[release-1.13] Remove sinkbindings OIDC token secret when not needed …

…and fix status setting (#7839) * Remove Sinkbindings OIDC token secret, when not needed * Set Sinkbindings OIDCTokenSecretName in its status correctly --------- Co-authored-by: Christoph Stäbler <cstabler@redhat.com>
knative · Apr 10, 2024 · 4745cd5 · 4745cd5
1 parent d045c98
commit 4745cd5
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pkg/reconciler/sinkbinding/sinkbinding.go b/pkg/reconciler/sinkbinding/sinkbinding.go
@@ -114,6 +114,10 @@ func (s *SinkBindingSubResourcesReconciler) Reconcile(ctx context.Context, b psb
 			// sink has no audience set -> don't create token secret
 			sb.Status.MarkOIDCIdentityCreatedSucceededWithReason("Sink has no audience defined", "")
 			sb.Status.MarkOIDCTokenSecretCreatedSuccceededWithReason("Sink has no audience defined", "")
+
+			if err := s.removeOIDCTokenSecretEventually(ctx, sb); err != nil {
+				return err
+			}
 			sb.Status.OIDCTokenSecretName = nil
 		}
 	} else {
@@ -164,6 +168,8 @@ func (s *SinkBindingSubResourcesReconciler) reconcileOIDCTokenSecret(ctx context
 		logger.Debugf("OIDC token secret for %s/%s sinkbinding still valid for > %s (expires %s). Will not update secret", sb.Name, sb.Namespace, resyncAndBufferDuration, expiry)
 		// token is still valid for resync period + buffer --> we're fine
 
+		sb.Status.OIDCTokenSecretName = &secretName
+
 		return nil
 	}