opendefensecloud / solution-arsenal / 23583390100

push

github

fixup(#160): fix cleanup after ttl and add tests (#331)

* tests: add tests for FailedJobTTL propagation

Add unit tests to verify FailedJobTTL is properly propagated through
the resource hierarchy:
- Release → RenderTask: verify FailedJobTTL flows from Release spec
  to RenderTask spec
- RenderTask → Job: verify TTLSecondsAfterFinished is set on the Job
  with the specified value or default (3600)

* fix: clean up secrets on failed job after FailedJobTTL expires

Previously, secrets (ConfigSecret, AuthSecret) were only cleaned up on job
success or when the parent Release was deleted. On failure, secrets
persisted indefinitely while only the Job was cleaned up by the Kubernetes
TTL controller.

Now the controller deletes secrets after FailedJobTTL duration when a job
fails, matching the behavior for job cleanup by the Kubernetes TTL
controller.

Changes:
- Add TTL-based secret cleanup logic for failed jobs (rendertask_controller.go)
- Update isJobComplete to handle failed jobs without CompletionTime
- Add requeue logic to wait for TTL expiration before cleanup
- Add test for secret cleanup after FailedJobTTL on failure
- Update FailedJobTTL docstring to reflect actual behavior

* refactor: un-spaghetti ttl cleanup

Using helper functions to make the flow readable again.

42 of 52 new or added lines in 1 file covered. (80.77%)

2201 of 3069 relevant lines covered (71.72%)

20.78 hits per line