From 820850eccfb641dd397dbf1fca0d0bd170ec60d8 Mon Sep 17 00:00:00 2001 From: Johnny Fredheim Horvi Date: Wed, 21 Jan 2026 16:06:35 +0100 Subject: [PATCH] fix: add ClusterName for Kubernetes API calls in secret resolvers The previous fix incorrectly removed ClusterName() from all operations. However, Kubernetes API calls need cluster names (prod), while watcher cache lookups use environment names (prod-gcp). This adds ClusterName() back for: - All mutations (Create, Add, Update, Remove, Delete) - use SystemAuthenticatedClient - GetSecretValues - uses impersonated Client Watcher lookups (Get, ListForWorkload) correctly use environment names. --- internal/graph/secret.resolvers.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/internal/graph/secret.resolvers.go b/internal/graph/secret.resolvers.go index af9097676..078407c20 100644 --- a/internal/graph/secret.resolvers.go +++ b/internal/graph/secret.resolvers.go @@ -5,6 +5,7 @@ import ( "slices" "github.com/nais/api/internal/auth/authz" + "github.com/nais/api/internal/environmentmapper" "github.com/nais/api/internal/graph/gengql" "github.com/nais/api/internal/graph/model" "github.com/nais/api/internal/graph/pagination" @@ -39,7 +40,7 @@ func (r *mutationResolver) CreateSecret(ctx context.Context, input secret.Create return nil, err } - s, err := secret.Create(ctx, input.Team, input.Environment, input.Name) + s, err := secret.Create(ctx, input.Team, environmentmapper.ClusterName(input.Environment), input.Name) if err != nil { return nil, err } @@ -54,7 +55,7 @@ func (r *mutationResolver) AddSecretValue(ctx context.Context, input secret.AddS return nil, err } - s, err := secret.AddSecretValue(ctx, input.Team, input.Environment, input.Name, input.Value) + s, err := secret.AddSecretValue(ctx, input.Team, environmentmapper.ClusterName(input.Environment), input.Name, input.Value) if err != nil { return nil, err } @@ -69,7 +70,7 @@ func (r *mutationResolver) UpdateSecretValue(ctx context.Context, input secret.U return nil, err } - s, err := secret.UpdateSecretValue(ctx, input.Team, input.Environment, input.Name, input.Value) + s, err := secret.UpdateSecretValue(ctx, input.Team, environmentmapper.ClusterName(input.Environment), input.Name, input.Value) if err != nil { return nil, err } @@ -84,7 +85,7 @@ func (r *mutationResolver) RemoveSecretValue(ctx context.Context, input secret.R return nil, err } - s, err := secret.RemoveSecretValue(ctx, input.Team, input.Environment, input.SecretName, input.ValueName) + s, err := secret.RemoveSecretValue(ctx, input.Team, environmentmapper.ClusterName(input.Environment), input.SecretName, input.ValueName) if err != nil { return nil, err } @@ -99,7 +100,7 @@ func (r *mutationResolver) DeleteSecret(ctx context.Context, input secret.Delete return nil, err } - if err := secret.Delete(ctx, input.Team, input.Environment, input.Name); err != nil { + if err := secret.Delete(ctx, input.Team, environmentmapper.ClusterName(input.Environment), input.Name); err != nil { return nil, err } @@ -125,7 +126,7 @@ func (r *secretResolver) Values(ctx context.Context, obj *secret.Secret) ([]*sec return nil, err } - return secret.GetSecretValues(ctx, obj.TeamSlug, obj.EnvironmentName, obj.Name) + return secret.GetSecretValues(ctx, obj.TeamSlug, environmentmapper.ClusterName(obj.EnvironmentName), obj.Name) } func (r *secretResolver) Applications(ctx context.Context, obj *secret.Secret, first *int, after *pagination.Cursor, last *int, before *pagination.Cursor) (*pagination.Connection[*application.Application], error) {