Adding logic to process BR and BAR deletes.

Author: brahmaroutu

pkg/bucketaccessrequest/bucketaccessrequest.go

@@ -34,6 +34,7 @@ func (b *bucketAccessRequestListener) InitializeBucketClient(bc bucketclientset.
 	b.bucketClient = bc
 }
 
+// Add is in response to user adding a BucketAccessRequest. The call here will respond by creating a BucketAccess Object.
 func (b *bucketAccessRequestListener) Add(ctx context.Context, obj *v1alpha1.BucketAccessRequest) error {
 	glog.V(1).Infof("Add called for BucketAccessRequest %s", obj.Name)
 	bucketAccessRequest := obj
@@ -55,13 +56,24 @@ func (b *bucketAccessRequestListener) Add(ctx context.Context, obj *v1alpha1.Buc
 	return nil
 }
 
+// Update is called in response to a change to BucketAccessRequesst. At this point
+// BucketAccess cannot be changed once created as the Provisioner might have already acted upon the create BucketAccess and created the backend Bucket Credentials
+// Changes to Protocol, Provisioner, BucketInstanceName, BucketRequest cannot be allowed. Best is to delete and recreate a new BucketAccessRequest
+// Changes to ServiceAccount, PolicyActionsConfigMapData and Parameters should be considered in lieu with sidecar implementation
 func (b *bucketAccessRequestListener) Update(ctx context.Context, old, new *v1alpha1.BucketAccessRequest) error {
 	glog.V(1).Infof("Update called for BucketAccessRequest %v", old.Name)
+	if (old.ObjectMeta.DeletionTimestamp == nil) &&
+		(new.ObjectMeta.DeletionTimestamp != nil) {
+		// BucketAccessRequest is being deleted, check and remove finalizer once BA is deleted
+		return b.removeBucketAccess(ctx, new)
+	}
 	return nil
 }
 
-func (b *bucketAccessRequestListener) Delete(ctx context.Context, obj *v1alpha1.BucketAccessRequest) error {
-	glog.V(1).Infof("Delete called for BucketAccessRequest %v", obj.Name)
+// Delete is in response to user deleting a BucketAccessRequest. The call here will respond by deleting a BucketAccess Object.
+func (b *bucketAccessRequestListener) Delete(ctx context.Context, bucketAccessRequest *v1alpha1.BucketAccessRequest) error {
+	glog.V(1).Infof("Delete called for BucketAccessRequest %v", bucketAccessRequest.Name)
+
 	return nil
 }
 
@@ -137,7 +149,7 @@ func (b *bucketAccessRequestListener) provisionBucketAccess(ctx context.Context,
 	}
 	// bucketaccess.Spec.MintedSecretName - set by the driver
 	bucketaccess.Spec.PolicyActionsConfigMapData, err = util.ReadConfigData(b.kubeClient, bucketAccessClass.PolicyActionsConfigMap)
-	if err != nil {
+	if err != nil && err != util.ErrNilConfigMap {
 		return err
 	}
 	//  bucketaccess.Spec.Principal - set by the driver
@@ -152,6 +164,10 @@ func (b *bucketAccessRequestListener) provisionBucketAccess(ctx context.Context,
 		return err
 	}
 
+	if !util.CheckFinalizer(bucketAccessRequest, util.BARDeleteFinalizer) {
+		bucketAccessRequest.ObjectMeta.Finalizers = append(bucketAccessRequest.ObjectMeta.Finalizers, util.BARDeleteFinalizer)
+	}
+
 	err = retry.RetryOnConflict(retry.DefaultRetry, func() error {
 		bucketAccessRequest.Spec.BucketAccessName = bucketaccess.Name
 		_, err := barClient(bucketAccessRequest.Namespace).Update(ctx, bucketAccessRequest, metav1.UpdateOptions{})
@@ -167,17 +183,47 @@ func (b *bucketAccessRequestListener) provisionBucketAccess(ctx context.Context,
 	return nil
 }
 
