Add some more missing pieces for provisioning secret

Author: bjee19

internal/controller/provisioner/eventloop.go

@@ -31,14 +31,16 @@ func newEventLoop(
 	ngfNamespace string,
 	dockerSecrets []string,
 	agentTLSSecret string,
+	dataplaneKeySecret string,
 	usageConfig *config.UsageReportConfig,
 	isOpenshift bool,
 ) (*events.EventLoop, error) {
 	nginxResourceLabelPredicate := predicate.NginxLabelPredicate(selector)
 
-	secretsToWatch := make([]string, 0, len(dockerSecrets)+4)
+	secretsToWatch := make([]string, 0, len(dockerSecrets)+5)
 	secretsToWatch = append(secretsToWatch, agentTLSSecret)
 	secretsToWatch = append(secretsToWatch, dockerSecrets...)
+	secretsToWatch = append(secretsToWatch, dataplaneKeySecret)
 
 	if usageConfig != nil {
 		if usageConfig.SecretName != "" {

internal/controller/provisioner/handler.go

@@ -124,10 +124,12 @@ func (h *eventHandler) HandleEventBatch(ctx context.Context, logger logr.Logger,
 				}
 			case *corev1.Secret:
 				if h.provisioner.isUserSecret(e.NamespacedName.Name) {
+					fmt.Println("This should be a user secret")
 					if err := h.deprovisionSecretsForAllGateways(ctx, e.NamespacedName.Name); err != nil {
 						logger.Error(err, "error removing secrets")
 					}
 				} else {
+					fmt.Println("aparently we are reprovisioning")
 					if err := h.reprovisionResources(ctx, e); err != nil {
 						logger.Error(err, "error re-provisioning nginx resources")
 					}

internal/controller/provisioner/handler_test.go

@@ -299,6 +299,14 @@ func TestHandleEventBatch_Delete(t *testing.T) {
 	}
 	g.Expect(fakeClient.Create(ctx, userDockerSecret)).To(Succeed())
 
+	userDataplaneKeySecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      nginxOneDataplaneKeySecretName,
+			Namespace: ngfNamespace,
+		},
+	}
+	g.Expect(fakeClient.Create(ctx, userDataplaneKeySecret)).To(Succeed())
+
 	upsertEvent := &events.UpsertEvent{Resource: gateway}
 	batch := events.EventBatch{upsertEvent}
 	handler.HandleEventBatch(ctx, logger, batch)
@@ -342,6 +350,7 @@ func TestHandleEventBatch_Delete(t *testing.T) {
 	verifySecret(caTestSecretName, userCASecret)
 	verifySecret(clientTestSecretName, userClientSSLSecret)
 	verifySecret(dockerTestSecretName, userDockerSecret)
+	verifySecret(nginxOneDataplaneKeySecretName, userDataplaneKeySecret)
 
 	// delete Gateway when provisioner is not leader
 	provisioner.leader = false

internal/controller/provisioner/objects.go

@@ -1190,6 +1190,21 @@ func (p *NginxProvisioner) buildNginxResourceObjectsForDeletion(deploymentNSName
 		objects = append(objects, jwtSecret)
 	}
 
+	var dataplaneKeySecretName string
+	if p.cfg.NginxOneConsoleTelemetryConfig.DataplaneKeySecretName != "" {
+		dataplaneKeySecretName = controller.CreateNginxResourceName(
+			deploymentNSName.Name,
+			p.cfg.NginxOneConsoleTelemetryConfig.DataplaneKeySecretName,
+		)
+		dataplaneKeySecret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      dataplaneKeySecretName,
+				Namespace: deploymentNSName.Namespace,
+			},
+		}
+		objects = append(objects, dataplaneKeySecret)
+	}
+
 	return objects
 }
 

internal/controller/provisioner/provisioner.go

@@ -160,6 +160,7 @@ func NewNginxProvisioner(
 		cfg.GatewayPodConfig.Namespace,
 		cfg.NginxDockerSecretNames,
 		cfg.AgentTLSSecretName,
+		cfg.NginxOneConsoleTelemetryConfig.DataplaneKeySecretName,
 		cfg.PlusUsageConfig,
 		isOpenshift,
 	)
@@ -443,6 +444,10 @@ func (p *NginxProvisioner) isUserSecret(name string) bool {
 		return true
 	}
 
+	if p.cfg.NginxOneConsoleTelemetryConfig.DataplaneKeySecretName == name {
+		return true
+	}
+
 	if p.cfg.PlusUsageConfig != nil {
 		return name == p.cfg.PlusUsageConfig.SecretName ||
 			name == p.cfg.PlusUsageConfig.CASecretName ||