Skip to content

Commit

Permalink
Add back delete code, remove terminating skip
Browse files Browse the repository at this point in the history
  • Loading branch information
@benbp
benbp committed Sep 27, 2024
1 parent c00d5c7 commit ed1b098
Showing 1 changed file with 57 additions and 5 deletions.
62 changes: 57 additions & 5 deletions tools/stress-cluster/services/Stress.Watcher/src/NamespaceEventHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ public async Task Watch(CancellationToken cancellationToken)

public void HandleNamespaceEvent(WatchEventType eventType, V1Namespace ns)
{
if (ExcludedNamespaces.Contains(ns.Name()))
if (ExcludedNamespaces.Contains(ns.Name()) || string.IsNullOrEmpty(ns.Name()))
{
return;
}
Expand All @@ -178,10 +178,6 @@ public void HandleNamespaceEvent(WatchEventType eventType, V1Namespace ns)
Logger.Information($"Skipping namespace '{ns.Name()}' because it is not the watched namespace '{WatchNamespace}'");
return;
}
if (ns.Status?.Phase == "Terminating")
{
return;
}

using (LogContext.PushProperty("namespace", ns.Name()))
{
Expand All @@ -196,6 +192,18 @@ public void HandleNamespaceEvent(WatchEventType eventType, V1Namespace ns)
}
});
}
else if (eventType == WatchEventType.Deleted)
{
DeleteFederatedIdentityCredential(ns).ContinueWith(t =>
{
Logger.Information("Releasing federated credential write semaphore");
FederatedCredentialWriteSemaphore.Release();
if (t.Exception != null)
{
Logger.Error(t.Exception, "Error deleting federated identity credential.");
}
});
}
}
}

Expand Down Expand Up @@ -314,5 +322,49 @@ public async Task<UserAssignedIdentityResource> CreateFederatedIdentityCredentia

return selectedIdentity;
}

public async Task DeleteFederatedIdentityCredential(V1Namespace ns)
{
Logger.Information($"Waiting for federated credential write semaphore");
await FederatedCredentialWriteSemaphore.WaitAsync();

var credentialName = CreateFederatedIdentityCredentialName(ns);
var workloadApp = "";

WorkloadAppCache.Remove(credentialName);

foreach (var app in WorkloadAppPool)
{
var resourceId = UserAssignedIdentityResource.CreateResourceIdentifier(SubscriptionId, ClusterGroup, app);
var userAssignedIdentity = ArmClient.GetUserAssignedIdentityResource(resourceId);
var fedCreds = userAssignedIdentity.GetFederatedIdentityCredentials();
await foreach (var item in fedCreds.GetAllAsync())
{
if (item.Data.Name == credentialName)
{
workloadApp = app;
break;
}
}
if (!String.IsNullOrEmpty(workloadApp))
{
break;
}
}

if (string.IsNullOrEmpty(workloadApp))
{
Logger.Warning($"Federated identity credential '{credentialName}' not found in workload app pool. Skipping delete.");
return;
}

var federatedIdentityCredentialResourceId = FederatedIdentityCredentialResource.CreateResourceIdentifier(
SubscriptionId, ClusterGroup, workloadApp, credentialName);
var federatedIdentityCredential = ArmClient.GetFederatedIdentityCredentialResource(federatedIdentityCredentialResourceId);

Logger.Information($"Deleting federated identity credential '{credentialName}' for managed identity '{workloadApp}'");
var lro = await federatedIdentityCredential.DeleteAsync(Azure.WaitUntil.Completed);
Logger.Information($"Deleted federated identity credential '{credentialName}'");
}
}
}

0 comments on commit ed1b098

Please sign in to comment.