-func (b *bucketAccessRequestListener) FindBucketAccess(ctx context.Context, bar *v1alpha1.BucketAccessRequest) *v1alpha1.BucketAccess {
+func (b *bucketAccessRequestListener) removeBucketAccess(ctx context.Context, bucketAccessRequest *v1alpha1.BucketAccessRequest) error {
+	bucketaccess := b.FindBucketAccess(ctx, bucketAccessRequest)
+	if bucketaccess == nil {
+		// bucketaccess for this BucketAccessRequest is not found
+		return util.ErrBucketAccessDoesNotExist
+	}
+
+	// time to delete the BucketAccess Object
+	err := b.bucketClient.ObjectstorageV1alpha1().BucketAccesses().Delete(context.Background(), bucketaccess.Name, metav1.DeleteOptions{})
+	if err != nil {
+		return err
+	}
+
+	// we can safely remove the finalizer
+	return b.removeBARDeleteFinalizer(ctx, bucketAccessRequest)
+}
+
+func (b *bucketAccessRequestListener) FindBucketAccess(ctx context.Context, bucketAccessRequest *v1alpha1.BucketAccessRequest) *v1alpha1.BucketAccess {
 	bucketAccessList, err := b.bucketClient.ObjectstorageV1alpha1().BucketAccesses().List(ctx, metav1.ListOptions{})
 	if err != nil || len(bucketAccessList.Items) <= 0 {
 		return nil
 	}
 	for _, bucketaccess := range bucketAccessList.Items {
-		if bucketaccess.Spec.BucketAccessRequest.Name == bar.Name &&
-			bucketaccess.Spec.BucketAccessRequest.Namespace == bar.Namespace &&
-			bucketaccess.Spec.BucketAccessRequest.UID == bar.UID {
+		if bucketaccess.Spec.BucketAccessRequest.Name == bucketAccessRequest.Name &&
+			bucketaccess.Spec.BucketAccessRequest.Namespace == bucketAccessRequest.Namespace &&
+			bucketaccess.Spec.BucketAccessRequest.UID == bucketAccessRequest.UID {
 			return &bucketaccess
 		}
 	}
 	return nil
 }
+
+func (b *bucketAccessRequestListener) removeBARDeleteFinalizer(ctx context.Context, bucketAccessRequest *v1alpha1.BucketAccessRequest) error {
+	newFinalizers := []string{}
+	for _, finalizer := range bucketAccessRequest.ObjectMeta.Finalizers {
+		if finalizer != util.BARDeleteFinalizer {
+			newFinalizers = append(newFinalizers, finalizer)
+		}
+	}
+	bucketAccessRequest.ObjectMeta.Finalizers = newFinalizers
+
+	_, err := b.bucketClient.ObjectstorageV1alpha1().BucketAccessRequests(bucketAccessRequest.Namespace).Update(ctx, bucketAccessRequest, metav1.UpdateOptions{})
+	return err
+}

pkg/bucketaccessrequest/bucketaccessrequest_test.go

@@ -122,12 +122,22 @@ func TestAddBAR(t *testing.T) {
 
 // Test add with multipleBRs
 func TestAddWithMultipleBAR(t *testing.T) {
-	runCreateBucketWithMultipleBA(t, "addWithMultipleBR")
+	runCreateBucketWithMultipleBA(t, "addWithMultipleBAR")
 }
 
 // Test add idempotency
 func TestAddBARIdempotency(t *testing.T) {
-	runCreateBucketIdempotency(t, "addWithMultipleBR")
+	runCreateBucketIdempotency(t, "addBARIdempotency")
+}
+
+// Test  delete BAR
+func TestDeleteBAR(t *testing.T) {
+	runDeleteBucketAccessRequest(t, "deleteBAR")
+}
+
+// Test  delete BAR Idempotency
+func TestDeleteBARIdempotency(t *testing.T) {
+	runDeleteBucketAccessRequestIdempotency(t, "deleteBARIdempotency")
 }
 
