From 2d1c06e4dc7f462336aa9d7a40d168e2190b2ee5 Mon Sep 17 00:00:00 2001
From: Sebastian Widmer <sebastian.widmer@vshn.net>
Date: Fri, 12 Apr 2024 10:30:53 +0200
Subject: [PATCH] Allow public clients without secrets

---
 controllers/cluster_controller.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/controllers/cluster_controller.go b/controllers/cluster_controller.go
index 7c52fef..ef36fbb 100644
--- a/controllers/cluster_controller.go
+++ b/controllers/cluster_controller.go
@@ -154,11 +154,12 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
 	}
 
 	// Vault secret
-	if client.Secret == nil || *client.Secret == "" {
-		return ctrl.Result{}, fmt.Errorf("client %q has no secret", *templatedClient.ClientID)
-	}
-	if err := r.syncVaultSecret(ctx, instance, *client.Secret); err != nil {
-		return ctrl.Result{}, fmt.Errorf("unable to sync vault secret: %w", err)
+	if client.Secret != nil && *client.Secret != "" {
+		if err := r.syncVaultSecret(ctx, instance, *client.Secret); err != nil {
+			return ctrl.Result{}, fmt.Errorf("unable to sync vault secret: %w", err)
+		}
+	} else {
+		l.Info("Client has no secret, might be a public client. Skipping vault secret sync.")
 	}
 
 	// template client roles