default secret namespace to the terraform resource

when parsing the SCM (git) secrets, must default to terraform's namespace. Even though the secretRef allows the defining of a namespace, TFO does not create a ClusterRole for the tasks and the workflow will fail anyway. But since the operator can reach out to other namespaces, in the case that a finalizer does need to be removed, the changes here will handle it. Future dev (maybe me) please fix secret to same namespace as the terraform resource only.
GalleyBytes · Aug 30, 2023 · a69575e · a69575e
1 parent 8f90719
commit a69575e
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/pkg/controllers/terraform_controller.go b/pkg/controllers/terraform_controller.go
@@ -1459,17 +1459,25 @@ func (r ReconcileTerraform) getGitSecrets(tf *tfv1beta1.Terraform) []gitSecret {
 	for _, m := range tf.Spec.SCMAuthMethods {
 		if m.Git.HTTPS != nil {
 			ref := m.Git.HTTPS.TokenSecretRef
+			namespace := ref.Namespace
+			if ref.Namespace == "" {
+				namespace = tf.Namespace
+			}
 			secrets = append(secrets, gitSecret{
 				name:          ref.Name,
-				namespace:     ref.Namespace,
+				namespace:     namespace,
 				shoudBeLocked: ref.LockSecretDeletion && !tf.Spec.IgnoreDelete,
 			})
 		}
 		if m.Git.SSH != nil {
 			ref := m.Git.SSH.SSHKeySecretRef
+			namespace := ref.Namespace
+			if ref.Namespace == "" {
+				namespace = tf.Namespace
+			}
 			secrets = append(secrets, gitSecret{
 				name:          ref.Name,
-				namespace:     ref.Namespace,
+				namespace:     namespace,
 				shoudBeLocked: ref.LockSecretDeletion && !tf.Spec.IgnoreDelete,
 			})
 		}