🐛 GCP: prevent goroutine leak on workload identity reconciliation (#1902)

Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com>
2024-12-14 11:57:59 +00:00 · 2023-01-12 21:27:01 +09:00 · 2023-01-12 21:27:01 +09:00 · f4e70ddfed
commit f4e70ddfed
parent 922c7e8ece
2 changed files with 3 additions and 2 deletions
--- a/pkg/provider/gcp/secretmanager/auth.go
+++ b/pkg/provider/gcp/secretmanager/auth.go
@ -35,6 +35,7 @@ func NewTokenSource(ctx context.Context, auth esv1beta1.GCPSMAuth, projectID str
 	if err != nil {
 		return nil, fmt.Errorf("unable to initialize workload identity")
 	}
+	defer wi.Close()
 	ts, err = wi.TokenSource(ctx, auth, isClusterKind, kube, namespace)
 	if ts != nil || err != nil {
 		return ts, err
--- a/pkg/provider/gcp/secretmanager/workload_identity.go
+++ b/pkg/provider/gcp/secretmanager/workload_identity.go
@ -78,11 +78,11 @@ type saTokenGenerator interface {
 }

 func newWorkloadIdentity(ctx context.Context, projectID string) (*workloadIdentity, error) {
-	iamc, err := newIAMClient(ctx)
+	satg, err := newSATokenGenerator()
 	if err != nil {
 		return nil, err
 	}
-	satg, err := newSATokenGenerator()
+	iamc, err := newIAMClient(ctx)
 	if err != nil {
 		return nil, err
 	}