Fix namespace deletion handling and add linked secret auto-sync

[Copilot]

Namespace deletions were not tracked by the operator, and updates to secrets referenced via valueFrom did not trigger re-sync. This consolidates fixes from PR #159 and extends them with the auto-sync feature from PR #176.

handlers.py

• namespace_watcher: adds @kopf.on.delete decorator and reason parameter; handles both create (sync secret into new namespace) and delete (prune namespace from syncedns status and in-memory cache) events. Status is only patched when the namespace list actually changes.
• on_field_data: removes duplicated inline sync logic and the unused meta parameter — delegates directly to sync_secret.
• on_secret_update (new): watches all Secret updates and re-syncs any ClusterSecret whose data.valueFrom.secretKeyRef points to the changed secret:

@kopf.on.update('', 'v1', 'secrets')
async def on_secret_update(logger, name, namespace, **_):
    for cached_cluster_secret in csecs_cache.all_cluster_secret():
        body = cached_cluster_secret.body
        if 'valueFrom' not in body.get('data', {}):
            continue
        secret_key_ref = body.get('data', {}).get('valueFrom', {}).get('secretKeyRef', {})
        if name == secret_key_ref.get('name') and namespace == secret_key_ref.get('namespace'):
            for ns in cached_cluster_secret.synced_namespace:
                sync_secret(logger, ns, body, v1)

kubernetes_utils.py

• sync_secret: checks namespace existence upfront — returns early on 404, re-raises on other errors (handles race conditions at deletion time).
• Fixes rest.ApiException → exceptions.ApiException in delete_secret, sync_secret, and get_custom_objects_by_kind.
• Simplifies managed-secret annotations check: merges if/elif into a single condition.

Tests

• Removes test_on_field_data_ns_deleted — behaviour now covered by namespace_watcher.
• Adds reason="create" to test_ns_create call to match updated signature.
• Adds test_ns_delete verifying deleted namespaces are pruned from both status and cache.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.