codeready-toolchain · sbryzak · May 15, 2024 · Mar 11, 2024 · Mar 12, 2024 · Mar 15, 2024
@@ -3,6 +3,8 @@ package deactivation
 import (
 	"context"
 	"fmt"
+	"github.com/go-logr/logr"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"strings"
 	"time"
 
@@ -34,7 +36,8 @@ func (r *Reconciler) SetupWithManager(mgr manager.Manager) error {
 		Named("deactivation").
 		For(&toolchainv1alpha1.MasterUserRecord{}, builder.WithPredicates(CreateAndUpdateOnlyPredicate{})).
 		Watches(&source.Kind{Type: &toolchainv1alpha1.UserSignup{}},
-			handler.EnqueueRequestsFromMapFunc(MapUserSignupToMasterUserRecord())).
+			handler.EnqueueRequestsFromMapFunc(MapUserSignupToMasterUserRecord()),
+			builder.WithPredicates(GenerationOrConditionsChangedPredicate{})).
 		Complete(r)
 }
 
@@ -48,6 +51,7 @@ type Reconciler struct {
 // Note:
 // The Controller will requeue the Request to be processed again if the returned error is non-nil or
 // Result.Requeue is true, otherwise upon completion it will remove the work from the queue.
+// nolint: gocyclo
 func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
 	logger := log.FromContext(ctx)
 	logger.Info("Reconciling Deactivation")
@@ -103,6 +107,16 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 		for _, domain := range config.Deactivation().DeactivationDomainsExcluded() {
 			if strings.HasSuffix(usersignup.Spec.IdentityClaims.Email, domain) {
 				logger.Info("user cannot be automatically deactivated because they belong to the exclusion list", "domain", domain)
+
+				// Also set the Scheduled deactivation time to nil if it's not already
+				if usersignup.Status.ScheduledDeactivationTimestamp != nil {
+					usersignup.Status.ScheduledDeactivationTimestamp = nil
+					if err := r.Client.Status().Update(ctx, usersignup); err != nil {
+						logger.Error(err, "failed to update usersignup status")
+						return reconcile.Result{}, err
+					}
+				}
+
 				return reconcile.Result{}, nil
 			}
 		}
@@ -128,6 +142,15 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 		if err := r.resetDeactivatingState(ctx, usersignup); err != nil {
 			return reconcile.Result{}, err
 		}
+		// Set the scheduled deactivation time to nil
+		if usersignup.Status.ScheduledDeactivationTimestamp != nil {
+			usersignup.Status.ScheduledDeactivationTimestamp = nil
+			if err := r.Client.Status().Update(ctx, usersignup); err != nil {
+				logger.Error(err, "failed to update usersignup status")
+				return reconcile.Result{}, err
+			}
+		}
+
 		logger.Info("User belongs to a tier that does not have a deactivation timeout. The user will not be automatically deactivated")
 		// Users belonging to this tier will not be auto deactivated, no need to requeue.
 		return reconcile.Result{}, nil
@@ -153,6 +176,12 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 			return reconcile.Result{}, err
 		}
 
+		// Reset the scheduled deactivation time if required
+		err = setDeactivationTimestamp(ctx, r, mur, usersignup, deactivationTimeout, logger)
+		if err != nil {
+			return reconcile.Result{}, err
+		}
+
 		// requeue until it will be time to send it
 		requeueAfterTimeToNotify := deactivatingNotificationTimeout - timeSinceProvisioned
 		logger.Info("requeueing request", "RequeueAfter", requeueAfterTimeToNotify,
@@ -164,6 +193,16 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 	if !states.Deactivating(usersignup) {
 		states.SetDeactivating(usersignup, true)
 
