Merge pull request #1503 from splunk/CSPL-3704_smartstore_secret_deletion

CSPL-3704 #1474 Secret Management: SOK deletes automatically smartstore secrets created

Author: kasiakoziol

.github/workflows/int-test-gcp-workflow.yml

@@ -5,7 +5,6 @@ on:
     branches:
       - develop
       - main
-
 jobs:
   build-operator-image:
     runs-on: ubuntu-latest

pkg/splunk/enterprise/clustermanager.go

@@ -128,6 +128,11 @@ func ApplyClusterManager(ctx context.Context, client splcommon.ControllerClient,
 		return result, err
 	}
 
+	// Smart Store secrets get created manually and should not be managed by the Operator
+	if &cr.Spec.SmartStore != nil {
+		_ = DeleteOwnerReferencesForS3SecretObjects(ctx, client, cr, &cr.Spec.SmartStore)
+	}
+
 	// check if deletion has been requested
 	if cr.ObjectMeta.DeletionTimestamp != nil {
 		if cr.Spec.MonitoringConsoleRef.Name != "" {
@@ -154,7 +159,8 @@ func ApplyClusterManager(ctx context.Context, client splcommon.ControllerClient,
 			return result, err
 		}
 
-		DeleteOwnerReferencesForResources(ctx, client, cr, &cr.Spec.SmartStore, SplunkClusterManager)
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkClusterManager)
+
 		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after

pkg/splunk/enterprise/clustermaster.go

@@ -125,6 +125,11 @@ func ApplyClusterMaster(ctx context.Context, client splcommon.ControllerClient,
 		return result, err
 	}
 
+	// Smart Store secrets get created manually and should not be managed by the Operator
+	if &cr.Spec.SmartStore != nil {
+		_ = DeleteOwnerReferencesForS3SecretObjects(ctx, client, cr, &cr.Spec.SmartStore)
+	}
+
 	// check if deletion has been requested
 	if cr.ObjectMeta.DeletionTimestamp != nil {
 		if cr.Spec.MonitoringConsoleRef.Name != "" {
@@ -144,9 +149,10 @@ func ApplyClusterMaster(ctx context.Context, client splcommon.ControllerClient,
 				return result, err
 			}
 		}
-		DeleteOwnerReferencesForResources(ctx, client, cr, &cr.Spec.SmartStore, SplunkClusterMaster)
-		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkClusterMaster)
+
+		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after
 			cr.Status.Phase = enterpriseApi.PhaseTerminating
 		} else {

pkg/splunk/enterprise/indexercluster.go

@@ -127,7 +127,8 @@ func ApplyIndexerClusterManager(ctx context.Context, client splcommon.Controller
 
 	// check if deletion has been requested
 	if cr.ObjectMeta.DeletionTimestamp != nil {
-		DeleteOwnerReferencesForResources(ctx, client, cr, nil, SplunkIndexer)
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkIndexer)
+
 		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after
 			cr.Status.Phase = enterpriseApi.PhaseTerminating
@@ -381,7 +382,8 @@ func ApplyIndexerCluster(ctx context.Context, client splcommon.ControllerClient,
 
 	// check if deletion has been requested
 	if cr.ObjectMeta.DeletionTimestamp != nil {
-		DeleteOwnerReferencesForResources(ctx, client, cr, nil, SplunkIndexer)
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkIndexer)
+
 		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after
 			cr.Status.Phase = enterpriseApi.PhaseTerminating

pkg/splunk/enterprise/licensemanager.go

@@ -98,6 +98,7 @@ func ApplyLicenseManager(ctx context.Context, client splcommon.ControllerClient,
 				return result, err
 			}
 		}
+
 		// If this is the last of its kind getting deleted,
 		// remove the entry for this CR type from configMap or else
 		// just decrement the refCount for this CR type.
@@ -108,9 +109,9 @@ func ApplyLicenseManager(ctx context.Context, client splcommon.ControllerClient,
 			}
 		}
 
-		DeleteOwnerReferencesForResources(ctx, client, cr, nil, SplunkLicenseManager)
-		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkLicenseManager)
 
+		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after
 			cr.Status.Phase = enterpriseApi.PhaseTerminating
 		} else {

pkg/splunk/enterprise/licensemaster.go

@@ -98,6 +98,7 @@ func ApplyLicenseMaster(ctx context.Context, client splcommon.ControllerClient,
 				return result, err
 			}
 		}
+
 		// If this is the last of its kind getting deleted,
 		// remove the entry for this CR type from configMap or else
 		// just decrement the refCount for this CR type.
@@ -108,9 +109,9 @@ func ApplyLicenseMaster(ctx context.Context, client splcommon.ControllerClient,
 			}
 		}
 
