chore: remove feature flags for secrets deletion (#13227)

keyihuang · keyihuang · commit c787b2f2240c · 2024-07-24T08:29:18.000-07:00
diff --git a/airbyte-commons-server/src/main/java/io/airbyte/commons/server/handlers/DestinationHandler.java b/airbyte-commons-server/src/main/java/io/airbyte/commons/server/handlers/DestinationHandler.java
@@ -40,7 +40,6 @@
 import io.airbyte.config.secrets.JsonSecretsProcessor;
 import io.airbyte.data.helpers.ActorDefinitionVersionUpdater;
 import io.airbyte.data.services.DestinationService;
-import io.airbyte.featureflag.DeleteSecretsWhenTombstoneActors;
 import io.airbyte.featureflag.FeatureFlagClient;
 import io.airbyte.featureflag.Workspace;
 import io.airbyte.persistence.job.factory.OAuthConfigSupplier;
@@ -149,31 +148,14 @@ public void deleteDestination(final DestinationRead destination)
     final ConnectorSpecification spec =
         getSpecForDestinationId(destination.getDestinationDefinitionId(), destination.getWorkspaceId(), destination.getDestinationId());
 
-    if (featureFlagClient.boolVariation(DeleteSecretsWhenTombstoneActors.INSTANCE, new Workspace(destination.getWorkspaceId().toString()))) {
-      try {
-        destinationService.tombstoneDestination(
-            destination.getName(),
-            destination.getWorkspaceId(),
-            destination.getDestinationId(), spec);
-      } catch (final io.airbyte.data.exceptions.ConfigNotFoundException e) {
-        throw new ConfigNotFoundException(e.getType(), e.getConfigId());
-      }
-    } else {
-      final JsonNode fullConfig;
-      try {
-        fullConfig = destinationService.getDestinationConnectionWithSecrets(destination.getDestinationId()).getConfiguration();
-      } catch (final io.airbyte.data.exceptions.ConfigNotFoundException e) {
-        throw new ConfigNotFoundException(e.getType(), e.getConfigId());
-      }
-      // persist
-      persistDestinationConnection(
+    // Delete secrets and config in this destination and mark it tombstoned.
+    try {
+      destinationService.tombstoneDestination(
           destination.getName(),
-          destination.getDestinationDefinitionId(),
           destination.getWorkspaceId(),
-          destination.getDestinationId(),
-          fullConfig,
-          true,
-          spec);
+          destination.getDestinationId(), spec);
+    } catch (final io.airbyte.data.exceptions.ConfigNotFoundException e) {
+      throw new ConfigNotFoundException(e.getType(), e.getConfigId());
     }
   }
 
diff --git a/airbyte-commons-server/src/main/java/io/airbyte/commons/server/handlers/SourceHandler.java b/airbyte-commons-server/src/main/java/io/airbyte/commons/server/handlers/SourceHandler.java
@@ -52,7 +52,6 @@
 import io.airbyte.data.services.SecretPersistenceConfigService;
 import io.airbyte.data.services.SourceService;
 import io.airbyte.data.services.WorkspaceService;
-import io.airbyte.featureflag.DeleteSecretsWhenTombstoneActors;
 import io.airbyte.featureflag.FeatureFlagClient;
 import io.airbyte.featureflag.Organization;
 import io.airbyte.featureflag.UseRuntimeSecretPersistence;
@@ -376,31 +375,14 @@ public void deleteSource(final SourceRead source)
 
     final var spec = getSpecFromSourceId(source.getSourceId());
 
-    if (featureFlagClient.boolVariation(DeleteSecretsWhenTombstoneActors.INSTANCE, new Workspace(source.getWorkspaceId().toString()))) {
-      try {
-        sourceService.tombstoneSource(
-            source.getName(),
-            source.getWorkspaceId(),
-            source.getSourceId(), spec);
-      } catch (final io.airbyte.data.exceptions.ConfigNotFoundException e) {
-        throw new ConfigNotFoundException(e.getType(), e.getConfigId());
-      }
-    } else {
-      final JsonNode fullConfig;
-      try {
-        fullConfig = sourceService.getSourceConnectionWithSecrets(source.getSourceId()).getConfiguration();
-      } catch (final io.airbyte.data.exceptions.ConfigNotFoundException e) {
-        throw new ConfigNotFoundException(e.getType(), e.getConfigId());
-      }
-      // persist
-      persistSourceConnection(
+    // Delete secrets and config in this source and mark it tombstoned.
+    try {
+      sourceService.tombstoneSource(
           source.getName(),
-          source.getSourceDefinitionId(),
           source.getWorkspaceId(),
-          source.getSourceId(),
-          true,
-          fullConfig,
-          spec);
+          source.getSourceId(), spec);
+    } catch (final io.airbyte.data.exceptions.ConfigNotFoundException e) {
+      throw new ConfigNotFoundException(e.getType(), e.getConfigId());
     }
   }
 
