Merge pull request #85 from vshn/bugfix-bucket

bypass governance retention when deleting s3 bucket
vshn · Feb 6, 2023 · e814f13 · e814f13
2 parents 7fc3c8e + 379a936
commit e814f13
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -8,6 +8,7 @@
       The PR has a meaningful description that sums up the change. It will be
       linked in the changelog.
 - [ ] PR contains a single logical change (to build a better changelog).
+- [ ] I have run successfully `make test-e2e` locally.
 - [ ] Update the documentation.
 - [ ] Categorize the PR by adding one of the labels:
       `bug`, `enhancement`, `documentation`, `change`, `breaking`, `dependency`

diff --git a/operator/bucketcontroller/delete.go b/operator/bucketcontroller/delete.go
@@ -3,6 +3,7 @@ package bucketcontroller
 import (
 	"context"
 	"fmt"
+
 	pipeline "github.com/ccremer/go-command-pipeline"
 	"github.com/crossplane/crossplane-runtime/pkg/errors"
 	"github.com/crossplane/crossplane-runtime/pkg/event"
@@ -55,12 +56,28 @@ func (p *ProvisioningPipeline) deleteAllObjects(ctx *pipelineContext) error {
 		}
 	}()
 
-	for obj := range p.minioClient.RemoveObjects(ctx, bucketName, objectsCh, minio.RemoveObjectsOptions{GovernanceBypass: true}) {
+	bypassGovernance, err := p.isBucketLockEnabled(ctx, bucketName)
+	if err != nil {
+		log.Error(err, "not able to determine ObjectLock status for bucket", "bucket", bucketName)
+	}
+
+	for obj := range p.minioClient.RemoveObjects(ctx, bucketName, objectsCh, minio.RemoveObjectsOptions{GovernanceBypass: bypassGovernance}) {
 		return fmt.Errorf("object %q cannot be removed: %w", obj.ObjectName, obj.Err)
 	}
 	return nil
 }
 
+func (p *ProvisioningPipeline) isBucketLockEnabled(ctx context.Context, bucketName string) (bool, error) {
+	_, mode, _, _, err := p.minioClient.GetObjectLockConfig(ctx, bucketName)
+	if err != nil && err.Error() == "Object Lock configuration does not exist for this bucket" {
+		return false, nil
+	} else if err != nil {
+		return false, err
+	}
+	// If there's an objectLockConfig it could still be disabled...
+	return mode != nil, nil
+}
+
 // deleteS3Bucket deletes the bucket.
 // NOTE: The removal fails if there are still objects in the bucket.
 // This func does not recursively delete all objects beforehand.

diff --git a/test/local.mk b/test/local.mk
@@ -128,6 +128,11 @@ test-e2e: $(kuttl_bin) $(mc_bin) local-install provider-config ## E2E tests
 	@rm -f kubeconfig
 # kuttl leaves kubeconfig garbage: https://github.com/kudobuilder/kuttl/issues/297
 
+run-single-e2e: export KUBECONFIG = $(KIND_KUBECONFIG)
+run-single-e2e: $(kuttl_bin) $(mc_bin) local-install provider-config ## Run specific e2e test with `run-single-e2e test=$name`
+	GOBIN=$(go_bin) $(kuttl_bin) test ./test/e2e --config ./test/e2e/kuttl-test.yaml --suppress-log=Events --test $(test)
+	@rm -f kubeconfig
+
 .PHONY: .e2e-test-clean
 .e2e-test-clean: export KUBECONFIG = $(KIND_KUBECONFIG)
 .e2e-test-clean: