Skip to content

Commit

Permalink
created a new goroutine that will remove shadow secrets by going from…
Browse files Browse the repository at this point in the history
… the secret to the hvsapp instead of the other way around in the original
  • Loading branch information
jaireddjawed committed Dec 5, 2024
1 parent c6bdb47 commit 4cdba66
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions controllers/hcpvaultsecretsapp_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,42 @@ func (r *HCPVaultSecretsAppReconciler) Reconcile(ctx context.Context, req ctrl.R
return ctrl.Result{}, r.handleDeletion(ctx, o)
}

go func() {
// this goroutine clean ups orphaned shadow secrets once per hour
ticker := time.NewTicker(1 * time.Hour)
defer ticker.Stop()

for {
select {
case <-ticker.C:
// retrieve all shadow secrets in the vso namespace
secrets := &corev1.SecretList{}
if err := r.Client.List(ctx, secrets, client.InNamespace(common.OperatorNamespace)); err != nil {
logger.Error(err, "Failed to list secrets")
continue
}

for _, secret := range secrets.Items {
appName := secret.Labels[hvsaLabelPrefix+"/hvs-app-name"]
app := &secretsv1beta1.HCPVaultSecretsApp{}

// get the HCPVaultSecretsApp associated with the shadow secret
if err := r.Client.Get(ctx, client.ObjectKey{Namespace: secret.Namespace, Name: appName}, app); err != nil {
logger.Error(err, "Failed to get HCPVaultSecretsApp")
continue
}

// check if it was deleted and remove the shadow secret if it was
if app.GetDeletionTimestamp() != nil {
if err := r.Client.Delete(ctx, &secret); err != nil {
logger.Error(err, "Failed to delete orphaned shadow secret")
}
}
}
}
}
}()

var requeueAfter time.Duration
if o.Spec.RefreshAfter != "" {
d, err := parseDurationString(o.Spec.RefreshAfter, ".spec.refreshAfter", r.MinRefreshAfter)
Expand Down

0 comments on commit 4cdba66

Please sign in to comment.