Skip to content

Add Opensearch resource cleanup on Store deletion via finalizer #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Add Opensearch resource cleanup on Store deletion via finalizer #163

Copilot wants to merge 7 commits into from

Conversation

Copy link

Copilot AI commented Dec 12, 2025
edited
Loading

Implementation Complete: Opensearch Resource Cleanup on Store Deletion ✅

All tasks completed successfully!

Summary of Implementation

This PR adds automatic Opensearch resource cleanup when a Store is deleted, controlled by a custom field in the Store CRD using Kubernetes finalizers.

Changes Made

  1. Store CRD Enhancement

    • Added CleanupOnDeletion boolean field to OpensearchSpec (defaults to false)
    • Generated CRD manifests with the new field

  2. Opensearch Cleanup Package

    • Created comprehensive cleanup implementation
    • 86.5% test coverage with 10 unit tests (improved from 52.8%)
    • Secure TLS certificate verification
    • Clean error handling with errors.Join()
    • Helper function to reduce code duplication

  3. Finalizer Implementation

    • Added shop.shopware.com/opensearch-cleanup finalizer
    • Automatic finalizer management based on configuration
    • Proper cleanup flow with retry on failures

  4. Testing & Quality

    • All tests passing (10 comprehensive tests)
    • Build successful
    • CodeQL security scan: 0 vulnerabilities
    • Fixed golangci-lint configuration for v2.0 compatibility
    • Added integration tests for full cleanup flow
    • Added tests for partial failure scenarios

Test Coverage

  • TestCleanupResources_OpensearchDisabled
  • TestCleanupResources_CleanupDisabled
  • TestListIndices
  • TestListIndices_NoIndicesFound
  • TestDeleteIndex
  • TestDeleteIndex_NotFound
  • TestGetOpensearchCredentials
  • TestGetOpensearchCredentials_SecretNotFound
  • TestCleanupResources_FullFlow (new)
  • TestCleanupResources_PartialFailure (new)

Configuration Example

apiVersion: shop.shopware.com/v1
kind: Store
metadata:
  name: my-store
spec:
  opensearch:
    enabled: true
    cleanupOnDeletion: true  # Opt-in to automatic cleanup
    host: opensearch.example.com
    username: admin
    passwordSecretRef:
      name: opensearch-secret
      key: password
    index:
      prefix: mystore

How It Works

  1. Finalizer is added when opensearch.enabled and opensearch.cleanupOnDeletion are both true
  2. On deletion, the finalizer blocks until cleanup completes
  3. Cleanup deletes all indices matching the prefix (including admin indices)
  4. Failed cleanups trigger automatic retry after 30 seconds
  5. Finalizer is removed after successful cleanup

Benefits

  • ✅ Easy automation of shop lifecycle
  • ✅ No orphaned Opensearch resources
  • ✅ Backward compatible (opt-in)
  • ✅ Robust with automatic retries
  • ✅ Secure TLS verification
  • ✅ Well-tested and documented (86.5% coverage)

Files Changed

  • .golangci.yml: Updated to v2.0 format
  • api/v1/store.go: +3 lines
  • api/v1/zz_generated.deepcopy.go: +28 lines
  • internal/controller/store_controller.go: +50/-44 lines
  • internal/opensearch/cleanup.go: +222 lines
  • internal/opensearch/cleanup_test.go: +450 lines (10 tests)

Total: ~750 insertions, 44 deletions

Original prompt

This section details on the original issue you should resolve

<issue_title>Delete Opensearch resources on store deletion</issue_title>
<issue_description>### Improvement

After the deletion of the store resources, the opensearch resources (indices, aliases, ...) still exist.

Unlike the database, the data is ephemeral and can be deleted. To allow an easier automation of the shop lifecycle, the operator should delete the opensearch resources if needed.

Reason

Easier automation and lifecycle management

Information

Via a custom field in the the store crd, the opensearch cleanup should be toggleable.
If activated, the finalizer should stay on the store cr until the opensearch resources are cleaned up.

The required permissions to authenticate against opensearch are stored in the store secret.

Definition of Done

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 4 commits December 12, 2025 10:47
@tombojer
Add opensearch cleanup on store deletion with finalizer
c585b47 
Co-authored-by: tombojer <24324298+tombojer@users.noreply.github.com>
@tombojer
Fix security and error handling in opensearch cleanup
0021407 
- Fix TLS certificate verification (always verify, don't skip)
- Collect and return deletion errors for proper retry behavior
- Improve error handling for partial failures during cleanup

Co-authored-by: tombojer <24324298+tombojer@users.noreply.github.com>
@tombojer
Refactor opensearch cleanup for better code quality
a792c7d 
- Extract index deletion logic into reusable helper function
- Use errors.Join for cleaner error formatting
- Reduce code duplication between regular and admin index cleanup

Co-authored-by: tombojer <24324298+tombojer@users.noreply.github.com>
@tombojer
Improve documentation for TLS certificate configuration
15e8c63 
- Add clear documentation about TLS certificate verification
- Explain how to configure custom CA certificates for production
- Address code review feedback on security configuration

Co-authored-by: tombojer <24324298+tombojer@users.noreply.github.com>
Copilot AI changed the title [WIP] Delete opensearch resources upon store deletion Add Opensearch resource cleanup on Store deletion via finalizer Dec 12, 2025
Copilot AI requested a review from tombojer December 12, 2025 11:06
@tombojer
Copy link
Contributor

tombojer commented Dec 15, 2025

@copilot Fix the golangci-lint issues and add tests

@tombojer
Fix golangci-lint config and add comprehensive tests
6713396 
- Update .golangci.yml to use new format compatible with v2.0
- Add integration test for full cleanup flow
- Add test for partial failure scenarios
- Improve test coverage from 52.8% to 86.5%

Co-authored-by: tombojer <24324298+tombojer@users.noreply.github.com>
Copy link
Author

Copilot AI commented Dec 15, 2025

@copilot Fix the golangci-lint issues and add tests

Fixed in commit 6713396.

Changes:

  • Updated .golangci.yml to use the new v2.0 compatible format (the old format was causing the config parsing error)
  • Added 2 comprehensive integration tests:
    • TestCleanupResources_FullFlow: Tests complete cleanup with mock Opensearch server
    • TestCleanupResources_PartialFailure: Tests error handling when deletion fails
  • Improved test coverage from 52.8% to 86.5%

All tests passing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tombojer tombojer Awaiting requested review from tombojer

Assignees

@tombojer tombojer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Delete Opensearch resources on store deletion

2 participants

@tombojer