-		DeleteOwnerReferencesForResources(ctx, client, cr, nil, SplunkLicenseMaster)
-		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkLicenseMaster)
 
+		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after
 			cr.Status.Phase = enterpriseApi.PhaseTerminating
 		} else {

pkg/splunk/enterprise/searchheadcluster.go

@@ -131,7 +131,8 @@ func ApplySearchHeadCluster(ctx context.Context, client splcommon.ControllerClie
 			}
 		}
 
-		DeleteOwnerReferencesForResources(ctx, client, cr, nil, SplunkSearchHead)
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkSearchHead)
+
 		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after
 			cr.Status.Phase = enterpriseApi.PhaseTerminating

pkg/splunk/enterprise/standalone.go

@@ -114,6 +114,11 @@ func ApplyStandalone(ctx context.Context, client splcommon.ControllerClient, cr
 		return result, err
 	}
 
+	// Smart Store secrets get created manually and should not be managed by the Operator
+	if &cr.Spec.SmartStore != nil {
+		_ = DeleteOwnerReferencesForS3SecretObjects(ctx, client, cr, &cr.Spec.SmartStore)
+	}
+
 	// check if deletion has been requested
 	if cr.ObjectMeta.DeletionTimestamp != nil {
 		if cr.Spec.MonitoringConsoleRef.Name != "" {
@@ -123,6 +128,7 @@ func ApplyStandalone(ctx context.Context, client splcommon.ControllerClient, cr
 				return result, err
 			}
 		}
+
 		// If this is the last of its kind getting deleted,
 		// remove the entry for this CR type from configMap or else
 		// just decrement the refCount for this CR type.
@@ -132,7 +138,9 @@ func ApplyStandalone(ctx context.Context, client splcommon.ControllerClient, cr
 				return result, err
 			}
 		}
-		DeleteOwnerReferencesForResources(ctx, client, cr, &cr.Spec.SmartStore, SplunkStandalone)
+
+		DeleteOwnerReferencesForResources(ctx, client, cr, SplunkStandalone)
+
 		terminating, err := splctrl.CheckForDeletion(ctx, cr, client)
 
 		if terminating && err != nil { // don't bother if no error, since it will just be removed immmediately after

pkg/splunk/enterprise/util.go

@@ -786,15 +786,11 @@ func setupInitContainer(podTemplateSpec *corev1.PodTemplateSpec, Image string, i
 
 // DeleteOwnerReferencesForResources used to delete any outstanding owner references
 // Ideally we should be removing the owner reference wherever the CR is not controller for the resource
-func DeleteOwnerReferencesForResources(ctx context.Context, client splcommon.ControllerClient, cr splcommon.MetaObject, smartstore *enterpriseApi.SmartStoreSpec, instanceType InstanceType) error {
+func DeleteOwnerReferencesForResources(ctx context.Context, client splcommon.ControllerClient, cr splcommon.MetaObject, instanceType InstanceType) error {
 	var err error
 	reqLogger := log.FromContext(ctx)
 	scopedLog := reqLogger.WithName("DeleteOwnerReferencesForResources").WithValues("kind", cr.GetObjectKind().GroupVersionKind().Kind, "name", cr.GetName(), "namespace", cr.GetNamespace())
 
-	if smartstore != nil {
-		_ = DeleteOwnerReferencesForS3SecretObjects(ctx, client, cr, smartstore)
-	}
-
 	// Delete references to Default secret object
 	defaultSecretName := splcommon.GetNamespaceScopedSecretName(cr.GetNamespace())
 	_, err = splutil.RemoveSecretOwnerRef(ctx, client, defaultSecretName, cr)
@@ -838,7 +834,7 @@ func DeleteOwnerReferencesForS3SecretObjects(ctx context.Context, client splcomm
 
 	volList := smartstore.VolList
 	for _, volume := range volList {
-		if volume.SecretRef != "" {
+		if volume.SecretRef != "" && volume.SecretRef != splcommon.GetNamespaceScopedSecretName(cr.GetNamespace()) {
 			_, err = splutil.RemoveSecretOwnerRef(ctx, client, volume.SecretRef, cr)
 			if err == nil {
 				scopedLog.Info("Removed references for Secret Object", "secret", volume.SecretRef)

pkg/splunk/enterprise/util_test.go

@@ -566,7 +566,7 @@ func TestRemoveOwenerReferencesForSecretObjectsReferredBySmartstoreVolumes(t *te
 	}
 
 	// Smartstore volume config with non-existing secret objects
-	err = DeleteOwnerReferencesForResources(ctx, client, &cr, &cr.Spec.SmartStore, SplunkClusterMaster)
+	err = DeleteOwnerReferencesForResources(ctx, client, &cr, SplunkClusterMaster)
 	if err == nil {
 		t.Errorf("Should report an error, when the secret objects doesn't exist")
 	}