From 3b11517f308437bff94e0591598d18da7eacd146 Mon Sep 17 00:00:00 2001 From: Anders Stigaard Date: Tue, 14 Apr 2026 10:41:46 +0200 Subject: [PATCH] Create empty secret for backward compatibility --- internal/controller/styra/system_controller.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/internal/controller/styra/system_controller.go b/internal/controller/styra/system_controller.go index ba23c26d..571ca842 100644 --- a/internal/controller/styra/system_controller.go +++ b/internal/controller/styra/system_controller.go @@ -637,8 +637,9 @@ func (r *SystemReconciler) reconcileOPASecret( log.Info("Reconciling OPA secret") if r.Config.UserCredentialHandler == nil || r.Config.UserCredentialHandler.S3 == nil { - log.Info("No UserCredentialHandler configured, don't create secret") - return ctrl.Result{}, false, nil + //Deprecated: breaking change in later version where no secret will be created + //create empty secret to avoid OPA complaining about missing secret. + log.Info("No UserCredentialHandler configured, empty secret will be created for OPA") } reconcileS3CredentialsStart := time.Now() @@ -758,6 +759,11 @@ func (r *SystemReconciler) reconcileS3Credentials( uniqueName string, secretName string, ) (s3.Credentials, ctrl.Result, error) { + if r.Config.UserCredentialHandler == nil || r.Config.UserCredentialHandler.S3 == nil { + log.Info("No UserCredentialHandler configured, returning empty S3 credentials") + return s3.Credentials{}, ctrl.Result{}, nil + } + s3Credentials := s3.Credentials{} s3Credentials.Region = r.Config.UserCredentialHandler.S3.Region s3Credentials.AccessKeyID = fmt.Sprintf("Access-Key-%s-%s", r.Config.UserCredentialHandler.S3.Bucket, uniqueName)