Avoid exiting with a failure at startup time if the PKI cleanup fails. (

#597)

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Avoid exiting with a failure at startup time if the PKI cleanup fails.
+
 ## [3.3.0] - 2024-03-26
 
 ### Added

service/controller/cert.go

@@ -154,7 +154,8 @@ func NewCert(config CertConfig) (*Cert, error) {
 
 	err = cleanupPKIBackends(config.Logger, config.K8sClient, vaultPKI)
 	if err != nil {
-		return nil, microerror.Mask(err)
+		// We don't want a cleanup error to prevent the controller from starting.
+		config.Logger.Log("level", "error", "message", "failed to clean up PKI backends", "stack", fmt.Sprintf("%#v", err))
 	}
 
 	return c, nil
@@ -168,6 +169,8 @@ func cleanupPKIBackends(logger micrologger.Logger, k8sClient k8sclient.Interface
 
 	logger.Log("level", "debug", "message", "cleaning up PKI backends")
 
+	var latestError *error
+
 	for k := range mounts {
 		id := key.ClusterIDFromMountPath(k)
 
@@ -188,21 +191,29 @@ func cleanupPKIBackends(logger micrologger.Logger, k8sClient k8sclient.Interface
 				if errors.IsNotFound(err) {
 					// fall through
 				} else if err != nil {
-					return microerror.Mask(err)
+					latestError = &err
+					logger.Log("level", "error", "message", fmt.Sprintf("error deleting certconfigs for Tenant Cluster %#q", id))
+					continue
 				}
 			}
 
 			{
 				err := vaultPKI.DeleteBackend(id)
 				if err != nil {
-					return microerror.Mask(err)
+					latestError = &err
+					logger.Log("level", "error", "message", fmt.Sprintf("error deleting PKI backend for Tenant Cluster %#q", id))
+					continue
 				}
 			}
 
 			logger.Log("level", "debug", "message", fmt.Sprintf("deleted PKI backend for Tenant Cluster %#q", id))
 		}
 	}
 
+	if latestError != nil {
+		return microerror.Mask(*latestError)
+	}
+
 	logger.Log("level", "debug", "message", "cleaned up PKI backends")
 
 	return nil