-
Notifications
You must be signed in to change notification settings - Fork 474
/
secret.go
48 lines (39 loc) · 1.56 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package secret
import (
"context"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/gardener/gardener/extensions/pkg/util/index"
gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
)
// IsSecretInUseByShoot checks whether the given secret is in use by Shoot with the given provider type.
func IsSecretInUseByShoot(ctx context.Context, c client.Client, secret *corev1.Secret, providerType string) (bool, error) {
// TODO: controller-runtime cached client does not support non-exact field matches.
// Once this limitation is removed, we can add client.MatchingFields by secretRef.name and secretRef.namespace.
secretBindings := &gardencorev1beta1.SecretBindingList{}
if err := c.List(ctx, secretBindings,
client.MatchingFields{index.SecretRefNamespaceField: secret.Namespace}); err != nil {
return false, err
}
for _, secretBinding := range secretBindings.Items {
// Filter out the SecretBindings that do not reference the given secret
if secretBinding.SecretRef.Name != secret.Name {
continue
}
shoots := &gardencorev1beta1.ShootList{}
if err := c.List(ctx, shoots,
client.InNamespace(secretBinding.Namespace),
client.MatchingFields{index.SecretBindingNameField: secretBinding.Name}); err != nil {
return false, err
}
for _, shoot := range shoots.Items {
if shoot.Spec.Provider.Type == providerType {
return true, nil
}
}
}
return false, nil
}