Delete old secrets when creating basic-auth one

giantswarm · Jun 3, 2024 · 3d83b48 · 3d83b48
1 parent a8ad060
commit 3d83b48
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 4 deletions.
diff --git a/pkg/monitoring/mimir/service.go b/pkg/monitoring/mimir/service.go
@@ -7,6 +7,7 @@ import (
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
@@ -60,6 +61,30 @@ func (ms *MimirService) CreateApiKey(ctx context.Context, logger logr.Logger) er
 	current := &corev1.Secret{}
 	err := ms.Client.Get(ctx, objectKey, current)
 	if apierrors.IsNotFound(err) {
+		// First all secrets using the password from the mimirApiKey secret are deleted
+		// to ensure that they won't use an outdated password.
+		logger.Info("Deleting old secrets")
+
+		err := secret.DeleteSecret(ingressAuthSecretName, mimirNamespace, ctx, ms.Client)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		clusterList := &clusterv1.ClusterList{}
+		err = ms.Client.List(ctx, clusterList)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+
+		for _, cluster := range clusterList.Items {
+			secretName := prometheusagent.GetPrometheusAgentRemoteWriteSecretName(&cluster)
+			err = secret.DeleteSecret(secretName, cluster.Namespace, ctx, ms.Client)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+		}
+
+		// Once all secrets are deleted,the mimirApiKey one may be created.
 		logger.Info("Building auth secret")
 
 		password, err := ms.PasswordManager.GeneratePassword(32)

diff --git a/pkg/monitoring/prometheusagent/secret.go b/pkg/monitoring/prometheusagent/secret.go
@@ -45,7 +45,7 @@ func GetMimirIngressPassword(ctx context.Context) (string, error) {
 	return mimirPassword, err
 }
 
-func getPrometheusAgentRemoteWriteSecretName(cluster *clusterv1.Cluster) string {
+func GetPrometheusAgentRemoteWriteSecretName(cluster *clusterv1.Cluster) string {
 	return fmt.Sprintf("%s-remote-write-secret", cluster.Name)
 }
 
@@ -91,7 +91,7 @@ func (pas PrometheusAgentService) buildRemoteWriteSecret(ctx context.Context,
 
 	return &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      getPrometheusAgentRemoteWriteSecretName(cluster),
+			Name:      GetPrometheusAgentRemoteWriteSecretName(cluster),
 			Namespace: cluster.Namespace,
 		},
 		Data: map[string][]byte{

diff --git a/pkg/monitoring/prometheusagent/service.go b/pkg/monitoring/prometheusagent/service.go
@@ -98,7 +98,7 @@ func (pas PrometheusAgentService) createOrUpdateConfigMap(ctx context.Context,
 func (pas PrometheusAgentService) createOrUpdateSecret(ctx context.Context,
 	cluster *clusterv1.Cluster, logger logr.Logger) error {
 	objectKey := client.ObjectKey{
-		Name:      getPrometheusAgentRemoteWriteSecretName(cluster),
+		Name:      GetPrometheusAgentRemoteWriteSecretName(cluster),
 		Namespace: cluster.GetNamespace(),
 	}
 
@@ -184,7 +184,7 @@ func (pas PrometheusAgentService) deleteConfigMap(ctx context.Context, cluster *
 
 func (pas PrometheusAgentService) deleteSecret(ctx context.Context, cluster *clusterv1.Cluster) error {
 	objectKey := client.ObjectKey{
-		Name:      getPrometheusAgentRemoteWriteSecretName(cluster),
+		Name:      GetPrometheusAgentRemoteWriteSecretName(cluster),
 		Namespace: cluster.GetNamespace(),
 	}
 	secret := &corev1.Secret{}