:bug: GCP: prevent goroutine leak on workload identity reconciliation (#1902)

Signed-off-by: Hiroshi Muraoka <h.muraoka714@gmail.com>

pkg/provider/gcp/secretmanager/auth.go

@@ -35,6 +35,7 @@ func NewTokenSource(ctx context.Context, auth esv1beta1.GCPSMAuth, projectID str
 	if err != nil {
 		return nil, fmt.Errorf("unable to initialize workload identity")
 	}
+	defer wi.Close()
 	ts, err = wi.TokenSource(ctx, auth, isClusterKind, kube, namespace)
 	if ts != nil || err != nil {
 		return ts, err

pkg/provider/gcp/secretmanager/workload_identity.go

@@ -78,11 +78,11 @@ type saTokenGenerator interface {
 }
 
 func newWorkloadIdentity(ctx context.Context, projectID string) (*workloadIdentity, error) {
-	iamc, err := newIAMClient(ctx)
+	satg, err := newSATokenGenerator()
 	if err != nil {
 		return nil, err
 	}
-	satg, err := newSATokenGenerator()
+	iamc, err := newIAMClient(ctx)
 	if err != nil {
 		return nil, err
 	}