Name, err)
-		r.EventRecorder.Event(tenant, corev1.EventTypeWarning, "OwnerReferenceFailed", err.Error())
-		return ctrl.Result{}, err
-	}
-
 	// bind permissions
 
 	_, err = r.NamespaceManager.BindClusterRoles(ctx, tenant.Spec.ClusterID,
diff --git a/pkg/liqoctl/network/handler.go b/pkg/liqoctl/network/handler.go
@@ -138,6 +138,16 @@ func (o *Options) RunReset(ctx context.Context) error {
 		return err
 	}
 
+	// Delete gateway client on cluster 2
+	if err := cluster2.DeleteGatewayClient(ctx, forge.DefaultGatewayClientName(cluster1.localClusterID)); err != nil {
+		return err
+	}
+
+	// Delete gateway server on cluster 1
+	if err := cluster1.DeleteGatewayServer(ctx, forge.DefaultGatewayServerName(cluster2.localClusterID)); err != nil {
+		return err
+	}
+
 	// Delete gateway server on cluster 2
 	if err := cluster2.DeleteGatewayServer(ctx, forge.DefaultGatewayServerName(cluster1.localClusterID)); err != nil {
 		return err
diff --git a/pkg/liqoctl/unauthenticate/handler.go b/pkg/liqoctl/unauthenticate/handler.go
@@ -72,15 +72,5 @@ func (o *Options) RunUnauthenticate(ctx context.Context) error {
 		return err
 	}
 
-	// Delete tenant namespace on consumer cluster
-	if err := consumer.DeleteTenantNamespace(ctx, provider.localClusterID, o.Wait); err != nil {
-		return err
-	}
-
-	// Delete tenant namespace on provider cluster
-	if err := provider.DeleteTenantNamespace(ctx, consumer.localClusterID, o.Wait); err != nil {
-		return err
-	}
-
 	return nil
 }
diff --git a/pkg/liqoctl/unpeer/handler.go b/pkg/liqoctl/unpeer/handler.go
@@ -26,6 +26,7 @@ import (
 	"github.com/liqotech/liqo/pkg/liqoctl/unauthenticate"
 	"github.com/liqotech/liqo/pkg/liqoctl/wait"
 	liqoutils "github.com/liqotech/liqo/pkg/utils"
+	fcutils "github.com/liqotech/liqo/pkg/utils/foreigncluster"
 )
 
 // Options encapsulates the arguments of the unpeer command.
@@ -34,8 +35,9 @@ type Options struct {
 	RemoteFactory *factory.Factory
 	waiter        *wait.Waiter
 
-	Timeout time.Duration
-	Wait    bool
+	Timeout        time.Duration
+	Wait           bool
+	KeepNamespaces bool
 
 	consumerClusterID liqov1beta1.ClusterID
 	providerClusterID liqov1beta1.ClusterID
@@ -70,15 +72,21 @@ func (o *Options) RunUnpeer(ctx context.Context) error {
 		return err
 	}
 
-	// Disable offloading
-	if err := o.disableOffloading(ctx); err != nil {
-		o.LocalFactory.Printer.CheckErr(fmt.Errorf("unable to disable offloading: %w", err))
+	// check if there is a bidirectional peering between the two clusters
+	bidirectional, err := o.isBidirectionalPeering(ctx)
+	if err != nil {
+		o.LocalFactory.Printer.CheckErr(fmt.Errorf("an error occurred while checking bidirectional peering: %v", output.PrettyErr(err)))
+		return err
+	}
+	if bidirectional && !o.KeepNamespaces {
+		err = fmt.Errorf("cannot unpeer bidirectional peering without keeping namespaces, please set the --keep-namespaces flag")
+		o.LocalFactory.Printer.CheckErr(err)
 		return err
 	}
 
-	// Disable networking
-	if err := o.disableNetworking(ctx); err != nil {
-		o.LocalFactory.Printer.CheckErr(fmt.Errorf("unable to disable networking: %w", err))
+	// Disable offloading
+	if err := o.disableOffloading(ctx); err != nil {
+		o.LocalFactory.Printer.CheckErr(fmt.Errorf("unable to disable offloading: %w", err))
 		return err
 	}
 
@@ -88,6 +96,29 @@ func (o *Options) RunUnpeer(ctx context.Context) error {
 		return err
 	}
 
+	if !bidirectional {
+		// Disable networking
+		if err := o.disableNetworking(ctx); err != nil {
+			o.LocalFactory.Printer.CheckErr(fmt.Errorf("unable to disable networking: %w", err))
+			return err
+		}
+	}
+
+	if !o.KeepNamespaces {
+		consumer := unauthenticate.NewCluster(o.LocalFactory)
+		provider := unauthenticate.NewCluster(o.RemoteFactory)
+
+		// Delete tenant namespace on consumer cluster
+		if err := consumer.DeleteTenantNamespace(ctx, o.providerClusterID, o.Wait); err != nil {
+			return err
+		}
+
+		// Delete tenant namespace on provider cluster
+		if err := provider.DeleteTenantNamespace(ctx, o.consumerClusterID, o.Wait); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
@@ -136,3 +167,21 @@ func (o *Options) disableAuthentication(ctx context.Context) error {
 
 	return nil
 }
+
+func (o *Options) isBidirectionalPeering(ctx context.Context) (bool, error) {
+	consumerFC, err := fcutils.GetForeignClusterByID(ctx, o.RemoteFactory.CRClient, o.consumerClusterID)
+	if err != nil {
+		return false, err
+	}
+
+	providerFC, err := fcutils.GetForeignClusterByID(ctx, o.LocalFactory.CRClient, o.providerClusterID)
+	if err != nil {
+		return false, err
+	}
+
+	if consumerFC.Status.Role == liqov1beta1.ConsumerAndProviderRole || providerFC.Status.Role == liqov1beta1.ConsumerAndProviderRole {
+		return true, nil
+	}
+
+	return false, nil
+}