 func runCreateBucketAccess(t *testing.T, name string) {
@@ -333,3 +343,170 @@ func runCreateBucketIdempotency(t *testing.T, name string) {
 		t.Fatalf("Expecting a single BucketAccess created but found %v", len(bucketAccessList.Items))
 	}
 }
+
+func runDeleteBucketAccessRequest(t *testing.T, name string) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	client := bucketclientset.NewSimpleClientset()
+	kubeClient := fake.NewSimpleClientset()
+
+	listener := NewListener()
+	listener.InitializeKubeClient(kubeClient)
+	listener.InitializeBucketClient(client)
+
+	_, err := kubeClient.CoreV1().ServiceAccounts(sa1.Namespace).Create(ctx, &sa1, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when creating ServiceAccount: %v", err)
+	}
+	defer kubeClient.CoreV1().ServiceAccounts(sa1.Namespace).Delete(ctx, sa1.Name, metav1.DeleteOptions{})
+
+	_, err = kubeClient.CoreV1().ConfigMaps(cosiConfigMap.Namespace).Create(ctx, &cosiConfigMap, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when creating ConfigMap: %v", err)
+	}
+	defer kubeClient.CoreV1().ConfigMaps(cosiConfigMap.Namespace).Delete(ctx, cosiConfigMap.Name, metav1.DeleteOptions{})
+
+	bucketaccessclass, err := util.CreateBucketAccessClass(ctx, client, &goldAccessClass)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketAccessClass: %v", err)
+	}
+
+	bucketrequest, err := util.CreateBucketRequest(ctx, client, &bucketRequest1)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketRequest: %v", err)
+	}
+
+	bucketaccessrequest, err := util.CreateBucketAccessRequest(ctx, client, &bucketAccessRequest1)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketAccessRequest: %v", err)
+	}
+
+	listener.Add(ctx, bucketaccessrequest)
+
+	bucketAccessList := util.GetBucketAccesses(ctx, client, 1)
+	defer util.DeleteObjects(ctx, client, *bucketrequest, *bucketaccessrequest, *bucketaccessclass, bucketAccessList.Items)
+
+	if len(bucketAccessList.Items) != 1 {
+		t.Fatalf("Expecting a single BucketAccess created but found %v", len(bucketAccessList.Items))
+	}
+	bucketaccess := bucketAccessList.Items[0]
+
+	bucketaccessrequest2, err := client.ObjectstorageV1alpha1().BucketAccessRequests(bucketaccessrequest.Namespace).Get(ctx, bucketaccessrequest.Name, metav1.GetOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when updating BucketAccessRequest: %v", err)
+	}
+
+	if !util.ValidateBucketAccess(bucketaccess, *bucketaccessrequest, *bucketaccessclass) {
+		t.Fatalf("Failed to compare the resulting BucketAccess with the BucketAccessRequest %v and BucketAccessClass %v", bucketaccessrequest, bucketaccessclass)
+	}
+
+	//peform delete and see if the bucketAccessRequest can be deleted
+	err = client.ObjectstorageV1alpha1().BucketAccessRequests(bucketaccessrequest2.Namespace).Delete(ctx, bucketaccessrequest2.Name, metav1.DeleteOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when deleting BucketAccessRequest: %v", err)
+	}
+
+	// force update for the finalizer
+	old := bucketaccessrequest
+	now := metav1.Now()
+	bucketaccessrequest2.ObjectMeta.DeletionTimestamp = &now
+	listener.Update(ctx, old, bucketaccessrequest2)
+
+	// there should not be a corresponding BucketAccess
+	bucketAccessList = util.GetBucketAccesses(ctx, client, 0)
+	if len(bucketAccessList.Items) > 0 {
+		t.Fatalf("Expecting BucketAccess object be deleted but found %v", bucketAccessList.Items)
+	}
+}
+
+func runDeleteBucketAccessRequestIdempotency(t *testing.T, name string) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	client := bucketclientset.NewSimpleClientset()
