3 жил өмнө · 57e0e2cd2f
--- a/pkg/controllers/pushsecret/pushsecret_controller.go
+++ b/pkg/controllers/pushsecret/pushsecret_controller.go
@@ -29,6 +29,7 @@ import (
 
				 	"k8s.io/client-go/tools/record"
			
 
				 	ctrl "sigs.k8s.io/controller-runtime"
			
 
				 	"sigs.k8s.io/controller-runtime/pkg/client"
			
 
				+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
			
 
				 
			
 
				 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
			
 
				 	v1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
			
@@ -44,6 +45,7 @@ const (
 
				 	errCloseStoreClient       = "error when calling provider close method"
			
 
				 	errSetSecretFailed        = "could not write remote ref %v to target secretstore %v: %v"
			
 
				 	errFailedSetSecret        = "set secret failed: %v"
			
 
				+	pushSecretFinalizer       = "pushsecret.externalsecrets.io/finalizer"
			
 
				 )
			
 
				 
			
 
				 type Reconciler struct {
			
@@ -80,6 +82,37 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 
				 			log.Error(err, errPatchStatus)
			
 
				 		}
			
 
				 	}()
			
 
				+	// finalizer logic
			
 
				+	if ps.ObjectMeta.DeletionTimestamp.IsZero() {
			
 
				+		if !controllerutil.ContainsFinalizer(&ps, pushSecretFinalizer) {
			
 
				+			controllerutil.AddFinalizer(&ps, pushSecretFinalizer)
			
 
				+			err := r.Client.Update(ctx, &ps, &client.UpdateOptions{})
			
 
				+			if err != nil {
			
 
				+				return ctrl.Result{}, fmt.Errorf("could not update finalizers: %w", err)
			
 
				+			}
			
 
				+			return ctrl.Result{}, nil
			
 
				+		}
			
 
				+	} else {
			
 
				+		if controllerutil.ContainsFinalizer(&ps, pushSecretFinalizer) {
			
 
				+			// trigger a cleanup with no Synced Map
			
 
				+			badState, err := r.DeleteSecretFromProviders(ctx, &ps, esapi.SyncedPushSecretsMap{})
			
 
				+			if err != nil {
			
 
				+				msg := fmt.Sprintf("Failed to Delete Secrets from Provider: %v", err)
			
 
				+				cond := NewPushSecretCondition(esapi.PushSecretReady, v1.ConditionFalse, esapi.ReasonErrored, msg)
			
 
				+				ps = SetPushSecretCondition(ps, *cond)
			
 
				+				r.SetSyncedSecrets(&ps, badState)
			
 
				+				r.recorder.Event(&ps, v1.EventTypeWarning, esapi.ReasonErrored, msg)
			
 
				+				return ctrl.Result{}, err
			
 
				+			}
			
 
				+			controllerutil.RemoveFinalizer(&ps, pushSecretFinalizer)
			
 
				+			err = r.Client.Update(ctx, &ps, &client.UpdateOptions{})
			
 
				+			if err != nil {
			
 
				+				return ctrl.Result{}, fmt.Errorf("could not update finalizers: %w", err)
			
 
				+			}
			
 
				+			return ctrl.Result{}, nil
			
 
				+		}
			
 
				+	}
			
 
				+
			
 
				 	secret, err := r.GetSecret(ctx, ps)
			
 
				 	if err != nil {
			
 
				 		cond := NewPushSecretCondition(esapi.PushSecretReady, v1.ConditionFalse, esapi.ReasonErrored, errFailedGetSecret)
			
--- a/pkg/controllers/pushsecret/pushsecret_controller_test.go
+++ b/pkg/controllers/pushsecret/pushsecret_controller_test.go
@@ -100,11 +100,15 @@ var _ = Describe("ExternalSecret controller", func() {
 
				 	})
			
 
				 
			
 
				 	AfterEach(func() {
			
 
				-		Expect(k8sClient.Delete(context.Background(), &v1.Namespace{
			
 
				+		k8sClient.Delete(context.Background(), &v1alpha1.PushSecret{
			
 
				 			ObjectMeta: metav1.ObjectMeta{
			
 
				-				Name: PushSecretNamespace,
			
 
				+				Name:      PushSecretName,
			
 
				+				Namespace: PushSecretNamespace,
			
 
				 			},
			
 
				-		})).To(Succeed())
			
 
				+		})
			
 
				+		// give a time for reconciler to remove finalizers before removing SecretStores
			
 
				+		// TODO: Secret Stores should have finalizers bound to External-Secrets and PushSecrets
			
 
				+		time.Sleep(2 * time.Second)
			
 
				 		k8sClient.Delete(context.Background(), &v1beta1.SecretStore{
			
 
				 			ObjectMeta: metav1.ObjectMeta{
			
 
				 				Name:      PushSecretStore,
			
@@ -122,6 +126,11 @@ var _ = Describe("ExternalSecret controller", func() {
 
				 				Namespace: PushSecretNamespace,
			
 
				 			},
			
 
				 		})
			
 
				+		Expect(k8sClient.Delete(context.Background(), &v1.Namespace{
			
 
				+			ObjectMeta: metav1.ObjectMeta{
			
 
				+				Name: PushSecretNamespace,
			
 
				+			},
			
 
				+		})).To(Succeed())
			
 
				 	})
			
 
				 
			
 
				 	makeDefaultTestcase := func() *testCase {
			
@@ -310,10 +319,7 @@ var _ = Describe("ExternalSecret controller", func() {
 
				 					return false
			
 
				 				}
			
 
				 				_, ok = updatedPS.Status.SyncedPushSecrets[fmt.Sprintf("SecretStore/%v", PushSecretStore)]["path/to/key"]
			
 
				-				if !ok {
			
 
				-					return false
			
 
				-				}
			
 
				-				return true
			
 
				+				return ok
			
 
				 			}, time.Second*10, time.Second).Should(BeTrue())
			
 
				 			return true
			
 
				 		}
			
@@ -355,10 +361,7 @@ var _ = Describe("ExternalSecret controller", func() {
 
				 					return false
			
 
				 				}
			
 
				 				syncedLen := len(updatedPS.Status.SyncedPushSecrets)
			
 
				-				if syncedLen != 2 {
			
 
				-					return false
			
 
				-				}
			
 
				-				return true
			
 
				+				return syncedLen == 2
			
 
				 			}, time.Second*10, time.Second).Should(BeTrue())
			
 
				 			return true
			
 
				 		}
			
@@ -399,7 +402,7 @@ var _ = Describe("ExternalSecret controller", func() {
 
				 				if err != nil {
			
 
				 					return false
			
 
				 				}
			
 
				-				key, ok := updatedPS.Status.SyncedPushSecrets[fmt.Sprintf("SecretStore/new-store")]["path/to/key"]
			
 
				+				key, ok := updatedPS.Status.SyncedPushSecrets["SecretStore/new-store"]["path/to/key"]
			
 
				 				if !ok {
			
 
				 					return false
			
 
				 				}