feat(core): Add secrets provider reload and refactor (#7277)

This PR adds a message for queue mode which triggers an external secrets provider reload inside the workers if the configuration has changed on the main instance. It also refactors some of the message handler code to remove cyclic dependencies, as well as remove unnecessary duplicate redis clients inside services (thanks to no more cyclic deps)
2025-12-18 10:31:15 +00:00 · 2023-09-28 12:57:35 +02:00
parent a80abad3af
commit 53a7502d20
10 changed files with 190 additions and 86 deletions
--- a/packages/cli/src/ExternalSecrets/ExternalSecretsManager.ee.ts
+++ b/packages/cli/src/ExternalSecrets/ExternalSecretsManager.ee.ts
@@ -20,6 +20,7 @@ import {
 import { License } from '@/License';
 import { InternalHooks } from '@/InternalHooks';
 import { ExternalSecretsProviders } from './ExternalSecretsProviders.ee';
+import { OrchestrationService } from '@/services/orchestration.service';

 const logger = getLogger();

@@ -70,6 +71,21 @@ export class ExternalSecretsManager {
 		Object.values(this.initRetryTimeouts).forEach((v) => clearTimeout(v));
 	}

+	async reloadAllProviders(backoff?: number) {
+		logger.debug('Reloading all external secrets providers');
+		const providers = this.getProviderNames();
+		if (!providers) {
+			return;
+		}
+		for (const provider of providers) {
+			await this.reloadProvider(provider, backoff);
+		}
+	}
+
+	async broadcastReloadExternalSecretsProviders() {
+		await Container.get(OrchestrationService).broadcastReloadExternalSecretsProviders();
+	}
+
 	private async getEncryptionKey(): Promise<string> {
 		return UserSettings.getEncryptionKey();
 	}
@@ -274,6 +290,7 @@ export class ExternalSecretsManager {
 		await this.saveAndSetSettings(settings, this.settingsRepo);
 		this.cachedSettings = settings;
 		await this.reloadProvider(provider);
+		await this.broadcastReloadExternalSecretsProviders();

 		void this.trackProviderSave(provider, isNewProvider, userId);
 	}
@@ -293,6 +310,7 @@ export class ExternalSecretsManager {
 		this.cachedSettings = settings;
 		await this.reloadProvider(provider);
 		await this.updateSecrets();
+		await this.broadcastReloadExternalSecretsProviders();
 	}

 	private async trackProviderSave(vaultType: string, isNew: boolean, userId?: string) {
@@ -373,6 +391,7 @@ export class ExternalSecretsManager {
 		}
 		try {
 			await this.providers[provider].update();
+			await this.broadcastReloadExternalSecretsProviders();
 			return true;
 		} catch {
 			return false;