forked from giantswarm/aws-operator
/
delete.go
81 lines (65 loc) · 2.18 KB
/
delete.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package kmskey
import (
"context"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/giantswarm/microerror"
"github.com/giantswarm/operatorkit/framework"
)
func (r *Resource) ApplyDeleteChange(ctx context.Context, obj, deleteChange interface{}) error {
deleteInput, err := toKMSKeyState(deleteChange)
if err != nil {
return microerror.Mask(err)
}
if deleteInput.KeyAlias != "" {
// Get the KMS key ID using the key alias.
key, err := r.awsClients.KMS.DescribeKey(&kms.DescribeKeyInput{
KeyId: aws.String(deleteInput.KeyAlias),
})
if err != nil {
return microerror.Mask(err)
}
// Delete the key alias.
if _, err := r.awsClients.KMS.DeleteAlias(&kms.DeleteAliasInput{
AliasName: aws.String(deleteInput.KeyAlias),
}); err != nil {
return microerror.Mask(err)
}
// AWS API doesn't allow to delete the KMS key immediately, but we can schedule its deletion.
if _, err := r.awsClients.KMS.ScheduleKeyDeletion(&kms.ScheduleKeyDeletionInput{
KeyId: key.KeyMetadata.KeyId,
PendingWindowInDays: aws.Int64(pendingDeletionWindow),
}); err != nil {
return microerror.Mask(err)
}
r.logger.LogCtx(ctx, "debug", "deleting KMS Key: deleted")
} else {
r.logger.LogCtx(ctx, "debug", "deleting KMS Key: already deleted")
}
return nil
}
func (r *Resource) NewDeletePatch(ctx context.Context, obj, currentState, desiredState interface{}) (*framework.Patch, error) {
delete, err := r.newDeleteChange(ctx, obj, currentState, desiredState)
if err != nil {
return nil, microerror.Mask(err)
}
patch := framework.NewPatch()
patch.SetDeleteChange(delete)
return patch, nil
}
func (r *Resource) newDeleteChange(ctx context.Context, obj, currentState, desiredState interface{}) (interface{}, error) {
currentKeyState, err := toKMSKeyState(currentState)
if err != nil {
return nil, microerror.Mask(err)
}
desiredKeyState, err := toKMSKeyState(desiredState)
if err != nil {
return nil, microerror.Mask(err)
}
r.logger.LogCtx(ctx, "debug", "finding out if the KMS key should be deleted")
var kmsKeyToDelete KMSKeyState
if currentKeyState.KeyAlias != "" {
kmsKeyToDelete = desiredKeyState
}
return kmsKeyToDelete, nil
}