portainer/api/http/handler/registries/registry_delete.go

package registries

import (
	"fmt"
	"net/http"

	portainer "github.com/portainer/portainer/api"
	httperrors "github.com/portainer/portainer/api/http/errors"
	"github.com/portainer/portainer/api/http/security"
	"github.com/portainer/portainer/api/pendingactions"
	httperror "github.com/portainer/portainer/pkg/libhttp/error"
	"github.com/portainer/portainer/pkg/libhttp/request"
	"github.com/portainer/portainer/pkg/libhttp/response"

	"github.com/rs/zerolog/log"
)

// @id RegistryDelete
// @summary Remove a registry
// @description Remove a registry
// @description **Access policy**: restricted
// @tags registries
// @security ApiKeyAuth
// @security jwt
// @param id path int true "Registry identifier"
// @success 204 "Success"
// @failure 400 "Invalid request"
// @failure 404 "Registry not found"
// @failure 500 "Server error"
// @router /registries/{id} [delete]
func (handler *Handler) registryDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
	securityContext, err := security.RetrieveRestrictedRequestContext(r)
	if err != nil {
		return httperror.InternalServerError("Unable to retrieve info from request context", err)
	}
	if !securityContext.IsAdmin {
		return httperror.Forbidden("Permission denied to delete registry", httperrors.ErrResourceAccessDenied)
	}

	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
	if err != nil {
		return httperror.BadRequest("Invalid registry identifier route variable", err)
	}

	registry, err := handler.DataStore.Registry().Read(portainer.RegistryID(registryID))
	if err != nil {
		return httperror.InternalServerError(fmt.Sprintf("Unable to load registry %q from the database", registry.Name), err)
	}

	err = handler.DataStore.Registry().Delete(portainer.RegistryID(registryID))
	if err != nil {
		return httperror.InternalServerError("Unable to remove the registry from the database", err)
	}

	err = handler.deleteKubernetesSecrets(registry)
	if err != nil {
		return httperror.InternalServerError("Unable to delete registry secrets", err)
	}

	return response.Empty(w)
}

func (handler *Handler) deleteKubernetesSecrets(registry *portainer.Registry) error {

	for endpointId, access := range registry.RegistryAccesses {
		if access.Namespaces != nil {
			// Obtain a kubeclient for the endpoint
			endpoint, err := handler.DataStore.Endpoint().Endpoint(endpointId)
			if err != nil {
				// Skip environments that can't be loaded from the DB
				log.Warn().Err(err).Msgf("Unable to load the environment with id %d from the database", endpointId)
				continue
			}

			cli, err := handler.K8sClientFactory.GetKubeClient(endpoint)
			if err != nil {
				// Skip environments that can't get a kubeclient from
				log.Warn().Err(err).Msgf("Unable to get kubernetes client for environment %d", endpointId)
				continue
			}

			failedNamespaces := make([]string, 0)
			for _, ns := range access.Namespaces {
				err = cli.DeleteRegistrySecret(registry.ID, ns)
				if err != nil {
					failedNamespaces = append(failedNamespaces, ns)
					log.Warn().Err(err).Msgf("Unable to delete registry secret %q from namespace %q for environment %d. Retrying offline", cli.RegistrySecretName(registry.ID), ns, endpointId)
				}
			}

			if len(failedNamespaces) > 0 {
				handler.PendingActionsService.Create(portainer.PendingActions{
					EndpointID: endpointId,
					Action:     pendingactions.DeletePortainerK8sRegistrySecrets,

					// When extracting the data, this is the type we need to pull out
					// i.e. pendingactions.DeletePortainerK8sRegistrySecretsData
					ActionData: pendingactions.DeletePortainerK8sRegistrySecretsData{
						RegistryID: registry.ID,
						Namespaces: failedNamespaces,
					},
				})
			}
		}
	}

	return nil
}