func pruneSecrets()

in fleet-argocd-plugin/fleetclient/fleetclient.go [292:319]


func pruneSecrets(ctx context.Context, clientset *kubernetes.Clientset, clusterSecrets map[string]string) error {
	secretsClient := clientset.CoreV1().Secrets("argocd")
	listOptions := metav1.ListOptions{
		LabelSelector: "argocd.argoproj.io/secret-type=cluster",
	}

	existingSecrets, err := secretsClient.List(ctx, listOptions)
	if err != nil {
		return fmt.Errorf("failed to list secrets: %w", err)
	}

	for _, secret := range existingSecrets.Items {
		// Skip secrets that are not managed by the fleet plugin.
		if secret.Annotations["fleet.gke.io/managed-by-fleet-plugin"] != "true" {
			continue
		}
		if _, exists := clusterSecrets[secret.Name]; !exists {
			// Secret no longer corresponds to a membership, delete it.
			err := secretsClient.Delete(ctx, secret.Name, metav1.DeleteOptions{})
			if err != nil {
				return fmt.Errorf("failed to delete secret: %w", err)
			}
		}
	}

	fmt.Println("Successfully pruned Secrets.")
	return nil
}