fix(registry): remove k8s registry secrets when registries are removed [EE-5768] (#10369)

api/pendingactions/pendingactions.go

@@ -12,6 +12,11 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
+const (
+	CleanNAPWithOverridePolicies      = "CleanNAPWithOverridePolicies"
+	DeletePortainerK8sRegistrySecrets = "DeletePortainerK8sRegistrySecrets"
+)
+
 type (
 	PendingActionsService struct {
 		authorizationService *authorization.Service
@@ -49,33 +54,32 @@ func (service *PendingActionsService) Execute(id portainer.EndpointID) error {
 
 	endpoint, err := service.dataStore.Endpoint().Endpoint(id)
 	if err != nil {
-		return fmt.Errorf("failed to retrieve endpoint %d: %w", id, err)
+		return fmt.Errorf("failed to retrieve environment %d: %w", id, err)
 	}
 
 	if endpoint.Status != portainer.EndpointStatusUp {
-		log.Debug().Msgf("Endpoint %d is not up", id)
-		return fmt.Errorf("endpoint %d is not up: %w", id, err)
+		log.Debug().Msgf("Environment %q (id: %d) is not up", endpoint.Name, id)
+		return fmt.Errorf("environment %q (id: %d) is not up: %w", endpoint.Name, id, err)
 	}
 
 	pendingActions, err := service.dataStore.PendingActions().ReadAll()
 	if err != nil {
 		log.Error().Err(err).Msgf("failed to retrieve pending actions")
-		return fmt.Errorf("failed to retrieve pending actions for endpoint %d: %w", id, err)
+		return fmt.Errorf("failed to retrieve pending actions for environment %d: %w", id, err)
 	}
 
 	for _, endpointPendingAction := range pendingActions {
 		if endpointPendingAction.EndpointID == id {
 			err := service.executePendingAction(endpointPendingAction, endpoint)
 			if err != nil {
-				log.Error().Err(err).Msgf("failed to execute pending action")
+				log.Warn().Err(err).Msgf("failed to execute pending action")
 				return fmt.Errorf("failed to execute pending action: %w", err)
-			} else {
-				// delete the pending action
-				err := service.dataStore.PendingActions().Delete(endpointPendingAction.ID)
-				if err != nil {
-					log.Error().Err(err).Msgf("failed to delete pending action")
-					return fmt.Errorf("failed to delete pending action: %w", err)
-				}
+			}
+
+			err = service.dataStore.PendingActions().Delete(endpointPendingAction.ID)
+			if err != nil {
+				log.Error().Err(err).Msgf("failed to delete pending action")
+				return fmt.Errorf("failed to delete pending action: %w", err)
 			}
 		}
 	}
@@ -84,30 +88,50 @@ func (service *PendingActionsService) Execute(id portainer.EndpointID) error {
 }
 
 func (service *PendingActionsService) executePendingAction(pendingAction portainer.PendingActions, endpoint *portainer.Endpoint) error {
-	log.Debug().Msgf("Executing pending action %s for endpoint %d", pendingAction.Action, pendingAction.EndpointID)
+	log.Debug().Msgf("Executing pending action %s for environment %d", pendingAction.Action, pendingAction.EndpointID)
 
 	defer func() {
-		log.Debug().Msgf("End executing pending action %s for endpoint %d", pendingAction.Action, pendingAction.EndpointID)
+		log.Debug().Msgf("End executing pending action %s for environment %d", pendingAction.Action, pendingAction.EndpointID)
 	}()
 
 	switch pendingAction.Action {
-	case "CleanNAPWithOverridePolicies":
+	case CleanNAPWithOverridePolicies:
 		if (pendingAction.ActionData == nil) || (pendingAction.ActionData.(portainer.EndpointGroupID) == 0) {
 			service.authorizationService.CleanNAPWithOverridePolicies(service.dataStore, endpoint, nil)
-		} else {
-			endpointGroupID := pendingAction.ActionData.(portainer.EndpointGroupID)
-			endpointGroup, err := service.dataStore.EndpointGroup().Read(portainer.EndpointGroupID(endpointGroupID))
-			if err != nil {
-				log.Error().Err(err).Msgf("Error reading endpoint group to clean NAP with override policies for endpoint %d and endpoint group %d", endpoint.ID, endpointGroup.ID)
-				return fmt.Errorf("failed to retrieve endpoint group %d: %w", endpointGroupID, err)
-			}
-			err = service.authorizationService.CleanNAPWithOverridePolicies(service.dataStore, endpoint, endpointGroup)
-			if err != nil {
-				log.Error().Err(err).Msgf("Error cleaning NAP with override policies for endpoint %d and endpoint group %d", endpoint.ID, endpointGroup.ID)
-				return fmt.Errorf("failed to clean NAP with override policies for endpoint %d and endpoint group %d: %w", endpoint.ID, endpointGroup.ID, err)
-			}
+			return nil
 		}
+
+		endpointGroupID := pendingAction.ActionData.(portainer.EndpointGroupID)
+		endpointGroup, err := service.dataStore.EndpointGroup().Read(portainer.EndpointGroupID(endpointGroupID))
+		if err != nil {
+			log.Error().Err(err).Msgf("Error reading environment group to clean NAP with override policies for environment %d and environment group %d", endpoint.ID, endpointGroup.ID)
+			return fmt.Errorf("failed to retrieve environment group %d: %w", endpointGroupID, err)
+		}
+		err = service.authorizationService.CleanNAPWithOverridePolicies(service.dataStore, endpoint, endpointGroup)
+		if err != nil {
+			log.Error().Err(err).Msgf("Error cleaning NAP with override policies for environment %d and environment group %d", endpoint.ID, endpointGroup.ID)
+			return fmt.Errorf("failed to clean NAP with override policies for environment %d and environment group %d: %w", endpoint.ID, endpointGroup.ID, err)
+		}
+
+		return nil
+	case DeletePortainerK8sRegistrySecrets:
+		if pendingAction.ActionData == nil {
+			return nil
+		}
+
+		registryData, err := convertToDeletePortainerK8sRegistrySecretsData(pendingAction.ActionData)
+		if err != nil {
+			return fmt.Errorf("failed to parse pendingActionData: %w", err)
+		}
+
+		err = service.DeleteKubernetesRegistrySecrets(endpoint, registryData)
+		if err != nil {
+			log.Warn().Err(err).Int("endpoint_id", int(endpoint.ID)).Msgf("Unable to delete kubernetes registry secrets")
+			return fmt.Errorf("failed to delete kubernetes registry secrets for environment %d: %w", endpoint.ID, err)
+		}
+
 		return nil
 	}
+
 	return nil
 }