diff --git a/airbyte-commons-server/src/test/java/io/airbyte/commons/server/handlers/DestinationHandlerTest.java b/airbyte-commons-server/src/test/java/io/airbyte/commons/server/handlers/DestinationHandlerTest.java
@@ -7,7 +7,6 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -47,7 +46,6 @@
 import io.airbyte.config.secrets.JsonSecretsProcessor;
 import io.airbyte.data.helpers.ActorDefinitionVersionUpdater;
 import io.airbyte.data.services.DestinationService;
-import io.airbyte.featureflag.DeleteSecretsWhenTombstoneActors;
 import io.airbyte.featureflag.TestClient;
 import io.airbyte.featureflag.Workspace;
 import io.airbyte.persistence.job.factory.OAuthConfigSupplier;
@@ -337,57 +335,6 @@ void testListDestinationForWorkspace() throws JsonValidationException, ConfigNot
         .prepareSecretsForOutput(destinationConnection.getConfiguration(), destinationDefinitionSpecificationRead.getConnectionSpecification());
   }
 
-  @Test
-  void testDeleteDestination()
-      throws JsonValidationException, ConfigNotFoundException, IOException, io.airbyte.data.exceptions.ConfigNotFoundException {
-    final JsonNode newConfiguration = destinationConnection.getConfiguration();
-    ((ObjectNode) newConfiguration).put("apiKey", "987-xyz");
-
-    final DestinationConnection expectedSourceConnection = Jsons.clone(destinationConnection).withTombstone(true);
-
-    final DestinationIdRequestBody destinationIdRequestBody = new DestinationIdRequestBody().destinationId(destinationConnection.getDestinationId());
-    final StandardSync standardSync = ConnectionHelpers.generateSyncWithDestinationId(destinationConnection.getDestinationId());
-    standardSync.setBreakingChange(false);
-    final ConnectionRead connectionRead = ConnectionHelpers.generateExpectedConnectionRead(standardSync);
-    final ConnectionReadList connectionReadList = new ConnectionReadList().connections(Collections.singletonList(connectionRead));
-    final WorkspaceIdRequestBody workspaceIdRequestBody = new WorkspaceIdRequestBody().workspaceId(destinationConnection.getWorkspaceId());
-
-    when(configRepository.getDestinationConnection(destinationConnection.getDestinationId()))
-        .thenReturn(destinationConnection)
-        .thenReturn(expectedSourceConnection);
-    when(destinationService.getDestinationConnectionWithSecrets(destinationConnection.getDestinationId()))
-        .thenReturn(destinationConnection)
-        .thenReturn(expectedSourceConnection);
-    when(oAuthConfigSupplier.maskSourceOAuthParameters(destinationDefinitionSpecificationRead.getDestinationDefinitionId(),
-        destinationConnection.getWorkspaceId(),
-        newConfiguration, destinationDefinitionVersion.getSpec())).thenReturn(newConfiguration);
-    when(configRepository.getStandardDestinationDefinition(destinationDefinitionSpecificationRead.getDestinationDefinitionId()))
-        .thenReturn(standardDestinationDefinition);
-    when(actorDefinitionVersionHelper.getDestinationVersion(standardDestinationDefinition, destinationConnection.getWorkspaceId(),
-        destinationConnection.getDestinationId()))
-            .thenReturn(destinationDefinitionVersion);
-    when(configRepository.getDestinationDefinitionFromDestination(destinationConnection.getDestinationId()))
-        .thenReturn(standardDestinationDefinition);
-    when(connectionsHandler.listConnectionsForWorkspace(workspaceIdRequestBody)).thenReturn(connectionReadList);
-    when(
-        secretsProcessor.prepareSecretsForOutput(destinationConnection.getConfiguration(),
-            destinationDefinitionSpecificationRead.getConnectionSpecification()))
-                .thenReturn(destinationConnection.getConfiguration());
-    when(actorDefinitionVersionHelper.getDestinationVersionWithOverrideStatus(standardDestinationDefinition, destinationConnection.getWorkspaceId(),
-        destinationConnection.getDestinationId())).thenReturn(destinationDefinitionVersionWithOverrideStatus);
-    // By default feature flag is false
-    when(featureFlagClient.boolVariation(
-        eq(DeleteSecretsWhenTombstoneActors.INSTANCE),
-        any(Workspace.class))).thenReturn(false);
-
-    destinationHandler.deleteDestination(destinationIdRequestBody);
-
-    verify(destinationService).getDestinationConnectionWithSecrets(any());
-    verify(destinationService).writeDestinationConnectionWithSecrets(any(), any());
-    verify(connectionsHandler).listConnectionsForWorkspace(workspaceIdRequestBody);
-    verify(connectionsHandler).deleteConnection(connectionRead.getConnectionId());
-  }
-
   @Test
   void testDeleteDestinationAndDeleteSecrets()
       throws JsonValidationException, ConfigNotFoundException, IOException, io.airbyte.data.exceptions.ConfigNotFoundException {
@@ -426,14 +373,10 @@ void testDeleteDestinationAndDeleteSecrets()
                 .thenReturn(destinationConnection.getConfiguration());
     when(actorDefinitionVersionHelper.getDestinationVersionWithOverrideStatus(standardDestinationDefinition, destinationConnection.getWorkspaceId(),
         destinationConnection.getDestinationId())).thenReturn(destinationDefinitionVersionWithOverrideStatus);
-    // Turn on feature flag to delete secrets
-    when(featureFlagClient.boolVariation(
-        eq(DeleteSecretsWhenTombstoneActors.INSTANCE),
-        any(Workspace.class))).thenReturn(true);
     destinationHandler.deleteDestination(destinationIdRequestBody);
 
