Possibly fix secret retrieval (untested)

2025-04-17 10:20:22 +02:00 · 2025-04-17 10:20:22 +02:00 · 6160f48d61
commit 6160f48d61
parent c8eaa99d38
1 changed files with 17 additions and 44 deletions
--- a/src/servala/core/models/service.py
+++ b/src/servala/core/models/service.py
@ -609,61 +609,34 @@ class ServiceInstance(ServalaModelMixin, models.Model):
    @cached_property
    def connection_credentials(self):
        """
-        Get connection credentials via spec.resourceRef.
-        The resource referenced there has the information which secret
-        we want in spec.writeConnectionSecretToRef.name and spec.writeConnectionSecretToRef.namespace.
+        Get connection credentials directly from the resource's writeConnectionSecretToRef
+        after checking that secret conditions are available.
        """
        if not self.kubernetes_object:
            return {}
-        if not (
-            resource_ref := self.kubernetes_object.get("spec", {}).get("resourceRef")
-        ):
+
+        # Check if secrets are available based on conditions
+        secrets_available = any(
+            [
+                condition.get("type") == "Status" and condition.get("status") == "True"
+                for condition in self.status_conditions
+            ]
+        )
+        if not secrets_available:
+            return {}
+
+        if not (secret_ref := self.spec.get("writeConnectionSecretToRef")):
+            return {}
+        if not (secret_name := secret_ref.get("name")):
            return {}

        try:
-            group = resource_ref.get("apiVersion", "").split("/")[0]
-            version = resource_ref.get("apiVersion", "").split("/")[1]
-            kind = resource_ref.get("kind")
-            name = resource_ref.get("name")
-            namespace = resource_ref.get("namespace", self.organization.namespace)
-
-            if not all([group, version, kind, name]):
-                return {}
-
-            plural = kind.lower()
-            if not plural.endswith("s"):
-                plural = f"{plural}s"
-
-            api_instance = client.CustomObjectsApi(
-                self.context.control_plane.get_kubernetes_client()
-            )
-
-            referenced_obj = api_instance.get_namespaced_custom_object(
-                group=group,
-                version=version,
-                namespace=namespace,
-                plural=plural,
-                name=name,
-            )
-
-            secret_ref = referenced_obj.get("spec", {}).get(
-                "writeConnectionSecretToRef"
-            )
-            if not secret_ref:
-                return {}
-
-            secret_name = secret_ref.get("name")
-            secret_namespace = secret_ref.get("namespace", namespace)
-
-            if not secret_name:
-                return {}
-
            # Get the secret data
            v1 = kubernetes.client.CoreV1Api(
                self.context.control_plane.get_kubernetes_client()
            )
            secret = v1.read_namespaced_secret(
-                name=secret_name, namespace=secret_namespace
+                name=secret_name, namespace=secret_ref.get("namespace")
            )

            # Secret data is base64 encoded