func()

in internal/controller/processor.go [200:269]


func (processor *AppConfigurationProviderProcessor) processSecretReferenceRefresh(existingSecrets map[string]corev1.Secret) error {
	provider := processor.Provider
	reconcileState := processor.ReconciliationState
	// Check if the key vault dynamic feature if enabled
	if provider.Spec.Secret != nil &&
		provider.Spec.Secret.Refresh != nil &&
		provider.Spec.Secret.Refresh.Enabled {
		processor.RefreshOptions.secretReferenceRefreshEnabled = true
	}

	if !processor.RefreshOptions.secretReferenceRefreshEnabled {
		reconcileState.NextSecretReferenceRefreshReconcileTime = metav1.Time{}
		return nil
	}

	if !processor.CurrentTime.After(reconcileState.NextSecretReferenceRefreshReconcileTime.Time) {
		return nil
	}

	processor.RefreshOptions.secretReferenceRefreshNeeded = true
	keyVaultRefreshInterval, _ := time.ParseDuration(provider.Spec.Secret.Refresh.Interval)
	nextSecretReferenceRefreshReconcileTime := metav1.Time{Time: processor.CurrentTime.Add(keyVaultRefreshInterval)}
	// When SecretSettingPopulated means ProcessFullReconciliation or ProcessKeyValueRefresh has executed, update next refresh time and return
	if processor.RefreshOptions.SecretSettingPopulated {
		reconcileState.NextSecretReferenceRefreshReconcileTime = nextSecretReferenceRefreshReconcileTime
		return nil
	}

	// Only resolve the secret references that not specified the secret version
	secretReferencesToSolve := make(map[string]*loader.TargetK8sSecretMetadata)
	for secretName, k8sSecret := range reconcileState.ExistingK8sSecrets {
		for key, secretMetadata := range k8sSecret.SecretsKeyVaultMetadata {
			if secretMetadata.SecretVersion == "" {
				if secretReferencesToSolve[secretName] == nil {
					secretReferencesToSolve[secretName] = &loader.TargetK8sSecretMetadata{
						Type:                    k8sSecret.Type,
						SecretsKeyVaultMetadata: make(map[string]loader.KeyVaultSecretMetadata),
					}
				}
				secretReferencesToSolve[secretName].SecretsKeyVaultMetadata[key] = secretMetadata
			}
		}
	}

	resolvedSecrets, err := (processor.Retriever).ResolveSecretReferences(processor.Context, secretReferencesToSolve, processor.SecretReferenceResolver)
	if err != nil {
		return err
	}

	secrets := make(map[string]corev1.Secret)
	for key, secret := range existingSecrets {
		secrets[key] = *secret.DeepCopy()
	}

	for secretName, resolvedSecret := range resolvedSecrets.SecretSettings {
		existingSecret, ok := secrets[secretName]
		if ok {
			maps.Copy(existingSecret.Data, resolvedSecret.Data)
		}
	}

	processor.Settings.SecretSettings = secrets
	processor.Settings.K8sSecrets = reconcileState.ExistingK8sSecrets
	processor.RefreshOptions.SecretSettingPopulated = true

	// Update next refresh time only if settings updated successfully
	reconcileState.NextSecretReferenceRefreshReconcileTime = nextSecretReferenceRefreshReconcileTime

	return nil
}