Fix: Add support for nested values in secret data

Author: dwlou

examples/serviceinstance/ups-dynatrace.yaml

@@ -2,67 +2,40 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: dynatrace-credentials
+  name: my-credentials
   namespace: crossplane-system
 type: Opaque
-stringData:
-  environmentid: environmentid
-  apitoken: apitoken
-  apiurl: apiurl
-  type: dynatrace
+data:
+  login: |
+    {
+      "username": "admin",
+      "password": "secret"
+    }
+  config: |
+    {
+      "database": {
+        "host": "localhost",
+        "port": 5432
+      }
+    }
 
 ---
 # UPS with service credentials from a secret ref
 apiVersion: cloudfoundry.crossplane.io/v1alpha1
 kind: ServiceInstance
 metadata:
-  name: ups-dynatrace
+  name: my-ups
 spec:
   forProvider:
     type: user-provided
-    name: ups-dynatrace
+    name: my-ups
     routeServiceUrl: https://my-route-service.example.com
     syslogDrainUrl: syslog-tls://example.log-aggregator.com:6514
     spaceRef: 
       name: my-space
       policy:
         resolve: Always
     credentialsSecretRef: 
-        name: dynatrace-credentials
+        name: my-credentials
         namespace: crossplane-system
-        key: "" # to select the whole secret
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: dynatrace-json-credentials
-  namespace: crossplane-system
-type: Opaque
-stringData:
-  credentials: |
-    {
-      "environmentid": "environmentid",
-      "apitoken": "apitoken",
-      "apiurl": "apiurl",
-      "type": "dynatrace"
-    }
 
----
-# UPS with service json credentials from a secret key selector
-apiVersion: cloudfoundry.crossplane.io/v1alpha1
-kind: ServiceInstance
-metadata:
-  name: ups-ups-json
-spec:
-  forProvider:
-    type: user-provided
-    name: ups-dynatrace-json
-    spaceRef: 
-      name: my-space
-      policy:
-        resolve: Always
-    credentialsSecretRef: 
-        name: dynatrace-json-credentials
-        namespace: crossplane-system
-        key: credentials

internal/clients/secretreference.go

@@ -15,7 +15,9 @@ import (
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 )
 
-// SecretRefToJSONRawMessage extracts parameters/credentials from a secret reference.
+// ExtractSecret extracts parameters/credentials from a secret reference.
+// If a key is specified, returns the raw value for that key.
+// If no key is specified, returns all secret data as nested JSON/YAML.
 func ExtractSecret(ctx context.Context, kube k8s.Client, sr *xpv1.SecretReference, key string) ([]byte, error) {
 	if sr == nil {
 		return nil, nil
@@ -34,14 +36,18 @@ func ExtractSecret(ctx context.Context, kube k8s.Client, sr *xpv1.SecretReferenc
 		return nil, nil
 	}
 
-	// if key is not specified, return all data from the secret
-	cred := make(map[string]string)
+	// if key is not specified, return all data from the secret, also string or nested JSON
+	data := make(map[string]interface{})
 	for k, v := range secret.Data {
-		cred[k] = string(v)
-	}
-	buf, err := json.Marshal(cred)
-	if err != nil {
-		return nil, err
+		// Try to parse as JSON first
+		var jsonValue interface{}
+		if err := json.Unmarshal(v, &jsonValue); err == nil {
+			data[k] = jsonValue
+		} else {
+			// If not JSON, store as string
+			data[k] = string(v)
+		}
 	}
-	return buf, nil
+
+	return json.Marshal(data)
 }