feat(): allow finalizer cleanup when realm is already deleted

Author: Andrea Serrecchia

cmd/main.go

@@ -323,7 +323,6 @@ func enableOwnerRef() bool {
 	b, err := strconv.ParseBool(val)
 	if err != nil {
 		setupLog.Error(err, "unable to parse ENABLE_OWNER_REF. Using default value false")
-
 		return false
 	}
 

internal/controller/helper/controller_helper.go

@@ -65,6 +65,7 @@ type ControllerHelper interface {
 	SetRealmOwnerRef(ctx context.Context, object ObjectWithRealmRef) error
 	SetFailureCount(fc FailureCountable) time.Duration
 	TryToDelete(ctx context.Context, obj client.Object, terminator Terminator, finalizer string) (isDeleted bool, resultErr error)
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	GetKeycloakRealmFromRef(ctx context.Context, object ObjectWithRealmRef, kcClient keycloak.Client) (*gocloak.RealmRepresentation, error)
 	CreateKeycloakClientFromRealmRef(ctx context.Context, object ObjectWithRealmRef) (keycloak.Client, error)
 	CreateKeycloakClientFromRealm(ctx context.Context, realm *keycloakApi.KeycloakRealm) (keycloak.Client, error)
@@ -248,6 +249,18 @@ func (h *Helper) SetRealmOwnerRef(ctx context.Context, object ObjectWithRealmRef
 	}
 }
 
+func (h *Helper) TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error {
+	if !obj.GetDeletionTimestamp().IsZero() {
+		if controllerutil.RemoveFinalizer(obj, finalizer) {
+			if err := h.client.Update(ctx, obj); err != nil {
+				return errors.Wrap(err, "unable to update instance")
+			}
+		}
+	}
+
+	return nil
+}
+
 func (h *Helper) TryToDelete(ctx context.Context, obj client.Object, terminator Terminator, finalizer string) (isDeleted bool, resultErr error) {
 	logger := ctrl.LoggerFrom(ctx)
 

internal/controller/helper/controller_helper_auth.go

@@ -25,6 +25,7 @@ const (
 )
 
 var ErrKeycloakIsNotAvailable = errors.New("keycloak is not available")
+var ErrKeycloakRealmNotFound = errors.New("keycloak realm is not available")
 
 // KeycloakAuthData contains data for keycloak authentication.
 type KeycloakAuthData struct {
@@ -220,13 +221,21 @@ func (h *Helper) getKeycloakAuthDataFromRealmRef(ctx context.Context, object Obj
 	case keycloakApi.KeycloakRealmKind:
 		realm := &keycloakApi.KeycloakRealm{}
 		if err := h.client.Get(ctx, types.NamespacedName{Name: name, Namespace: object.GetNamespace()}, realm); err != nil {
+			if k8sErrors.IsNotFound(err) && object.GetDeletionTimestamp() != nil {
+				return nil, ErrKeycloakRealmNotFound
+			}
+
 			return nil, fmt.Errorf("unable to get realm: %w", err)
 		}
 
 		return h.getKeycloakAuthDataFromRealm(ctx, realm)
 	case keycloakAlpha.ClusterKeycloakRealmKind:
 		clusterRealm := &keycloakAlpha.ClusterKeycloakRealm{}
 		if err := h.client.Get(ctx, types.NamespacedName{Name: name}, clusterRealm); err != nil {
+			if k8sErrors.IsNotFound(err) && object.GetDeletionTimestamp() != nil {
+				return nil, ErrKeycloakRealmNotFound
+			}
+
 			return nil, fmt.Errorf("unable to get cluster realm: %w", err)
 		}
 

internal/controller/keycloakauthflow/keycloakauthflow_controller.go

@@ -27,6 +27,7 @@ const finalizerName = "keycloak.authflow.operator.finalizer.name"
 
 type Helper interface {
 	SetFailureCount(fc helper.FailureCountable) time.Duration
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	TryToDelete(ctx context.Context, obj client.Object, terminator helper.Terminator, finalizer string) (isDeleted bool, resultErr error)
 	CreateKeycloakClientFromRealmRef(ctx context.Context, object helper.ObjectWithRealmRef) (keycloak.Client, error)
 	SetRealmOwnerRef(ctx context.Context, object helper.ObjectWithRealmRef) error
@@ -126,6 +127,12 @@ func (r *Reconcile) tryReconcile(ctx context.Context, instance *keycloakApi.Keyc
 
