fix: garbage-collect API key Secret by setting an ownerReference#541
fix: garbage-collect API key Secret by setting an ownerReference#541shiavm006 wants to merge 1 commit into
Conversation
|
Need the big picture first? Review this PR in Change Stack to see what changed before going file by file. Warning Review limit reached
More reviews will be available in 56 minutes and 38 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe API key request modal reorders resource creation to prevent credential orphaning. The flow now creates the ChangesAPI Key request flow
Sequence DiagramsequenceDiagram
participant handleSubmit as handleSubmit()
participant k8sCreate as k8sCreate()
participant k8sDelete as k8sDelete()
handleSubmit->>k8sCreate: Create APIKey resource
k8sCreate-->>handleSubmit: APIKey created with metadata.uid
handleSubmit->>k8sCreate: Create Secret with ownerReferences pointing to APIKey.uid
alt Secret creation succeeds
k8sCreate-->>handleSubmit: Secret created
handleSubmit-->>handleSubmit: Return success
else Secret creation fails
k8sCreate-->>handleSubmit: Error thrown
handleSubmit->>k8sDelete: Delete the created APIKey (rollback)
k8sDelete-->>handleSubmit: APIKey deleted
handleSubmit-->>handleSubmit: Re-throw Secret creation error
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Signed-off-by: shiavm006 <shivammittal42006@gmail.com>
7ec13ae to
0eab797
Compare
|
The code looks good. However, I found an issue while testing that I reported in Kuadrant/developer-portal-controller#78 The issue is not in the code of this PR, but the changes of this PR activated the issue. We need to address Kuadrant/developer-portal-controller#78 before we merge this issue or the api creation workflow would be broken. I also tested the edge case of pre-existing secret. The apikey is being deleted and the issue is notified to the user. I think it is correct to catch |

Description
APIKeyfirst, then create theSecretwith anownerReferenceto it, so Kubernetes garbage-collects the Secret automatically when the APIKey is deleted.Reordering is safe: the APIKey references the Secret by name (
secretRef.name), which is known up front.Fixes #512
Summary by CodeRabbit