update handleDeletion to remove vault dynamic secrets from hvsapp

controllers/hcpvaultsecretsapp_controller.go

@@ -470,10 +470,20 @@ func (r *HCPVaultSecretsAppReconciler) handleDeletion(ctx context.Context, o *se
 	objKey := client.ObjectKeyFromObject(o)
 	r.referenceCache.Remove(SecretTransformation, objKey)
 	r.BackOffRegistry.Delete(objKey)
-	shadowObjKey := makeShadowObjKey(o)
-	if err := helpers.DeleteSecret(ctx, r.Client, shadowObjKey); err != nil {
-		logger.Error(err, "Failed to delete shadow secret", "shadow secret", shadowObjKey)
-	}
+	// retrieve all shadow secrets that belong to the HCPVaultSecretsApp, remove their finalizers, and delete them
+	secrets := secretsv1beta1.VaultDynamicSecretList{}
+	if err := r.List(ctx, &secrets,
+		client.InNamespace(common.OperatorNamespace),
+		client.MatchingLabels{helpers.LabelOwnerRefUID: string(o.GetUID())}); err != nil {
+		return fmt.Errorf("failed to list secrets in namespace %s: %w", o.GetNamespace(), err)
+	}
+	removeFinalizers(ctx, r.Client, logger, &secrets)
+	if err := r.DeleteAllOf(ctx, &secretsv1beta1.VaultDynamicSecret{},
+		client.InNamespace(common.OperatorNamespace),
+		client.MatchingLabels{helpers.LabelOwnerRefUID: string(o.GetUID())}); err != nil {
+		return fmt.Errorf("failed to delete secrets in namespace %s: %w", o.GetNamespace(), err)
+	}
+	// then remove the finalizer from the HCPVaultSecretsApp and delete it
 	if controllerutil.ContainsFinalizer(o, hcpVaultSecretsAppFinalizer) {
 		logger.Info("Removing finalizer")
 		if controllerutil.RemoveFinalizer(o, hcpVaultSecretsAppFinalizer) {
@@ -484,6 +494,9 @@ func (r *HCPVaultSecretsAppReconciler) handleDeletion(ctx context.Context, o *se
 			logger.Info("Successfully removed the finalizer")
 		}
 	}
+	if err := r.Delete(ctx, o); err != nil {
+		return fmt.Errorf("failed to delete HCPVaultSecretsApp %s: %w", o.Spec.AppName, err)
+	}
 	return nil
 }