From a0f1235a255a69384c6aaafad4a0b24ccff4659d Mon Sep 17 00:00:00 2001
From: k8s-infra-cherrypick-robot
 <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com>
Date: Wed, 11 Oct 2023 07:25:02 -0700
Subject: [PATCH] delete barbican secret after the LB deletetion (#2424)

Co-authored-by: kayrus <kay.diam@gmail.com>
---
 pkg/ingress/controller/controller.go | 20 ++++++++++----------
 pkg/util/openstack/keymanager.go     |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/pkg/ingress/controller/controller.go b/pkg/ingress/controller/controller.go
index f212a9a329..97336a7c49 100644
--- a/pkg/ingress/controller/controller.go
+++ b/pkg/ingress/controller/controller.go
@@ -558,16 +558,6 @@ func (c *Controller) deleteIngress(ing *nwv1.Ingress) error {
 	lbName := utils.GetResourceName(ing.Namespace, ing.Name, c.config.ClusterName)
 	logger := log.WithFields(log.Fields{"ingress": key})
 
-	// Delete Barbican secrets
-	if c.osClient.Barbican != nil && ing.Spec.TLS != nil {
-		nameFilter := fmt.Sprintf("kube_ingress_%s_%s_%s", c.config.ClusterName, ing.Namespace, ing.Name)
-		if err := openstackutil.DeleteSecrets(c.osClient.Barbican, nameFilter); err != nil {
-			return fmt.Errorf("failed to remove Barbican secrets: %v", err)
-		}
-
-		logger.Info("Barbican secrets deleted")
-	}
-
 	// If load balancer doesn't exist, assume it's already deleted.
 	loadbalancer, err := openstackutil.GetLoadbalancerByName(c.osClient.Octavia, lbName)
 	if err != nil {
@@ -623,6 +613,16 @@ func (c *Controller) deleteIngress(ing *nwv1.Ingress) error {
 		logger.WithFields(log.Fields{"lbID": loadbalancer.ID}).Info("loadbalancer deleted")
 	}
 
+	// Delete Barbican secrets
+	if c.osClient.Barbican != nil && ing.Spec.TLS != nil {
+		nameFilter := fmt.Sprintf("kube_ingress_%s_%s_%s", c.config.ClusterName, ing.Namespace, ing.Name)
+		if err := openstackutil.DeleteSecrets(c.osClient.Barbican, nameFilter); err != nil {
+			return fmt.Errorf("failed to remove Barbican secrets: %v", err)
+		}
+
+		logger.Info("Barbican secrets deleted")
+	}
+
 	return err
 }
 
diff --git a/pkg/util/openstack/keymanager.go b/pkg/util/openstack/keymanager.go
index ab3ef92810..aba991827c 100644
--- a/pkg/util/openstack/keymanager.go
+++ b/pkg/util/openstack/keymanager.go
@@ -119,7 +119,7 @@ func DeleteSecrets(client *gophercloud.ServiceClient, partName string) error {
 			}
 			mc := metrics.NewMetricContext("secret", "delete")
 			err = secrets.Delete(client, secretID).ExtractErr()
-			if mc.ObserveRequest(err) != nil {
+			if mc.ObserveRequest(err) != nil && !cpoerrors.IsNotFound(err) {
 				return err
 			}
 		}