Bug 1853253: remove expired TLS secret for Thanos Ruler

Signed-off-by: Simon Pasquier <spasquie@redhat.com>

pkg/tasks/thanos_ruler_user_workload.go

@@ -192,7 +192,7 @@ func (t *ThanosRulerUserWorkloadTask) create() error {
 
 		err = t.client.DeleteHashedSecret(
 			grpcSecret.GetNamespace(),
-			"thanos-ruler-user-workload-grpc-tls",
+			"thanos-ruler-grpc-tls",
 			string(grpcSecret.Labels["monitoring.openshift.io/hash"]),
 		)
 		if err != nil {

test/e2e/user_workload_monitoring_test.go

@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"strings"
 	"testing"
 	"time"
 
@@ -783,17 +784,41 @@ func assertPrometheusAlertmanagerInUserNamespace(t *testing.T) {
 }
 
 func assertGRPCTLSRotation(t *testing.T) {
+	countGRPCSecrets := func(ns string) int {
+		t.Helper()
+		var result int
+		err := framework.Poll(5*time.Second, time.Minute, func() error {
+			s, err := f.KubeClient.CoreV1().Secrets(ns).List(context.TODO(), metav1.ListOptions{LabelSelector: "monitoring.openshift.io/hash"})
+			if err != nil {
+				return err
+			}
+
+			for _, s := range s.Items {
+				if strings.Contains(s.Name, "grpc-tls") {
+					result++
+				}
+			}
+
+			return nil
+		})
+		if err != nil {
+			t.Fatal(err)
+		}
+		return result
+	}
+
 	s, err := f.OperatorClient.WaitForSecret(&v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "grpc-tls",
 			Namespace: f.Ns,
 		},
 	})
-
 	if err != nil {
 		t.Fatalf("error waiting for grpc-tls secret: %v", err)
 	}
 
+	expected := countGRPCSecrets(f.Ns) + countGRPCSecrets(f.UserWorkloadMonitoringNs)
+
 	if s.Annotations == nil {
 		s.Annotations = make(map[string]string)
 	}
@@ -819,6 +844,11 @@ func assertGRPCTLSRotation(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	got := countGRPCSecrets(f.Ns) + countGRPCSecrets(f.UserWorkloadMonitoringNs)
+	if expected != got {
+		t.Fatalf("expecting %d gRPC secrets, got %d", expected, got)
+	}
 }
 
 func assertDeletedUserWorkloadAssets(cm *v1.ConfigMap) func(*testing.T) {