helm/charts/goquorum-node/templates/node-hooks-pre-delete.yaml


---
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ include "goquorum-node.fullname" . }}-pre-delete-hook
  namespace: {{ .Release.Namespace }}
  annotations:
    helm.sh/hook: pre-delete
    helm.sh/hook-weight: "0"
    helm.sh/hook-delete-policy: "hook-succeeded"
  labels:
{{- if and (eq .Values.cluster.provider "azure") (.Values.cluster.cloudNativeServices) }}
    azure.workload.identity/use: "true"
{{- end }}
    app.kubernetes.io/name: pre-delete-hook
    app.kubernetes.io/component: job
    app.kubernetes.io/part-of: {{ include "goquorum-node.fullname" . }}
    app.kubernetes.io/namespace: {{ .Release.Namespace }}
    app.kubernetes.io/release: {{ .Release.Name }}
    app.kubernetes.io/managed-by: helm
spec:
  backoffLimit: 3
  completions: 1
  template:
    metadata:
      labels:
{{- if and (eq .Values.cluster.provider "azure") (.Values.cluster.cloudNativeServices) }}
        azure.workload.identity/use: "true"
{{- end}}      
        app.kubernetes.io/name: pre-delete-hook
        app.kubernetes.io/release: {{ .Release.Name }}
    spec:
{{- if and (eq .Values.cluster.provider "azure") (.Values.cluster.cloudNativeServices) }}
      serviceAccountName: {{ .Values.azure.serviceAccountName }}
{{- else if and (eq .Values.cluster.provider "aws") (.Values.cluster.cloudNativeServices) }}
      serviceAccountName: {{ .Values.aws.serviceAccountName }}
{{- else }}
      serviceAccountName: {{ include "goquorum-node.fullname" . }}-hooks-sa
{{- end }}    
      restartPolicy: "OnFailure"
      containers:
        - name: {{ template "goquorum-node.fullname" . }}-node-pre-delete-hook
          image: "{{ .Values.image.hooks.repository }}:{{ .Values.image.hooks.tag }}"
          imagePullPolicy: {{ .Values.image.hooks.pullPolicy }}
          command:
            - /bin/bash
            - -c
          args:
            - |

              echo "{{ template "goquorum-node.fullname" . }} Pre Delete hook ..."

{{- if and (eq .Values.cluster.provider "azure") (.Values.cluster.cloudNativeServices) }}

              function deleteSecret {
                key=$1
                fpath=$2
                az keyvault secret show --vault-name {{ .Values.azure.keyvaultName }} --name $key > /dev/null 2>&1
                if [ $? -eq 0 ]; then
                  az keyvault secret delete --vault-name {{ .Values.azure.keyvaultName }} --name $key
                fi
              }

              az login --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)" --service-principal -u $AZURE_CLIENT_ID -t $AZURE_TENANT_ID
              az account set --subscription {{ .Values.azure.subscriptionId }}

{{- else if and (eq .Values.cluster.provider "aws") (.Values.cluster.cloudNativeServices) }}

              function deleteSecret {
                key=$1
                aws secretsmanager describe-secret --secret-id $key > /dev/null 2>&1
                if [ $? -eq 0 ]; then
                  aws secretsmanager delete-secret --secret-id $key --recovery-window-in-days 7
                fi
              }

{{- else }}
              # provider: local
              function deleteSecret {
                key=$1
                kubectl delete secret ${key} --namespace {{ .Release.Namespace }} 
              }

{{- end }}

              function delete_node_from_tessera_peers_configmap {
                kubectl -n {{ .Release.Namespace }} get configmap tessera-peers -o json
                # if there is no configmap, do nothing
                if [ $? -ne 0 ]; then
                  echo "No tessera-peers found, nothing to do..."
                # delete the one 
                else
                  echo "tessera-peers found, deleting {{ template "goquorum-node.fullname" . }}..."
                  echo $(kubectl -n {{ .Release.Namespace }} get configmap tessera-peers -o jsonpath='{.data.tesseraPeers}' ) > /tmp/tessera-peers.raw
                  cat /tmp/tessera-peers.raw | jq --arg NEEDLE "{{ template "goquorum-node.fullname" . }}" 'del(.[] | select( .url | contains($NEEDLE) ))' > /tmp/tessera-peers
                  kubectl -n {{ .Release.Namespace }} create configmap tessera-peers --from-file=tesseraPeers=/tmp/tessera-peers -o yaml --dry-run=client | kubectl replace -f -
                fi
              }

              function delete_node_from_quorum_peers_configmap {
                kubectl -n {{ .Release.Namespace }}  get configmap goquorum-peers -o json
                # if there is no configmap, do nothing
                if [ $? -ne 0 ]; then
                  echo "No peers found, nothing to do..."
                # delete the one 
                else    
                  echo "goquorum-peers found, deleting {{ template "goquorum-node.fullname" . }}..."
                  echo $(kubectl -n {{ .Release.Namespace }} get configmap goquorum-peers -o jsonpath='{.data.static-nodes\.json}' ) > /tmp/static-nodes.json.raw
                  cat /tmp/static-nodes.json.raw | jq --arg NEEDLE "{{ template "goquorum-node.fullname" . }}" 'del(.[] | select( . | contains($NEEDLE) ))' > /tmp/static-nodes.json
                  kubectl -n {{ .Release.Namespace }} create configmap goquorum-peers --from-file=static-nodes.json=/tmp/static-nodes.json -o yaml --dry-run=client | kubectl replace -f -
                 
                  echo "Deleting node address configmap... "
                  kubectl delete configmap {{ template "goquorum-node.fullname" . }}-address --namespace {{ .Release.Namespace }}
                fi
              }

              delete_node_from_quorum_peers_configmap
              delete_node_from_tessera_peers_configmap


{{- if .Values.quorumFlags.removeKeysOnDelete }}

{{- if and (ne .Values.cluster.provider "local") (.Values.cluster.cloudNativeServices) }}
                  
              deleteSecret {{ template "goquorum-node.fullname" . }}-nodekey
              deleteSecret {{ template "goquorum-node.fullname" . }}-nodekeypub
              deleteSecret {{ template "goquorum-node.fullname" . }}-enode
              deleteSecret {{ template "goquorum-node.fullname" . }}-address
              deleteSecret {{ template "goquorum-node.fullname" . }}-accountPrivateKey
              deleteSecret {{ template "goquorum-node.fullname" . }}-accountPassword
              deleteSecret {{ template "goquorum-node.fullname" . }}-accountKeystore
              deleteSecret {{ template "goquorum-node.fullname" . }}-accountAddress
{{- if .Values.quorumFlags.privacy }}
              deleteSecret {{ template "goquorum-node.fullname" . }}-tmkey
              deleteSecret {{ template "goquorum-node.fullname" . }}-tmkeypub
              deleteSecret {{ template "goquorum-node.fullname" . }}-tmpassword
{{- end }}

{{- else }}
              # provider: local 
              deleteSecret {{ template "goquorum-node.fullname" . }}-keys
{{- if .Values.quorumFlags.privacy }}
              deleteSecret {{ template "goquorum-node.fullname" . }}-tessera-keys
{{- end }}

{{- end }}

{{- end }}   
              #.Values.quorumFlags.removeKeysOnDelete

              echo "Completed"