From b5b3def5d6a4d95190d54f5639469b627cdf98f1 Mon Sep 17 00:00:00 2001
From: Jonathon Jongsma <jjongsma@redhat.com>
Date: Thu, 3 Oct 2024 15:06:57 -0500
Subject: [PATCH] Use a finalizer to make sure web hooks are removed when
 operator is uninstalled

When uninstalling the forklift operator, not all resources
are removed from the cluster. In particular, there are
at least 3 validatingwebhookconfiguration objects and 3
mutatingwebhookconfiguration objects that are left behind. By using a
finalizer on the operator, we can ensure that these objects are removed
from the cluster.

Fixes: https://issues.redhat.com/browse/MTV-1076

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
---
 .../roles/forkliftcontroller/tasks/main.yml   | 58 ++++++-------------
 .../forkliftcontroller/tasks/webhooks.yml     | 42 ++++++++++++++
 operator/watches.yaml                         |  4 ++
 3 files changed, 64 insertions(+), 40 deletions(-)
 create mode 100644 operator/roles/forkliftcontroller/tasks/webhooks.yml

diff --git a/operator/roles/forkliftcontroller/tasks/main.yml b/operator/roles/forkliftcontroller/tasks/main.yml
index 9eb622cb8..e9d73ed2d 100644
--- a/operator/roles/forkliftcontroller/tasks/main.yml
+++ b/operator/roles/forkliftcontroller/tasks/main.yml
@@ -142,46 +142,10 @@
       state: present
       definition: "{{ lookup('template', 'api/deployment-forklift-api.yml.j2') }}"
 
-  - name: "Delete aggregated validation webhook configurations"
-    k8s:
-      state: absent
-      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-forklift-api.yml.j2') }}"
-
-  - name: "Setup secrets validating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-secrets.yml.j2') }}"
-
-  - name: "Setup plans validating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-plans.yml.j2') }}"
-
-  - name: "Setup providers validating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-providers.yml.j2') }}"
-
-  - name: "Delete aggregated mutating webhook configurations"
-    k8s:
-      state: absent
-      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-forklift-api.yml.j2') }}"
-
-  - name: "Setup secrets mutating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-secrets.yml.j2') }}"
-
-  - name: "Setup plans mutating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-plans.yml.j2') }}"
-
-
-  - name: "Setup providers mutating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-providers.yml.j2') }}"
+  - name: "Setup webhook configuration"
+    include_tasks: webhooks.yml
+    vars:
+      webhook_state: "present"
 
   - name: "Setup default provider"
     k8s:
@@ -276,3 +240,17 @@
       namespace: "{{ app_namespace }}"
       name: forklift-must-gather-api
       state: absent
+  when: finalize is not defined
+
+- block:
+  - name: "Remove webhook configuration"
+    include_tasks: webhooks.yml
+    vars:
+      webhook_state: "absent"
+
+  - name: "Remove console plugin"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'ui-plugin/console-plugin.yml.j2') }}"
+
+  when: finalize is defined
diff --git a/operator/roles/forkliftcontroller/tasks/webhooks.yml b/operator/roles/forkliftcontroller/tasks/webhooks.yml
new file mode 100644
index 000000000..824aee9cb
--- /dev/null
+++ b/operator/roles/forkliftcontroller/tasks/webhooks.yml
@@ -0,0 +1,42 @@
+---
+- block:
+  - name: "Delete aggregated validation webhook configurations"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-forklift-api.yml.j2') }}"
+
+  - name: "Setup secrets validating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-secrets.yml.j2') }}"
+
+  - name: "Setup plans validating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-plans.yml.j2') }}"
+
+  - name: "Setup providers validating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-providers.yml.j2') }}"
+
+  - name: "Delete aggregated mutating webhook configurations"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-forklift-api.yml.j2') }}"
+
+  - name: "Setup secrets mutating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-secrets.yml.j2') }}"
+
+  - name: "Setup plans mutating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-plans.yml.j2') }}"
+
+  - name: "Setup providers mutating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-providers.yml.j2') }}"
+
diff --git a/operator/watches.yaml b/operator/watches.yaml
index 3889481a0..8e7e70670 100644
--- a/operator/watches.yaml
+++ b/operator/watches.yaml
@@ -5,3 +5,7 @@
   kind: ForkliftController
   role: forkliftcontroller
 #+kubebuilder:scaffold:watch
+  finalizer:
+    name: forklift.konveyor.io/finalizer
+    vars:
+      finalize: true