+		// Before we update the UserSignup in order to set the deactivating state, we should reset the scheduled
+		// deactivation time if required just in case the current value is nil or has somehow changed.  Since the UserSignup
+		// controller is going to be reconciling immediately after setting the deactivating state then it will be
+		// creating a deactivating notification, meaning that the scheduled deactivation time that we set here is going
+		// to be extremely temporary (as it will be recalculated after the next reconcile), however it is done for correctness
+		err = setDeactivationTimestamp(ctx, r, mur, usersignup, deactivationTimeout, logger)
+		if err != nil {
+			return reconcile.Result{}, err
+		}
+
 		logger.Info("setting usersignup state to deactivating")
 		if err := r.Client.Update(ctx, usersignup); err != nil {
 			logger.Error(err, "failed to update usersignup")
@@ -188,14 +227,41 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 	if !found || deactivatingCondition.Status != corev1.ConditionTrue ||
 		deactivatingCondition.Reason != toolchainv1alpha1.UserSignupDeactivatingNotificationCRCreatedReason {
 		// If the UserSignup has been marked as deactivating, however the deactivating notification hasn't been
-		// created yet, then wait - the notification should be created shortly by the UserSignup controller
-		// once the "deactivating" state has been set which should cause a new reconciliation to be triggered here
+		// created yet, then set the deactivation timestamp to a temporary value, calculated as being the current
+		// timestamp plus the number of pre-deactivation days configured in the settings, BUT only if it is currently nil
+		// OR the calculated value is more than 12 hours later than the current value
+		deactivationDueTime := time.Now().Add(time.Duration(deactivatingNotificationDays) * 12 * time.Hour)
+		if usersignup.Status.ScheduledDeactivationTimestamp == nil ||
+			usersignup.Status.ScheduledDeactivationTimestamp.Time.Before(deactivationDueTime.Add(-12*time.Hour)) {
+			ts := v1.NewTime(deactivationDueTime)
+			usersignup.Status.ScheduledDeactivationTimestamp = &ts
+			if err := r.Client.Status().Update(ctx, usersignup); err != nil {
+				logger.Error(err, "failed to update usersignup status")
+				return reconcile.Result{}, err
+			}
+		}
+
 		return reconcile.Result{}, nil
 	}
 
+	// We calculate the actual deactivation due time based on when the deactivating condition was set.  This may end up
+	// being significantly later than the scheduled deactivation time set in UserSignup.Status.ScheduledDeactivationTime, as
+	// in some rare circumstances the deactivating notification/status may fail to be set due to cluster downtime or
+	// other reasons.  Because of this, the scheduled deactivation time that is set in the UserSignup.Status should be
+	// treated as informational only.
 	deactivationDueTime := deactivatingCondition.LastTransitionTime.Time.Add(time.Duration(deactivatingNotificationDays*24) * time.Hour)
 
 	if time.Now().Before(deactivationDueTime) {
+		// Update the ScheduledDeactivationTimestamp to the recalculated time base on when the deactivating notification was sent
+		if usersignup.Status.ScheduledDeactivationTimestamp == nil || !usersignup.Status.ScheduledDeactivationTimestamp.Time.Equal(deactivationDueTime) {
+			ts := v1.NewTime(deactivationDueTime)
+			usersignup.Status.ScheduledDeactivationTimestamp = &ts
+			if err := r.Client.Status().Update(ctx, usersignup); err != nil {
+				logger.Error(err, "failed to update usersignup status")
+				return reconcile.Result{}, err
+			}
+		}
+
 		// It is not yet time to deactivate so requeue when it will be
 		requeueAfterExpired := time.Until(deactivationDueTime)
 
@@ -221,6 +287,21 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
 	return reconcile.Result{}, nil
 }
 
+func setDeactivationTimestamp(ctx context.Context, r *Reconciler, mur *toolchainv1alpha1.MasterUserRecord,
+	userSignup *toolchainv1alpha1.UserSignup, deactivationTimeout time.Duration, logger logr.Logger) error {
+	scheduledDeactivationTime := (*mur.Status.ProvisionedTime).Add(deactivationTimeout)
+	if userSignup.Status.ScheduledDeactivationTimestamp == nil || !userSignup.Status.ScheduledDeactivationTimestamp.Time.Equal(scheduledDeactivationTime) {
+		ts := v1.NewTime(scheduledDeactivationTime)
+		userSignup.Status.ScheduledDeactivationTimestamp = &ts
+		if err := r.Client.Status().Update(ctx, userSignup); err != nil {
+			logger.Error(err, "failed to update usersignup status")
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (r *Reconciler) resetDeactivatingState(ctx context.Context, usersignup *toolchainv1alpha1.UserSignup) error {
 	if states.Deactivating(usersignup) {
 		states.SetDeactivating(usersignup, false)