Possibly fix secret retrieval (untested)
This commit is contained in:
parent
c8eaa99d38
commit
6160f48d61
1 changed files with 17 additions and 44 deletions
|
|
@ -609,61 +609,34 @@ class ServiceInstance(ServalaModelMixin, models.Model):
|
||||||
@cached_property
|
@cached_property
|
||||||
def connection_credentials(self):
|
def connection_credentials(self):
|
||||||
"""
|
"""
|
||||||
Get connection credentials via spec.resourceRef.
|
Get connection credentials directly from the resource's writeConnectionSecretToRef
|
||||||
The resource referenced there has the information which secret
|
after checking that secret conditions are available.
|
||||||
we want in spec.writeConnectionSecretToRef.name and spec.writeConnectionSecretToRef.namespace.
|
|
||||||
"""
|
"""
|
||||||
if not self.kubernetes_object:
|
if not self.kubernetes_object:
|
||||||
return {}
|
return {}
|
||||||
if not (
|
|
||||||
resource_ref := self.kubernetes_object.get("spec", {}).get("resourceRef")
|
# Check if secrets are available based on conditions
|
||||||
):
|
secrets_available = any(
|
||||||
|
[
|
||||||
|
condition.get("type") == "Status" and condition.get("status") == "True"
|
||||||
|
for condition in self.status_conditions
|
||||||
|
]
|
||||||
|
)
|
||||||
|
if not secrets_available:
|
||||||
|
return {}
|
||||||
|
|
||||||
|
if not (secret_ref := self.spec.get("writeConnectionSecretToRef")):
|
||||||
|
return {}
|
||||||
|
if not (secret_name := secret_ref.get("name")):
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
try:
|
try:
|
||||||
group = resource_ref.get("apiVersion", "").split("/")[0]
|
|
||||||
version = resource_ref.get("apiVersion", "").split("/")[1]
|
|
||||||
kind = resource_ref.get("kind")
|
|
||||||
name = resource_ref.get("name")
|
|
||||||
namespace = resource_ref.get("namespace", self.organization.namespace)
|
|
||||||
|
|
||||||
if not all([group, version, kind, name]):
|
|
||||||
return {}
|
|
||||||
|
|
||||||
plural = kind.lower()
|
|
||||||
if not plural.endswith("s"):
|
|
||||||
plural = f"{plural}s"
|
|
||||||
|
|
||||||
api_instance = client.CustomObjectsApi(
|
|
||||||
self.context.control_plane.get_kubernetes_client()
|
|
||||||
)
|
|
||||||
|
|
||||||
referenced_obj = api_instance.get_namespaced_custom_object(
|
|
||||||
group=group,
|
|
||||||
version=version,
|
|
||||||
namespace=namespace,
|
|
||||||
plural=plural,
|
|
||||||
name=name,
|
|
||||||
)
|
|
||||||
|
|
||||||
secret_ref = referenced_obj.get("spec", {}).get(
|
|
||||||
"writeConnectionSecretToRef"
|
|
||||||
)
|
|
||||||
if not secret_ref:
|
|
||||||
return {}
|
|
||||||
|
|
||||||
secret_name = secret_ref.get("name")
|
|
||||||
secret_namespace = secret_ref.get("namespace", namespace)
|
|
||||||
|
|
||||||
if not secret_name:
|
|
||||||
return {}
|
|
||||||
|
|
||||||
# Get the secret data
|
# Get the secret data
|
||||||
v1 = kubernetes.client.CoreV1Api(
|
v1 = kubernetes.client.CoreV1Api(
|
||||||
self.context.control_plane.get_kubernetes_client()
|
self.context.control_plane.get_kubernetes_client()
|
||||||
)
|
)
|
||||||
secret = v1.read_namespaced_secret(
|
secret = v1.read_namespaced_secret(
|
||||||
name=secret_name, namespace=secret_namespace
|
name=secret_name, namespace=secret_ref.get("namespace")
|
||||||
)
|
)
|
||||||
|
|
||||||
# Secret data is base64 encoded
|
# Secret data is base64 encoded
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue