[feat] Support LinodeObjectStorageBucket deletion if forceDeleteBucket is set

api/v1alpha2/linodeobjectstoragebucket_types.go

@@ -29,6 +29,8 @@ const (
 	ACLPublicRead        ObjectStorageACL = "public-read"
 	ACLAuthenticatedRead ObjectStorageACL = "authenticated-read"
 	ACLPublicReadWrite   ObjectStorageACL = "public-read-write"
+
+	BucketFinalizer = "linodeobjectstoragebucket.infrastructure.cluster.x-k8s.io"
 )
 
 // LinodeObjectStorageBucketSpec defines the desired state of LinodeObjectStorageBucket
@@ -55,6 +57,14 @@ type LinodeObjectStorageBucketSpec struct {
 	// If not supplied then the credentials of the controller will be used.
 	// +optional
 	CredentialsRef *corev1.SecretReference `json:"credentialsRef"`
+
+	// AccessKeyRef is a reference to a LinodeObjectStorageBucketKey for the bucket.
+	// +optional
+	AccessKeyRef *corev1.ObjectReference `json:"accessKeyRef"`
+
+	// ForceDeleteBucket enables the object storage bucket used to be deleted even if it contains objects.
+	// +optional
+	ForceDeleteBucket bool `json:"forceDeleteBucket,omitempty"`
 }
 
 // LinodeObjectStorageBucketStatus defines the observed state of LinodeObjectStorageBucket

clients/clients.go

@@ -86,6 +86,7 @@ type LinodeObjectStorageClient interface {
 	GetObjectStorageKey(ctx context.Context, keyID int) (*linodego.ObjectStorageKey, error)
 	CreateObjectStorageKey(ctx context.Context, opts linodego.ObjectStorageKeyCreateOptions) (*linodego.ObjectStorageKey, error)
 	DeleteObjectStorageKey(ctx context.Context, keyID int) error
+	DeleteObjectStorageBucket(ctx context.Context, regionID, label string) error
 }
 
 // LinodeDNSClient defines the methods that interact with Linode's Domains service.
@@ -128,6 +129,10 @@ type S3Client interface {
 	DeleteObject(ctx context.Context, params *s3.DeleteObjectInput, optFns ...func(*s3.Options)) (*s3.DeleteObjectOutput, error)
 	PutObject(ctx context.Context, params *s3.PutObjectInput, optFns ...func(*s3.Options)) (*s3.PutObjectOutput, error)
 	HeadObject(ctx context.Context, params *s3.HeadObjectInput, optFns ...func(*s3.Options)) (*s3.HeadObjectOutput, error)
+	GetBucketVersioning(ctx context.Context, params *s3.GetBucketVersioningInput, optFns ...func(*s3.Options)) (*s3.GetBucketVersioningOutput, error)
+	DeleteObjects(ctx context.Context, params *s3.DeleteObjectsInput, optFns ...func(*s3.Options)) (*s3.DeleteObjectsOutput, error)
+	ListObjectsV2(ctx context.Context, params *s3.ListObjectsV2Input, optFns ...func(*s3.Options)) (*s3.ListObjectsV2Output, error)
+	ListObjectVersions(ctx context.Context, params *s3.ListObjectVersionsInput, f ...func(*s3.Options)) (*s3.ListObjectVersionsOutput, error)
 }
 
 type S3PresignClient interface {

cloud/scope/object_storage_bucket.go

@@ -8,6 +8,8 @@
 
 	"github.com/go-logr/logr"
 	"sigs.k8s.io/cluster-api/util/patch"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	infrav1alpha2 "github.com/linode/cluster-api-provider-linode/api/v1alpha2"
 	"github.com/linode/cluster-api-provider-linode/clients"
@@ -77,6 +79,16 @@
 	}, nil
 }
 
+// AddFinalizer adds a finalizer if not present and immediately patches the
+// object to avoid any race conditions.
+func (s *ObjectStorageBucketScope) AddFinalizer(ctx context.Context) error {
+	if controllerutil.AddFinalizer(s.Bucket, infrav1alpha2.BucketFinalizer) {
+		return s.Close(ctx)
+	}
+
+	return nil
+}
+
 // PatchObject persists the object storage bucket configuration and status.
 func (s *ObjectStorageBucketScope) PatchObject(ctx context.Context) error {
 	return s.PatchHelper.Patch(ctx, s.Bucket)
@@ -86,3 +98,56 @@
 func (s *ObjectStorageBucketScope) Close(ctx context.Context) error {
 	return s.PatchObject(ctx)
 }
+
+// AddAccessKeyRefFinalizer adds a finalizer to the linodeobjectstoragekey referenced in spec.AccessKeyRef.
+func (s *ObjectStorageBucketScope) AddAccessKeyRefFinalizer(ctx context.Context, finalizer string) error {
+	obj, err := s.getAccessKey(ctx)
+	if err != nil {
+		return err
+	}
+
+	controllerutil.AddFinalizer(obj, finalizer)
+	if err := s.Client.Update(ctx, obj); err != nil {
+		return fmt.Errorf("add linodeobjectstoragekey finalizer %s/%s: %w", s.Bucket.Spec.AccessKeyRef.Namespace, s.Bucket.Spec.AccessKeyRef.Name, err)
+	}
+
+	return nil
+}
+
+// RemoveAccessKeyRefFinalizer removes a finalizer from the linodeobjectstoragekey referenced in spec.AccessKeyRef.
+func (s *ObjectStorageBucketScope) RemoveAccessKeyRefFinalizer(ctx context.Context, finalizer string) error {
+	obj, err := s.getAccessKey(ctx)
+	if err != nil {
+		return err
+	}
+
+	controllerutil.RemoveFinalizer(obj, finalizer)
+	if err := s.Client.Update(ctx, obj); err != nil {
+		return fmt.Errorf("remove linodeobjectstoragekey finalizer %s/%s: %w", s.Bucket.Spec.AccessKeyRef.Namespace, s.Bucket.Spec.AccessKeyRef.Name, err)
+	}
+
+	return nil
+}
+
+func (s *ObjectStorageBucketScope) getAccessKey(ctx context.Context) (*infrav1alpha2.LinodeObjectStorageKey, error) {
+	if s.Bucket.Spec.AccessKeyRef == nil {
+		return nil, fmt.Errorf("accessKeyRef is nil for bucket %s", s.Bucket.Name)
+	}
+
+	objKeyNamespace := s.Bucket.Spec.AccessKeyRef.Namespace
+	if s.Bucket.Spec.AccessKeyRef.Namespace == "" {
+		objKeyNamespace = s.Bucket.Namespace
+	}
+
+	objKey := client.ObjectKey{
+		Name:      s.Bucket.Spec.AccessKeyRef.Name,
+		Namespace: objKeyNamespace,
+	}
+
+	objStorageKey := &infrav1alpha2.LinodeObjectStorageKey{}
+	if err := s.Client.Get(ctx, objKey, objStorageKey); err != nil {
+		return nil, fmt.Errorf("get linodeobjectstoragekey %s: %w", s.Bucket.Spec.AccessKeyRef.Name, err)
+	}
+
+	return objStorageKey, nil
+}