Merge pull request #3763 from ddraganovv/Bugfix_sbio_secret_created_f…

…or_key_bindings Create serviceBinding.io secret with type app only
cloudfoundry · Feb 6, 2025 · d6ab629 · d6ab629
2 parents c12f1e6 + c6c8e65
commit d6ab629
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 23 deletions.
diff --git a/controllers/controllers/services/bindings/controller_test.go b/controllers/controllers/services/bindings/controller_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 
 	korifiv1alpha1 "code.cloudfoundry.org/korifi/controllers/api/v1alpha1"
+	"code.cloudfoundry.org/korifi/controllers/controllers/services/credentials"
 	"code.cloudfoundry.org/korifi/controllers/controllers/services/osbapi"
 	"code.cloudfoundry.org/korifi/controllers/controllers/services/osbapi/fake"
 	"code.cloudfoundry.org/korifi/model/services"
@@ -744,6 +745,22 @@ var _ = Describe("CFServiceBinding", func() {
 					g.Expect(sbList.Items).To(BeEmpty())
 				}).Should(Succeed())
 			})
+
+			It("does not create a servicebindingio secret", func() {
+				Consistently(func(g Gomega) {
+					g.Expect(adminClient.Get(ctx, client.ObjectKeyFromObject(binding), binding)).To(Succeed())
+					g.Expect(binding.Status.Binding.Name).To(BeEmpty())
+
+					secrets := &corev1.SecretList{}
+					g.Expect(adminClient.List(ctx, secrets, client.InNamespace(binding.Namespace))).To(Succeed())
+
+					g.Expect(secrets.Items).NotTo(ContainElement(
+						MatchFields(IgnoreExtras, Fields{
+							"Type": HavePrefix(credentials.ServiceBindingSecretTypePrefix),
+						}),
+					))
+				}).Should(Succeed())
+			})
 		})
 
 		When("the credentials contain type key", func() {

diff --git a/controllers/controllers/services/bindings/managed/controller.go b/controllers/controllers/services/bindings/managed/controller.go
@@ -219,28 +219,6 @@ func (r *ManagedBindingsReconciler) reconcileCredentials(ctx context.Context, cf
 	}
 	cfServiceBinding.Status.Credentials.Name = credentialsSecret.Name
 
-	bindingSecret := &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      cfServiceBinding.Name + "-sbio",
-			Namespace: cfServiceBinding.Namespace,
-		},
-	}
-	_, err = controllerutil.CreateOrPatch(ctx, r.k8sClient, bindingSecret, func() error {
-		bindingSecret.Type = corev1.SecretType(credentials.ServiceBindingSecretTypePrefix + korifiv1alpha1.ManagedType)
-		bindingSecret.Data, err = credentials.GetServiceBindingIOSecretData(credentialsSecret)
-		if err != nil {
-			return err
-		}
-
-		return controllerutil.SetControllerReference(cfServiceBinding, bindingSecret, r.scheme)
-	})
-	if err != nil {
-		log.Error(err, "failed to create binding secret")
-		return err
-	}
-
-	cfServiceBinding.Status.Binding.Name = bindingSecret.Name
-
 	return nil
 }
 
@@ -273,9 +251,45 @@ func (r *ManagedBindingsReconciler) finalizeCFServiceBinding(
 }
 
 func (r *ManagedBindingsReconciler) reconcileSBServiceBinding(ctx context.Context, cfServiceBinding *korifiv1alpha1.CFServiceBinding) (*servicebindingv1beta1.ServiceBinding, error) {
+	log := logr.FromContextOrDiscard(ctx)
+
+	credentialsSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      cfServiceBinding.Name,
+			Namespace: cfServiceBinding.Namespace,
+		},
+	}
+	if err := r.k8sClient.Get(ctx, client.ObjectKeyFromObject(credentialsSecret), credentialsSecret); err != nil {
+		return nil, err
+	}
+
+	bindingSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      cfServiceBinding.Name + "-sbio",
+			Namespace: cfServiceBinding.Namespace,
+		},
+	}
+
+	_, err := controllerutil.CreateOrPatch(ctx, r.k8sClient, bindingSecret, func() error {
+		bindingSecret.Type = corev1.SecretType(credentials.ServiceBindingSecretTypePrefix + korifiv1alpha1.ManagedType)
+		var err error
+		bindingSecret.Data, err = credentials.GetServiceBindingIOSecretData(credentialsSecret)
+		if err != nil {
+			return err
+		}
+
+		return controllerutil.SetControllerReference(cfServiceBinding, bindingSecret, r.scheme)
+	})
+	if err != nil {
+		log.Error(err, "failed to create binding secret")
+		return nil, err
+	}
+
+	cfServiceBinding.Status.Binding.Name = bindingSecret.Name
+
 	sbServiceBinding := sbio.ToSBServiceBinding(cfServiceBinding, korifiv1alpha1.ManagedType)
 
-	_, err := controllerutil.CreateOrPatch(ctx, r.k8sClient, sbServiceBinding, func() error {
+	_, err = controllerutil.CreateOrPatch(ctx, r.k8sClient, sbServiceBinding, func() error {
 		return controllerutil.SetControllerReference(cfServiceBinding, sbServiceBinding, r.scheme)
 	})
 	if err != nil {