 	kClient, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, instance)
 	if err != nil {
+		if errors.Is(err, helper.ErrKeycloakRealmNotFound) {
+			return fmt.Errorf("unable to remove finalizer: %w",
+				r.helper.TryRemoveFinalizer(ctx, instance, finalizerName),
+			)
+		}
+
 		return fmt.Errorf("unable to create keycloak client from realm ref: %w", err)
 	}
 

internal/controller/keycloakclient/keycloakclient_controller.go

@@ -24,6 +24,7 @@ import (
 
 type Helper interface {
 	SetFailureCount(fc helper.FailureCountable) time.Duration
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	TryToDelete(ctx context.Context, obj client.Object, terminator helper.Terminator, finalizer string) (isDeleted bool, resultErr error)
 	SetRealmOwnerRef(ctx context.Context, object helper.ObjectWithRealmRef) error
 	CreateKeycloakClientFromRealmRef(ctx context.Context, object helper.ObjectWithRealmRef) (keycloak.Client, error)
@@ -125,6 +126,12 @@ func (r *ReconcileKeycloakClient) tryReconcile(ctx context.Context, keycloakClie
 
 	kClient, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, keycloakClient)
 	if err != nil {
+		if errors.Is(err, helper.ErrKeycloakRealmNotFound) {
+			return fmt.Errorf("unable to remove finalizer: %w",
+				r.helper.TryRemoveFinalizer(ctx, keycloakClient, keyCloakClientOperatorFinalizerName),
+			)
+		}
+
 		return fmt.Errorf("unable to create keycloak client from realm ref: %w", err)
 	}
 

internal/controller/keycloakclientscope/keycloakclientscope_controller.go

@@ -28,6 +28,7 @@ const finalizerName = "keycloak.clientscope.operator.finalizer.name"
 
 type Helper interface {
 	SetFailureCount(fc helper.FailureCountable) time.Duration
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	TryToDelete(ctx context.Context, obj client.Object, terminator helper.Terminator, finalizer string) (isDeleted bool, resultErr error)
 	SetRealmOwnerRef(ctx context.Context, object helper.ObjectWithRealmRef) error
 	GetKeycloakRealmFromRef(ctx context.Context, object helper.ObjectWithRealmRef, kcClient keycloak.Client) (*gocloak.RealmRepresentation, error)
@@ -131,6 +132,12 @@ func (r *Reconcile) tryReconcile(ctx context.Context, instance *keycloakApi.Keyc
 
 	cl, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, instance)
 	if err != nil {
+		if errors.Is(err, helper.ErrKeycloakRealmNotFound) {
+			return "", fmt.Errorf("unable to remove finalizer: %w",
+				r.helper.TryRemoveFinalizer(ctx, instance, finalizerName),
+			)
+		}
+
 		return "", fmt.Errorf("unable to create keycloak client from realm ref: %w", err)
 	}
 

internal/controller/keycloakrealmgroup/keycloakrealmgroup_controller.go

@@ -24,6 +24,7 @@ const keyCloakRealmGroupOperatorFinalizerName = "keycloak.realmgroup.operator.fi
 
 type Helper interface {
 	SetFailureCount(fc helper.FailureCountable) time.Duration
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	TryToDelete(ctx context.Context, obj client.Object, terminator helper.Terminator, finalizer string) (isDeleted bool, resultErr error)
 	SetRealmOwnerRef(ctx context.Context, object helper.ObjectWithRealmRef) error
 	GetKeycloakRealmFromRef(ctx context.Context, object helper.ObjectWithRealmRef, kcClient keycloak.Client) (*gocloak.RealmRepresentation, error)
@@ -115,6 +116,12 @@ func (r *ReconcileKeycloakRealmGroup) tryReconcile(ctx context.Context, keycloak
 
 	kClient, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, keycloakRealmGroup)
 	if err != nil {
+		if errors.Is(err, helper.ErrKeycloakRealmNotFound) {
+			return fmt.Errorf("unable to remove finalizer: %w",
+				r.helper.TryRemoveFinalizer(ctx, keycloakRealmGroup, keyCloakRealmGroupOperatorFinalizerName),
+			)
+		}
+
 		return fmt.Errorf("unable to create keycloak client from realm ref: %w", err)
 	}
 

internal/controller/keycloakrealmidentityprovider/keycloakrealmidentityprovider_controller.go

