From 6160f48d6160107dfa81adf30601a8068ff46a19 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 17 Apr 2025 10:20:22 +0200
Subject: [PATCH] Possibly fix secret retrieval (untested)

---
 src/servala/core/models/service.py | 61 +++++++++---------------------
 1 file changed, 17 insertions(+), 44 deletions(-)

diff --git a/src/servala/core/models/service.py b/src/servala/core/models/service.py
index 550a489..2f83d8d 100644
--- a/src/servala/core/models/service.py
+++ b/src/servala/core/models/service.py
@@ -609,61 +609,34 @@ class ServiceInstance(ServalaModelMixin, models.Model):
     @cached_property
     def connection_credentials(self):
         """
-        Get connection credentials via spec.resourceRef.
-        The resource referenced there has the information which secret
-        we want in spec.writeConnectionSecretToRef.name and spec.writeConnectionSecretToRef.namespace.
+        Get connection credentials directly from the resource's writeConnectionSecretToRef
+        after checking that secret conditions are available.
         """
         if not self.kubernetes_object:
             return {}
-        if not (
-            resource_ref := self.kubernetes_object.get("spec", {}).get("resourceRef")
-        ):
+
+        # Check if secrets are available based on conditions
+        secrets_available = any(
+            [
+                condition.get("type") == "Status" and condition.get("status") == "True"
+                for condition in self.status_conditions
+            ]
+        )
+        if not secrets_available:
+            return {}
+
+        if not (secret_ref := self.spec.get("writeConnectionSecretToRef")):
+            return {}
+        if not (secret_name := secret_ref.get("name")):
             return {}
 
         try:
-            group = resource_ref.get("apiVersion", "").split("/")[0]
-            version = resource_ref.get("apiVersion", "").split("/")[1]
-            kind = resource_ref.get("kind")
-            name = resource_ref.get("name")
-            namespace = resource_ref.get("namespace", self.organization.namespace)
-
-            if not all([group, version, kind, name]):
-                return {}
-
-            plural = kind.lower()
-            if not plural.endswith("s"):
-                plural = f"{plural}s"
-
-            api_instance = client.CustomObjectsApi(
-                self.context.control_plane.get_kubernetes_client()
-            )
-
-            referenced_obj = api_instance.get_namespaced_custom_object(
-                group=group,
-                version=version,
-                namespace=namespace,
-                plural=plural,
-                name=name,
-            )
-
-            secret_ref = referenced_obj.get("spec", {}).get(
-                "writeConnectionSecretToRef"
-            )
-            if not secret_ref:
-                return {}
-
-            secret_name = secret_ref.get("name")
-            secret_namespace = secret_ref.get("namespace", namespace)
-
-            if not secret_name:
-                return {}
-
             # Get the secret data
             v1 = kubernetes.client.CoreV1Api(
                 self.context.control_plane.get_kubernetes_client()
             )
             secret = v1.read_namespaced_secret(
-                name=secret_name, namespace=secret_namespace
+                name=secret_name, namespace=secret_ref.get("namespace")
             )
 
             # Secret data is base64 encoded