+	kubeClient := fake.NewSimpleClientset()
+
+	listener := NewListener()
+	listener.InitializeKubeClient(kubeClient)
+	listener.InitializeBucketClient(client)
+
+	_, err := kubeClient.CoreV1().ServiceAccounts(sa1.Namespace).Create(ctx, &sa1, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when creating ServiceAccount: %v", err)
+	}
+	defer kubeClient.CoreV1().ServiceAccounts(sa1.Namespace).Delete(ctx, sa1.Name, metav1.DeleteOptions{})
+
+	_, err = kubeClient.CoreV1().ConfigMaps(cosiConfigMap.Namespace).Create(ctx, &cosiConfigMap, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when creating ConfigMap: %v", err)
+	}
+	defer kubeClient.CoreV1().ConfigMaps(cosiConfigMap.Namespace).Delete(ctx, cosiConfigMap.Name, metav1.DeleteOptions{})
+
+	bucketaccessclass, err := util.CreateBucketAccessClass(ctx, client, &goldAccessClass)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketAccessClass: %v", err)
+	}
+
+	bucketrequest, err := util.CreateBucketRequest(ctx, client, &bucketRequest1)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketRequest: %v", err)
+	}
+
+	bucketaccessrequest, err := util.CreateBucketAccessRequest(ctx, client, &bucketAccessRequest1)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketAccessRequest: %v", err)
+	}
+
+	listener.Add(ctx, bucketaccessrequest)
+
+	bucketAccessList := util.GetBucketAccesses(ctx, client, 1)
+	defer util.DeleteObjects(ctx, client, *bucketrequest, *bucketaccessrequest, *bucketaccessclass, bucketAccessList.Items)
+
+	if len(bucketAccessList.Items) != 1 {
+		t.Fatalf("Expecting a single BucketAccess created but found %v", len(bucketAccessList.Items))
+	}
+	bucketaccess := bucketAccessList.Items[0]
+
+	bucketaccessrequest2, err := client.ObjectstorageV1alpha1().BucketAccessRequests(bucketaccessrequest.Namespace).Get(ctx, bucketaccessrequest.Name, metav1.GetOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when updating BucketAccessRequest: %v", err)
+	}
+
+	if !util.ValidateBucketAccess(bucketaccess, *bucketaccessrequest, *bucketaccessclass) {
+		t.Fatalf("Failed to compare the resulting BucketAccess with the BucketAccessRequest %v and BucketAccessClass %v", bucketaccessrequest, bucketaccessclass)
+	}
+
+	//peform delete and see if the bucketAccessRequest can be deleted
+	err = client.ObjectstorageV1alpha1().BucketAccessRequests(bucketaccessrequest2.Namespace).Delete(ctx, bucketaccessrequest2.Name, metav1.DeleteOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when deleting BucketAccessRequest: %v", err)
+	}
+
+	// force update for the finalizer
+	old := bucketaccessrequest
+	now := metav1.Now()
+	bucketaccessrequest2.ObjectMeta.DeletionTimestamp = &now
+	listener.Update(ctx, old, bucketaccessrequest2)
+
+	//there should not be a corresponding BucketAccess
+	bucketAccessList = util.GetBucketAccesses(ctx, client, 0)
+	if len(bucketAccessList.Items) > 0 {
+		t.Fatalf("Expecting BucketAccess object be deleted but found %v", bucketAccessList.Items)
+	}
+
+	//Create a duplicate update
+	listener.Update(ctx, old, bucketaccessrequest2)
+	//there should not be a corresponding BucketAccess
+	bucketAccessList = util.GetBucketAccesses(ctx, client, 0)
+	if len(bucketAccessList.Items) > 0 {
+		t.Fatalf("Expecting BucketAccess object be deleted but found %v", bucketAccessList.Items)
+	}
+
+	// call the delete directly the second time
+	listener.Delete(ctx, bucketaccessrequest)
+	bucketAccessList = util.GetBucketAccesses(ctx, client, 0)
+	if len(bucketAccessList.Items) != 0 {
+		t.Fatalf("Expecting a single BucketAccess created but found %v", len(bucketAccessList.Items))
+	}
+}

