Do not error when trying to delete the TLS secret and you get a not found
This commit is contained in:
parent
d4baeff94e
commit
d47603472d
@ -781,6 +781,12 @@ func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Cont
|
|||||||
"secret", c.tlsSecretName,
|
"secret", c.tlsSecretName,
|
||||||
"namespace", c.namespace)
|
"namespace", c.namespace)
|
||||||
err = c.k8sClient.CoreV1().Secrets(c.namespace).Delete(ctx, c.tlsSecretName, metav1.DeleteOptions{})
|
err = c.k8sClient.CoreV1().Secrets(c.namespace).Delete(ctx, c.tlsSecretName, metav1.DeleteOptions{})
|
||||||
|
notFound := k8serrors.IsNotFound(err)
|
||||||
|
if notFound {
|
||||||
|
// its okay if we tried to delete and we got a not found error. This probably means
|
||||||
|
// another instance of the concierge got here first so there's nothing to delete.
|
||||||
|
return nil
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -2203,6 +2203,26 @@ func TestImpersonatorConfigControllerSync(t *testing.T) {
|
|||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
when("deleting the tls secret when informer and api are out of sync", func() {
|
||||||
|
it.Before(func() {
|
||||||
|
addNodeWithRoleToTracker("control-plane", kubeAPIClient)
|
||||||
|
addSecretToTrackers(newEmptySecret(tlsSecretName), kubeInformerClient)
|
||||||
|
configMapYAML := fmt.Sprintf("{mode: disabled}")
|
||||||
|
addImpersonatorConfigMapToTracker(configMapResourceName, configMapYAML, kubeInformerClient)
|
||||||
|
})
|
||||||
|
|
||||||
|
it("does not pass the not found error through", func() {
|
||||||
|
startInformersAndController()
|
||||||
|
r.NoError(runControllerSync())
|
||||||
|
requireTLSServerWasNeverStarted()
|
||||||
|
r.Len(kubeAPIClient.Actions(), 2)
|
||||||
|
requireNodesListed(kubeAPIClient.Actions()[0])
|
||||||
|
requireTLSSecretWasDeleted(kubeAPIClient.Actions()[1])
|
||||||
|
requireCredentialIssuer(newManuallyDisabledStrategy())
|
||||||
|
requireSigningCertProviderIsEmpty()
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
when("the PEM formatted data in the TLS Secret is not a valid cert", func() {
|
when("the PEM formatted data in the TLS Secret is not a valid cert", func() {
|
||||||
it.Before(func() {
|
it.Before(func() {
|
||||||
addSecretToTrackers(signingCASecret, kubeInformerClient)
|
addSecretToTrackers(signingCASecret, kubeInformerClient)
|
||||||
|
Loading…
Reference in New Issue
Block a user