Secrets: garbage collection (#110247)

* clean up older secret versions * start gargbage collection worker as background service * make gen-go * fix typo * make update-workspace * undo go mod changes * undo go work sum changes * Update pkg/registry/apis/secret/garbagecollectionworker/worker.go Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> * Update pkg/registry/apis/secret/garbagecollectionworker/worker.go Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> * default gc_worker_batch_size to 1 minute * fix typo * fix typo * add test to ensure cleaning up secure values is idempotent * make gen-go * make update-workspace * undo go.mod and .sum changes * undo enterprise imports --------- Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
2025-09-02 11:11:01 -03:00
parent d5eb3e291a
commit f8cd7049e8
30 changed files with 1069 additions and 35 deletions
@@ -0,0 +1,7 @@
+DELETE FROM 
+  `secret_secure_value`
+WHERE 
+  `namespace` = 'ns' AND
+  `name` = 'name' AND
+  `version` = 1
+;
@@ -0,0 +1,14 @@
+UPDATE
+  `secret_secure_value`
+SET
+  `lease_token` = 'token',
+  `lease_created` = 10
+WHERE 
+  `guid` IN (SELECT `guid` 
+                          FROM `secret_secure_value` 
+                          WHERE 
+                            `active` = FALSE AND
+                            10 - `created` > 300 AND
+                            10 - `lease_created` > 30
+                          LIMIT 10)
+;
@@ -0,0 +1,26 @@
+SELECT
+  `guid`,
+  `name`,
+  `namespace`,
+  `annotations`,
+  `labels`,
+  `created`,
+  `created_by`,
+  `updated`,
+  `updated_by`,
+  `description`,
+  `keeper`,
+  `decrypters`,
+  `ref`,
+  `external_id`,
+  `version`,
+  `active`,
+  `owner_reference_api_group`,
+  `owner_reference_api_version`,
+  `owner_reference_kind`,
+  `owner_reference_name`
+FROM
+  `secret_secure_value`
+WHERE 
+  `lease_token` = 'token'
+;
@@ -0,0 +1,7 @@
+DELETE FROM 
+  "secret_secure_value"
+WHERE 
+  "namespace" = 'ns' AND
+  "name" = 'name' AND
+  "version" = 1
+;
@@ -0,0 +1,14 @@
+UPDATE
+  "secret_secure_value"
+SET
+  "lease_token" = 'token',
+  "lease_created" = 10
+WHERE 
+  "guid" IN (SELECT "guid" 
+                          FROM "secret_secure_value" 
+                          WHERE 
+                            "active" = FALSE AND
+                            10 - "created" > 300 AND
+                            10 - "lease_created" > 30
+                          LIMIT 10)
+;
@@ -0,0 +1,26 @@
+SELECT
+  "guid",
+  "name",
+  "namespace",
+  "annotations",
+  "labels",
+  "created",
+  "created_by",
+  "updated",
+  "updated_by",
+  "description",
+  "keeper",
+  "decrypters",
+  "ref",
+  "external_id",
+  "version",
+  "active",
+  "owner_reference_api_group",
+  "owner_reference_api_version",
+  "owner_reference_kind",
+  "owner_reference_name"
+FROM
+  "secret_secure_value"
+WHERE 
+  "lease_token" = 'token'
+;
@@ -0,0 +1,7 @@
+DELETE FROM 
+  "secret_secure_value"
+WHERE 
+  "namespace" = 'ns' AND
+  "name" = 'name' AND
+  "version" = 1
+;
@@ -0,0 +1,14 @@
+UPDATE
+  "secret_secure_value"
+SET
+  "lease_token" = 'token',
+  "lease_created" = 10
+WHERE 
+  "guid" IN (SELECT "guid" 
+                          FROM "secret_secure_value" 
+                          WHERE 
+                            "active" = FALSE AND
+                            10 - "created" > 300 AND
+                            10 - "lease_created" > 30
+                          LIMIT 10)
+;
@@ -0,0 +1,26 @@
+SELECT
+  "guid",
+  "name",
+  "namespace",
+  "annotations",
+  "labels",
+  "created",
+  "created_by",
+  "updated",
+  "updated_by",
+  "description",
+  "keeper",
+  "decrypters",
+  "ref",
+  "external_id",
+  "version",
+  "active",
+  "owner_reference_api_group",
+  "owner_reference_api_version",
+  "owner_reference_kind",
+  "owner_reference_name"
+FROM
+  "secret_secure_value"
+WHERE 
+  "lease_token" = 'token'
+;