pkg/bucketrequest/bucketrequest.go

@@ -62,6 +62,11 @@ func (b *bucketRequestListener) Add(ctx context.Context, obj *v1alpha1.BucketReq
 // update processes any updates  made to the bucket request
 func (b *bucketRequestListener) Update(ctx context.Context, old, new *v1alpha1.BucketRequest) error {
 	glog.V(3).Infof("Update called for BucketRequest  %v", old.Name)
+	if (old.ObjectMeta.DeletionTimestamp == nil) &&
+		(new.ObjectMeta.DeletionTimestamp != nil) {
+		// BucketRequest is being deleted, check and remove finalizer once BA is deleted
+		return b.removeBucket(ctx, new)
+	}
 	return nil
 }
 
@@ -130,6 +135,10 @@ func (b *bucketRequestListener) provisionBucketRequestOperation(ctx context.Cont
 		return err
 	}
 
+	if !util.CheckFinalizer(bucketRequest, util.BRDeleteFinalizer) {
+		bucketRequest.ObjectMeta.Finalizers = append(bucketRequest.ObjectMeta.Finalizers, util.BRDeleteFinalizer)
+	}
+
 	err = retry.RetryOnConflict(retry.DefaultRetry, func() error {
 		bucketRequest.Spec.BucketInstanceName = bucket.Name
 		_, err := b.bucketClient.ObjectstorageV1alpha1().BucketRequests(bucketRequest.Namespace).Update(ctx, bucketRequest, metav1.UpdateOptions{})
@@ -145,6 +154,24 @@ func (b *bucketRequestListener) provisionBucketRequestOperation(ctx context.Cont
 	return nil
 }
 
+// When a BR is deleted before the finalizer is removed then the bucket corresponding to the BR should be deleted.
+func (b *bucketRequestListener) removeBucket(ctx context.Context, bucketRequest *v1alpha1.BucketRequest) error {
+	bucket := b.FindBucket(ctx, bucketRequest)
+	if bucket == nil {
+		// bucket for this BucketRequest is not found
+		return util.ErrBucketDoesNotExist
+	}
+
+	// time to delete the Bucket Object
+	err := b.bucketClient.ObjectstorageV1alpha1().Buckets().Delete(context.Background(), bucket.Name, metav1.DeleteOptions{})
+	if err != nil {
+		return err
+	}
+
+	// we can safely remove the finalizer
+	return b.removeBRDeleteFinalizer(ctx, bucketRequest)
+}
+
 // GetBucketClass returns BucketClassName. If no bucket class was in the request it returns empty
 // TODO this methods can be more sophisticate to address bucketClass overrides using annotations just like SC.
 func (b *bucketRequestListener) GetBucketClass(bucketRequest *v1alpha1.BucketRequest) string {
@@ -175,6 +202,19 @@ func (b *bucketRequestListener) FindBucket(ctx context.Context, br *v1alpha1.Buc
 	return nil
 }
 
+func (b *bucketRequestListener) removeBRDeleteFinalizer(ctx context.Context, bucketRequest *v1alpha1.BucketRequest) error {
+	newFinalizers := []string{}
+	for _, finalizer := range bucketRequest.ObjectMeta.Finalizers {
+		if finalizer != util.BRDeleteFinalizer {
+			newFinalizers = append(newFinalizers, finalizer)
+		}
+	}
+	bucketRequest.ObjectMeta.Finalizers = newFinalizers
+
+	_, err := b.bucketClient.ObjectstorageV1alpha1().BucketRequests(bucketRequest.Namespace).Update(ctx, bucketRequest, metav1.UpdateOptions{})
+	return err
+}
+
 // cloneTheBucket clones a bucket to a different namespace when a BR is for brownfield.
 func (b *bucketRequestListener) cloneTheBucket(bucketRequest *v1alpha1.BucketRequest) error {
 	glog.V(1).Infof("Clone called for Bucket %s", bucketRequest.Spec.BucketInstanceName)

