add a post uninstall step that deletes leftover secrets (#610)

* add a post uninstall step that deletes leftover secrets * bump * bump
codefresh-io · Oct 30, 2022 · e98cc54 · e98cc54
1 parent f17b72a
commit e98cc54
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-VERSION=v0.0.554
+VERSION=v0.0.555
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")

diff --git a/cmd/commands/runtime.go b/cmd/commands/runtime.go
@@ -27,6 +27,7 @@ import (
 	"sync"
 	"time"
 
+	kubeutil "github.com/codefresh-io/cli-v2/pkg/util/kube"
 	routingutil "github.com/codefresh-io/cli-v2/pkg/util/routing"
 
 	"github.com/codefresh-io/cli-v2/pkg/log"
@@ -500,6 +501,7 @@ func runRuntimeUninstall(ctx context.Context, opts *RuntimeUninstallOptions) err
 
 	// check whether the runtime exists
 	var err error
+
 	if !opts.SkipChecks {
 		_, err = getRuntime(ctx, opts.RuntimeName)
 	}
@@ -575,12 +577,33 @@ func runRuntimeUninstall(ctx context.Context, opts *RuntimeUninstallOptions) err
 		cfConfig.GetCurrentContext().DefaultRuntime = ""
 	}
 
+	err = runPostUninstallCleanup(ctx, opts.KubeFactory, opts.RuntimeName)
+	if err != nil {
+		return fmt.Errorf("failed to do post uninstall cleanup: %w", err)
+	}
+
 	uninstallDoneStr := fmt.Sprintf("Done uninstalling runtime \"%s\"", opts.RuntimeName)
 	appendLogToSummary(uninstallDoneStr, nil)
 
 	return nil
 }
 
+func runPostUninstallCleanup(ctx context.Context, kubeFactory kube.Factory, namespace string) error {
+	secrets, err := kubeutil.GetSecretsWithLabel(ctx, kubeFactory, namespace, store.Get().LabelSelectorSealedSecret)
+	if err != nil {
+		return err
+	}
+
+	for _, secret := range secrets.Items {
+		err = kubeutil.DeleteSecretWithFinalizer(ctx, kubeFactory, &secret)
+		if err != nil {
+			log.G().Warn("failed to delete secret: %w", err)
+		}
+	}
+
+	return nil
+}
+
 func printApplicationsState(ctx context.Context, runtime string, f kube.Factory, managed bool) error {
 	if managed {
 		return nil

diff --git a/docs/releases/release_notes.md b/docs/releases/release_notes.md
@@ -23,7 +23,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.554/cf-linux-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.555/cf-linux-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-linux-amd64 /usr/local/bin/cf
@@ -36,7 +36,7 @@ cf version
 
 ```bash
 # download and extract the binary
-curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.554/cf-darwin-amd64.tar.gz | tar zx
+curl -L --output - https://github.com/codefresh-io/cli-v2/releases/download/v0.0.555/cf-darwin-amd64.tar.gz | tar zx
 
 # move the binary to your $PATH
 mv ./cf-darwin-amd64 /usr/local/bin/cf

diff --git a/manifests/runtime.yaml b/manifests/runtime.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: "{{ namespace }}"
 spec:
   defVersion: 2.1.1
-  version: 0.0.554
+  version: 0.0.555
   bootstrapSpecifier: github.com/codefresh-io/cli-v2/manifests/argo-cd
   components:
     - name: events

diff --git a/pkg/store/store.go b/pkg/store/store.go
@@ -83,6 +83,7 @@ type Store struct {
 	DocsLink                          string
 	LabelKeyCFType                    string
 	LabelKeyCFInternal                string
+	LabelSelectorSealedSecret         string
 	AnnotationKeySyncWave             string
 	MarketplaceGitSourceName          string
 	MarketplaceRepo                   string
@@ -193,6 +194,7 @@ func init() {
 	s.DocsLink = "https://codefresh.io/csdp-docs/"
 	s.LabelKeyCFType = "codefresh.io/entity"
 	s.LabelKeyCFInternal = "codefresh.io/internal"
+	s.LabelSelectorSealedSecret = "codefresh.io/sealing-key=true"
 	s.AnnotationKeySyncWave = "argocd.argoproj.io/sync-wave"
 	s.MaxDefVersion = semver.MustParse(maxDefVersion)
 	s.RuntimeDefURL = RuntimeDefURL

diff --git a/pkg/util/kube/kube.go b/pkg/util/kube/kube.go
@@ -611,3 +611,34 @@ func CheckNamespaceExists(ctx context.Context, namespace string, kubeFactory kub
 
 	return true, nil
 }
+
+func DeleteSecretWithFinalizer(ctx context.Context, kubeFactory kube.Factory, secret *v1.Secret) error {
+	client, err := kubeFactory.KubernetesClientSet()
+	if err != nil {
+		return fmt.Errorf("failed to create kubernetes client: %w", err)
+	}
+
+	secret.Finalizers = nil
+	secret, err = client.CoreV1().Secrets(secret.Namespace).Update(ctx, secret, metav1.UpdateOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to remove finalizers from secret %s", secret.Name)
+	}
+
+	err = client.CoreV1().Secrets(secret.Namespace).Delete(ctx, secret.Name, metav1.DeleteOptions{})
+
+	return err
+}
+
+func GetSecretsWithLabel(ctx context.Context, kubeFactory kube.Factory, namespace, label string) (*v1.SecretList, error) {
+	client, err := kubeFactory.KubernetesClientSet()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create kubernetes client: %w", err)
+	}
+
+	secrets, err := client.CoreV1().Secrets(namespace).List(ctx, metav1.ListOptions{LabelSelector: label})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get secrets: %w", err)
+	}
+
+	return secrets, nil
+}