diff --git a/pkg/api/v1/encryption_at_rest.go b/pkg/api/v1/encryption_at_rest.go index 4751c26226..13c4ba5cbc 100644 --- a/pkg/api/v1/encryption_at_rest.go +++ b/pkg/api/v1/encryption_at_rest.go @@ -94,5 +94,6 @@ func (az AzureKeyVault) ToAtlas() mongodbatlas.AzureKeyVault { KeyVaultName: az.KeyVaultName, KeyIdentifier: az.KeyIdentifier, TenantID: az.TenantID, + Secret: az.Secret, } } diff --git a/pkg/controller/atlasproject/encryption_at_rest.go b/pkg/controller/atlasproject/encryption_at_rest.go index 495c5445ae..646ba28186 100644 --- a/pkg/controller/atlasproject/encryption_at_rest.go +++ b/pkg/controller/atlasproject/encryption_at_rest.go @@ -103,14 +103,16 @@ func readAndFillGoogleSecret(kubeClient client.Client, parentNs string, gkms *md } func readAndFillAzureSecret(kubeClient client.Client, parentNs string, azureVault *mdbv1.AzureKeyVault) (*watch.WatchedObject, error) { - fieldData, watchObj, err := readSecretData(kubeClient, azureVault.SecretRef, parentNs, "ClientID", "AzureEnvironment", "SubscriptionID", "ResourceGroupName", "KeyVaultName", "KeyIdentifier") + fieldData, watchObj, err := readSecretData(kubeClient, azureVault.SecretRef, parentNs, "ClientID", "Secret", "AzureEnvironment", "SubscriptionID", "ResourceGroupName", "KeyVaultName", "KeyIdentifier", "TenantID") if err != nil { return watchObj, err } azureVault.ClientID = fieldData["ClientID"] + azureVault.Secret = fieldData["Secret"] azureVault.AzureEnvironment = fieldData["AzureEnvironment"] azureVault.SubscriptionID = fieldData["SubscriptionID"] + azureVault.TenantID = fieldData["TenantID"] azureVault.ResourceGroupName = fieldData["ResourceGroupName"] azureVault.KeyVaultName = fieldData["KeyVaultName"] azureVault.KeyIdentifier = fieldData["KeyIdentifier"] diff --git a/pkg/controller/atlasproject/encryption_at_rest_test.go b/pkg/controller/atlasproject/encryption_at_rest_test.go index 28f73969c1..b04b694900 100644 --- a/pkg/controller/atlasproject/encryption_at_rest_test.go +++ b/pkg/controller/atlasproject/encryption_at_rest_test.go @@ -211,8 +211,10 @@ func TestReadEncryptionAtRestSecrets(t *testing.T) { t.Run("Azure with correct secret data", func(t *testing.T) { secretData := map[string][]byte{ "ClientID": []byte("testClientID"), + "Secret": []byte("testClientSecret"), "AzureEnvironment": []byte("testAzureEnvironment"), "SubscriptionID": []byte("testSubscriptionID"), + "TenantID": []byte("testTenantID"), "ResourceGroupName": []byte("testResourceGroupName"), "KeyVaultName": []byte("testKeyVaultName"), "KeyIdentifier": []byte("testKeyIdentifier"), @@ -226,7 +228,7 @@ func TestReadEncryptionAtRestSecrets(t *testing.T) { APIVersion: "v1", }, ObjectMeta: metav1.ObjectMeta{ - Name: "gcp-secret", + Name: "azure-secret", Namespace: "test", }, }, @@ -238,7 +240,7 @@ func TestReadEncryptionAtRestSecrets(t *testing.T) { AzureKeyVault: mdbv1.AzureKeyVault{ Enabled: toptr.MakePtr(true), SecretRef: common.ResourceRefNamespaced{ - Name: "gcp-secret", + Name: "azure-secret", }, }, } @@ -247,8 +249,10 @@ func TestReadEncryptionAtRestSecrets(t *testing.T) { assert.Nil(t, err) assert.Equal(t, string(secretData["ClientID"]), encRest.AzureKeyVault.ClientID) + assert.Equal(t, string(secretData["Secret"]), encRest.AzureKeyVault.Secret) assert.Equal(t, string(secretData["AzureEnvironment"]), encRest.AzureKeyVault.AzureEnvironment) assert.Equal(t, string(secretData["SubscriptionID"]), encRest.AzureKeyVault.SubscriptionID) + assert.Equal(t, string(secretData["TenantID"]), encRest.AzureKeyVault.TenantID) assert.Equal(t, string(secretData["ResourceGroupName"]), encRest.AzureKeyVault.ResourceGroupName) assert.Equal(t, string(secretData["KeyVaultName"]), encRest.AzureKeyVault.KeyVaultName) assert.Equal(t, string(secretData["KeyIdentifier"]), encRest.AzureKeyVault.KeyIdentifier)