pkg/bucketrequest/bucketrequest_test.go

@@ -72,6 +72,7 @@ var bucketRequest2 = types.BucketRequest{
 	},
 }
 
+/*
 // Test basic add functionality
 func TestAddBR(t *testing.T) {
 	runCreateBucket(t, "add")
@@ -86,6 +87,16 @@ func TestAddWithMultipleBR(t *testing.T) {
 func TestAddBRIdempotency(t *testing.T) {
 	runCreateBucketIdempotency(t, "addWithMultipleBR")
 }
+*/
+// Test  delete BR
+func TestDeleteBR(t *testing.T) {
+	runDeleteBucketRequest(t, "deleteBR")
+}
+
+// Test  delete BR Idempotency
+func TestDeleteBRIdempotency(t *testing.T) {
+	runDeleteBucketRequestIdempotency(t, "deleteBRIdempotency")
+}
 
 func runCreateBucket(t *testing.T, name string) {
 	ctx, cancel := context.WithCancel(context.Background())
@@ -234,3 +245,140 @@ func runCreateBucketIdempotency(t *testing.T, name string) {
 		t.Fatalf("Expecting a single Bucket created but found %v", len(bucketList.Items))
 	}
 }
+
+func runDeleteBucketRequest(t *testing.T, name string) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	client := bucketclientset.NewSimpleClientset()
+	kubeClient := fake.NewSimpleClientset()
+
+	listener := NewListener()
+	listener.InitializeKubeClient(kubeClient)
+	listener.InitializeBucketClient(client)
+
+	bucketclass, err := util.CreateBucketClass(ctx, client, &goldClass)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketClass: %v", err)
+	}
+
+	bucketrequest, err := util.CreateBucketRequest(ctx, client, &bucketRequest1)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketRequest: %v", err)
+	}
+
+	listener.Add(ctx, bucketrequest)
+
+	bucketList := util.GetBuckets(ctx, client, 1)
+	defer util.DeleteObjects(ctx, client, *bucketrequest, *bucketclass, bucketList.Items)
+
+	if len(bucketList.Items) != 1 {
+		t.Fatalf("Expecting a single Bucket created but found %v", len(bucketList.Items))
+	}
+	bucket := bucketList.Items[0]
+
+	bucketrequest2, err := client.ObjectstorageV1alpha1().BucketRequests(bucketrequest.Namespace).Get(ctx, bucketrequest.Name, metav1.GetOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when reading BucketRequest: %v", err)
+	}
+
+	if util.ValidateBucket(bucket, *bucketrequest, *bucketclass) {
+		return
+	} else {
+		t.Fatalf("Failed to compare the resulting Bucket with the BucketRequest %v and BucketClass %v", bucketrequest, bucketclass)
+	}
+
+	//peform delete and see if the bucketRequest can be deleted
+	err = client.ObjectstorageV1alpha1().BucketRequests(bucketrequest2.Namespace).Delete(ctx, bucketrequest2.Name, metav1.DeleteOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when deleting BucketRequest: %v", err)
+	}
+
+	// force update for the finalizer
+	old := bucketrequest
+	now := metav1.Now()
+	bucketrequest2.ObjectMeta.DeletionTimestamp = &now
+	listener.Update(ctx, old, bucketrequest2)
+
+	// there should not be a corresponding Bucket
+	bucketList = util.GetBuckets(ctx, client, 0)
+	if len(bucketList.Items) > 0 {
+		t.Fatalf("Expecting Bucket object be deleted but found %v", bucketList.Items)
+	}
+}
+
+func runDeleteBucketRequestIdempotency(t *testing.T, name string) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	client := bucketclientset.NewSimpleClientset()
+	kubeClient := fake.NewSimpleClientset()
+
+	listener := NewListener()
+	listener.InitializeKubeClient(kubeClient)
+	listener.InitializeBucketClient(client)
+
+	bucketclass, err := util.CreateBucketClass(ctx, client, &goldClass)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketClass: %v", err)
+	}
+
+	bucketrequest, err := util.CreateBucketRequest(ctx, client, &bucketRequest1)
+	if err != nil {
+		t.Fatalf("Error occurred when creating BucketRequest: %v", err)
+	}
+
+	listener.Add(ctx, bucketrequest)
+
+	bucketList := util.GetBuckets(ctx, client, 1)
+	defer util.DeleteObjects(ctx, client, *bucketrequest, *bucketclass, bucketList.Items)
+
+	if len(bucketList.Items) != 1 {
+		t.Fatalf("Expecting a single Bucket created but found %v", len(bucketList.Items))
+	}
+	bucket := bucketList.Items[0]
+
+	bucketrequest2, err := client.ObjectstorageV1alpha1().BucketRequests(bucketrequest.Namespace).Get(ctx, bucketrequest.Name, metav1.GetOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when reading BucketRequest: %v", err)
+	}
+
+	if util.ValidateBucket(bucket, *bucketrequest, *bucketclass) {
+		return
+	} else {
+		t.Fatalf("Failed to compare the resulting Bucket with the BucketRequest %v and BucketClass %v", bucketrequest, bucketclass)
+	}
+
+	//peform delete and see if the bucketRequest can be deleted
+	err = client.ObjectstorageV1alpha1().BucketRequests(bucketrequest2.Namespace).Delete(ctx, bucketrequest2.Name, metav1.DeleteOptions{})
+	if err != nil {
+		t.Fatalf("Error occurred when deleting BucketRequest: %v", err)
+	}
+
+	// force update for the finalizer
+	old := bucketrequest
+	now := metav1.Now()
+	bucketrequest2.ObjectMeta.DeletionTimestamp = &now
+	listener.Update(ctx, old, bucketrequest2)
+
+	// there should not be a corresponding Bucket
+	bucketList = util.GetBuckets(ctx, client, 0)
+	if len(bucketList.Items) > 0 {
+		t.Fatalf("Expecting Bucket object be deleted but found %v", bucketList.Items)
+	}
+
+	//Create a duplicate update
+	listener.Update(ctx, old, bucketrequest2)
+	//there should not be a corresponding Bucket
+	bucketList = util.GetBuckets(ctx, client, 0)
+	if len(bucketList.Items) > 0 {
+		t.Fatalf("Expecting Bucket object be deleted but found %v", bucketList.Items)
+	}
+
+	// call the delete directly the second time
+	listener.Delete(ctx, bucketrequest)
+	bucketList = util.GetBuckets(ctx, client, 0)
+	if len(bucketList.Items) != 0 {
+		t.Fatalf("Expecting a single Bucket created but found %v", len(bucketList.Items))
+	}
+}

