forked from mrbarge/aws-account-operator
/
finalizer.go
73 lines (57 loc) · 2.7 KB
/
finalizer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package awsfederatedrole
import (
"context"
"fmt"
"reflect"
"github.com/go-logr/logr"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/client"
awsv1alpha1 "github.com/ravitri/aws-account-operator/api/v1alpha1"
"github.com/ravitri/aws-account-operator/pkg/utils"
)
func (r *AWSFederatedRoleReconciler) addFinalizer(reqLogger logr.Logger, awsFederatedRole *awsv1alpha1.AWSFederatedRole) error {
reqLogger.Info("Adding Finalizer for the AccountClaim")
awsFederatedRole.SetFinalizers(append(awsFederatedRole.GetFinalizers(), utils.Finalizer))
// Update CR
err := r.Client.Update(context.TODO(), awsFederatedRole)
if err != nil {
reqLogger.Error(err, "Failed to update AccountClaim with finalizer")
return err
}
return nil
}
func (r *AWSFederatedRoleReconciler) removeFinalizer(reqLogger logr.Logger, awsFederatedRole *awsv1alpha1.AWSFederatedRole, finalizerName string) error {
reqLogger.Info("Removing Finalizer for the AWSFederatedRole")
awsFederatedRole.SetFinalizers(utils.Remove(awsFederatedRole.GetFinalizers(), finalizerName))
// Update CR
err := r.Client.Update(context.TODO(), awsFederatedRole)
if err != nil {
reqLogger.Error(err, "Failed to remove AWSFederatedAccountAccess finalizer")
return err
}
return nil
}
func (r *AWSFederatedRoleReconciler) finalizeFederateRole(reqLogger logr.Logger, awsFederatedRole *awsv1alpha1.AWSFederatedRole) error {
// Get all FederatedAccountAccesses
awsFederatedAccountAccessList := &awsv1alpha1.AWSFederatedAccountAccessList{}
listOpts := []client.ListOption{}
if err := r.Client.List(context.TODO(), awsFederatedAccountAccessList, listOpts...); err != nil {
reqLogger.Error(err, "unable to list AWS Federated Account Accesses")
return err
}
for i := range awsFederatedAccountAccessList.Items {
if isFederatedRoleReferenced(&awsFederatedAccountAccessList.Items[i], awsFederatedRole) {
deleteAccessErr := r.Client.Delete(context.TODO(), &awsFederatedAccountAccessList.Items[i])
if deleteAccessErr != nil {
reqLogger.Error(deleteAccessErr, fmt.Sprintf("unable to delete AWS Federated Account Accesses %s\n", awsFederatedAccountAccessList.Items[i].Name))
return deleteAccessErr
}
}
}
return nil
}
func isFederatedRoleReferenced(awsFederatedAccountAccess *awsv1alpha1.AWSFederatedAccountAccess, awsFederatedRole *awsv1alpha1.AWSFederatedRole) bool {
referencedRoleNamespacedName := types.NamespacedName{Name: awsFederatedAccountAccess.Spec.AWSFederatedRole.Name, Namespace: awsFederatedAccountAccess.Spec.AWSFederatedRole.Namespace}
roleNamespacedName := types.NamespacedName{Name: awsFederatedRole.Name, Namespace: awsFederatedRole.Namespace}
return reflect.DeepEqual(referencedRoleNamespacedName, roleNamespacedName)
}