-    // With the flag on, we should not no longer get secrets or write secrets anymore (since we are
-    // deleting the destination).
+    // We should not no longer get secrets or write secrets anymore (since we are deleting the
+    // destination).
     verify(destinationService, times(0)).writeDestinationConnectionWithSecrets(expectedSourceConnection, connectorSpecification);
     verify(destinationService, times(0)).getDestinationConnectionWithSecrets(any());
     verify(destinationService).tombstoneDestination(any(), any(), any(), any());
diff --git a/airbyte-commons-server/src/test/java/io/airbyte/commons/server/handlers/SourceHandlerTest.java b/airbyte-commons-server/src/test/java/io/airbyte/commons/server/handlers/SourceHandlerTest.java
@@ -7,7 +7,6 @@
 import static io.airbyte.protocol.models.CatalogHelpers.createAirbyteStream;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -59,7 +58,6 @@
 import io.airbyte.data.services.SecretPersistenceConfigService;
 import io.airbyte.data.services.SourceService;
 import io.airbyte.data.services.WorkspaceService;
-import io.airbyte.featureflag.DeleteSecretsWhenTombstoneActors;
 import io.airbyte.featureflag.TestClient;
 import io.airbyte.featureflag.Workspace;
 import io.airbyte.persistence.job.factory.OAuthConfigSupplier;
@@ -462,51 +460,6 @@ void testSearchSources() throws JsonValidationException, ConfigNotFoundException
     assertEquals(0, actualSourceReadList.getSources().size());
   }
 