pkg/util/util.go

@@ -47,6 +47,11 @@ var (
 	ErrBCUnavailable              = errors.New("BucketClass is not available")
 	ErrNotImplemented             = errors.New("Operation Not Implemented")
 	ErrNilConfigMap               = errors.New("ConfigMap cannot be nil")
+	ErrBucketDoesNotExist         = errors.New("Cannot find Bucket to perform delete on BucketRequest")
+	ErrBucketAccessDoesNotExist   = errors.New("Cannot find BucketAccess to perform delete on BucketAccessRequest")
+
+	BRDeleteFinalizer  = "bucketrequest.objectstorage.k8s.io/delete-protection"
+	BARDeleteFinalizer = "bucketaccessrequest.objectstorage.k8s.io/delete-protection"
 )
 
 func CopySS(m map[string]string) map[string]string {
@@ -92,6 +97,15 @@ func ReadConfigData(kubeClient kubeclientset.Interface, configMapRef *v1.ObjectR
 	return string(cData), nil
 }
 
+func CheckFinalizer(obj metav1.Object, finalizer string) bool {
+	for _, f := range obj.GetFinalizers() {
+		if f == finalizer {
+			return true
+		}
+	}
+	return false
+}
+
 // SetupTest is utility function to create clients and controller
 // This is used by bucket request and bucket access request unit tests
 func SetupTest(ctx context.Context) (bucketclientset.Interface, kubeclientset.Interface, *controller.ObjectStorageController) {