Do not error when trying to delete the TLS secret and you get a not found

This commit is contained in:
Margo Crawford 2021-03-30 14:43:04 -07:00
parent d4baeff94e
commit d47603472d
2 changed files with 26 additions and 0 deletions

View File

@ -781,6 +781,12 @@ func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Cont
"secret", c.tlsSecretName,
"namespace", c.namespace)
err = c.k8sClient.CoreV1().Secrets(c.namespace).Delete(ctx, c.tlsSecretName, metav1.DeleteOptions{})
notFound := k8serrors.IsNotFound(err)
if notFound {
// its okay if we tried to delete and we got a not found error. This probably means
// another instance of the concierge got here first so there's nothing to delete.
return nil
}
if err != nil {
return err
}

View File

@ -2203,6 +2203,26 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
})
})
when("deleting the tls secret when informer and api are out of sync", func() {
it.Before(func() {
addNodeWithRoleToTracker("control-plane", kubeAPIClient)
addSecretToTrackers(newEmptySecret(tlsSecretName), kubeInformerClient)
configMapYAML := fmt.Sprintf("{mode: disabled}")
addImpersonatorConfigMapToTracker(configMapResourceName, configMapYAML, kubeInformerClient)
})
it("does not pass the not found error through", func() {
startInformersAndController()
r.NoError(runControllerSync())
requireTLSServerWasNeverStarted()
r.Len(kubeAPIClient.Actions(), 2)
requireNodesListed(kubeAPIClient.Actions()[0])
requireTLSSecretWasDeleted(kubeAPIClient.Actions()[1])
requireCredentialIssuer(newManuallyDisabledStrategy())
requireSigningCertProviderIsEmpty()
})
})
when("the PEM formatted data in the TLS Secret is not a valid cert", func() {
it.Before(func() {
addSecretToTrackers(signingCASecret, kubeInformerClient)