-  @Test
-  void testDeleteSource() throws JsonValidationException, ConfigNotFoundException, IOException, io.airbyte.data.exceptions.ConfigNotFoundException {
-    final JsonNode newConfiguration = sourceConnection.getConfiguration();
-    ((ObjectNode) newConfiguration).put("apiKey", "987-xyz");
-
-    final SourceConnection expectedSourceConnection = Jsons.clone(sourceConnection).withTombstone(true);
-
-    final SourceIdRequestBody sourceIdRequestBody = new SourceIdRequestBody().sourceId(sourceConnection.getSourceId());
-    final StandardSync standardSync = ConnectionHelpers.generateSyncWithSourceId(sourceConnection.getSourceId());
-    final ConnectionRead connectionRead = ConnectionHelpers.generateExpectedConnectionRead(standardSync);
-    final ConnectionReadList connectionReadList = new ConnectionReadList().connections(Collections.singletonList(connectionRead));
-    final WorkspaceIdRequestBody workspaceIdRequestBody = new WorkspaceIdRequestBody().workspaceId(sourceConnection.getWorkspaceId());
-
-    when(configRepository.getSourceConnection(sourceConnection.getSourceId()))
-        .thenReturn(sourceConnection)
-        .thenReturn(expectedSourceConnection);
-    when(sourceService.getSourceConnectionWithSecrets(sourceConnection.getSourceId()))
-        .thenReturn(sourceConnection)
-        .thenReturn(expectedSourceConnection);
-    when(oAuthConfigSupplier.maskSourceOAuthParameters(sourceDefinitionSpecificationRead.getSourceDefinitionId(),
-        sourceConnection.getWorkspaceId(),
-        newConfiguration, sourceDefinitionVersion.getSpec())).thenReturn(newConfiguration);
-    when(configRepository.getStandardSourceDefinition(sourceDefinitionSpecificationRead.getSourceDefinitionId()))
-        .thenReturn(standardSourceDefinition);
-    when(actorDefinitionVersionHelper.getSourceVersion(standardSourceDefinition, sourceConnection.getWorkspaceId(), sourceConnection.getSourceId()))
-        .thenReturn(sourceDefinitionVersion);
-    when(configRepository.getSourceDefinitionFromSource(sourceConnection.getSourceId())).thenReturn(standardSourceDefinition);
-    when(connectionsHandler.listConnectionsForWorkspace(workspaceIdRequestBody)).thenReturn(connectionReadList);
-    when(
-        secretsProcessor.prepareSecretsForOutput(sourceConnection.getConfiguration(), sourceDefinitionSpecificationRead.getConnectionSpecification()))
-            .thenReturn(sourceConnection.getConfiguration());
-    when(actorDefinitionVersionHelper.getSourceVersionWithOverrideStatus(standardSourceDefinition, sourceConnection.getWorkspaceId(),
-        sourceConnection.getSourceId())).thenReturn(sourceDefinitionVersionWithOverrideStatus);
-    // By default feature flag is false
-    when(featureFlagClient.boolVariation(
-        eq(DeleteSecretsWhenTombstoneActors.INSTANCE),
-        any(Workspace.class))).thenReturn(false);
-
-    sourceHandler.deleteSource(sourceIdRequestBody);
-
-    verify(sourceService).writeSourceConnectionWithSecrets(expectedSourceConnection, connectorSpecification);
-    verify(connectionsHandler).listConnectionsForWorkspace(workspaceIdRequestBody);
-    verify(connectionsHandler).deleteConnection(connectionRead.getConnectionId());
-  }
-
   @Test
   void testDeleteSourceAndDeleteSecrets()
       throws JsonValidationException, ConfigNotFoundException, IOException, io.airbyte.data.exceptions.ConfigNotFoundException {
@@ -541,15 +494,10 @@ void testDeleteSourceAndDeleteSecrets()
             .thenReturn(sourceConnection.getConfiguration());
     when(actorDefinitionVersionHelper.getSourceVersionWithOverrideStatus(standardSourceDefinition, sourceConnection.getWorkspaceId(),
         sourceConnection.getSourceId())).thenReturn(sourceDefinitionVersionWithOverrideStatus);
-    // Turn on feature flag to delete secrets
-    when(featureFlagClient.boolVariation(
-        eq(DeleteSecretsWhenTombstoneActors.INSTANCE),
-        any(Workspace.class))).thenReturn(true);
 
     sourceHandler.deleteSource(sourceIdRequestBody);
 
-    // With the flag on, we should not no longer get secrets or write secrets anymore (since we are
-    // deleting the source).
+    // We should not no longer get secrets or write secrets anymore (since we are deleting the source).
     verify(sourceService, times(0)).writeSourceConnectionWithSecrets(expectedSourceConnection, connectorSpecification);
     verify(sourceService, times(0)).getSourceConnectionWithSecrets(any());
     verify(sourceService).tombstoneSource(any(), any(), any(), any());
diff --git a/airbyte-config/config-secrets/src/main/kotlin/secrets/SecretsRepositoryWriter.kt b/airbyte-config/config-secrets/src/main/kotlin/secrets/SecretsRepositoryWriter.kt
@@ -8,9 +8,7 @@ import com.fasterxml.jackson.databind.JsonNode
 import io.airbyte.commons.json.JsonPaths
 import io.airbyte.config.secrets.persistence.RuntimeSecretPersistence
 import io.airbyte.config.secrets.persistence.SecretPersistence
-import io.airbyte.featureflag.DeleteDanglingSecrets
 import io.airbyte.featureflag.FeatureFlagClient
-import io.airbyte.featureflag.Workspace
 import io.airbyte.metrics.lib.MetricAttribute
 import io.airbyte.metrics.lib.MetricClient
 import io.airbyte.metrics.lib.MetricTags
@@ -136,11 +134,9 @@ open class SecretsRepositoryWriter(
         runtimeSecretPersistence?.write(coordinate, payload) ?: secretPersistence.write(coordinate, payload)
         metricClient.count(OssMetricsRegistry.UPDATE_SECRET_DEFAULT_STORE, 1)
       }
-    // Delete old secrets (controlled by a workspace level feature flag).
-    // TODO: remove this flag after testing so that by default we are always cleaning up old secrets
-    if (featureFlagClient.boolVariation(DeleteDanglingSecrets, Workspace(workspaceId))) {
-      deleteFromConfig(oldPartialConfig, spec, runtimeSecretPersistence)
-    }
+    // Delete old secrets.
+    deleteFromConfig(oldPartialConfig, spec, runtimeSecretPersistence)
+
     return updatedSplitConfig.partialConfig
   }
 
