From 97afceef9905588a74f0488bf2fe2a21e9484bc6 Mon Sep 17 00:00:00 2001
From: Andreas Sommer <andreas@giantswarm.io>
Date: Thu, 20 Jun 2024 16:54:21 +0200
Subject: [PATCH] Delete machine pool user data files that did not get deleted
 yet by the lifecycle policy (#593)

* Delete machine pool user data files that did not get deleted yet by the lifecycle policy

* Use paging for S3 results

* Log S3 list operation

* Handle NotFound
---
 .../bootstrap/cluster_api_controller.go       |  3 +-
 .../bootstrap/fixtures/with_s3_bucket.yaml    |  3 +-
 pkg/cloud/services/s3/s3.go                   | 41 +++++++++++++++++++
 3 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go b/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go
index b768279170..c0ded82825 100644
--- a/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go
+++ b/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go
@@ -284,11 +284,12 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
 			Action: iamv1.Actions{
 				"s3:CreateBucket",
 				"s3:DeleteBucket",
-				"s3:PutObject",
 				"s3:DeleteObject",
+				"s3:ListBucket",
 				"s3:PutBucketPolicy",
 				"s3:PutBucketTagging",
 				"s3:PutLifecycleConfiguration",
+				"s3:PutObject",
 			},
 		})
 	}
diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml
index 5f7116fdcf..47792ac70a 100644
--- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml
+++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml
@@ -289,11 +289,12 @@ Resources:
         - Action:
           - s3:CreateBucket
           - s3:DeleteBucket
-          - s3:PutObject
           - s3:DeleteObject
+          - s3:ListBucket
           - s3:PutBucketPolicy
           - s3:PutBucketTagging
           - s3:PutLifecycleConfiguration
+          - s3:PutObject
           Effect: Allow
           Resource:
           - arn:*:s3:::cluster-api-provider-aws-*
diff --git a/pkg/cloud/services/s3/s3.go b/pkg/cloud/services/s3/s3.go
index 4fd7ed3db0..cdfd810a2e 100644
--- a/pkg/cloud/services/s3/s3.go
+++ b/pkg/cloud/services/s3/s3.go
@@ -97,6 +97,47 @@ func (s *Service) DeleteBucket() error {
 
 	log.Info("Deleting S3 Bucket")
 
+	// Delete machine pool user data files that did not get deleted
+	// yet by the lifecycle policy
+	for {
+		log.Info("Listing S3 objects of machine pools")
+
+		out, err := s.S3Client.ListObjectsV2(&s3.ListObjectsV2Input{
+			Bucket: aws.String(bucketName),
+			Prefix: aws.String("machine-pool/"),
+		})
+		if err != nil {
+			aerr, ok := err.(awserr.Error)
+			if !ok {
+				return errors.Wrap(err, "listing S3 bucket")
+			}
+
+			switch aerr.Code() {
+			case s3.ErrCodeNoSuchBucket:
+				log.Info("Bucket already removed")
+				return nil
+			default:
+				return errors.Wrap(aerr, "listing S3 bucket")
+			}
+		}
+
+		// Stop on last page of results
+		if len(out.Contents) == 0 {
+			break
+		}
+
+		log.Info("Deleting S3 objects of machine pools", "count", len(out.Contents))
+		for _, obj := range out.Contents {
+			_, err := s.S3Client.DeleteObject(&s3.DeleteObjectInput{
+				Bucket: aws.String(bucketName),
+				Key:    obj.Key,
+			})
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	_, err := s.S3Client.DeleteBucket(&s3.DeleteBucketInput{
 		Bucket: aws.String(bucketName),
 	})