improve secret resolver

SAP · Jan 1, 2024 · 32b0268 · 32b0268
1 parent f33b73a
commit 32b0268
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 14 deletions.
diff --git a/controllers/base_controller.go b/controllers/base_controller.go
@@ -75,14 +75,19 @@ func GetLogger(ctx context.Context) logr.Logger {
 	return ctx.Value(LogKey{}).(logr.Logger)
 }
 
-func (r *BaseReconciler) getSMClient(ctx context.Context, object api.SAPBTPResource, subaccountID string) (sm.Client, error) {
+func (r *BaseReconciler) getSMClient(ctx context.Context, object api.SAPBTPResource, btpAccessSecretName string) (sm.Client, error) {
 	if r.SMClient != nil {
 		return r.SMClient(), nil
 	}
 	log := GetLogger(ctx)
 
-	secret, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorSecretName, subaccountID)
-	if err != nil {
+	var secret *v1.Secret
+	var err error
+	if len(btpAccessSecretName) > 0 {
+		if secret, err = r.SecretResolver.GetSecretFromManagementNamespace(ctx, btpAccessSecretName); err != nil {
+			return nil, err
+		}
+	} else if secret, err = r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorSecretName); err != nil {
 		return nil, err
 	}
 
@@ -101,7 +106,11 @@ func (r *BaseReconciler) getSMClient(ctx context.Context, object api.SAPBTPResou
 	}
 
 	if len(clientConfig.ClientSecret) == 0 {
-		tlsSecret, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorTLSSecretName, subaccountID)
+		if len(btpAccessSecretName) > 0 {
+			log.Info("btpAccessSecret does not contain clientsecret")
+			return nil, fmt.Errorf("invalid Service-Manager credentials, contact your cluster administrator")
+		}
+		tlsSecret, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorTLSSecretName)
 		if client.IgnoreNotFound(err) != nil {
 			return nil, err
 		}

diff --git a/internal/secrets/resolver.go b/internal/secrets/resolver.go
@@ -26,19 +26,21 @@ type SecretResolver struct {
 	Log                    logr.Logger
 }
 
-func (sr *SecretResolver) GetSecretForResource(ctx context.Context, namespace, name, btpAccessSecret string) (*v1.Secret, error) {
+func (sr *SecretResolver) GetSecretFromManagementNamespace(ctx context.Context, name string) (*v1.Secret, error) {
 	secretForResource := &v1.Secret{}
 
-	if len(btpAccessSecret) > 0 {
-		sr.Log.Info(fmt.Sprintf("Searching for secret name %s in namespace %s",
-			btpAccessSecret, sr.ManagementNamespace))
-		err := sr.Client.Get(ctx, types.NamespacedName{Name: btpAccessSecret, Namespace: sr.ManagementNamespace}, secretForResource)
-		if err != nil {
-			sr.Log.Error(err, fmt.Sprintf("Could not fetch secret named %s", btpAccessSecret))
-			return nil, err
-		}
-		return secretForResource, nil
+	sr.Log.Info(fmt.Sprintf("Searching for secret name %s in namespace %s",
+		name, sr.ManagementNamespace))
+	err := sr.Client.Get(ctx, types.NamespacedName{Name: name, Namespace: sr.ManagementNamespace}, secretForResource)
+	if err != nil {
+		sr.Log.Error(err, fmt.Sprintf("Could not fetch secret named %s", name))
+		return nil, err
 	}
+	return secretForResource, nil
+}
+
+func (sr *SecretResolver) GetSecretForResource(ctx context.Context, namespace, name string) (*v1.Secret, error) {
+	secretForResource := &v1.Secret{}
 
 	// search namespace secret
 	if sr.EnableNamespaceSecrets {