mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

fix: allow controller to delete delete externalsecrets (#1670)

Browse source 
When using ClusterExternalSecret the controller needs to delete
external-secret resources

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
This commit is contained in:
Moritz Johner 2022-10-26 23:23:15 +02:00 committed by GitHub
parent d5cc8b3de5
commit 411f03ffe1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
deploy/charts/external-secrets/templates/rbac.yaml
View file

@ -91,6 +91,7 @@ rules:
verbs: verbs:
- "create" - "create"
- "update" - "update"
- "delete"
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if and .Values.scopedNamespace .Values.scopedRBAC }} {{- if and .Values.scopedNamespace .Values.scopedRBAC }}

7
pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go
View file

@ -170,7 +170,6 @@ func (r *Reconciler) resolveExternalSecret(ctx context.Context, clusterExternalS
} }
func (r *Reconciler) removeExternalSecret(ctx context.Context, esName, namespace string) (string, error) { func (r *Reconciler) removeExternalSecret(ctx context.Context, esName, namespace string) (string, error) {
//
var existingES esv1beta1.ExternalSecret var existingES esv1beta1.ExternalSecret
err := r.Get(ctx, types.NamespacedName{ err := r.Get(ctx, types.NamespacedName{
Name: esName, Name: esName,
@ -205,7 +204,11 @@ func (r *Reconciler) removeOldNamespaces(ctx context.Context, namespaceList v1.N
failedNamespaces := map[string]string{} failedNamespaces := map[string]string{}
// Loop through existing namespaces first to make sure they still have our labels // Loop through existing namespaces first to make sure they still have our labels
for _, namespace := range getRemovedNamespaces(namespaceList, provisionedNamespaces) { for _, namespace := range getRemovedNamespaces(namespaceList, provisionedNamespaces) {
if result, _ := r.removeExternalSecret(ctx, esName, namespace); result != "" { result, err := r.removeExternalSecret(ctx, esName, namespace)
if err != nil {
r.Log.Error(err, "unable to delete external-secret")
}
if result != "" {
failedNamespaces[namespace] = result failedNamespaces[namespace] = result
} }
} }