diff --git a/airbyte-config/config-secrets/src/test/kotlin/secrets/SecretsRepositoryWriterTest.kt b/airbyte-config/config-secrets/src/test/kotlin/secrets/SecretsRepositoryWriterTest.kt
@@ -223,49 +223,6 @@ internal class SecretsRepositoryWriterTest {
       verify { metricClient.count(OssMetricsRegistry.DELETE_SECRET_DEFAULT_STORE, 1, MetricAttribute(MetricTags.SUCCESS, "true")) }
     }
 
-    @Test
-    fun testUpdateSecretFeatureFlagFalseShouldNotDelete() {
-      val secret = "secret-1"
-      val oldCoordinate = "existing_coordinate_v1"
-      secretPersistence.write(SecretCoordinate.fromFullCoordinate(oldCoordinate), secret)
-
-      every { featureFlagClient.boolVariation(any(), any()) } returns false
-
-      val updatedFullConfigNoSecretChange =
-        Jsons.deserialize(
-          """
-          { "username": "airbyte1", "password": "$secret"}
-          """.trimIndent(),
-        )
-
-      val oldPartialConfig = injectCoordinate(oldCoordinate)
-      val updatedPartialConfig =
-        secretsRepositoryWriter.updateFromConfig(
-          WORKSPACE_ID,
-          oldPartialConfig,
-          updatedFullConfigNoSecretChange,
-          SPEC.connectionSpecification,
-          null,
-        )
-
-      val newCoordinate = "existing_coordinate_v2"
-      val expPartialConfig =
-        Jsons.deserialize(
-          """
-          {"username":"airbyte1","password":{"_secret":"$newCoordinate"}}
-          """.trimIndent(),
-        )
-      assertEquals(expPartialConfig, updatedPartialConfig)
-
-      verify(exactly = 1) { secretPersistence.write(SecretCoordinate.fromFullCoordinate(newCoordinate), secret) }
-      assertEquals(secret, secretPersistence.read(SecretCoordinate.fromFullCoordinate(newCoordinate)))
-      verify { metricClient.count(OssMetricsRegistry.UPDATE_SECRET_DEFAULT_STORE, 1) }
-
-      verify(exactly = 0) { secretPersistence.delete(SecretCoordinate.fromFullCoordinate(oldCoordinate)) }
-      assertEquals(secret, secretPersistence.read(SecretCoordinate.fromFullCoordinate(oldCoordinate)))
-      verify(exactly = 0) { metricClient.count(OssMetricsRegistry.DELETE_SECRET_DEFAULT_STORE, 1) }
-    }
-
     @Test
     fun testUpdateSecretDeleteErrorShouldNotPropagate() {
       secretPersistence = mockk()
diff --git a/airbyte-featureflag/src/main/kotlin/FlagDefinitions.kt b/airbyte-featureflag/src/main/kotlin/FlagDefinitions.kt
@@ -176,10 +176,6 @@ object UseCustomK8sInitCheck : Temporary<Boolean>(key = "platform.use-custom-k8s
 
 object ConnectionFieldLimitOverride : Permanent<Int>(key = "connection-field-limit-override", default = -1)
 
-object DeleteDanglingSecrets : Temporary<Boolean>(key = "platform.delete-dangling-secrets", default = false)
-
-object DeleteSecretsWhenTombstoneActors : Temporary<Boolean>(key = "platform.delete-secrets-when-tombstone-actors", default = false)
-
 object EnableResumableFullRefresh : Temporary<Boolean>(key = "platform.enable-resumable-full-refresh", default = false)
 
 object AlwaysRunCheckBeforeSync : Permanent<Boolean>(key = "platform.always-run-check-before-sync", default = false)
