Add secret resolver functionality

SAP · Sep 19, 2023 · 99cea74 · 99cea74
1 parent ae9f992
commit 99cea74
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 5 deletions.
diff --git a/api/common.go b/api/common.go
@@ -78,4 +78,5 @@ type SAPBTPResource interface {
 	DeepClone() SAPBTPResource
 	SetReady(metav1.ConditionStatus)
 	GetReady() metav1.ConditionStatus
+	GetSubaccountID() string
 }
diff --git a/api/v1/servicebinding_types.go b/api/v1/servicebinding_types.go
@@ -188,6 +188,10 @@ func (sb *ServiceBinding) SetReady(ready metav1.ConditionStatus) {
 	sb.Status.Ready = ready
 }
 
+func (sb *ServiceBinding) GetSubaccountID() string {
+	return sb.Spec.SubaccountID
+}
+
 // +kubebuilder:object:root=true
 
 // ServiceBindingList contains a list of ServiceBinding

diff --git a/api/v1/serviceinstance_types.go b/api/v1/serviceinstance_types.go
@@ -183,6 +183,10 @@ func (si *ServiceInstance) SetReady(ready metav1.ConditionStatus) {
 	si.Status.Ready = ready
 }
 
+func (si *ServiceInstance) GetSubaccountID() string {
+	return si.Spec.SubaccountID
+}
+
 // +kubebuilder:object:root=true
 
 // ServiceInstanceList contains a list of ServiceInstance

diff --git a/api/v1alpha1/servicebinding_types.go b/api/v1alpha1/servicebinding_types.go
@@ -183,6 +183,10 @@ func (sb *ServiceBinding) SetReady(ready metav1.ConditionStatus) {
 	sb.Status.Ready = ready
 }
 
+func (sb *ServiceBinding) GetSubaccountID() string {
+	return sb.Spec.SubaccountID
+}
+
 // +kubebuilder:object:root=true
 
 // ServiceBindingList contains a list of ServiceBinding

diff --git a/api/v1alpha1/serviceinstance_types.go b/api/v1alpha1/serviceinstance_types.go
@@ -173,6 +173,10 @@ func (in *ServiceInstance) SetReady(ready metav1.ConditionStatus) {
 	in.Status.Ready = ready
 }
 
+func (si *ServiceInstance) GetSubaccountID() string {
+	return si.Spec.SubaccountID
+}
+
 // +kubebuilder:object:root=true
 
 // ServiceInstanceList contains a list of ServiceInstance

diff --git a/controllers/base_controller.go b/controllers/base_controller.go
@@ -80,7 +80,7 @@ func (r *BaseReconciler) getSMClient(ctx context.Context, object api.SAPBTPResou
 	}
 	log := GetLogger(ctx)
 
-	secret, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorSecretName)
+	secret, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorSecretName, object.GetSubaccountID())
 	if err != nil {
 		return nil, err
 	}
@@ -96,7 +96,7 @@ func (r *BaseReconciler) getSMClient(ctx context.Context, object api.SAPBTPResou
 	}
 
 	if len(cfg.ClientSecret) == 0 {
-		tls, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorTLSSecretName)
+		tls, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorTLSSecretName, object.GetSubaccountID())
 		if client.IgnoreNotFound(err) != nil {
 			return nil, err
 		}

diff --git a/internal/secrets/resolver.go b/internal/secrets/resolver.go
@@ -27,11 +27,21 @@ type SecretResolver struct {
 	Log                    logr.Logger
 }
 
-func (sr *SecretResolver) GetSecretForResource(ctx context.Context, namespace, name string) (*v1.Secret, error) {
+func (sr *SecretResolver) GetSecretForResource(ctx context.Context, namespace, name, subaccountID string) (*v1.Secret, error) {
 	var secretForResource *v1.Secret
 	var err error
 	found := false
 
+	if subaccountID != "" {
+		sr.Log.Info(fmt.Sprintf("Searching for secret name %s, for subaccount id %s, in namespace %s",
+			name, subaccountID, namespace))
+		secretForResource, err = sr.getSubaccountSecret(ctx, namespace, name, subaccountID)
+		if err != nil {
+			sr.Log.Error(err, "Could not fetch subaccount secret")
+			return nil, err
+		}
+	}
+
 	if sr.EnableNamespaceSecrets {
 		sr.Log.Info("Searching for secret in resource namespace", "namespace", namespace, "name", name)
 		secretForResource, err = sr.getSecretFromNamespace(ctx, namespace, name)
@@ -85,3 +95,9 @@ func (sr *SecretResolver) getClusterSecret(ctx context.Context, name string) (*v
 	err := sr.Client.Get(ctx, types.NamespacedName{Namespace: sr.ReleaseNamespace, Name: name}, secret)
 	return secret, err
 }
+
+func (sr *SecretResolver) getSubaccountSecret(ctx context.Context, namespace, name, saID string) (*v1.Secret, error) {
+	secret := &v1.Secret{}
+	err := sr.Client.Get(ctx, types.NamespacedName{Namespace: sr.ReleaseNamespace, Name: fmt.Sprintf("%s-%s-%s", saID, namespace, name)}, secret)
+	return secret, err
+}
diff --git a/internal/secrets/resolver_test.go b/internal/secrets/resolver_test.go
@@ -67,14 +67,14 @@ var _ = Describe("Secrets Resolver", func() {
 	}
 
 	validateSecretResolved := func() {
-		resolvedSecret, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName)
+		resolvedSecret, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName, "")
 		Expect(err).ToNot(HaveOccurred())
 		Expect(resolvedSecret).ToNot(BeNil())
 		Expect(string(resolvedSecret.Data["clientid"])).To(Equal(expectedClientID))
 	}
 
 	validateSecretNotResolved := func() {
-		_, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName)
+		_, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName, "")
 		Expect(err).To(HaveOccurred())
 		Expect(err.Error()).To(ContainSubstring("not found"))
 	}