Skip to content

Commit 5f454fb

Browse files
gurghetclaude
gurghet
and
claude
committed
fix: remove stale key cleanup race condition from reconcile
The reconcile loop was deleting newly created keys before their keyId could be saved to status, causing infinite recreation loops. - Remove aggressive stale key cleanup from reconcile_deploy_key - Fix delete_keys_by_title to match both base and managed titles Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 86e0c1b commit 5f454fb

1 file changed

Lines changed: 11 additions & 11 deletions

File tree

operator.py

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -144,17 +144,19 @@ def delete_key_by_id(self, repo, key_id):
144144
return False
145145

146146
def delete_keys_by_title(self, repo, title):
147-
"""Delete all GitHub deploy keys with a specific title."""
147+
"""Delete all GitHub deploy keys with a specific title (including operator-managed prefix)."""
148148
keys = list(repo.get_keys())
149149
self.logger.info(f"Found {len(keys)} existing deploy keys")
150-
150+
151+
managed_title = f"k8s-operator:{title}"
151152
keys_deleted = 0
152153
for key in keys:
153-
if key.title == title:
154-
self.logger.info(f"Found deploy key with title '{title}' (id: {key.id}), deleting it")
154+
# Match both the base title and the operator-managed title
155+
if key.title == title or key.title == managed_title:
156+
self.logger.info(f"Found deploy key with title '{key.title}' (id: {key.id}), deleting it")
155157
if self.delete_key_by_id(repo, key.id):
156158
keys_deleted += 1
157-
159+
158160
return keys_deleted
159161

160162
def create_key(self, repo, title, key):
@@ -381,12 +383,10 @@ def reconcile_deploy_key(spec, status, logger, patch, **kwargs):
381383
base_title = spec.get('title', 'Kubernetes-managed deploy key')
382384
managed_title = f"k8s-operator:{base_title}"
383385

384-
# Clean up any operator-managed keys that don't match our key_id
385-
for key in repo.get_keys():
386-
if github_manager.is_operator_managed_key(key.title) and (not key_id or key.id != key_id):
387-
logger.info(f"Found stale operator-managed deploy key {key.id}, deleting")
388-
github_manager.delete_key_by_id(repo, key.id)
389-
386+
# Note: We no longer delete "stale" keys here. This caused a race condition where
387+
# a newly created key (not yet in status) would be deleted as stale.
388+
# Key cleanup is handled by create_deploy_key via delete_keys_by_title.
389+
390390
if not key_id:
391391
logger.info("No key ID in status, recreating deploy key")
392392
create_deploy_key(spec, status, logger, patch, force=True, **kwargs)

0 commit comments

Comments
 (0)