during some more edge cases I found another possible issue, that would make the whole system more resilient against edge cases.
Assuming:
There was a successful deployment happening where the robot account was added to the secret lagoon-internal-registry-secret
The robot account in harbor is NOT deactivated, deleted or expired
Something (a bot, a human) removes the robot account credentials from the secret lagoon-internal-registry-secret (this is the edge case, but it is possible that this happens)
Then during CreateOrRefreshRobot() the code does not actually realize that the robot account is not existing in lagoon-internal-registry-secret and just continues, causing the deployment to fail.
So my suggestion is that we should actually check if the secret lagoon-internal-registry-secret contains a robot account for the current harbor and if not, force recreate the robot account.
during some more edge cases I found another possible issue, that would make the whole system more resilient against edge cases.
Assuming:
lagoon-internal-registry-secretlagoon-internal-registry-secret(this is the edge case, but it is possible that this happens)Then during
CreateOrRefreshRobot()the code does not actually realize that the robot account is not existing inlagoon-internal-registry-secretand just continues, causing the deployment to fail.So my suggestion is that we should actually check if the secret
lagoon-internal-registry-secretcontains a robot account for the current harbor and if not, force recreate the robot account.