@@ -28,6 +28,7 @@ const finalizerName = "keycloak.realmidp.operator.finalizer.name"
 
 type Helper interface {
 	SetFailureCount(fc helper.FailureCountable) time.Duration
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	TryToDelete(ctx context.Context, obj client.Object, terminator helper.Terminator, finalizer string) (isDeleted bool, resultErr error)
 	SetRealmOwnerRef(ctx context.Context, object helper.ObjectWithRealmRef) error
 	GetKeycloakRealmFromRef(ctx context.Context, object helper.ObjectWithRealmRef, kcClient keycloak.Client) (*gocloak.RealmRepresentation, error)
@@ -139,6 +140,10 @@ func (r *Reconcile) tryReconcile(ctx context.Context, keycloakRealmIDP *keycloak
 
 	kClient, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, keycloakRealmIDP)
 	if err != nil {
+		if errors.Is(err, helper.ErrKeycloakRealmNotFound) {
+			return fmt.Errorf("unable to remove finalizer: %w", r.helper.TryRemoveFinalizer(ctx, keycloakRealmIDP, finalizerName))
+		}
+
 		return fmt.Errorf("unable to create keycloak client from realm ref: %w", err)
 	}
 

internal/controller/keycloakrealmrole/keycloakrealmrole_controller.go

@@ -27,6 +27,7 @@ const keyCloakRealmRoleOperatorFinalizerName = "keycloak.realmrole.operator.fina
 
 type Helper interface {
 	SetFailureCount(fc helper.FailureCountable) time.Duration
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	TryToDelete(ctx context.Context, obj client.Object, terminator helper.Terminator, finalizer string) (isDeleted bool, resultErr error)
 	SetRealmOwnerRef(ctx context.Context, object helper.ObjectWithRealmRef) error
 	GetKeycloakRealmFromRef(ctx context.Context, object helper.ObjectWithRealmRef, kcClient keycloak.Client) (*gocloak.RealmRepresentation, error)
@@ -138,6 +139,12 @@ func (r *ReconcileKeycloakRealmRole) tryReconcile(ctx context.Context, keycloakR
 
 	kClient, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, keycloakRealmRole)
 	if err != nil {
+		if errors.Is(err, helper.ErrKeycloakRealmNotFound) {
+			return "", fmt.Errorf("unable to remove finalizer: %w",
+				r.helper.TryRemoveFinalizer(ctx, keycloakRealmRole, keyCloakRealmRoleOperatorFinalizerName),
+			)
+		}
+
 		return "", fmt.Errorf("unable to create keycloak client from realm ref: %w", err)
 	}
 

internal/controller/keycloakrealmuser/keycloakrealmuser_controller.go

@@ -24,10 +24,11 @@ import (
 	"github.com/epam/edp-keycloak-operator/pkg/objectmeta"
 )
 
-const finalizer = "keycloak.realmuser.operator.finalizer.name"
+const finalizerName = "keycloak.realmuser.operator.finalizer.name"
 
 type Helper interface {
 	SetFailureCount(fc helper.FailureCountable) time.Duration
+	TryRemoveFinalizer(ctx context.Context, obj client.Object, finalizer string) error
 	TryToDelete(ctx context.Context, obj client.Object, terminator helper.Terminator, finalizer string) (isDeleted bool, resultErr error)
 	SetRealmOwnerRef(ctx context.Context, object helper.ObjectWithRealmRef) error
 	GetKeycloakRealmFromRef(ctx context.Context, object helper.ObjectWithRealmRef, kcClient keycloak.Client) (*gocloak.RealmRepresentation, error)
@@ -117,6 +118,12 @@ func (r *Reconcile) tryReconcile(ctx context.Context, instance *keycloakApi.Keyc
 
 	kClient, err := r.helper.CreateKeycloakClientFromRealmRef(ctx, instance)
 	if err != nil {
+		if errors.Is(err, helper.ErrKeycloakRealmNotFound) {
+			return fmt.Errorf("unable to remove finalizer: %w",
+				r.helper.TryRemoveFinalizer(ctx, instance, finalizerName),
+			)
+		}
+
 		return fmt.Errorf("unable to create keycloak client from ref: %w", err)
 	}
 
@@ -133,7 +140,7 @@ func (r *Reconcile) tryReconcile(ctx context.Context, instance *keycloakApi.Keyc
 				kClient,
 				objectmeta.PreserveResourcesOnDeletion(instance),
 			),
-			finalizer,
+			finalizerName,
 		)
 		if err != nil {
 			return fmt.Errorf("failed to delete keycloak realm user: %w", err)