diff --git a/api/common.go b/api/common.go index b87046dc..3ca28de0 100644 --- a/api/common.go +++ b/api/common.go @@ -78,4 +78,5 @@ type SAPBTPResource interface { DeepClone() SAPBTPResource SetReady(metav1.ConditionStatus) GetReady() metav1.ConditionStatus + GetSubaccountID() string } diff --git a/api/v1/servicebinding_types.go b/api/v1/servicebinding_types.go index c73ed477..34267c40 100644 --- a/api/v1/servicebinding_types.go +++ b/api/v1/servicebinding_types.go @@ -188,6 +188,10 @@ func (sb *ServiceBinding) SetReady(ready metav1.ConditionStatus) { sb.Status.Ready = ready } +func (sb *ServiceBinding) GetSubaccountID() string { + return sb.Spec.SubaccountID +} + // +kubebuilder:object:root=true // ServiceBindingList contains a list of ServiceBinding diff --git a/api/v1/serviceinstance_types.go b/api/v1/serviceinstance_types.go index 5bf8dcce..64339e7f 100644 --- a/api/v1/serviceinstance_types.go +++ b/api/v1/serviceinstance_types.go @@ -183,6 +183,10 @@ func (si *ServiceInstance) SetReady(ready metav1.ConditionStatus) { si.Status.Ready = ready } +func (si *ServiceInstance) GetSubaccountID() string { + return si.Spec.SubaccountID +} + // +kubebuilder:object:root=true // ServiceInstanceList contains a list of ServiceInstance diff --git a/api/v1alpha1/servicebinding_types.go b/api/v1alpha1/servicebinding_types.go index b02cfb2a..4290759b 100644 --- a/api/v1alpha1/servicebinding_types.go +++ b/api/v1alpha1/servicebinding_types.go @@ -183,6 +183,10 @@ func (sb *ServiceBinding) SetReady(ready metav1.ConditionStatus) { sb.Status.Ready = ready } +func (sb *ServiceBinding) GetSubaccountID() string { + return sb.Spec.SubaccountID +} + // +kubebuilder:object:root=true // ServiceBindingList contains a list of ServiceBinding diff --git a/api/v1alpha1/serviceinstance_types.go b/api/v1alpha1/serviceinstance_types.go index 66d9dfe2..7c237066 100644 --- a/api/v1alpha1/serviceinstance_types.go +++ b/api/v1alpha1/serviceinstance_types.go @@ -173,6 +173,10 @@ func (in *ServiceInstance) SetReady(ready metav1.ConditionStatus) { in.Status.Ready = ready } +func (si *ServiceInstance) GetSubaccountID() string { + return si.Spec.SubaccountID +} + // +kubebuilder:object:root=true // ServiceInstanceList contains a list of ServiceInstance diff --git a/controllers/base_controller.go b/controllers/base_controller.go index 64af8389..9e4743d2 100644 --- a/controllers/base_controller.go +++ b/controllers/base_controller.go @@ -80,7 +80,7 @@ func (r *BaseReconciler) getSMClient(ctx context.Context, object api.SAPBTPResou } log := GetLogger(ctx) - secret, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorSecretName) + secret, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorSecretName, object.GetSubaccountID()) if err != nil { return nil, err } @@ -96,7 +96,7 @@ func (r *BaseReconciler) getSMClient(ctx context.Context, object api.SAPBTPResou } if len(cfg.ClientSecret) == 0 { - tls, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorTLSSecretName) + tls, err := r.SecretResolver.GetSecretForResource(ctx, object.GetNamespace(), secrets.SAPBTPOperatorTLSSecretName, object.GetSubaccountID()) if client.IgnoreNotFound(err) != nil { return nil, err } diff --git a/internal/secrets/resolver.go b/internal/secrets/resolver.go index 6859c713..893dd723 100644 --- a/internal/secrets/resolver.go +++ b/internal/secrets/resolver.go @@ -27,11 +27,21 @@ type SecretResolver struct { Log logr.Logger } -func (sr *SecretResolver) GetSecretForResource(ctx context.Context, namespace, name string) (*v1.Secret, error) { +func (sr *SecretResolver) GetSecretForResource(ctx context.Context, namespace, name, subaccountID string) (*v1.Secret, error) { var secretForResource *v1.Secret var err error found := false + if subaccountID != "" { + sr.Log.Info(fmt.Sprintf("Searching for secret name %s, for subaccount id %s, in namespace %s", + name, subaccountID, namespace)) + secretForResource, err = sr.getSubaccountSecret(ctx, namespace, name, subaccountID) + if err != nil { + sr.Log.Error(err, "Could not fetch subaccount secret") + return nil, err + } + } + if sr.EnableNamespaceSecrets { sr.Log.Info("Searching for secret in resource namespace", "namespace", namespace, "name", name) secretForResource, err = sr.getSecretFromNamespace(ctx, namespace, name) @@ -85,3 +95,9 @@ func (sr *SecretResolver) getClusterSecret(ctx context.Context, name string) (*v err := sr.Client.Get(ctx, types.NamespacedName{Namespace: sr.ReleaseNamespace, Name: name}, secret) return secret, err } + +func (sr *SecretResolver) getSubaccountSecret(ctx context.Context, namespace, name, saID string) (*v1.Secret, error) { + secret := &v1.Secret{} + err := sr.Client.Get(ctx, types.NamespacedName{Namespace: sr.ReleaseNamespace, Name: fmt.Sprintf("%s-%s-%s", saID, namespace, name)}, secret) + return secret, err +} diff --git a/internal/secrets/resolver_test.go b/internal/secrets/resolver_test.go index c2646a45..7a8bb7dd 100644 --- a/internal/secrets/resolver_test.go +++ b/internal/secrets/resolver_test.go @@ -67,14 +67,14 @@ var _ = Describe("Secrets Resolver", func() { } validateSecretResolved := func() { - resolvedSecret, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName) + resolvedSecret, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName, "") Expect(err).ToNot(HaveOccurred()) Expect(resolvedSecret).ToNot(BeNil()) Expect(string(resolvedSecret.Data["clientid"])).To(Equal(expectedClientID)) } validateSecretNotResolved := func() { - _, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName) + _, err := resolver.GetSecretForResource(ctx, testNamespace, secrets.SAPBTPOperatorSecretName, "") Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("not found")) }