func()

in pkg/controller/keyvault/placeholder_pod.go [340:369]

• 26 lines of code
• 8 McCabe index (conditional complexity)

func (p *PlaceholderPodController) verifyServiceAccount(ctx context.Context, spc *secv1.SecretProviderClass, obj client.Object, logger logr.Logger) (string, error) {
	var serviceAccount string

	switch t := obj.(type) {
	case *gatewayv1.Gateway:
		logger.Info("verifying service account referenced by listener exists")
		for _, listener := range t.Spec.Listeners {
			if spc.Name != generateGwListenerCertName(t.Name, listener.Name) {
				continue
			}
			if listener.TLS != nil && listener.TLS.Options != nil {
				serviceAccount = string(listener.TLS.Options[serviceAccountTLSOption])
				break
			}
		}

		if serviceAccount == "" {
			err := fmt.Errorf("failed to locate listener for SPC %s on user's gateway resource", spc.Name)
			return "", util.NewUserError(err, fmt.Sprintf("gateway listener for spc %s doesn't exist or doesn't contain required TLS options", spc.Name))
		}

		_, err := util.GetServiceAccountAndVerifyWorkloadIdentity(ctx, p.client, serviceAccount, spc.Namespace)
		if err != nil {
			return "", err
		}
		return serviceAccount, nil
	}

	return "", nil
}